TenantAtlas/specs/374-diagnostic-entry-point-support-diagnostics-consolidation/artifacts/source-audit-summary.md

# Source Audit Summary

Status: implementation audit complete.

## Repo Safety

- Active branch before Spec Kit execution: `platform-dev`.
- Active branch after Spec Kit execution: `374-diagnostic-entry-point-support-diagnostics-consolidation`.
- Base HEAD before preparation: `94877c9a feat(ui): implement diagnostic surface separation (#444)`.
- Initial dirty state: clean.
- Initial implementation dirty state included the untracked active Spec 374 package and an unrelated `.codex/config.toml` local change. The `.codex/config.toml` change was left untouched.
- Runtime implementation stayed inside the scoped dashboard/support/repair diagnostics files, focused tests, proportional UI audit docs, and Spec 374 artifacts.

## Source Inputs

| Source | Availability | Verification Class | Use In Spec 374 |
|---|---|---|---|
| User-provided Spec 374 draft | available | user-provided | Primary candidate scope |
| Spec 373 `spec.md`, `plan.md`, `tasks.md` | available | repo-verified completed context | Predecessor scope and boundaries |
| Spec 373 artifacts | available | repo-verified / browser-verified where recorded | Implementation truth for diagnostic hierarchy |
| Spec 370 IA artifacts | available | repo-verified completed contract | Decision-first and diagnostic-surface rules |
| Current routes in `apps/platform/routes/web.php` | available | repo-verified | Confirms dashboard and diagnostics routes |
| `EnvironmentDiagnostics` page | available | repo-verified | Confirms direct route, non-navigation registration, repair actions |
| `EnvironmentDashboard` page | available | repo-verified | Confirms `openSupportDiagnosticsAction()` exists |
| Support diagnostics modal view | available | repo-verified | Confirms recommended first check rendering exists |
| `ManagedEnvironmentLinks::diagnosticsUrl()` | available | repo-verified | Helper exists; implementation search found route-contract tests plus the helper definition, no runtime dashboard caller |

## Completed-Spec Guardrail

| Related spec | Completion signal | Treatment |
|---|---|---|
| Spec 370 Global Surface IA Contract | completed contract artifacts | consumed as contract only |
| Spec 371 Core Operator View Surfaces Productization | active artifact references and browser/validation context in repo | pattern/context only |
| Spec 372 Customer Auditor Surface Safety Pass | active artifact references and browser/validation context in repo | pattern/context only |
| Spec 373 Diagnostic Surface Separation | checked tasks, validation report, browser report, screenshots, and implementation artifacts | completed predecessor; do not rewrite |

## Current Runtime Truth Observed During Preparation

- `web.php` registers `/admin/workspaces/{workspace}/environments/{environment:slug}` for `EnvironmentDashboard`.
- `web.php` registers `/admin/workspaces/{workspace}/environments/{environment:slug}/diagnostics` for `EnvironmentDiagnostics`.
- `EnvironmentDiagnostics` sets `protected static bool $shouldRegisterNavigation = false`.
- `EnvironmentDiagnostics` exposes repair actions `bootstrapOwner` and `mergeDuplicateMemberships` only when applicable.
- Existing repair actions use `Action::make(...)->action(...)`, `->requiresConfirmation()`, `UiEnforcement`, and `Capabilities::TENANT_MANAGE`.
- `EnvironmentDiagnostics::diagnosticSummary()` now provides Spec 374 repair-only summary values for blocker and no-action states.
- `EnvironmentDiagnostics` now renders the title `Repair diagnostics` with a repair-only subheading.
- `EnvironmentDiagnostics` now exposes one secondary read-only `Open support diagnostics` modal action with support-diagnostics capability gating, audit logging, and `repair_diagnostics` telemetry.
- `environment-diagnostics.blade.php` continues to lead with the summary and lower blocker sections; no provider/system/evidence checks were added.
- `EnvironmentDashboard` contains `openSupportDiagnosticsAction()`.
- `support-diagnostic-bundle.blade.php` now explicitly states the quick support context purpose before `Recommended first check`, renders `Redacted support view`, and organizes lower sections by status, why relevant, observed, and action.
- Implementation search for `diagnosticsUrl(` found the helper plus route-contract tests; no runtime dashboard caller was added. The helper is retained as a canonical deeplink utility.

## Product Decision Summary

Spec 374 should define the official diagnostic IA:

1. **Support Diagnostics** is the official quick support diagnostics entrypoint.
2. **Environment Repair Diagnostics** is a secondary/deeplink page for supported repairable membership/access issues.
3. **Provider/Permission Diagnostics** remain in Provider Connections / Required Permissions or a future provider-readiness follow-up.
4. **System Diagnostics** remain `/system`/platform-admin concerns and are not part of this spec.
5. **Evidence/Customer Review questions** remain evidence/review-pack/customer-review surfaces, not diagnostics entrypoint scope.

## Scope Risk

The main risk is treating "diagnostics" as a broad product platform. The implementation must not add a diagnostic hub, new navigation, provider checks, evidence reachability fixes, or system auth fixture work.

## Implementation Decision

- No dashboard repair diagnostics link was added. Existing repo truth does not require promoting the direct repair page from the dashboard no-action state.
- `ManagedEnvironmentLinks::diagnosticsUrl()` remains a retained canonical deeplink helper used by route-contract tests and available to future repo-backed repair contexts.
- The direct `/diagnostics` route was renamed in rendered copy and action-surface metadata to `Repair diagnostics`.
- Support Diagnostics remains the official quick diagnostics entrypoint from the dashboard; Repair Diagnostics now has one secondary read-only handoff action to the same redacted support modal.