ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/340-post-scope-contract-browser-verification-gate/spec.md
ahmido a3b21c48d8 test: add post-scope contract browser verification gate (340) (#411) 
## Summary
- add the Spec 340 browser verification gate package for the post-338/339 workspace and environment scope contract
- add a bounded Pest browser smoke that verifies clean workspace origin, environment origin, explicit `environment_id` hub filtering, remembered-environment non-authority, and Provider Connections create/view/edit authority signals
- record the verification inventory, matrix, findings, checklist, and audit report under `specs/340-post-scope-contract-browser-verification-gate/`
- document a `GO` recommendation with no confirmed P1/P2 drift and one backlog wording follow-up
- keep the change verification-only with no runtime behavior, schema, or route-family changes

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec340PostScopeContractVerificationSmokeTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections --filter=ScopeHardening`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `git diff --check --no-index /dev/null apps/platform/tests/Browser/Spec340PostScopeContractVerificationSmokeTest.php`
- `git diff --check`

## Notes
- Livewire v4 compliance unchanged
- Filament provider registration remains in `apps/platform/bootstrap/providers.php`
- no globally searchable resource behavior changed
- no destructive action behavior changed or executed in this verification gate
- no new Filament assets; deploy `filament:assets` posture is unchanged

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #411
2026-05-31 14:37:30 +00:00

358 lines
27 KiB
Markdown
Raw Permalink Blame History

# Feature Specification: Spec 340 - Post-Scope Contract Browser Verification Gate
**Feature Branch**: `340-post-scope-contract-browser-verification-gate`
**Created**: 2026-05-31
**Status**: Draft
**Input**: User-provided Spec 340 draft from attachment plus repo inspection after Specs 338 and 339.
## Spec Candidate Check *(mandatory — SPEC-GATE-001)*
- **Problem**: Specs 338 and 339 hardened the workspace/environment scope contract and Provider Connection authority, but the original risk was browser-level product confusion: operators could misread workspace-wide hubs as environment-owned pages, topbar context as a hidden filter, or credential-adjacent Provider Connection create behavior as implicitly authorized.
- **Today's failure**: Automated Feature tests prove many policy/query contracts, but they do not prove that the actual browser experience consistently shows whether the user is in Workspace mode, Environment mode, or a Workspace Hub filtered by `environment_id`.
- **User-visible improvement**: Before opening new feature or cleanup specs, operators and reviewers get a concrete browser go/no-go report proving whether the current UI communicates the scope contract correctly across Workspace Sidebar, Environment Sidebar, Topbar, hub filters, environment-to-hub links, Provider Connections, Baselines, Evidence, Operations, Alerts, Audit Log, Reviews, Governance Inbox, and Decision Register.
- **Smallest enterprise-capable version**: A verification-first gate that produces a repo-based surface inventory, browser matrix, screenshot evidence where useful, P1/P2/P3/backlog findings, and explicit go/no-go status. It does not redesign surfaces or introduce new runtime features.
- **Explicit non-goals**: No broad UI redesign, no new product feature, no schema changes, no provider/OAuth redesign, no reopening completed Specs 313/322/338/339, no automatic chain of 341+ follow-up specs, no runtime fix unless a Spec 340 browser or test reproduction proves a narrow in-scope contract break and the active artifacts are updated first.
- **Permanent complexity imported**: One bounded QA/spec package and optional focused browser regression coverage; no new persisted truth, status family, domain abstraction, provider framework, or UI taxonomy.
- **Why now**: The user-provided draft and latest branch context state that after Spec 339 the next safe step is a browser/IA verification gate, not another feature or cleanup spec. This prevents feature work from building on unclear scope semantics.
- **Why not local**: Checking one page locally would miss cross-surface drift. The contract must be verified through representative browser paths from Workspace origin, Environment origin, filtered hub entry, reload/back-forward state, and credential-adjacent Provider Connection flows.
- **Approval class**: Core Enterprise (scope/RBAC/credential-adjacent trust gate).
- **Red flags triggered**: Many surfaces + browser coverage. **Defense**: this is verification-first, bounded to current repo truth, imports no new runtime model, and escalates concrete drift instead of broad refactoring.
