# Tasks: Full Workspace / Environment Context Browser Verification Audit **Input**: `spec.md` and `plan.md` in `specs/313-workspace-environment-context-browser-verification/` **Prerequisites**: local admin app available through existing project conventions, browser tooling available, and an authorized workspace user. **Scope**: analysis-only audit artifacts. No application implementation. ## Test Governance Checklist - [x] Lane assignment is named: `browser audit + repo discovery`. - [x] No runtime tests are added or changed in Spec 313. - [x] No shared helpers, factories, seeds, fixtures, providers, session defaults, or browser defaults are widened. - [x] Planned validation commands cover audit artifacts and no-runtime-change guardrails. - [x] Browser evidence is explicit and not hidden inside fast feedback lanes. - [x] Missing data/tooling is recorded as blocker instead of fixed by changing seeders or runtime code. ## Phase 1: Setup and Safety - [x] T001 Confirm current branch is `313-workspace-environment-context-browser-verification` with `git status --short --branch`. - [x] T002 Confirm the working tree contains only expected Spec 313 preparation/audit files before starting browser audit. - [x] T003 Read `specs/313-workspace-environment-context-browser-verification/spec.md`. - [x] T004 Read `specs/313-workspace-environment-context-browser-verification/plan.md`. - [x] T005 Read `.specify/memory/constitution.md` and keep the audit analysis-only. - [x] T006 Create `specs/313-workspace-environment-context-browser-verification/artifacts/screenshots/`. - [x] T007 Create or initialize empty audit files: `audit-report.md`, `surface-inventory.md`, `page-matrix.md`, `query-param-inventory.md`, `clear-filter-inventory.md`, and `code-ownership-map.md`. - [x] T008 Record initial command log and no-runtime-change posture in `audit-report.md`. ## Phase 2: Repo Discovery - [x] T009 Run `find apps/platform/app/Filament -type f | sort` and save the output to `artifacts/filament-files.txt`. - [x] T010 Run the required context/state `rg` search from `plan.md` against `apps/platform/app`, `apps/platform/resources`, `apps/platform/routes`, and `apps/platform/tests`, saving output to `artifacts/context-search.txt`. - [x] T011 List admin routes with Sail route list, Laravel Boost route list, or a documented read-only fallback, saving output to `artifacts/routes-admin.txt`. - [x] T012 Inspect `apps/platform/app/Providers/Filament/AdminPanelProvider.php` and list every navigation item, registered page, registered resource, discovered resource/cluster path, render hook, and middleware relevant to context. - [x] T013 Inspect `apps/platform/app/Support/Navigation/WorkspaceSidebarNavigation.php` and list every sidebar item, child item, URL builder, visibility gate, and navigation group. - [x] T014 Inspect `apps/platform/routes/web.php` and record admin workspace routes, environment routes, smoke-login routes, context selection/clear routes, review pack download routes, and queue open routes. - [x] T015 Inspect all files under `apps/platform/app/Filament/Pages`, `apps/platform/app/Filament/Resources`, and `apps/platform/app/Filament/Clusters` for route slugs, `getUrl()` overrides, query params, table filters, clear-filter actions, persisted table state, and page state contracts. - [x] T016 Inspect `apps/platform/resources/views` for context bar links, clear environment forms, dashboard/action links, visible chips, breadcrumbs, and page-specific filter/CTA rendering. - [x] T017 Inspect workspace overview sources, including `apps/platform/app/Support/Workspaces/WorkspaceOverviewBuilder.php`, for cards/actions and URL targets. - [x] T018 Inspect environment dashboard sources, including `apps/platform/app/Filament/Pages/EnvironmentDashboard.php` and `apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummaryBuilder.php`, for cards/actions and URL targets. - [x] T019 Inspect link helpers and context seams: `ManagedEnvironmentLinks`, `OperationRunLinks`, `WorkspaceContext`, `OperateHubShell`, `ResolvedShellContext`, `CanonicalAdminTenantFilterState`, `WorkspaceRedirectResolver`, `WorkspaceIntendedUrl`, and relevant support/report/evidence/review/support