18 KiB
18 KiB
Surface Inventory
Final statuses use only the allowed Spec 313 status vocabulary. "Browser verified" means the surface was opened in the local admin UI on 2026-05-16 against http://localhost/admin; "repo only" means classified from route/resource code and not deeply browser-tested because the surface is system, auth, modal-only, or not context-bearing.
| Surface | Type | Class/resource/component | Route | Sidebar visible? | Dashboard/card/action linked? | Workspace-scoped? | Environment-scoped? | System/platform scoped? | Ambiguous? | Browser verified? | Final status | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Workspace Overview | Filament page | App\Filament\Pages\WorkspaceOverview |
/admin, /admin/workspaces/{workspace}/overview |
Yes | Home | Yes | No | No | No | Yes | verified_workspace_scoped_hub |
Shell shows workspace and no environment after clear; screenshot workspace-origin--workspace-overview.png. |
| Operations | Filament page | App\Filament\Pages\Monitoring\Operations |
/admin/workspaces/{workspace}/operations |
Yes | Environment dashboard CTA | Yes | Explicit filter only | No | No | Yes | verified_workspace_scoped_hub |
Workspace origin shows 9 rows across 2 environments. CTA query managed_environment_id=4 was not visibly applied in shell/title and had no Clear filters action. |
| Operation detail | Filament page | App\Filament\Pages\Operations\TenantlessOperationRunViewer |
/admin/workspaces/{workspace}/operations/{run} |
Row/action only | Environment dashboard recent operation links | Yes | Record-owned tenant context | No | Yes | Repo only | verified_ambiguous_or_mixed |
Support request modal exists here; not deeply tested to avoid mutation flows. |
| Provider Connections / Integrations | Filament resource | App\Filament\Resources\ProviderConnectionResource |
/admin/provider-connections |
Yes | Link helper from operations/provider actions | Yes | Explicit filter query | No | Yes | Yes | verified_workspace_scoped_hub |
Workspace origin showed both provider rows. Query prefilter managed_environment_id=<slug> filters rows but no page-level clear exists; sidebar link can regain query from remembered environment. |
| Finding Exceptions Queue | Filament page | App\Filament\Pages\Monitoring\FindingExceptionsQueue |
/admin/finding-exceptions/queue |
Yes | Open queue helper | Yes | Explicit tenant prefilter |
No | Yes | Yes | blocked_missing_seed_data |
Shell/query behavior verified; no finding_exceptions rows in seed data, so row-scope correctness is unproven. |
| Alerts landing | Filament cluster page | App\Filament\Pages\Monitoring\Alerts |
/admin/alerts redirects to alert deliveries |
Yes | No | Yes | Table filters | No | No | Yes | blocked_missing_seed_data |
No alert delivery rows; shell and filter behavior verified only. |
| Alert Deliveries | Filament resource | App\Filament\Resources\AlertDeliveryResource |
/admin/alerts/alert-deliveries |
Child | No | Yes | Optional environment table filter | No | No | Yes | blocked_missing_seed_data |
No rows. |
| Alert Rules | Filament resource | App\Filament\Resources\AlertRuleResource |
/admin/alerts/alert-rules |
Child | No | Yes | No | No | No | Repo only | verified_workspace_scoped_hub |
Navigation child under Alerts; not high-risk for environment inheritance. |
| Alert Destinations | Filament resource | App\Filament\Resources\AlertDestinationResource |
/admin/alerts/alert-destinations |
Child | No | Yes | No | No | No | Repo only | verified_workspace_scoped_hub |
Navigation child under Alerts; not high-risk for environment inheritance. |
| Audit Log | Filament page | App\Filament\Pages\Monitoring\AuditLog |
/admin/audit-log |
Yes | No | Yes | Optional environment table filter | No | No | Yes | verified_workspace_scoped_hub |
Workspace origin shows 61 rows across 2 environments; shell clean from sidebar. |
| Evidence Overview | Filament page | App\Filament\Pages\Monitoring\EvidenceOverview |
/admin/evidence/overview |
No direct sidebar item | Environment/prefilter links | Yes | Explicit managed_environment_id prefilter |
No | Yes | Yes | blocked_missing_seed_data |
Clear filter worked for query prefilter, but no evidence rows exist. |
| Review Register | Filament page | App\Filament\Pages\Reviews\ReviewRegister |
/admin/reviews |
Yes | Prefilter URL/action | Yes | Explicit prefilter | No | Yes | Yes | blocked_missing_seed_data |
