ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/313-workspace-environment-context-browser-verification/page-matrix.md
ahmido 2f7a521d5f spec: add workspace environment context browser audit (#368) 
## Summary
- add the full workspace/environment context browser verification audit for Spec 313
- include the surface matrix, query and clear-filter inventories, ownership map, and audit report
- attach browser evidence artifacts and screenshots for the current workspace/environment context contract

## Testing
- no automated tests run; this is an analysis-only spec and artifact package with no runtime changes

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #368
2026-05-16 08:51:19 +00:00

20 KiB
Raw Permalink Blame History

Page Matrix

Page Origin URL Query params Shell workspace Shell environment Breadcrumb Header/title Visible scope/filter chip Table filter state Data scope proven? Clear filter exists? Clear filter result Reload result Back/forward result Screenshot Status Risk Notes
Workspace Overview workspace_origin /admin/workspaces/3/overview none wp No environment selected Overview Overview None N/A Shell only N/A N/A N/A N/A artifacts/screenshots/workspace-origin--workspace-overview.png verified_workspace_scoped_hub low Clear-environment POST was used to establish clean workspace origin.
Operations workspace_origin /admin/workspaces/3/operations none wp No environment selected Monitoring Operations All environments No tenant filter Yes: 9 rows across 2 envs Generic reset/apply only N/A N/A N/A artifacts/screenshots/workspace-origin--operations.png verified_workspace_scoped_hub low Workspace-wide row count matched DB coverage.
Operations environment_sidebar_origin /admin/workspaces/3/operations none wp No environment selected Monitoring Operations All environments No tenant filter Yes No page clear needed N/A N/A N/A artifacts/screenshots/environment-sidebar--operations.png verified_workspace_scoped_hub medium Sidebar from env A and env B opened workspace-wide operations.
Operations environment_cta_origin /admin/workspaces/3/operations?managed_environment_id=4&activeTab=terminal_follow_up&problemClass=terminal_follow_up managed_environment_id=4, activeTab, problemClass wp No environment selected Monitoring Operations All environments URL prefilter did not produce clear visible env chip Partly: rows visible but query effect unclear No Clear filters; only Clear environment scope/Reset No click target found for Clear filters Query persisted Back restores filtered URL; forward returns clean URL artifacts/screenshots/environment-cta--operations.png verified_workspace_scoped_hub critical URL says env 4 but UI says All environments.
Operations reload same as CTA same wp No environment selected Monitoring Operations All environments Same as before Partly No N/A Query persisted N/A artifacts/screenshots/environment-cta--operations--after-reload.png verified_workspace_scoped_hub critical Reload did not resolve mismatch.
Provider Connections workspace_origin /admin/provider-connections none wp No environment selected Settings Provider Connections None No query filter Yes: 2 provider rows across 2 envs Generic reset only N/A N/A N/A artifacts/screenshots/workspace-origin--provider-connections.png verified_workspace_scoped_hub low Clean origin is workspace-wide.
Provider Connections environment_sidebar_origin /admin/provider-connections none wp No environment selected Settings Provider Connections None No query filter Yes: 2 rows No page clear; clear environment scope shown N/A N/A N/A artifacts/screenshots/environment-sidebar--provider-connections.png verified_workspace_scoped_hub critical Sidebar page still exposed Integrations link with managed_environment_id=<env slug> from remembered context.
Provider Connections environment_cta_origin /admin/provider-connections?managed_environment_id=<env slug> managed_environment_id=b009... wp No environment selected Settings Provider Connections None Query filter active Yes: only env 4 provider row visible No page clear No Clear filters target; query stayed Query stayed Back restores filtered URL artifacts/screenshots/environment-cta--provider-connections.png verified_workspace_scoped_hub critical Data filtered while shell said no environment selected and no visible filter chip existed.
Finding Exceptions Queue workspace_origin /admin/finding-exceptions/queue none wp No environment selected Monitoring Finding Exceptions Queue All environments No tenant filter No, no rows Yes N/A N/A N/A artifacts/screenshots/workspace-origin--finding-exceptions-queue.png blocked_missing_seed_data medium Shell/filter behavior only.
Finding Exceptions Queue environment_sidebar_origin /admin/finding-exceptions/queue?tenant=<env slug> tenant=b009... wp YPTW2 (DEV) Monitoring Finding Exceptions Queue Environment scope: YPTW2 Tenant query active No, no rows Yes Not tested in this row N/A N/A artifacts/screenshots/environment-sidebar--finding-exceptions-queue.png blocked_missing_seed_data high Sidebar from environment context generated a filtered queue URL.