helpers. - [x] T020 Populate the first pass of `surface-inventory.md` from repo discovery before browser verification. - [x] T021 Populate the first pass of `query-param-inventory.md` with `tenant`, `tenant_id`, `managed_environment_id`, `environment_id`, `tenant_scope`, and `tableFilters`. - [x] T022 Populate the first pass of `clear-filter-inventory.md` from code-discovered clear actions. - [x] T023 Populate the first pass of `code-ownership-map.md` with all required seams from `plan.md`. ## Phase 3: Browser Data Readiness - [x] T024 Start the local app using existing project conventions if needed, preferring Sail: `cd apps/platform && ./vendor/bin/sail up -d`. - [x] T025 Resolve the absolute app URL using Laravel Boost `get_absolute_url` or document the local URL source. - [x] T026 Identify the local smoke-login path and actor from existing local config or seeded data. Do not modify seeders. - [x] T027 Verify at least one Workspace is selectable in the browser. - [x] T028 Verify whether at least two Managed Environments exist in that Workspace. - [x] T029 Record available row coverage for Operations, Alerts, Audit Log, Findings, Finding Exceptions, Governance Inbox, Decision Register, Reviews, Customer Reviews, Evidence, Provider Connections, Reports / Stored Reports, and Support Requests. - [x] T030 In `audit-report.md`, record missing seed data as a blocker wherever data scope cannot be proven. ## Phase 4: Workspace-Origin Browser Verification - [x] T031 From Workspace origin with no active Environment, open Workspace Overview and capture `workspace-origin--workspace-overview.png`. - [x] T032 Open Operations from sidebar/global navigation and capture `workspace-origin--operations.png`. - [x] T033 Open Provider Connections / Integrations from sidebar/global navigation and capture `workspace-origin--provider-connections.png`. - [x] T034 Open Finding Exceptions Queue from sidebar/global navigation and capture `workspace-origin--finding-exceptions-queue.png`. - [x] T035 Open Evidence Overview from sidebar/global navigation or direct route and capture `workspace-origin--evidence.png`. - [x] T036 Open Reviews / Review Register and capture `workspace-origin--reviews.png`. - [x] T037 Open Customer Reviews / Customer Review Workspace and capture `workspace-origin--customer-reviews.png`. - [x] T038 Open Governance Inbox and capture `workspace-origin--governance-inbox.png`. - [x] T039 Open Decision Register and capture `workspace-origin--decision-register.png`. - [x] T040 Open Audit Log and capture `workspace-origin--audit-log.png`. - [x] T041 Open Alerts and capture `workspace-origin--alerts.png`. - [x] T042 Open Workspace Settings and capture `workspace-origin--workspace-settings.png`. - [x] T043 Open Manage Workspaces and capture `workspace-origin--manage-workspaces.png` or classify as system/workspace settings if access is blocked. - [x] T044 Open Reports / Stored Reports through every discovered route/link and capture `workspace-origin--reports.png` or document unreachable/blocker. - [x] T045 Open Support Requests through every discovered route/link and capture `workspace-origin--support-requests.png` or document unreachable/blocker. - [x] T046 For each page in T031-T045, record URL, query params, shell, breadcrumbs, title, visible chips, table filters, data-scope proof, screenshot, status, risk, and notes in `page-matrix.md`. ## Phase 5: Environment-Sidebar Browser Verification - [x] T047 Open Environment Dashboard for Environment A and capture `environment-origin--dashboard-a.png`. - [x] T048 Confirm shell shows Workspace + Environment A and record route/query state. - [x] T049 From that state, click sidebar/global Operations and capture `environment-sidebar--operations.png`. - [x] T050 Click sidebar/global Provider Connections and capture `environment-sidebar--provider-connections.png`. - [x] T051 Click sidebar/global Finding Exceptions Queue and capture `environment-sidebar--finding-exceptions-queue.png`. - [x] T052 Click sidebar/global Evidence Overview and capture `environment-sidebar--evidence.png`. - [x] T053 Click sidebar/global Reviews and capture `environment-sidebar--reviews.png`. - [x] T054 Click