managed_environment_id=4 query remained after clicking Clear filters; no environment review rows exist. |
| Customer Review Workspace | Filament page | App\Filament\Pages\Reviews\CustomerReviewWorkspace |
/admin/reviews/workspace |
Yes | Environment dashboard export artifacts | Yes | Explicit tenant prefilter |
No | Yes | Yes | blocked_missing_seed_data |
Query remained after clear and reload reintroduced visible filter; no review-pack/review data exists. |
| Governance Inbox | Filament page | App\Filament\Pages\Governance\GovernanceInbox |
/admin/governance/inbox |
Yes | Environment sidebar/action links | Yes | Explicit tenant prefilter |
No | Yes | Yes | verified_workspace_scoped_hub |
Filtered URL shows ManagedEnvironment: YPTW2 with clear environment filter link; shell still says no environment selected. |
| Decision Register | Filament page | App\Filament\Pages\Governance\DecisionRegister |
/admin/governance/decisions |
Conditional | Prefilter URL | Yes | Explicit managed_environment_id prefilter |
No | Yes | Yes | verified_ambiguous_or_mixed |
Clean workspace URL returned 403 for this actor, while ?managed_environment_id=4 opened the page. Access is data/query dependent. |
| Workspace Settings | Filament page | App\Filament\Pages\Settings\WorkspaceSettings |
/admin/settings/workspace |
Yes | No | Yes | No | No | No | Yes | verified_workspace_scoped_hub |
Workspace admin surface; no environment query observed. |
| Manage Workspaces | Filament resource | App\Filament\Resources\Workspaces\WorkspaceResource |
/admin/workspaces |
Yes | Topbar/switcher | Yes | No | No | No | Yes | verified_workspace_scoped_hub |
Workspace management list opened cleanly. |
| Managed Environments Landing | Filament page/resource | ManagedEnvironmentResource, ManagedEnvironmentsLanding |
/admin/workspaces/{workspace}/environments |
Via environment clear/switch | Workspace overview/context bar | Workspace list of environments | No | No | No | Yes | verified_workspace_scoped_hub |
Environment catalog for current workspace; screenshot environment-page--managed-environments-landing.png. |
| Choose Workspace | Filament page | App\Filament\Pages\ChooseWorkspace |
/admin/choose-workspace |
Topbar | Topbar | Yes | No | No | No | Yes | verified_workspace_scoped_hub |
Selection surface, not data hub. |
| Choose Environment | Filament page | App\Filament\Pages\ChooseEnvironment |
/admin/choose-environment |
Topbar | Topbar | Yes | No | No | No | Yes | verified_workspace_scoped_hub |
Environment selection surface. |
| Environment Dashboard | Filament page | App\Filament\Pages\EnvironmentDashboard |
/admin/workspaces/{workspace}/environments/{environment} |
Environment nav | Environment entry point | No | Yes | No | No | Yes | verified_environment_scoped_page |
Shell shows YPTW2 (DEV); CTAs include Operations, required permissions, reviews, backup, evidence, risks. |
| Environment Onboarding | Filament page | ManagedEnvironmentOnboardingWizard |
/admin/onboarding, /admin/onboarding/{draft} |
No | Onboarding CTA | No | Yes | No | No | Yes | verified_environment_scoped_page |
Browser redirected /admin/onboarding to draft /admin/onboarding/1. |
| Required Permissions | Filament page | App\Filament\Pages\EnvironmentRequiredPermissions |
/admin/workspaces/{workspace}/environments/{environment}/required-permissions |
Environment nav/card | Dashboard card | No | Yes | No | No | Yes | verified_environment_scoped_page |
Shell/header environment aligned. |
| Environment Diagnostics | Filament page | App\Filament\Pages\EnvironmentDiagnostics |
/admin/workspaces/{workspace}/environments/{environment}/diagnostics |
Route/action | Dashboard/action | No | Yes | No | No | Yes | verified_environment_scoped_page |
Shell/header environment aligned. |
| Inventory Cluster | Filament cluster | App\Filament\Clusters\Inventory\InventoryCluster |
/admin/workspaces/{workspace}/environments/{environment}/inventory |
Environment nav | Dashboard/sidebar | No | Yes | No | No | Yes | verified_environment_scoped_page |
Redirected to inventory items with environment shell. |
| Inventory Items | Filament resource | App\Filament\Resources\InventoryItemResource |
/admin/workspaces/{workspace}/environments/{environment}/inventory-items |
Environment nav | Inventory cluster | No | Yes | No | No | Yes | blocked_missing_seed_data |
No inventory rows for audited environment. |
| Inventory Coverage | Filament page | App\Filament\Pages\InventoryCoverage |