Finding Exceptions Queue environment_cta_origin /admin/finding-exceptions/queue?tenant=<env slug> tenant=b009... wp YPTW2 (DEV) Monitoring Finding Exceptions Queue Environment scope: YPTW2 Tenant query active No, no rows Yes Clicking Clear filters did not remove query Reload restored visible filter Back restores filtered URL artifacts/screenshots/environment-cta--finding-exceptions-queue.png blocked_missing_seed_data critical Clear is incomplete because URL remains tenant-prefiltered.
Evidence Overview workspace_origin /admin/evidence/overview none wp No environment selected Monitoring Evidence Overview None No filter No, no rows Generic reset/apply only N/A N/A N/A artifacts/screenshots/workspace-origin--evidence.png blocked_missing_seed_data medium No evidence rows in DB.
Evidence Overview environment_cta_origin /admin/evidence/overview?managed_environment_id=4 managed_environment_id=4 wp No environment selected Monitoring Evidence Overview Active filter ManagedEnvironment: YPTW2 Table filter active No, no rows Yes Clear redirected to /admin/evidence/overview Clean after reload Back restores filtered URL artifacts/screenshots/environment-cta--evidence.png blocked_missing_seed_data medium Best reference clear behavior among high-risk pages.
Evidence Overview after_clear /admin/evidence/overview none wp No environment selected Monitoring Evidence Overview No active filter Cleared No Yes URL clean Reload remained clean N/A artifacts/screenshots/environment-cta--evidence--after-clear.png blocked_missing_seed_data low Clear action synchronized visual state and URL.
Review Register workspace_origin /admin/reviews none wp No environment selected Reporting Review Register None No filter No, no rows Yes N/A N/A N/A artifacts/screenshots/workspace-origin--reviews.png blocked_missing_seed_data medium No environment review rows.
Review Register environment_cta_origin /admin/reviews?managed_environment_id=4 managed_environment_id=4 wp No environment selected Reporting Review Register Empty filtered view Table/query mixed No, no rows Yes Clicking Clear filters did not remove URL query Query persisted after reload N/A artifacts/screenshots/environment-cta--reviews.png blocked_missing_seed_data high Code applies tenant, but browser-tested managed_environment_id query still created an uncleared URL state.
Customer Review Workspace workspace_origin /admin/reviews/workspace none wp No environment selected Reporting Customer Review Workspace None No filter No, no review packs Generic reset/apply only N/A N/A N/A artifacts/screenshots/workspace-origin--customer-reviews.png blocked_missing_seed_data medium Customer package data absent.
Customer Review Workspace environment_sidebar_origin /admin/reviews/workspace?tenant=<env slug> tenant=b009... wp No environment selected Reporting Customer Review Workspace Clear filters visible Tenant query converted to table filter No, no reviews Yes Not tested in this row N/A N/A artifacts/screenshots/environment-sidebar--customer-reviews.png blocked_missing_seed_data critical Shell said no environment selected while query/filter was environment-specific.
Customer Review Workspace environment_cta_origin /admin/reviews/workspace?tenant=<env slug> tenant=b009... wp No environment selected Reporting Customer Review Workspace Filter to YPTW2 visible Tenant query active No Yes Clear removed visible filter temporarily but kept query Reload restored visible filter Back restores filtered URL artifacts/screenshots/environment-cta--customer-reviews.png blocked_missing_seed_data critical Customer-safe surface has stale filter reload risk.
Governance Inbox workspace_origin /admin/governance/inbox none wp No environment selected Governance Governance inbox Scope: All attention No filter Yes: operation follow-up count visible N/A N/A N/A N/A artifacts/screenshots/workspace-origin--governance-inbox.png verified_workspace_scoped_hub low Reference workspace hub.
Governance Inbox environment_cta_origin /admin/governance/inbox?tenant=<env slug> tenant=b009... wp No environment selected Governance Governance inbox ManagedEnvironment: YPTW2 URL filter visible Yes: visible count 3 Yes, link Clear link points clean URL Not retested N/A artifacts/screenshots/environment-cta--governance-inbox.png verified_workspace_scoped_hub medium Good visible filter, but shell still says no environment selected.
