create(); $this->actingAs($user) ->get('/admin/operations') ->assertRedirect(); }); it('returns 404 for non-workspace-members on central operation run detail', function (): void { $workspace = Workspace::factory()->create(); $user = User::factory()->create(); session()->forget(WorkspaceContext::SESSION_KEY); $run = OperationRun::factory()->create([ 'workspace_id' => (int) $workspace->getKey(), 'tenant_id' => null, 'type' => 'provider.connection.check', 'status' => OperationRunStatus::Queued->value, 'outcome' => OperationRunOutcome::Pending->value, 'context' => [ 'verification_report' => VerificationReportWriter::build('provider.connection.check', [ [ 'key' => 'provider_connection', 'title' => 'Provider connection preflight', 'status' => 'fail', 'severity' => 'critical', 'blocking' => true, 'reason_code' => 'provider_connection_missing', 'message' => 'No provider connection configured.', 'evidence' => [], 'next_steps' => [], ], ]), ], ]); $this->actingAs($user) ->get("/admin/operations/{$run->getKey()}") ->assertNotFound(); }); it('returns 404 for non-entitled users on tenant dashboard direct access', function (): void { $tenantA = Tenant::factory()->create(); [$user, $tenantA] = createUserWithTenant($tenantA, role: 'owner'); $tenantB = Tenant::factory()->create([ 'workspace_id' => (int) $tenantA->workspace_id, ]); $this->actingAs($user) ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id]) ->get(TenantDashboard::getUrl(panel: 'tenant', tenant: $tenantB)) ->assertNotFound(); });