ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/313-workspace-environment-context-browser-verification/page-matrix.md
ahmido 2f7a521d5f spec: add workspace environment context browser audit (#368) 
## Summary
- add the full workspace/environment context browser verification audit for Spec 313
- include the surface matrix, query and clear-filter inventories, ownership map, and audit report
- attach browser evidence artifacts and screenshots for the current workspace/environment context contract

## Testing
- no automated tests run; this is an analysis-only spec and artifact package with no runtime changes

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #368
2026-05-16 08:51:19 +00:00

52 lines
20 KiB
Markdown
Raw Permalink Blame History

# Page Matrix
| Page | Origin | URL | Query params | Shell workspace | Shell environment | Breadcrumb | Header/title | Visible scope/filter chip | Table filter state | Data scope proven? | Clear filter exists? | Clear filter result | Reload result | Back/forward result | Screenshot | Status | Risk | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Workspace Overview | workspace_origin | `/admin/workspaces/3/overview` | none | `wp` | No environment selected | Overview | Overview | None | N/A | Shell only | N/A | N/A | N/A | N/A | `artifacts/screenshots/workspace-origin--workspace-overview.png` | `verified_workspace_scoped_hub` | low | Clear-environment POST was used to establish clean workspace origin. |
| Operations | workspace_origin | `/admin/workspaces/3/operations` | none | `wp` | No environment selected | Monitoring | Operations | All environments | No tenant filter | Yes: 9 rows across 2 envs | Generic reset/apply only | N/A | N/A | N/A | `artifacts/screenshots/workspace-origin--operations.png` | `verified_workspace_scoped_hub` | low | Workspace-wide row count matched DB coverage. |
| Operations | environment_sidebar_origin | `/admin/workspaces/3/operations` | none | `wp` | No environment selected | Monitoring | Operations | All environments | No tenant filter | Yes | No page clear needed | N/A | N/A | N/A | `artifacts/screenshots/environment-sidebar--operations.png` | `verified_workspace_scoped_hub` | medium | Sidebar from env A and env B opened workspace-wide operations. |
| Operations | environment_cta_origin | `/admin/workspaces/3/operations?managed_environment_id=4&activeTab=terminal_follow_up&problemClass=terminal_follow_up` | `managed_environment_id=4`, `activeTab`, `problemClass` | `wp` | No environment selected | Monitoring | Operations | All environments | URL prefilter did not produce clear visible env chip | Partly: rows visible but query effect unclear | No `Clear filters`; only `Clear environment scope`/Reset | No click target found for `Clear filters` | Query persisted | Back restores filtered URL; forward returns clean URL | `artifacts/screenshots/environment-cta--operations.png` | `verified_workspace_scoped_hub` | critical | URL says env 4 but UI says All environments. |
| Operations | reload | same as CTA | same | `wp` | No environment selected | Monitoring | Operations | All environments | Same as before | Partly | No | N/A | Query persisted | N/A | `artifacts/screenshots/environment-cta--operations--after-reload.png` | `verified_workspace_scoped_hub` | critical | Reload did not resolve mismatch. |
| Provider Connections | workspace_origin | `/admin/provider-connections` | none | `wp` | No environment selected | Settings | Provider Connections | None | No query filter | Yes: 2 provider rows across 2 envs | Generic reset only | N/A | N/A | N/A | `artifacts/screenshots/workspace-origin--provider-connections.png` | `verified_workspace_scoped_hub` | low | Clean origin is workspace-wide. |
| Provider Connections | environment_sidebar_origin | `/admin/provider-connections` | none | `wp` | No environment selected | Settings | Provider Connections | None | No query filter | Yes: 2 rows | No page clear; clear environment scope shown | N/A | N/A | N/A | `artifacts/screenshots/environment-sidebar--provider-connections.png` | `verified_workspace_scoped_hub` | critical | Sidebar page still exposed Integrations link with `managed_environment_id=<env slug>` from remembered context. |