Decision Register workspace_origin /admin/governance/decisions none None None Error 403 None N/A N/A N/A N/A N/A N/A artifacts/screenshots/workspace-origin--decision-register.png verified_ambiguous_or_mixed high Clean workspace route blocked because no visible decisions for actor.
Decision Register environment_cta_origin /admin/governance/decisions?managed_environment_id=4 managed_environment_id=4 wp No environment selected Governance Decision register ManagedEnvironment: YPTW2 URL filter active No rows Yes, link Not clicked N/A N/A artifacts/screenshots/environment-cta--decision-register.png verified_ambiguous_or_mixed high Filtered route opens while clean route 403s.
Audit Log workspace_origin /admin/audit-log none wp No environment selected Monitoring Audit Log All environments No filter Yes: 61 logs, 2 envs Generic reset/apply N/A N/A N/A artifacts/screenshots/workspace-origin--audit-log.png verified_workspace_scoped_hub low Workspace-wide data proof.
Audit Log environment_sidebar_origin /admin/audit-log none wp No environment selected Monitoring Audit Log All environments No filter Yes N/A N/A N/A N/A artifacts/screenshots/environment-sidebar--audit-log.png verified_workspace_scoped_hub medium Clear environment scope still visible from remembered state.
Alerts workspace_origin /admin/alerts/alert-deliveries none wp No environment selected Monitoring Alert Deliveries All environments No filter No, no rows Generic reset/apply N/A N/A N/A artifacts/screenshots/workspace-origin--alerts.png blocked_missing_seed_data medium Route redirected from /admin/alerts.
Workspace Settings workspace_origin /admin/settings/workspace none wp No environment selected Settings Workspace settings None N/A N/A N/A N/A N/A N/A artifacts/screenshots/workspace-origin--workspace-settings.png verified_workspace_scoped_hub low Settings page only.
Manage Workspaces workspace_origin /admin/workspaces none wp No environment selected Settings Workspaces None N/A N/A N/A N/A N/A N/A artifacts/screenshots/workspace-origin--manage-workspaces.png verified_workspace_scoped_hub low Workspace management list.
Environment Dashboard A environment_sidebar_origin /admin/workspaces/3/environments/b009... none wp YPTW2 (DEV) Environment YPTW2 Action needed Environment shell Route-owned environment Yes Clear environment scope N/A N/A N/A artifacts/screenshots/environment-origin--dashboard-a.png verified_environment_scoped_page low Environment A active.
Environment Dashboard B environment_sidebar_origin /admin/workspaces/3/environments/3625... none wp YPTW2 (DEV) Environment YPTW2 Blocked Environment shell Route-owned environment Yes Clear environment scope N/A N/A N/A artifacts/screenshots/environment-origin--dashboard-b.png verified_environment_scoped_page low Environment B active; duplicate display label makes data comparison harder.
Required Permissions environment_cta_origin /admin/workspaces/3/environments/b009.../required-permissions none wp YPTW2 (DEV) Environment Required permissions Environment shell Route-owned environment Yes, permissions rows exist N/A N/A N/A N/A artifacts/screenshots/environment-cta--required-permissions.png verified_environment_scoped_page low Environment-owned page aligns shell and route.
Diagnostics environment_cta_origin /admin/workspaces/3/environments/b009.../diagnostics none wp YPTW2 (DEV) Environment Environment Diagnostics Environment shell Route-owned environment Shell only N/A N/A N/A N/A artifacts/screenshots/environment-cta--provider-readiness-or-diagnostics.png verified_environment_scoped_page low Environment-owned page aligns shell and route.
Inventory Items environment_sidebar_origin /admin/workspaces/3/environments/b009.../inventory-items none wp YPTW2 (DEV) Inventory Inventory Items Environment shell Route-owned environment No rows Generic reset/apply N/A N/A N/A artifacts/screenshots/environment-page--inventory.png blocked_missing_seed_data medium Inventory cluster redirects to item list.
Inventory Coverage environment_sidebar_origin /admin/workspaces/3/environments/b009.../inventory/inventory-coverage none wp YPTW2 (DEV) Inventory Inventory Coverage Environment shell Route-owned environment Shell only N/A N/A N/A N/A artifacts/screenshots/environment-page--inventory-coverage.png verified_environment_scoped_page low Route-owned environment.
Policies environment_sidebar_origin /admin/workspaces/3/environments/b009.../policies none wp YPTW2 (DEV) Inventory Policies Environment shell Route-owned environment No rows for env 4 Generic reset/apply N/A N/A N/A artifacts/screenshots/environment-page--policies.png blocked_missing_seed_data medium Policy data exists only in another workspace.
