ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/340-post-scope-contract-browser-verification-gate/surface-inventory.md
ahmido a3b21c48d8 test: add post-scope contract browser verification gate (340) (#411) 
## Summary
- add the Spec 340 browser verification gate package for the post-338/339 workspace and environment scope contract
- add a bounded Pest browser smoke that verifies clean workspace origin, environment origin, explicit `environment_id` hub filtering, remembered-environment non-authority, and Provider Connections create/view/edit authority signals
- record the verification inventory, matrix, findings, checklist, and audit report under `specs/340-post-scope-contract-browser-verification-gate/`
- document a `GO` recommendation with no confirmed P1/P2 drift and one backlog wording follow-up
- keep the change verification-only with no runtime behavior, schema, or route-family changes

## Validation
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec340PostScopeContractVerificationSmokeTest.php`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections --filter=ScopeHardening`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `git diff --check --no-index /dev/null apps/platform/tests/Browser/Spec340PostScopeContractVerificationSmokeTest.php`
- `git diff --check`

## Notes
- Livewire v4 compliance unchanged
- Filament provider registration remains in `apps/platform/bootstrap/providers.php`
- no globally searchable resource behavior changed
- no destructive action behavior changed or executed in this verification gate
- no new Filament assets; deploy `filament:assets` posture is unchanged

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #411
2026-05-31 14:37:30 +00:00

6.6 KiB
Raw Permalink Blame History

Spec 340 Surface Inventory

Surface Route / Entry Point Expected Taxonomy Origin(s) Filter Support Code Owner / Evidence Verification Status
Workspace Overview /admin, /admin/workspaces/{workspace}/overview Workspace-owned source of truth Clean Workspace origin No environment filter routes/web.php, WorkspaceOverview, WorkspaceSidebarNavigation pass - Spec340 Browser smoke
Environment Dashboard /admin/workspaces/{workspace}/environments/{environment} Environment-owned detail surface Environment origin Route-owned environment, no environment_id query EnvironmentDashboard, ManagedEnvironmentLinks::viewUrl() pass - Spec340 Browser smoke
Environment Diagnostics /admin/workspaces/{workspace}/environments/{environment}/diagnostics Environment-owned detail surface Environment origin Route-owned environment, no hub filter routes/web.php, AdminSurfaceScope::EnvironmentBound pass - repo-classified; no runtime change
Environment Access Scopes /admin/workspaces/{workspace}/environments/{environment}/access-scopes Environment-owned detail surface Environment origin Route-owned environment, no hub filter routes/web.php, AdminSurfaceScope::EnvironmentBound pass - repo-classified; no runtime change
Operations /admin/workspaces/{workspace}/operations Workspace Hub with local environment filter Workspace origin, Environment origin, filtered hub Explicit environment_id only OperationRunLinks, Operations, WorkspaceHubEnvironmentFilter pass - Spec340 Browser smoke
Operation Run Detail /admin/workspaces/{workspace}/operations/{run} Canonical workspace record viewer Operation drilldown Record-derived workspace/tenant entitlement OperationRunLinks::tenantlessView(), TenantlessOperationRunViewer pass - repo-classified; no runtime change
Alerts Hub /admin/alerts Workspace Hub with local environment filter Workspace origin, filtered hub where supported Explicit environment_id only WorkspaceHubRegistry, Alerts page pass - Spec340 Browser smoke
Alert Deliveries /admin/alerts/alert-deliveries Workspace Hub child with local environment filter Workspace origin, filtered hub where supported Explicit environment_id chip via page hook AlertDeliveryResource, WorkspaceHubRegistry pass - repo-classified; related Spec322 harness data
Audit Log /admin/audit-log Workspace Hub with local environment filter Workspace origin, filtered hub where supported Explicit environment_id only AuditLog page, WorkspaceHubRegistry pass - Spec340 Browser smoke
Evidence Overview /admin/evidence/overview Workspace Hub with local environment filter Workspace origin, Environment origin, filtered hub Explicit environment_id only EvidenceOverview, WorkspaceHubEnvironmentFilter pass - Spec340 Browser smoke
Provider Connections List /admin/provider-connections Credential-adjacent Workspace Hub Clean, remembered, filtered origins Explicit environment_id only; create disabled/guided without it ProviderConnectionResource, ProviderConnectionPolicy pass - Spec340 Browser smoke
Provider Connections Create /admin/provider-connections/create Credential-adjacent provider surface Clean or filtered origin Requires explicit valid environment_id CreateProviderConnection, ProviderConnectionPolicy::create() pass - Spec340 Browser smoke
Provider Connection View/Edit /admin/provider-connections/{record}, /edit Credential-adjacent provider record surface Record route, optional filtered query Record-derived ownership and capability ProviderConnectionPolicy::view/update/delete() pass - Spec340 Browser smoke
Review Register /admin/reviews Workspace Hub with local environment filter Workspace origin, filtered hub where supported Explicit environment_id only ReviewRegister, WorkspaceHubRegistry pass - Spec340 Browser smoke
Customer Review Workspace /admin/reviews/workspace Workspace Hub with local environment filter Workspace origin, filtered hub where supported Explicit environment_id only CustomerReviewWorkspace, WorkspaceHubRegistry pass - Spec340 Browser smoke
Governance Inbox /admin/governance/inbox Workspace Hub with local environment filter Workspace origin, filtered hub where supported Explicit environment_id only GovernanceInbox, WorkspaceHubRegistry pass - Spec340 Browser smoke
Decision Register /admin/governance/decisions Workspace Hub with local environment filter Workspace origin, filtered hub where supported Explicit environment_id only DecisionRegister, WorkspaceHubRegistry pass - Spec340 Browser smoke
Finding Exceptions Queue /admin/finding-exceptions/queue Workspace Hub with local environment filter Workspace origin, filtered hub where supported Explicit environment_id only FindingExceptionsQueue, OpenFindingExceptionsQueueController pass - Spec340 Browser smoke
Baseline Profiles /admin/baseline-profiles Workspace-owned analysis/source-of-truth surface Clean Workspace origin No hidden environment filter BaselineProfileResource, AdminSurfaceScope::WorkspaceOwnedAnalysisSurface pass - Spec340 Browser smoke
Baseline Snapshots /admin/baseline-snapshots Workspace-owned analysis/source-of-truth surface Clean Workspace origin No hidden environment filter BaselineSnapshotResource, AdminSurfaceScope::WorkspaceOwnedAnalysisSurface pass - Spec340 Browser smoke
Managed Environments Registry /admin/workspaces/{workspace}/environments Workspace-owned source-of-truth surface Workspace origin No hidden environment filter ManagedEnvironmentsLanding, ManagedEnvironmentLinks::indexUrl() pass - repo-classified; no runtime change
Workspace Settings /admin/settings/workspace Workspace-owned configuration surface Workspace origin No hidden environment filter WorkspaceSettings, WorkspaceSidebarNavigation pass - repo-classified; no runtime change
Workspace Management /admin/workspaces Workspace-owned admin surface Workspace origin No hidden environment filter WorkspaceResource, WorkspaceSidebarNavigation pass - repo-classified; no runtime change

Completed-Spec Guardrail

The following packages were read as context only and were not modified:

  • specs/313-workspace-environment-context-browser-verification/
  • specs/322-browser-no-drift-regression-guard/
  • specs/338-workspace-environment-resource-scope-contract/
  • specs/339-provider-connection-scope-hardening/