- **Score**: Nutzen: 2 | Dringlichkeit: 2 | Scope: 2 | Komplexität: 2 | Produktnähe: 2 | Wiederverwendung: 1 | **Gesamt: 11/12**
- **Decision**: approve.
## Summary
Spec 340 is a post-scope-contract browser verification gate. It verifies whether the current product experience matches the contracts hardened by Specs 338 and 339:
- Workspace shell and sidebar show workspace-owned, workspace-hub, portfolio, and system surfaces.
- Environment shell and sidebar show environment-owned detail surfaces as primary context.
- Workspace Hubs use explicit local filters such as `environment_id`, not remembered environment or topbar magic.
- Environment pages link to Workspace Hubs through explicit filtered links when a narrowed view is intended.
- Provider Connections require explicit environment authority for create and record-derived authority for view/edit/actions.
- Findings are classified into P1, P2, P3, and backlog, with a go/no-go recommendation before new feature work resumes.
## Completed-Spec Guardrail Result
Related existing specs are context only:
- `specs/313-workspace-environment-context-browser-verification/` already contains completed browser audit tasks and artifacts. It is not a refresh target.
- `specs/322-browser-no-drift-regression-guard/` already contains completed regression-guard tasks and validation notes. It is not a refresh target.
- `specs/338-workspace-environment-resource-scope-contract/` has completed implementation task markers for the scope/link/query contract. It is not modified.
- `specs/339-provider-connection-scope-hardening/` has completed implementation task markers for Provider Connection authority hardening. It is not modified.
Spec 340 uses these packages as dependency evidence only and preserves their implementation history.
## Spec Scope Fields *(mandatory)*
- **Scope**: canonical-view / browser verification gate.
- **Primary routes and surfaces**:
- Workspace shell/sidebar and Workspace Overview.
- Environment Dashboard and environment-owned detail routes.
- Workspace Hubs: Operations, Alerts, Audit Log, Evidence Overview, Provider Connections, Review Register, Customer Review Workspace, Governance Inbox, Decision Register, Finding Exceptions Queue where reachable.
- Workspace-owned portfolio/configuration surfaces: Baseline Profiles, Baseline Snapshots, Managed Environments, Workspace Settings, Alert Rules, Alert Destinations.
- Provider Connections list, create, view, edit, and credential-adjacent actions where reachable in browser verification.
- **Data Ownership**: no data model or schema change. Verification distinguishes workspace-owned records, environment-owned records, workspace hub filters, and credential-adjacent provider records.
- **RBAC**: no new capabilities. Browser verification must respect existing workspace membership, managed-environment entitlement, and capability enforcement. Out-of-scope/non-member access remains deny-as-not-found; member-missing-capability remains forbidden where current policy requires it.
For canonical-view verification:
- **Default filter behavior when environment context is active**: Workspace Hubs must not silently infer a filter from remembered environment or the topbar. If narrowed by environment, the page must expose explicit `environment_id` query/filter state or visible filter affordance.
- **Explicit entitlement checks preventing cross-environment leakage**: Any `environment_id` used in a hub URL must be validated against current workspace and actor entitlement by existing runtime code; browser verification records whether wrong or missing context is blocked safely.
## Verification Taxonomy
### A. Workspace-owned source of truth
Examples: Workspace Overview, Managed Environments, Alert Rules, Alert Destinations, Workspace Settings, Baseline Profiles, Baseline Snapshots.
Expected browser signal: workspace shell/sidebar; no environment-owned claim; links to environment details remain explicit.
### B. Workspace Hub with local environment filter
Examples: Operations, Alerts, Audit Log, Evidence Overview, Provider Connections, Review Register, Customer Review Workspace, Governance Inbox, Decision Register, Finding Exceptions Queue.
Expected browser signal: workspace shell/sidebar; visible local filter or URL query when narrowed; no hidden topbar/remembered-environment filtering.
### C. Environment-owned detail surface
Examples: Environment Dashboard and environment route-owned child/detail surfaces.
Expected browser signal: environment in route and shell; primary Environment Sidebar entries are environment-owned.
### D. Credential-adjacent provider surface
Example: Provider Connections.
Expected browser signal: list/view/actions derive authority from workspace context, explicit `environment_id`, or record ownership; create without explicit environment is blocked or guided safely.
## UI Surface Impact *(mandatory — UI-COV-001)*
Does this spec add, remove, rename, or materially change any reachable UI surface?