| Provider Connections | environment_cta_origin | `/admin/provider-connections?managed_environment_id=<env slug>` | `managed_environment_id=b009...` | `wp` | No environment selected | Settings | Provider Connections | None | Query filter active | Yes: only env 4 provider row visible | No page clear | No `Clear filters` target; query stayed | Query stayed | Back restores filtered URL | `artifacts/screenshots/environment-cta--provider-connections.png` | `verified_workspace_scoped_hub` | critical | Data filtered while shell said no environment selected and no visible filter chip existed. |
| Finding Exceptions Queue | workspace_origin | `/admin/finding-exceptions/queue` | none | `wp` | No environment selected | Monitoring | Finding Exceptions Queue | All environments | No tenant filter | No, no rows | Yes | N/A | N/A | N/A | `artifacts/screenshots/workspace-origin--finding-exceptions-queue.png` | `blocked_missing_seed_data` | medium | Shell/filter behavior only. |
| Finding Exceptions Queue | environment_sidebar_origin | `/admin/finding-exceptions/queue?tenant=<env slug>` | `tenant=b009...` | `wp` | `YPTW2 (DEV)` | Monitoring | Finding Exceptions Queue | Environment scope: YPTW2 | Tenant query active | No, no rows | Yes | Not tested in this row | N/A | N/A | `artifacts/screenshots/environment-sidebar--finding-exceptions-queue.png` | `blocked_missing_seed_data` | high | Sidebar from environment context generated a filtered queue URL. |
| Finding Exceptions Queue | environment_cta_origin | `/admin/finding-exceptions/queue?tenant=<env slug>` | `tenant=b009...` | `wp` | `YPTW2 (DEV)` | Monitoring | Finding Exceptions Queue | Environment scope: YPTW2 | Tenant query active | No, no rows | Yes | Clicking Clear filters did not remove query | Reload restored visible filter | Back restores filtered URL | `artifacts/screenshots/environment-cta--finding-exceptions-queue.png` | `blocked_missing_seed_data` | critical | Clear is incomplete because URL remains tenant-prefiltered. |
| Evidence Overview | workspace_origin | `/admin/evidence/overview` | none | `wp` | No environment selected | Monitoring | Evidence Overview | None | No filter | No, no rows | Generic reset/apply only | N/A | N/A | N/A | `artifacts/screenshots/workspace-origin--evidence.png` | `blocked_missing_seed_data` | medium | No evidence rows in DB. |
| Evidence Overview | environment_cta_origin | `/admin/evidence/overview?managed_environment_id=4` | `managed_environment_id=4` | `wp` | No environment selected | Monitoring | Evidence Overview | Active filter ManagedEnvironment: YPTW2 | Table filter active | No, no rows | Yes | Clear redirected to `/admin/evidence/overview` | Clean after reload | Back restores filtered URL | `artifacts/screenshots/environment-cta--evidence.png` | `blocked_missing_seed_data` | medium | Best reference clear behavior among high-risk pages. |
| Evidence Overview | after_clear | `/admin/evidence/overview` | none | `wp` | No environment selected | Monitoring | Evidence Overview | No active filter | Cleared | No | Yes | URL clean | Reload remained clean | N/A | `artifacts/screenshots/environment-cta--evidence--after-clear.png` | `blocked_missing_seed_data` | low | Clear action synchronized visual state and URL. |
| Review Register | workspace_origin | `/admin/reviews` | none | `wp` | No environment selected | Reporting | Review Register | None | No filter | No, no rows | Yes | N/A | N/A | N/A | `artifacts/screenshots/workspace-origin--reviews.png` | `blocked_missing_seed_data` | medium | No environment review rows. |
| Review Register | environment_cta_origin | `/admin/reviews?managed_environment_id=4` | `managed_environment_id=4` | `wp` | No environment selected | Reporting | Review Register | Empty filtered view | Table/query mixed | No, no rows | Yes | Clicking Clear filters did not remove URL query | Query persisted after reload | N/A | `artifacts/screenshots/environment-cta--reviews.png` | `blocked_missing_seed_data` | high | Code applies `tenant`, but browser-tested `managed_environment_id` query still created an uncleared URL state. |