Findings environment_sidebar_origin /admin/workspaces/3/environments/b009.../findings none wp YPTW2 (DEV) Governance Findings Environment shell Route-owned environment No rows Generic reset/apply N/A N/A N/A artifacts/screenshots/environment-page--findings.png blocked_missing_seed_data medium Missing data.
Risk Exceptions environment_sidebar_origin /admin/workspaces/3/environments/b009.../finding-exceptions none wp YPTW2 (DEV) Governance Finding Exceptions Environment shell Route-owned environment No rows Generic reset/apply N/A N/A N/A artifacts/screenshots/environment-page--risk-exceptions.png blocked_missing_seed_data medium Missing data.
Evidence Snapshots environment_sidebar_origin /admin/workspaces/3/environments/b009.../evidence none wp YPTW2 (DEV) Governance Evidence Snapshots Environment shell Route-owned environment No rows Generic reset/apply N/A N/A N/A artifacts/screenshots/environment-sidebar--evidence.png blocked_missing_seed_data medium Environment-owned resource, distinct from Evidence Overview hub.
Environment Reviews environment_sidebar_origin /admin/workspaces/3/environments/b009.../environment-reviews none wp YPTW2 (DEV) Reporting Reviews Environment shell Route-owned environment No rows Generic reset/apply N/A N/A N/A artifacts/screenshots/environment-sidebar--reviews.png blocked_missing_seed_data medium Environment-owned resource, distinct from Review Register.
Stored Reports environment_sidebar_origin /admin/workspaces/3/environments/b009.../stored-reports none wp YPTW2 (DEV) Reporting Stored Reports Environment shell Route-owned environment Yes: 2 env 4 rows Generic reset/apply N/A N/A N/A artifacts/screenshots/environment-page--stored-reports.png verified_environment_scoped_page low Reports classified as environment-owned; no workspace report hub discovered.
Backup Schedules environment_sidebar_origin /admin/workspaces/3/environments/b009.../backup-schedules none wp YPTW2 (DEV) Backups Backup Schedules Environment shell Route-owned environment No rows Generic reset/apply N/A N/A N/A artifacts/screenshots/environment-page--backup-schedules.png blocked_missing_seed_data medium Missing data.
Backup Sets environment_sidebar_origin /admin/workspaces/3/environments/b009.../backup-sets none wp YPTW2 (DEV) Backups Backup Sets Environment shell Route-owned environment No rows Generic reset/apply N/A N/A N/A artifacts/screenshots/environment-page--backup-sets.png blocked_missing_seed_data medium Missing data.
Restore Runs environment_sidebar_origin /admin/workspaces/3/environments/b009.../restore-runs none wp YPTW2 (DEV) Backups Restore Runs Environment shell Route-owned environment No rows Generic reset/apply N/A N/A N/A artifacts/screenshots/environment-page--restore-runs.png blocked_missing_seed_data medium Missing data.
Entra Groups environment_sidebar_origin /admin/workspaces/3/environments/b009.../entra-groups none wp YPTW2 (DEV) Directory Entra Groups Environment shell Route-owned environment No rows Generic reset/apply N/A N/A N/A artifacts/screenshots/environment-page--groups.png blocked_missing_seed_data medium Missing data.
Baseline Compare environment_sidebar_origin /admin/baseline-compare-landing?tenant=<env slug> tenant=b009... wp YPTW2 (DEV) Governance Baseline Compare Environment shell Query-owned environment Shell only N/A N/A N/A N/A artifacts/screenshots/environment-page--baseline-compare.png verified_ambiguous_or_mixed medium Global page with environment query, not route-owned environment.
Back/Forward - Provider Connections back_forward filtered -> clean -> back -> forward filtered URL restored on back wp No environment selected Settings Provider Connections Hidden filter on filtered URL Query filter Yes No N/A Back returned query; forward clean back-forward--provider-connections.png verified_workspace_scoped_hub critical Browser history can reintroduce hidden filtered provider rows.
Back/Forward - Customer Reviews back_forward filtered -> clean -> back -> forward tenant=<slug> restored on back wp No environment selected Reporting Customer Review Workspace Filter visible after back Query/table filter No data Yes Incomplete Back returned query; forward clean back-forward--customer-reviews.png blocked_missing_seed_data critical Back navigation reintroduces customer review filter.