- [x] No UI surface impact
- [ ] Existing page changed
- [ ] New page/route added
- [ ] Navigation changed
- [ ] Filament panel/provider surface changed
- [ ] New modal/drawer/wizard/action added
- [ ] New table/form/state added
- [ ] Customer-facing surface changed
- [ ] Dangerous action changed
- [ ] Status/evidence/review presentation changed
- [ ] Workspace/environment context presentation changed
No-impact rationale: Spec 340 prepares and later executes a verification gate over existing reachable surfaces. If implementation evidence proves a narrow runtime UI fix is necessary, the implementer must first update the active spec/plan/tasks UI impact decision or split a follow-up spec before changing runtime UI.
## UI/Productization Coverage *(mandatory)*
N/A - no planned reachable UI surface impact. The feature verifies existing UI/productization coverage rather than adding or materially changing a surface.
If browser evidence reveals contract drift:
- P1/P2 drift must be documented with page, URL, origin, screenshot path, expected contract, actual behavior, and the smallest safe next action.
- Runtime fixes require an updated UI impact decision in this active package or a follow-up spec.
- Completed historical specs must not be rewritten to remove close-out, validation, or completed-task evidence.
## Cross-Cutting / Shared Pattern Reuse *(mandatory)*
- **Cross-cutting feature?**: yes, verification touches navigation, scope presentation, deep links, filters, Provider Connection authority, and browser evidence.
- **Interaction classes**: navigation entry points, status/scope messaging, action links, hub filters, credential-adjacent action affordances.
- **Existing patterns to verify/reuse**:
- `AdminSurfaceScope`
- `WorkspaceHubRegistry`
- `WorkspaceHubEnvironmentFilter`
- `WorkspaceSidebarNavigation`
- `ManagedEnvironmentLinks`
- `OperationRunLinks`
- `WorkspaceContext`
- `ProviderConnectionPolicy`
- `ProviderConnectionResource`
- existing Spec 322 browser harness/patterns where reuse is cheaper than new fixture setup.
- **Allowed deviation and why**: none for preparation. Runtime deviation requires a documented P1/P2 finding and bounded fix decision.
- **Consistency impact**: route owns shell, query owns local filter, record owns Provider Connection action authority, and topbar context must not become hidden authorization.
- **Review focus**: evidence must distinguish actual product drift from missing seed data, blocked access, or historical wording in completed specs.
## OperationRun UX Impact
- **Touches OperationRun start/completion/link UX?**: no new start/completion semantics.
- **Verification relevance**: Operations hub and OperationRun links are verified for scope and filter presentation only.
- **Queued DB-notification policy**: N/A.
- **Terminal notification path**: N/A.
- **Exception required?**: none.
## Provider Boundary / Platform Core Check
- **Shared provider/platform boundary touched?**: verification touches Provider Connections and Microsoft-adjacent vocabulary, but does not change provider contracts.
- **Boundary classification**: platform-core scope authority (`workspace`, `environment_id`, record ownership) plus provider-owned Microsoft identity detail.
- **Why this does not deepen provider coupling accidentally**: Spec 340 verifies that Provider Connections do not treat remembered environment, Filament tenant, or legacy tenant query aliases as platform authority.
- **Follow-up path**: document in the go/no-go report if browser evidence shows provider-boundary vocabulary or authority drift.
## UI / Surface Guardrail Impact
| Surface / Change | Operator-facing surface change? | Native vs Custom | Shared-Family Relevance | State Layers Touched | Exception Needed? | Low-Impact / `N/A` Note |
|---|---|---|---|---|---|---|
| Spec 340 verification artifacts | no | N/A | navigation, filters, browser evidence | shell, page, URL-query inspected only | no | Verification gate; no planned runtime UI change |
## Decision-First Surface Role
N/A - no operator-facing surface is added or materially changed. The verification gate checks whether existing surfaces expose the correct decision context.
## Audience-Aware Disclosure
N/A - no detail/status surface is added or materially changed. Browser findings must still record whether existing customer/operator surfaces expose raw diagnostics, internal IDs, or misleading scope signals.
## UI/UX Surface Classification
N/A - no new or modified operator-facing list/detail/queue/audit/config/report surface is planned. Existing surfaces are classified in the browser matrix by their expected taxonomy role.
