ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/313-workspace-environment-context-browser-verification/code-ownership-map.md
ahmido 2f7a521d5f spec: add workspace environment context browser audit (#368) 
## Summary
- add the full workspace/environment context browser verification audit for Spec 313
- include the surface matrix, query and clear-filter inventories, ownership map, and audit report
- attach browser evidence artifacts and screenshots for the current workspace/environment context contract

## Testing
- no automated tests run; this is an analysis-only spec and artifact package with no runtime changes

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #368
2026-05-16 08:51:19 +00:00

30 lines
6.9 KiB
Markdown
Raw Permalink Blame History

# Code Ownership Map
| Behavior | File | Class/method/view | Pages affected | Risk | Notes |
|---|---|---|---|---|---|
| Workspace sidebar URLs | `apps/platform/app/Support/Navigation/WorkspaceSidebarNavigation.php` | `build()` | Operations, Provider Connections, Finding Exceptions, Reviews, Customer Reviews, Governance, Alerts, Audit | critical | Workspace builder emits clean URLs, but provider links can still regain query after page hydration/context resolution. |
| Admin panel navigation registration | `apps/platform/app/Providers/Filament/AdminPanelProvider.php` | panel registration/navigation closure | All admin resources/pages | high | Registers custom workspace sidebar, environment-aware render hooks, pages, resources, and middleware. |
| Environment dashboard CTA URLs | `apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummaryBuilder.php` | card/link builders | Operations, reviews, evidence, required permissions, backup, risks | critical | Dashboard CTAs mix workspace hub URLs with explicit filters and environment-owned resource URLs. |
| Environment dashboard support actions | `apps/platform/app/Filament/Pages/EnvironmentDashboard.php` | support request actions | Support Requests, Environment Dashboard | medium | Support request is modal/action-only, not a list page. Not submitted in audit. |
| Context bar and clear environment scope | `apps/platform/resources/views/filament/partials/context-bar.blade.php` | clear environment forms | Shell/global navigation | critical | Browser showed "Clear environment scope" available on several workspace pages even while shell text said "No environment selected". |
| Clear environment session handler | `apps/platform/app/Http/Controllers/ClearEnvironmentContextController.php` | `__invoke()` | Shell context and route redirects | high | Clears remembered tenant and Filament tenant, then redirects based on previous path category. |
| Shell context resolver | `apps/platform/app/Support/OperateHub/OperateHubShell.php` | active tenant/scope/header actions | Operations, Finding Exceptions, Audit, evidence-like monitoring pages | critical | Combines route/query/page category/remembered tenant state. Mismatch observed when shell showed no environment but stale clear environment action remained. |
| Remembered tenant/session map | `apps/platform/app/Support/Workspaces/WorkspaceContext.php` | `rememberTenantContext()`, `lastTenantId()`, `clearRememberedTenantContext()` | All workspace hubs | critical | Session carrier can influence navigation/helper output after shell context appears cleared. |
| Provider connection filter behavior | `apps/platform/app/Filament/Resources/ProviderConnectionResource.php` | `resolveRequestedTenantExternalId()`, `resolveContextTenantExternalId()`, table query | Provider Connections | critical | `managed_environment_id` means slug/external id here. Context fallback can use remembered tenant. No browser-observed page clear. |
| Provider connection link helper | `apps/platform/app/Support/ManagedEnvironmentLinks.php` | `providerConnectionsUrl()` | Provider Connections | critical | Adds `managed_environment_id` as environment external id/slug. |
| Operations URL helper | `apps/platform/app/Support/OperationRunLinks.php` | `index()` | Operations and operation links | high | Adds database id `managed_environment_id`, `tenant_scope=all`, `activeTab`, `problemClass`, and nested `tableFilters`. |
| Operations filter hydration | `apps/platform/app/Filament/Pages/Monitoring/Operations.php` | `applyRequestedDashboardPrefilter()`, header actions | Operations | critical | Browser showed URL prefilter without visible environment narrowing; show-all action exists in code but was not exposed as `Clear filters` in tested CTA state. |
| Finding exceptions filter behavior | `apps/platform/app/Filament/Pages/Monitoring/FindingExceptionsQueue.php` | state contract, `mount()`, clear actions | Finding Exceptions Queue | critical | `tenant` query is tenant-sensitive and restorable. Clear did not remove query; reload restored filter. |
| Finding exceptions open controller | `apps/platform/app/Http/Controllers/OpenFindingExceptionsQueueController.php` | redirect with `tenant` | Finding Exceptions Queue | high | Environment-owned entry point to workspace queue. |
| Evidence filter behavior | `apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php` | `clearOverviewFilters()`, table records | Evidence Overview | medium | Best clear pattern: resets table/session/search and redirects to clean overview URL. |
| Review register filter behavior | `apps/platform/app/Filament/Pages/Reviews/ReviewRegister.php` | `applyRequestedTenantPrefilter()`, `clearRegisterFilters()` | Reviews | high | Code applies `tenant` query, but tested `managed_environment_id` URL remained after clear; clear only removes table filters. |
| Customer review workspace filter behavior | `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` | `tenantPrefilterUrl()`, `applyRequestedTenantPrefilter()`, `clearWorkspaceFilters()` | Customer Reviews | critical | Query `tenant=<slug>` converted to table filter; clear removes table filters only and leaves query. Reload restores filter. |
| Governance inbox query behavior | `apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php` | `pageUrl()`, clear environment link/view | Governance Inbox | medium | Browser showed visible `ManagedEnvironment: YPTW2` and clean clear link. |
| Decision register query/access behavior | `apps/platform/app/Filament/Pages/Governance/DecisionRegister.php` | `canAccess()`, `pageUrl()` | Decision Register | high | Clean workspace URL 403 when no visible decisions; filtered URL bypassed that path and opened. |
| Audit log filters | `apps/platform/app/Filament/Pages/Monitoring/AuditLog.php` | state contract/table filters | Audit Log | medium | Workspace-wide data proof exists; persisted filter edge still needs regression guard. |
| Canonical filter/session helper | `apps/platform/app/Support/Filament/CanonicalAdminTenantFilterState.php` | `sync()`, `currentFilterValue()` | Operations, Reviews, monitoring pages | high | Session table filters can survive beyond sidebar intent. |
| Required permissions links | `apps/platform/app/Support/Links/RequiredPermissionsLinks.php` | required permissions URL builder | Required Permissions | low | Environment-owned route; shell/header aligned. |
| Stored reports resource | `apps/platform/app/Filament/Resources/StoredReportResource.php` | route/table/query | Stored Reports | low | Environment-scoped resource; 2 env rows exist. No workspace reports hub found. |
| Support request services | `apps/platform/app/Support/SupportRequests/*`, `apps/platform/app/Models/SupportRequest.php` | create modal submission | Support Requests | medium | Action-only support surface. No admin index route/resource discovered. |
| System panel pages | `apps/platform/app/Filament/System/Pages/*` | platform panel | System/admin platform | low | Classified as system/platform scoped and not part of admin workspace context contract. |
Reference in New Issue View Git Blame Copy Permalink