TenantAtlas/specs/340-post-scope-contract-browser-verification-gate/scope-verification-matrix.md

# Spec 340 Scope Verification Matrix

| Page / Surface | Origin | URL / Query | Shell | Sidebar | Breadcrumb / Header | Visible Filter Evidence | Reload / Back-Forward | Screenshot | Status | Finding ID |
|---|---|---|---|---|---|---|---|---|---|---|
| Workspace Overview | Clean Workspace | `/admin/workspaces/{workspace}/overview` | Workspace | Workspace scope indicator | Workspace name visible | No environment filter | N/A | Not captured | pass | - |
| Operations | Clean Workspace | `/admin/workspaces/{workspace}/operations` | Workspace Hub | Workspace scope indicator | `Operations Hub` / workbench copy | No `environment_id`, no filter chip | Existing Spec322 reload posture; Spec340 representative check passed | Not captured | pass | - |
| Operations | Environment origin filtered entry | `/admin/workspaces/{workspace}/operations?environment_id=<environment>` | Workspace Hub | Workspace scope indicator | `Operations Hub` | `Environment filter:` chip with clear link | Spec340 reload check passed | Not captured | pass | - |
| Provider Connections List | Clean Workspace + remembered environment | `/admin/provider-connections` | Workspace Hub | Workspace scope indicator | Provider Connections table | No hidden remembered filter | N/A | Not captured | pass | - |
| Provider Connections List | Filtered Hub | `/admin/provider-connections?environment_id=<environment>` | Workspace Hub | Workspace scope indicator | Provider Connections table | `Environment filter:` chip and create link carries `environment_id` | Spec340 clear/back/forward check passed | Not captured | pass | - |
| Provider Connections Create | Clean Workspace | `/admin/provider-connections/create` | Authorization boundary | N/A | Error / blocked page expected | No environment authority | N/A | Not captured | pass | - |
| Provider Connection View | Record route | `/admin/provider-connections/{record}` | Record-derived | Workspace scope indicator | Provider connection name and target scope visible | Optional `environment_id` is record-derived and matched to the connection environment | N/A | Not captured | pass | - |
| Provider Connection Edit | Filtered record route | `/admin/provider-connections/{record}/edit?environment_id=<environment>` | Record-derived + explicit query | Workspace scope indicator | Provider connection name visible | Explicit `environment_id` query | N/A | Not captured | pass | - |
| Evidence Overview | Clean Workspace | `/admin/evidence/overview` | Workspace Hub | Workspace scope indicator | Evidence proof workbench | No environment filter | Existing Spec322 reload/back-forward posture | Not captured | pass | - |
| Alerts | Clean Workspace | `/admin/alerts` | Workspace Hub | Workspace scope indicator | Alerts heading | No environment filter | N/A | Not captured | pass | - |
| Audit Log | Clean Workspace | `/admin/audit-log` | Workspace Hub | Workspace scope indicator | Audit Log heading | No environment filter | N/A | Not captured | pass | - |
| Review Register | Clean Workspace | `/admin/reviews` | Workspace Hub | Workspace scope indicator | Review Register heading | No environment filter | N/A | Not captured | pass | - |
| Customer Review Workspace | Clean Workspace | `/admin/reviews/workspace` | Workspace Hub | Workspace scope indicator | Customer Review Workspace heading | No environment filter | N/A | Not captured | pass | - |
| Governance Inbox | Clean Workspace | `/admin/governance/inbox` | Workspace Hub | Workspace scope indicator | Governance Inbox heading | No environment filter | N/A | Not captured | pass | - |
| Decision Register | Clean Workspace | `/admin/governance/decisions` | Workspace Hub | Workspace scope indicator | Decision Register heading | No environment filter | N/A | Not captured | pass | - |
| Finding Exceptions Queue | Clean Workspace | `/admin/finding-exceptions/queue` | Workspace Hub | Workspace scope indicator | Finding exceptions queue text | No environment filter | N/A | Not captured | pass | - |
| Baseline Profiles | Clean Workspace | `/admin/baseline-profiles` | Workspace-owned analysis | Workspace scope indicator | Baseline Profiles heading | No environment filter | N/A | Not captured | pass | - |
| Baseline Snapshots | Clean Workspace | `/admin/baseline-snapshots` | Workspace-owned analysis | Workspace scope indicator | Baseline Snapshots heading | No environment filter | N/A | Not captured | pass | - |
| Environment Dashboard | Environment origin | `/admin/workspaces/{workspace}/environments/{environment}` | Environment | Environment scope indicator | Environment name visible | Route-owned environment, no `environment_id` query | N/A | Not captured | pass | - |

## Coverage Notes

- Browser automation uses `apps/platform/tests/Browser/Spec340PostScopeContractVerificationSmokeTest.php`.
- Existing related browser coverage remains relevant context:
  - `Spec322WorkspaceHubNoDriftSmokeTest`
  - `Spec322EnvironmentOwnedSurfaceSmokeTest`
  - `Spec338ScopeContractSmokeTest`
- The matrix is intentionally representative for reload/back-forward instead of exhaustive across every hub, matching the fixture-cost limits in the active plan.