ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/318-admin-surface-scope-shell-context-audit/mismatch-findings.md
ahmido 1c27af4f5f spec: add admin surface scope shell context audit (#373) 
## Summary
- add Spec 318 audit artifacts for admin surface scope and shell context consistency after Specs 314-317
- document browser-backed findings for workspace hubs, environment-scoped pages, filtered workspace hubs, and mismatch cases
- capture recommended follow-up specs for baseline compare, baseline ownership, alerts/audit filter contracts, classifier regression coverage, and sidebar scope declarations

## Testing
- not run; analysis-only spec artifacts with no runtime or test code changes

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #373
2026-05-16 18:32:11 +00:00

2.8 KiB
Raw Permalink Blame History

Mismatch Findings

ID Risk Finding Browser/code evidence Suspected code seam Recommended direction
M1 critical Baseline Compare URLs are not self-sufficient Direct clean and direct environment_id URLs return 403 after clearing environment context; environment sidebar works only with remembered context. BaselineCompareLanding, UsesAdminEnvironmentFilterQueryParameter, OperateHubShell Move to route-bound environment URL or explicitly resolve environment_id before access checks.
M2 high Baseline Profiles/Snapshots workspace data with environment shell Resources query workspace_id but environment sidebar/reload show YPTW2 shell on clean URLs. BaselineProfileResource, BaselineSnapshotResource, AdminSurfaceScope WorkspaceScoped Declare as workspace hubs/environmentless or move to environment-bound routing.
M7 high Audit Log filtered URL lacks visible environment chip /admin/audit-log?environment_id=4 preserves the query and keeps an environmentless shell, but the page does not show a visible Environment filter chip. AuditLog, WorkspaceHubRegistry, CanonicalAdminEnvironmentFilterState Either implement the filtered workspace hub chip/clear contract or reject/strip environment_id for Audit Log.
M3 medium Alerts filtered hub contract gap /admin/alerts?environment_id=4 drops query on redirect; child URLs show All environments and no chip. AlertsCluster, Alert resources, WorkspaceHubRegistry Either implement filtered hub chip/data filtering or strip/reject environment_id intentionally.
M4 medium Unregistered workspace analysis pages inherit remembered environment My Findings, Intake, Hygiene, Cross-environment Compare, and baseline detail/matrix pages show active env on clean URLs from env context. AdminSurfaceScope WorkspaceScoped allows remembered restore Add explicit classifier entries or make remembered restore opt-in.
M5 low Environment sidebar mixes workspace hubs and environment pages Most workspace hub rows behave correctly, but baseline rows do not match the same rule. AdminPanelProvider navigation, WorkspaceSidebarNavigation Add sidebar item scope declarations and regression coverage.
M6 low Managed environment edit tested path is dead /admin/workspaces/3/environments/{environment}/edit returned 404. ManagedEnvironmentResource registration Mark dead unless another edit URL is intended.

Status Counts From Matrix

  • OK: 135
  • blocked: 1
  • dead/unreachable: 1
  • mismatch: 24

Classification Counts From Matrix Rows

  • Canonical workspace record viewer: 2
  • Environment-scoped page: 50
  • Filtered workspace hub: 28
  • Onboarding workflow: 1
  • System/platform scoped page: 3
  • Workspace-scoped analysis page: 8
  • Workspace-scoped baseline surface: 14
  • Workspace-scoped hub: 55