## Operator Surface Contract
N/A - no new surface contract is introduced. Spec 340 verifies existing shell/page/filter/action contracts.
## Proportionality Review *(mandatory when structural complexity is introduced)*
- **New source of truth?**: no.
- **New persisted entity/table/artifact?**: no persisted runtime artifact. Spec-local verification artifacts may be created under `specs/340-post-scope-contract-browser-verification-gate/`.
- **New abstraction?**: no.
- **New enum/state/reason family?**: no runtime enum/state. P1/P2/P3/backlog is a report taxonomy only.
- **New cross-domain UI framework/taxonomy?**: no new runtime taxonomy. Verification reuses the existing workspace/environment scope taxonomy.
- **Current operator problem**: operators need proof that the browser experience matches scope authority before new work compounds any drift.
- **Existing structure is insufficient because**: completed Feature tests and prior audits do not prove the combined post-338/339 browser experience.
- **Narrowest correct implementation**: one verification gate with matrix/report artifacts and optional focused browser regression coverage.
- **Ownership cost**: bounded browser/test maintenance if automation is added; no runtime model maintenance.
- **Alternative intentionally rejected**: starting the next feature/cleanup candidate without browser proof.
- **Release truth**: current-release verification before further roadmap work.
### Compatibility posture
This feature assumes a pre-production environment. No migration shim, compatibility path, legacy alias, or production-data preservation behavior is introduced.
## Testing / Lane / Runtime Impact *(mandatory)*
- **Test purpose / classification**: Browser verification + optional focused Feature tests only if needed to classify a browser finding.
- **Validation lanes**: browser, optional fast-feedback for route/query/authorization probes, no PostgreSQL lane unless a follow-up runtime fix changes DB behavior.
- **Why this classification and these lanes are sufficient**: The risk is browser-level scope communication and credential-adjacent authority perception. Browser verification is the primary proof; targeted Feature tests can classify suspected policy/query drift without broad suite cost.
- **New or expanded test families**: optional `Spec340` browser smoke or manifest-based regression test; fixture setup must reuse existing browser test patterns where possible.
- **Fixture/helper cost impact**: keep workspace/environment/browser fixtures explicit and opt-in. Do not add seeders unless browser verification is blocked and the spec is updated first.
- **Heavy-family visibility / justification**: browser coverage is explicit and central to the gate, not accidental.
- **Special surface test profile**: global-context-shell.
- **Reviewer handoff**: reviewers must verify that browser evidence covers clean workspace origin, environment origin, filtered hub entry, reload/back-forward state, topbar semantics, and Provider Connections authority.
- **Budget / baseline / trend impact**: no expected broad suite cost unless automated browser coverage expands; record any expansion in the go/no-go report.
- **Escalation needed**: P1/P2 drift becomes `follow-up-spec` or a bounded in-scope fix only after active artifact update.
- **Planned validation commands**:
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser --filter=Spec340`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections --filter=ScopeHardening`
- `git diff --check`
## User Scenarios & Testing *(mandatory)*
### User Story 1 - Verify Workspace and Environment mode clarity (Priority: P1)
As an operator moving between workspace and environment areas, I can always tell whether I am in Workspace mode, Environment mode, or a Workspace Hub filtered by environment.
**Why this priority**: The scope contract is only trustworthy if the browser shell, sidebar, breadcrumb/header, and visible filter state communicate the same ownership model.
**Independent Test**: Open representative Workspace and Environment origins, navigate through sidebar/global entries, reload, and record shell/sidebar/header/filter evidence in the matrix.
**Acceptance Scenarios**:
1. **Given** a Workspace origin with no active environment route, **When** the operator opens Workspace Hubs, **Then** the shell/sidebar remains workspace-mode and any environment narrowing is represented as an explicit local filter.
2. **Given** an Environment Dashboard origin, **When** the operator opens environment-owned detail surfaces, **Then** the route and shell clearly carry that environment.
3. **Given** an Environment Dashboard origin, **When** the operator opens workspace-wide hubs, **Then** the page does not pretend to be environment-owned.
---
### User Story 2 - Verify workspace hub filters and topbar semantics (Priority: P1)
As an operator, topbar environment selection and local hub filters do not silently become each other.