| Customer Review Workspace | workspace_origin | `/admin/reviews/workspace` | none | `wp` | No environment selected | Reporting | Customer Review Workspace | None | No filter | No, no review packs | Generic reset/apply only | N/A | N/A | N/A | `artifacts/screenshots/workspace-origin--customer-reviews.png` | `blocked_missing_seed_data` | medium | Customer package data absent. |
| Customer Review Workspace | environment_sidebar_origin | `/admin/reviews/workspace?tenant=<env slug>` | `tenant=b009...` | `wp` | No environment selected | Reporting | Customer Review Workspace | Clear filters visible | Tenant query converted to table filter | No, no reviews | Yes | Not tested in this row | N/A | N/A | `artifacts/screenshots/environment-sidebar--customer-reviews.png` | `blocked_missing_seed_data` | critical | Shell said no environment selected while query/filter was environment-specific. |
| Customer Review Workspace | environment_cta_origin | `/admin/reviews/workspace?tenant=<env slug>` | `tenant=b009...` | `wp` | No environment selected | Reporting | Customer Review Workspace | Filter to YPTW2 visible | Tenant query active | No | Yes | Clear removed visible filter temporarily but kept query | Reload restored visible filter | Back restores filtered URL | `artifacts/screenshots/environment-cta--customer-reviews.png` | `blocked_missing_seed_data` | critical | Customer-safe surface has stale filter reload risk. |
| Governance Inbox | workspace_origin | `/admin/governance/inbox` | none | `wp` | No environment selected | Governance | Governance inbox | Scope: All attention | No filter | Yes: operation follow-up count visible | N/A | N/A | N/A | N/A | `artifacts/screenshots/workspace-origin--governance-inbox.png` | `verified_workspace_scoped_hub` | low | Reference workspace hub. |
| Governance Inbox | environment_cta_origin | `/admin/governance/inbox?tenant=<env slug>` | `tenant=b009...` | `wp` | No environment selected | Governance | Governance inbox | ManagedEnvironment: YPTW2 | URL filter visible | Yes: visible count 3 | Yes, link | Clear link points clean URL | Not retested | N/A | `artifacts/screenshots/environment-cta--governance-inbox.png` | `verified_workspace_scoped_hub` | medium | Good visible filter, but shell still says no environment selected. |
| Decision Register | workspace_origin | `/admin/governance/decisions` | none | None | None | Error | 403 | None | N/A | N/A | N/A | N/A | N/A | N/A | `artifacts/screenshots/workspace-origin--decision-register.png` | `verified_ambiguous_or_mixed` | high | Clean workspace route blocked because no visible decisions for actor. |
| Decision Register | environment_cta_origin | `/admin/governance/decisions?managed_environment_id=4` | `managed_environment_id=4` | `wp` | No environment selected | Governance | Decision register | ManagedEnvironment: YPTW2 | URL filter active | No rows | Yes, link | Not clicked | N/A | N/A | `artifacts/screenshots/environment-cta--decision-register.png` | `verified_ambiguous_or_mixed` | high | Filtered route opens while clean route 403s. |
| Audit Log | workspace_origin | `/admin/audit-log` | none | `wp` | No environment selected | Monitoring | Audit Log | All environments | No filter | Yes: 61 logs, 2 envs | Generic reset/apply | N/A | N/A | N/A | `artifacts/screenshots/workspace-origin--audit-log.png` | `verified_workspace_scoped_hub` | low | Workspace-wide data proof. |
| Audit Log | environment_sidebar_origin | `/admin/audit-log` | none | `wp` | No environment selected | Monitoring | Audit Log | All environments | No filter | Yes | N/A | N/A | N/A | N/A | `artifacts/screenshots/environment-sidebar--audit-log.png` | `verified_workspace_scoped_hub` | medium | Clear environment scope still visible from remembered state. |
| Alerts | workspace_origin | `/admin/alerts/alert-deliveries` | none | `wp` | No environment selected | Monitoring | Alert Deliveries | All environments | No filter | No, no rows | Generic reset/apply | N/A | N/A | N/A | `artifacts/screenshots/workspace-origin--alerts.png` | `blocked_missing_seed_data` | medium | Route redirected from `/admin/alerts`. |