sidebar/global Customer Reviews and capture `environment-sidebar--customer-reviews.png`. - [x] T055 Click sidebar/global Governance Inbox and capture `environment-sidebar--governance-inbox.png`. - [x] T056 Click sidebar/global Decision Register and capture `environment-sidebar--decision-register.png`. - [x] T057 Click sidebar/global Audit Log and capture `environment-sidebar--audit-log.png`. - [x] T058 Click sidebar/global Alerts and capture `environment-sidebar--alerts.png`. - [x] T059 Repeat high-risk sidebar checks from Environment B where seed data or visible environment labels make scope comparison useful. - [x] T060 Record shell-clearing, URL params, visible filters, persisted filters, apparent data scope, reload result, screenshot, status, and risk in `page-matrix.md`. ## Phase 6: Environment CTA/Card Browser Verification - [x] T061 From Environment A Dashboard, click the Operations CTA/card/action if present and capture `environment-cta--operations.png`. - [x] T062 From Environment A Dashboard, click Provider Connections / Integrations CTA/card/action if present and capture `environment-cta--provider-connections.png`. - [x] T063 From Environment A Dashboard, click Finding Exceptions / Risk Exceptions CTA/card/action if present and capture `environment-cta--finding-exceptions-queue.png`. - [x] T064 From Environment A Dashboard, click Evidence CTA/card/action if present and capture `environment-cta--evidence.png`. - [x] T065 From Environment A Dashboard, click Reviews CTA/card/action if present and capture `environment-cta--reviews.png`. - [x] T066 From Environment A Dashboard, click Customer Reviews / Review Pack / Export Artifacts CTA/card/action if present and capture `environment-cta--customer-reviews.png`. - [x] T067 From Environment A Dashboard, click Governance Inbox CTA/card/action if present and capture `environment-cta--governance-inbox.png`. - [x] T068 From Environment A Dashboard, click Decision Register CTA/card/action if present and capture `environment-cta--decision-register.png` or document that no CTA exists. - [x] T069 From Environment A Dashboard, click Required Permissions / Permission Posture and capture `environment-cta--required-permissions.png`. - [x] T070 From Environment A Dashboard, click Provider Readiness / Diagnostics and capture `environment-cta--provider-readiness-or-diagnostics.png`. - [x] T071 From Environment A Dashboard, click Reports / Stored Reports, Support Requests, Audit, or Alerts CTAs if present and capture stable screenshots. - [x] T072 For each CTA, record target page, URL, query params, shell context, visible environment filter, table filter state, data-scope proof, clear-filter existence, and status in `page-matrix.md`. ## Phase 7: Environment-Owned Page Verification - [x] T073 Verify Environment Dashboard shell/header/breadcrumb and final status. - [x] T074 Verify Environment Onboarding / Managed Environment onboarding routes if reachable. - [x] T075 Verify Required Permissions page. - [x] T076 Verify Environment Diagnostics page. - [x] T077 Verify Inventory cluster/list and Inventory Coverage. - [x] T078 Verify Directory / Groups if reachable. - [x] T079 Verify Policies / Configurations if reachable. - [x] T080 Verify Backup Schedules and Backup Sets if reachable. - [x] T081 Verify Restore Runs / Restore Points if reachable. - [x] T082 Verify Baseline Profiles / Baseline Snapshots / Baseline Compare if reachable. - [x] T083 Verify Findings and Finding Exceptions environment resources if reachable. - [x] T084 Verify Evidence environment resource if reachable. - [x] T085 Verify Environment Reviews and Review Packs environment resources if reachable. - [x] T086 Verify Stored Reports environment resource if reachable. - [x] T087 For each environment page, record final status, shell/header/breadcrumb correctness, data-scope proof status, screenshot, and blocker notes. ## Phase 8: Manual Filter, Clear-Filter, Reload, and Back/Forward - [x] T088 On Operations, manually apply an Environment filter if possible, navigate away, revisit from sidebar, clear if possible, reload, and capture before/after/reload screenshots. - [x] T089 Repeat T088 for Provider Connections. - [x] T090 