/admin/workspaces/{workspace}/environments/{environment}/inventory/inventory-coverage |
Environment nav | Inventory cluster | No | Yes | No | No | Yes | verified_environment_scoped_page |
Shell/header environment aligned. |
| Policies | Filament resource | App\Filament\Resources\PolicyResource |
/admin/workspaces/{workspace}/environments/{environment}/policies |
Environment nav | Inventory cluster | No | Yes | No | No | Yes | blocked_missing_seed_data |
Policies rows exist only in workspace 1/env 1, not in audited workspace 3/env 4. |
| Policy Versions | Filament resource | App\Filament\Resources\PolicyVersionResource |
/admin/workspaces/{workspace}/environments/{environment}/policy-versions |
Environment nav | Inventory cluster | No | Yes | No | No | Yes | blocked_missing_seed_data |
No policy version rows. |
| Findings | Filament resource | App\Filament\Resources\FindingResource |
/admin/workspaces/{workspace}/environments/{environment}/findings |
Environment nav | Dashboard cards | No | Yes | No | No | Yes | blocked_missing_seed_data |
No finding rows. |
| Risk Exceptions | Filament resource | App\Filament\Resources\FindingExceptionResource |
/admin/workspaces/{workspace}/environments/{environment}/finding-exceptions |
Environment nav | Dashboard card | No | Yes | No | No | Yes | blocked_missing_seed_data |
No finding exception rows. |
| Evidence Snapshots | Filament resource | App\Filament\Resources\EvidenceSnapshotResource |
/admin/workspaces/{workspace}/environments/{environment}/evidence |
Environment nav | Dashboard card | No | Yes | No | No | Yes | blocked_missing_seed_data |
No evidence snapshot rows. |
| Environment Reviews | Filament resource | App\Filament\Resources\EnvironmentReviewResource |
/admin/workspaces/{workspace}/environments/{environment}/environment-reviews |
Environment nav | Dashboard cards | No | Yes | No | No | Yes | blocked_missing_seed_data |
No environment review rows. |
| Review Packs | Filament resource | App\Filament\Resources\ReviewPackResource |
/admin/workspaces/{workspace}/environments/{environment}/review-packs |
Environment nav | Dashboard/export card | No | Yes | No | No | Yes | blocked_missing_seed_data |
No review pack rows. |
| Stored Reports | Filament resource | App\Filament\Resources\StoredReportResource |
/admin/workspaces/{workspace}/environments/{environment}/stored-reports |
Environment nav | Evidence/reports links | No | Yes | No | No | Yes | verified_environment_scoped_page |
2 stored report rows exist for env 4. No workspace-wide reports hub discovered. |
| Backup Schedules | Filament resource | App\Filament\Resources\BackupScheduleResource |
/admin/workspaces/{workspace}/environments/{environment}/backup-schedules |
Environment nav | Dashboard backup card | No | Yes | No | No | Yes | blocked_missing_seed_data |
No backup schedules. |
| Backup Sets | Filament resource | App\Filament\Resources\BackupSetResource |
/admin/workspaces/{workspace}/environments/{environment}/backup-sets |
Environment nav | Dashboard backup card | No | Yes | No | No | Yes | blocked_missing_seed_data |
No backup sets. |
| Restore Runs | Filament resource | App\Filament\Resources\RestoreRunResource |
/admin/workspaces/{workspace}/environments/{environment}/restore-runs |
Environment nav | Backup flow | No | Yes | No | No | Yes | blocked_missing_seed_data |
No restore runs. |
| Entra Groups | Filament resource | App\Filament\Resources\EntraGroupResource |
/admin/workspaces/{workspace}/environments/{environment}/entra-groups |
Environment nav | Directory group | No | Yes | No | No | Yes | blocked_missing_seed_data |
No group rows. |
| Access Scopes | Filament resource page | ManagedEnvironmentResource\Pages\ManageEnvironmentAccessScopes |
/admin/workspaces/{workspace}/environments/{environment}/access-scopes |
Environment route | View/manage environment | No | Yes | No | No | Yes | verified_environment_scoped_page |
Environment ownership clear. |
| Baseline Compare Landing | Filament page | App\Filament\Pages\BaselineCompareLanding |
/admin/baseline-compare-landing?tenant=... |
Environment nav | Dashboard card | No | Yes | No | Yes | Yes | verified_ambiguous_or_mixed |
Environment query uses tenant, not route tenant; shell shows environment. |
| Baseline Compare Matrix | Filament page/resource child | App\Filament\Pages\BaselineCompareMatrix |
/admin/baseline-profiles/{record}/compare-matrix |