| Workspace Settings | workspace_origin | `/admin/settings/workspace` | none | `wp` | No environment selected | Settings | Workspace settings | None | N/A | N/A | N/A | N/A | N/A | N/A | `artifacts/screenshots/workspace-origin--workspace-settings.png` | `verified_workspace_scoped_hub` | low | Settings page only. |
| Manage Workspaces | workspace_origin | `/admin/workspaces` | none | `wp` | No environment selected | Settings | Workspaces | None | N/A | N/A | N/A | N/A | N/A | N/A | `artifacts/screenshots/workspace-origin--manage-workspaces.png` | `verified_workspace_scoped_hub` | low | Workspace management list. |
| Environment Dashboard A | environment_sidebar_origin | `/admin/workspaces/3/environments/b009...` | none | `wp` | `YPTW2 (DEV)` | Environment | YPTW2 Action needed | Environment shell | Route-owned environment | Yes | Clear environment scope | N/A | N/A | N/A | `artifacts/screenshots/environment-origin--dashboard-a.png` | `verified_environment_scoped_page` | low | Environment A active. |
| Environment Dashboard B | environment_sidebar_origin | `/admin/workspaces/3/environments/3625...` | none | `wp` | `YPTW2 (DEV)` | Environment | YPTW2 Blocked | Environment shell | Route-owned environment | Yes | Clear environment scope | N/A | N/A | N/A | `artifacts/screenshots/environment-origin--dashboard-b.png` | `verified_environment_scoped_page` | low | Environment B active; duplicate display label makes data comparison harder. |
| Required Permissions | environment_cta_origin | `/admin/workspaces/3/environments/b009.../required-permissions` | none | `wp` | `YPTW2 (DEV)` | Environment | Required permissions | Environment shell | Route-owned environment | Yes, permissions rows exist | N/A | N/A | N/A | N/A | `artifacts/screenshots/environment-cta--required-permissions.png` | `verified_environment_scoped_page` | low | Environment-owned page aligns shell and route. |
| Diagnostics | environment_cta_origin | `/admin/workspaces/3/environments/b009.../diagnostics` | none | `wp` | `YPTW2 (DEV)` | Environment | Environment Diagnostics | Environment shell | Route-owned environment | Shell only | N/A | N/A | N/A | N/A | `artifacts/screenshots/environment-cta--provider-readiness-or-diagnostics.png` | `verified_environment_scoped_page` | low | Environment-owned page aligns shell and route. |
| Inventory Items | environment_sidebar_origin | `/admin/workspaces/3/environments/b009.../inventory-items` | none | `wp` | `YPTW2 (DEV)` | Inventory | Inventory Items | Environment shell | Route-owned environment | No rows | Generic reset/apply | N/A | N/A | N/A | `artifacts/screenshots/environment-page--inventory.png` | `blocked_missing_seed_data` | medium | Inventory cluster redirects to item list. |
| Inventory Coverage | environment_sidebar_origin | `/admin/workspaces/3/environments/b009.../inventory/inventory-coverage` | none | `wp` | `YPTW2 (DEV)` | Inventory | Inventory Coverage | Environment shell | Route-owned environment | Shell only | N/A | N/A | N/A | N/A | `artifacts/screenshots/environment-page--inventory-coverage.png` | `verified_environment_scoped_page` | low | Route-owned environment. |
| Policies | environment_sidebar_origin | `/admin/workspaces/3/environments/b009.../policies` | none | `wp` | `YPTW2 (DEV)` | Inventory | Policies | Environment shell | Route-owned environment | No rows for env 4 | Generic reset/apply | N/A | N/A | N/A | `artifacts/screenshots/environment-page--policies.png` | `blocked_missing_seed_data` | medium | Policy data exists only in another workspace. |
| Findings | environment_sidebar_origin | `/admin/workspaces/3/environments/b009.../findings` | none | `wp` | `YPTW2 (DEV)` | Governance | Findings | Environment shell | Route-owned environment | No rows | Generic reset/apply | N/A | N/A | N/A | `artifacts/screenshots/environment-page--findings.png` | `blocked_missing_seed_data` | medium | Missing data. |
| Risk Exceptions | environment_sidebar_origin | `/admin/workspaces/3/environments/b009.../finding-exceptions` | none | `wp` | `YPTW2 (DEV)` | Governance | Finding Exceptions | Environment shell | Route-owned environment | No rows | Generic reset/apply | N/A | N/A | N/A | `artifacts/screenshots/environment-page--risk-exceptions.png` | `blocked_missing_seed_data` | medium | Missing data. |