**Why this priority**: A hidden topbar/session filter can create false confidence and cross-scope misunderstandings.
**Independent Test**: From clean, remembered-environment, and filtered-entry states, verify Operations, Alerts, Audit Log, Evidence Overview, Provider Connections, Reviews, Customer Review Workspace, Governance Inbox, and Decision Register where reachable.
**Acceptance Scenarios**:
1. **Given** a remembered environment, **When** the operator opens a clean Workspace Hub URL, **Then** the hub does not silently filter to that environment.
2. **Given** an explicit `environment_id`, **When** the operator opens a filterable Workspace Hub, **Then** the page exposes a visible filter/chip/banner or equivalent local filter evidence.
3. **Given** a filtered hub entry, **When** the operator clears the filter, reloads, or uses browser back/forward, **Then** the visible scope state remains truthful.
---
### User Story 3 - Verify Provider Connection authority in the browser (Priority: P1)
As an operator near credential-adjacent Provider Connections, I can see that create/manage behavior requires explicit environment authority or record ownership, not hidden context.
**Why this priority**: Provider Connections sit near credentials, consent, permissions, and provider operations.
**Independent Test**: Verify Provider Connections list/create/view/edit/action affordances from clean, filtered, remembered-environment, missing-environment, and wrong-environment states.
**Acceptance Scenarios**:
1. **Given** a Provider Connections list, **When** an explicit `environment_id` is present, **Then** the filter and create path are tied to that environment.
2. **Given** no explicit `environment_id`, **When** the operator attempts create, **Then** create is blocked or guided safely without relying on remembered environment.
3. **Given** an existing Provider Connection record, **When** the operator views or manages it, **Then** scope context comes from record ownership and capability enforcement.
---
### User Story 4 - Produce a go/no-go report (Priority: P2)
As a product/engineering reviewer, I receive a compact report that says whether new feature work may continue or which concrete scope drift must be fixed first.
**Why this priority**: The output must prevent vague “looks okay” conclusions and avoid automatic follow-up sprawl.
**Independent Test**: Review the final report and matrix; every P1/P2 finding includes evidence, expected/actual behavior, affected files or routes, and a recommended next action.
**Acceptance Scenarios**:
1. **Given** browser verification is complete, **When** no P1/P2 drift is found, **Then** the report gives a clear go recommendation for new feature work.
2. **Given** P1/P2 drift is found, **When** the report is reviewed, **Then** it names the smallest safe follow-up or bounded fix and blocks unrelated feature work.
3. **Given** missing data or unavailable routes block a check, **When** the report is reviewed, **Then** the limitation is explicit and not reported as a pass.
## Functional Requirements
- **FR-340-001**: The verification must inventory every in-scope surface, expected taxonomy class, route, origin path, filter capability, and evidence status.
- **FR-340-002**: The verification must check Workspace Sidebar behavior from a clean Workspace origin.
- **FR-340-003**: The verification must check Environment Sidebar behavior from at least one Environment Dashboard origin.
- **FR-340-004**: The verification must check that Workspace Hubs use explicit local filters and do not silently consume topbar/remembered environment state.
- **FR-340-005**: The verification must check environment-to-hub links for explicit `environment_id` when the link intends a filtered hub view.
- **FR-340-006**: The verification must check Topbar workspace selector and environment selector semantics and record whether they navigate, filter, or change context.
- **FR-340-007**: The verification must check Provider Connections create/list/view/edit/action affordances against explicit environment and record-derived authority.
- **FR-340-008**: The verification must include Baseline Profiles/Snapshots as workspace-owned surfaces and must not reopen their ownership unless browser evidence proves regression.
- **FR-340-009**: The verification must record reload and browser back/forward behavior for representative filtered hubs.
- **FR-340-010**: The verification must classify each finding as P1, P2, P3, backlog, pass, blocked, or not applicable.
- **FR-340-011**: The final report must include go/no-go status, exact commands or browser tooling used, screenshot paths where captured, blocked checks, and next recommended action.
- **FR-340-012**: The implementation must not modify completed Spec 313/322/338/339 artifacts except as read-only context.
- **FR-340-013**: Any runtime change discovered during implementation must be preceded by an active artifact update or split into a follow-up spec.
- **FR-340-014**: The verification must not create new persisted entities, migrations, providers, capabilities, OperationRun types, or product features.