Row/action | Baseline profile action | No | Mixed | No | Yes | Repo only | verified_ambiguous_or_mixed |
Record-bound compare surface; not opened because no usable baseline assignment. |
| Baseline Profiles | Filament resource | App\Filament\Resources\BaselineProfileResource |
/admin/baseline-profiles?tenant=... |
Environment nav | Baseline card | Workspace-owned baseline library | Environment query filter | No | Yes | Yes | verified_ambiguous_or_mixed |
Global resource with environment query prefilter. |
| Baseline Snapshots | Filament resource | App\Filament\Resources\BaselineSnapshotResource |
/admin/baseline-snapshots?tenant=... |
Environment nav | Baseline card | Workspace-owned artifact library | Environment query filter | No | Yes | Yes | verified_ambiguous_or_mixed |
Global resource with environment query prefilter. |
| Cross Environment Compare | Filament page | App\Filament\Pages\CrossEnvironmentComparePage |
/admin/cross-environment-compare |
No | Compare workflows | Yes | Compares environments | No | Yes | Repo only | verified_ambiguous_or_mixed |
Not visible in sidebar during audited flow. |
| Support Request action | Modal/action surface | EnvironmentDashboard, TenantlessOperationRunViewer, support services |
No list route | Modal only | Header/action | No | Context-bound | No | Yes | Repo only | verified_unreachable |
No Support Requests index/resource/route discovered. Existing surfaces create support requests through modals only; not submitted in this audit. |
| Product Knowledge / Help | Not discovered | None | None | No | No | No | No | No | No | Repo only | verified_unreachable |
No admin route/resource/navigation entry found. |
| Operational Controls | System page | App\Filament\System\Pages\Ops\Controls |
System panel | No admin sidebar | No | No | No | Yes | No | Repo only | verified_system_or_platform_scoped_page |
System panel only. |
| Customer Health | System page/widgets | System\Pages\Directory\Tenants, customer health widgets |
System panel | No admin sidebar | No | No | No | Yes | No | Repo only | verified_system_or_platform_scoped_page |
System platform surface. |
| Provider Health | Workspace/provider rows | Provider connection health columns | /admin/provider-connections |
Integrated | Provider resource | Yes | Explicit filter | No | No | Yes | verified_workspace_scoped_hub |
No separate provider-health page discovered. |
| Permission Posture | Environment/report surface | Required permissions + StoredReportResource | Required permissions, stored reports | Environment nav | Dashboard card | No | Yes | No | No | Yes | verified_environment_scoped_page |
Environment-owned. |
| Entra Admin Roles | Environment/report surface | StoredReportResource, AdminRolesSummaryWidget | Stored reports/widget | Environment nav/card | Dashboard widget | No | Yes | No | No | Yes | verified_environment_scoped_page |
Stored report exists for env 4. |
| Auth Login | Auth page | App\Filament\Pages\Auth\Login |
/admin/login |
No | Auth only | No | No | No | No | Repo only | out_of_scope_with_reason |
Auth surface, not workspace/environment data scope. |
| No Access | Utility page | App\Filament\Pages\NoAccess |
/admin/no-access |
No | Error/guard | No | No | No | No | Repo only | out_of_scope_with_reason |
Guard/error surface. |
| Break Glass Recovery | Utility page | App\Filament\Pages\BreakGlassRecovery |
Not in admin route list | No | Emergency only | No | No | System-like | No | Repo only | verified_legacy_or_dead_surface_candidate |
Class exists but no admin route was listed. |
| Tenancy RegisterTenant | Utility page | App\Filament\Pages\Tenancy\RegisterTenant |
Not in admin route list | No | Legacy tenancy | No | No | No | Yes | Repo only | verified_legacy_or_dead_surface_candidate |
Legacy tenancy artifact in workspace-first app. |
| OperationRunResource | Resource shell | App\Filament\Resources\OperationRunResource |
No resource routes in route list | No | Replaced by Operations page | Yes | Record-owned | No | Yes | Repo only | verified_legacy_or_dead_surface_candidate |
Resource class exists without surfaced resource routes. |
| System Control Tower | System panel group | System\Pages\Dashboard, Ops\*, Security\AccessLogs, Directory\*, widgets |
System panel | No admin sidebar | No | No | No | Yes | No | Repo only | verified_system_or_platform_scoped_page |
Classified only; outside admin workspace/environment contract unless linked back into admin. |