| Evidence Snapshots | environment_sidebar_origin | `/admin/workspaces/3/environments/b009.../evidence` | none | `wp` | `YPTW2 (DEV)` | Governance | Evidence Snapshots | Environment shell | Route-owned environment | No rows | Generic reset/apply | N/A | N/A | N/A | `artifacts/screenshots/environment-sidebar--evidence.png` | `blocked_missing_seed_data` | medium | Environment-owned resource, distinct from Evidence Overview hub. |
| Environment Reviews | environment_sidebar_origin | `/admin/workspaces/3/environments/b009.../environment-reviews` | none | `wp` | `YPTW2 (DEV)` | Reporting | Reviews | Environment shell | Route-owned environment | No rows | Generic reset/apply | N/A | N/A | N/A | `artifacts/screenshots/environment-sidebar--reviews.png` | `blocked_missing_seed_data` | medium | Environment-owned resource, distinct from Review Register. |
| Stored Reports | environment_sidebar_origin | `/admin/workspaces/3/environments/b009.../stored-reports` | none | `wp` | `YPTW2 (DEV)` | Reporting | Stored Reports | Environment shell | Route-owned environment | Yes: 2 env 4 rows | Generic reset/apply | N/A | N/A | N/A | `artifacts/screenshots/environment-page--stored-reports.png` | `verified_environment_scoped_page` | low | Reports classified as environment-owned; no workspace report hub discovered. |
| Backup Schedules | environment_sidebar_origin | `/admin/workspaces/3/environments/b009.../backup-schedules` | none | `wp` | `YPTW2 (DEV)` | Backups | Backup Schedules | Environment shell | Route-owned environment | No rows | Generic reset/apply | N/A | N/A | N/A | `artifacts/screenshots/environment-page--backup-schedules.png` | `blocked_missing_seed_data` | medium | Missing data. |
| Backup Sets | environment_sidebar_origin | `/admin/workspaces/3/environments/b009.../backup-sets` | none | `wp` | `YPTW2 (DEV)` | Backups | Backup Sets | Environment shell | Route-owned environment | No rows | Generic reset/apply | N/A | N/A | N/A | `artifacts/screenshots/environment-page--backup-sets.png` | `blocked_missing_seed_data` | medium | Missing data. |
| Restore Runs | environment_sidebar_origin | `/admin/workspaces/3/environments/b009.../restore-runs` | none | `wp` | `YPTW2 (DEV)` | Backups | Restore Runs | Environment shell | Route-owned environment | No rows | Generic reset/apply | N/A | N/A | N/A | `artifacts/screenshots/environment-page--restore-runs.png` | `blocked_missing_seed_data` | medium | Missing data. |
| Entra Groups | environment_sidebar_origin | `/admin/workspaces/3/environments/b009.../entra-groups` | none | `wp` | `YPTW2 (DEV)` | Directory | Entra Groups | Environment shell | Route-owned environment | No rows | Generic reset/apply | N/A | N/A | N/A | `artifacts/screenshots/environment-page--groups.png` | `blocked_missing_seed_data` | medium | Missing data. |
| Baseline Compare | environment_sidebar_origin | `/admin/baseline-compare-landing?tenant=<env slug>` | `tenant=b009...` | `wp` | `YPTW2 (DEV)` | Governance | Baseline Compare | Environment shell | Query-owned environment | Shell only | N/A | N/A | N/A | N/A | `artifacts/screenshots/environment-page--baseline-compare.png` | `verified_ambiguous_or_mixed` | medium | Global page with environment query, not route-owned environment. |
| Back/Forward - Provider Connections | back_forward | filtered -> clean -> back -> forward | filtered URL restored on back | `wp` | No environment selected | Settings | Provider Connections | Hidden filter on filtered URL | Query filter | Yes | No | N/A | Back returned query; forward clean | `back-forward--provider-connections.png` | `verified_workspace_scoped_hub` | critical | Browser history can reintroduce hidden filtered provider rows. |
| Back/Forward - Customer Reviews | back_forward | filtered -> clean -> back -> forward | `tenant=<slug>` restored on back | `wp` | No environment selected | Reporting | Customer Review Workspace | Filter visible after back | Query/table filter | No data | Yes | Incomplete | Back returned query; forward clean | `back-forward--customer-reviews.png` | `blocked_missing_seed_data` | critical | Back navigation reintroduces customer review filter. |
Reference in New Issue View Git Blame Copy Permalink