## Non-Functional Requirements
- **NFR-340-001**: Browser evidence must be reproducible from documented local/Sail commands or explicitly marked as manually verified with tool limitations.
- **NFR-340-002**: The report must distinguish verified pass, verified drift, insufficient seed data, inaccessible route, and authorization-blocked states.
- **NFR-340-003**: Browser/test additions must keep fixture cost explicit and avoid broad seed/global setup changes.
- **NFR-340-004**: No secrets, raw credential payloads, or sensitive Graph data may be captured in screenshots or reports.
- **NFR-340-005**: Verification must remain compatible with Filament v5 and Livewire v4 conventions.
## Required Artifacts
Implementation of this spec should create or update only Spec 340 artifacts and optional focused tests:
- `specs/340-post-scope-contract-browser-verification-gate/surface-inventory.md`
- `specs/340-post-scope-contract-browser-verification-gate/scope-verification-matrix.md`
- `specs/340-post-scope-contract-browser-verification-gate/findings.md`
- `specs/340-post-scope-contract-browser-verification-gate/audit-report.md`
- `specs/340-post-scope-contract-browser-verification-gate/artifacts/screenshots/` when screenshot evidence is useful
- optional `apps/platform/tests/Browser/Spec340PostScopeContractVerificationSmokeTest.php` if automation is stable and bounded
## Acceptance Criteria
- **AC1**: All in-scope surfaces are inventoried and classified against the verification taxonomy.
- **AC2**: Browser evidence covers clean Workspace origin, Environment origin, filtered hub entry, topbar context changes, reload, and back/forward for representative hubs.
- **AC3**: Provider Connections browser behavior is verified for explicit environment create authority and record-derived action authority.
- **AC4**: Findings are classified with evidence and no P1/P2 issue is left ambiguous or silently deferred.
- **AC5**: Completed related specs are not rewritten.
- **AC6**: No application implementation is performed during preparation; later implementation remains bounded by `tasks.md`.
## Success Criteria
- **SC-340-001**: The final go/no-go report can be reviewed without replaying the entire browser session.
- **SC-340-002**: If no P1/P2 drift exists, the report clearly permits the next roadmap feature/cleanup candidate.
- **SC-340-003**: If P1/P2 drift exists, the report blocks unrelated feature work and names the smallest safe follow-up or bounded fix.
- **SC-340-004**: Browser verification does not introduce unstable global fixtures, hidden seed dependencies, or broad regression-suite cost.
## Out of Scope
- Sidebar/topbar redesign.
- Provider Connection redesign or OAuth/provider registry changes.
- Broad canonical link/query cleanup beyond concrete browser findings.
- New product feature work.
- Schema, migration, model, service, policy, job, route, or runtime behavior changes during preparation.
- Rewriting or normalizing completed spec close-out/history.
## Risks
- Browser automation may be blocked by local app/session/data availability; blocked checks must be reported instead of treated as passes.
- Existing seed data may not cover every surface; report limitations and add only bounded fixture/test tasks if needed.
- A true P1/P2 finding may require a follow-up spec instead of being fixed inside the verification gate.
- The verification could become too broad; tasks keep the scope to scope/IA/authority evidence only.
## Assumptions
- The branch starts from current `platform-dev` after Spec 339 integration evidence.
- Local development uses Sail where runtime/browser verification is needed.
- Existing browser test patterns and smoke-login helpers can be reused if automation is added.
- Spec 340 preparation is allowed to create Spec Kit artifacts but not application implementation.
## Open Questions
None blocking. If browser tooling or seed data cannot prove a surface, implementation must mark the check as blocked and recommend the smallest next action.
## Follow-up Spec Candidates
Only create or promote a follow-up if Spec 340 evidence proves it is needed:
- `canonical-link-query-cleanup` for broad link/query drift not safely fixable inside Spec 340.
- `environment-resource-context-follow-through` for hidden Filament/environment context reliance beyond browser-visible contract issues.
- `provider-connection-scope-hardening-follow-up` only if Spec 339 browser verification reveals remaining credential-adjacent authority drift.
- Customer Review Workspace, Localization, Governance Inbox, and commercial lifecycle candidates remain deferred until this gate gives a go decision.
Reference in New Issue View Git Blame Copy Permalink