Repeat T088 for Finding Exceptions Queue. - [x] T091 Repeat T088 for Evidence Overview. - [x] T092 Repeat T088 for Reviews. - [x] T093 Repeat T088 for Customer Reviews. - [x] T094 Repeat T088 for Governance Inbox. - [x] T095 Repeat T088 for Decision Register. - [x] T096 Repeat T088 for Audit Log and Alerts if environment-like filters exist. - [x] T097 For each clear-filter action, update `clear-filter-inventory.md` with every required state carrier. - [x] T098 For high-risk pages, use browser back/forward after workspace-origin and environment-origin transitions and record whether stale environment filters or mismatched shell state return. ## Phase 9: Matrix Reconciliation and Final Status Assignment - [x] T099 Reconcile browser pages against `surface-inventory.md` and add any missing surface discovered during browsing. - [x] T100 Reconcile `page-matrix.md` against `surface-inventory.md` so every in-scope browser-verified page has row/origin coverage. - [x] T101 Reconcile query params observed in browser against `query-param-inventory.md`. - [x] T102 Reconcile clear-filter browser behavior against `clear-filter-inventory.md`. - [x] T103 Reconcile observed behavior to likely repo owners in `code-ownership-map.md`. - [x] T104 Assign one allowed final status to every discovered surface. - [x] T105 Confirm no final status says "likely OK". - [x] T106 Confirm Reports / Stored Reports are classified. - [x] T107 Confirm Support Requests are classified. - [x] T108 Confirm Workspace Settings, Alerts, Provider Connections, Finding Exceptions Queue, Evidence, Reviews, Customer Reviews, Operations, Governance Inbox, and Decision Register are all classified. ## Phase 10: Audit Report - [x] T109 Write `audit-report.md` Executive Summary and classify the issue as isolated, page-specific drift, or systemic context contract drift. - [x] T110 Add verified surface counts: workspace hubs, environment pages, system/platform pages, ambiguous/mixed, unreachable/dead candidates, blocked, and unresolved/ambiguous mapped to allowed statuses. - [x] T111 Summarize workspace hub behavior matrix. - [x] T112 Summarize environment page behavior matrix. - [x] T113 List mismatched scope findings. - [x] T114 Summarize clear-filter findings. - [x] T115 Summarize query parameter findings. - [x] T116 Summarize persisted filter findings. - [x] T117 Summarize code ownership map. - [x] T118 Rank risks as `critical`, `high`, `medium`, or `low` using the risk guidance from `spec.md`. - [x] T119 Recommend follow-up specs and exact order, starting from 314 unless evidence proves another order. - [x] T120 List open questions and blockers. - [x] T121 Record exact commands run, browser tooling used, screenshots generated, tests run or not run, failures, and no-runtime-change statement. ## Phase 11: Validation and Close-Out - [x] T122 Run `git diff --name-only` from repo root and confirm only files under `specs/313-workspace-environment-context-browser-verification/` changed. - [x] T123 Run `git diff --check` from repo root. - [x] T124 Confirm no files under `apps/platform/app`, `apps/platform/config`, `apps/platform/database`, `apps/platform/resources`, `apps/platform/routes`, `apps/platform/tests`, or `apps/platform/lang` changed. - [x] T125 Confirm no commits were created unless explicitly requested. - [x] T126 Confirm screenshots referenced in `page-matrix.md` exist on disk. - [x] T127 Confirm every screenshot filename is stable and under `artifacts/screenshots/`. - [x] T128 Confirm all required output files exist and are non-empty. - [x] T129 Confirm every discovered surface has one allowed final status. - [x] T130 Confirm final response includes summary, counts, highest-risk findings, generated file paths, screenshot path, recommended next spec, exact commands/results, and clear statement that no runtime fixes were made. ## Explicit Non-Goals Checklist - [x] No runtime files changed. - [x] No tests changed. - [x] No migrations changed. - [x] No seeders changed. - [x] No route files changed. - [x] No Filament pages/resources/components changed. - [x] No config files changed. - [x] No application behavior changed. - [x] No follow-up spec 314+ implementation started.