ahmido
1c27af4f5f
## Summary - add Spec 318 audit artifacts for admin surface scope and shell context consistency after Specs 314-317 - document browser-backed findings for workspace hubs, environment-scoped pages, filtered workspace hubs, and mismatch cases - capture recommended follow-up specs for baseline compare, baseline ownership, alerts/audit filter contracts, classifier regression coverage, and sidebar scope declarations ## Testing - not run; analysis-only spec artifacts with no runtime or test code changes Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #373
5.0 KiB
5.0 KiB
Surface Inventory
Coverage: 61 named surfaces were observed or classified. 161 browser state captures were recorded. Admin routes with no fixture record are marked blocked rather than skipped.
| Surface | Final classification | Status | Notes |
|---|---|---|---|
| Workspace Overview | Workspace hub | OK | Clean sidebar/direct entries show workspace with no environment. |
| Operations | Workspace hub / filtered hub | OK | environment_id entry shows chip, clear returns clean URL. |
| Operation Detail | Canonical workspace record viewer | OK | Environment CTA opens workspace record viewer with no active environment. |
| Finding Exceptions Queue | Workspace hub / filtered hub | OK | Clean and filtered states verified. |
| Governance Inbox | Workspace hub / filtered hub | OK | Clean and filtered states verified. |
| Decision Register | Workspace hub / filtered hub | OK | Explicitly verified as workspace register with optional environment filter. |
| Provider Connections | Workspace hub / filtered hub | OK | List/view/edit verified; create blocked by authorization. |
| Evidence Overview | Workspace hub / filtered hub | OK | Clean and filtered states verified. |
| Review Register | Workspace hub / filtered hub | OK | Clean and filtered states verified. |
| Customer Review Workspace | Workspace hub / filtered hub | OK | Clean and filtered states verified. |
| Audit Log | Workspace hub | mismatch | Clean entry is OK. Direct filtered URL preserves environment_id but shows no visible environment chip. |
| Alerts / Alert Deliveries / Alert Rules / Alert Destinations | Workspace hub | mismatch | Filtered URL contract does not show chip and /admin/alerts redirect drops environment_id. |
| Workspace Settings | Workspace hub | OK | Workspace and environment sidebar both open clean environmentless shell. |
| Manage Workspaces / Workspace CRUD | Workspace/system management | OK | List/view/edit/create verified. |
| Managed Environments | Workspace hub | OK | Workspace-owned environment list verified. |
| Environment Dashboard | Environment page | OK | Route, shell, breadcrumbs, copy align. |
| Required Permissions | Environment page | OK | Environment CTA/reload verified. |
| Environment Diagnostics | Environment page | OK | Direct route verified. |
| Environment Access Scopes | Environment page | OK | Direct route verified. |
| Inventory Items / Policies / Policy Versions / Coverage | Environment pages | OK | Environment sidebar routes shell and URL align; fixture rows limited. |
| Backup Schedules / Backup Sets / Restore Runs | Environment pages | OK | List/create/reload verified; no records in fixture. |
| Groups / Findings / Risk Exceptions / Evidence / Environment Reviews / Stored Reports / Review Packs | Environment pages | OK | Route-bound environment surfaces verified; empty-detail blockers noted. |
| Baseline Compare | Environment page implemented on unbound URL | mismatch | Requires environment context but direct clean and direct environment_id URL fail after context clear. |
| Baselines / Baseline Profiles | Workspace baseline surface | mismatch | Workspace-owned data inherits environment shell from environment navigation/remembered context. |
| Baseline Snapshots | Workspace baseline report | mismatch | Workspace-owned data inherits environment shell from environment navigation/remembered context. |
| Baseline Compare Matrix | Workspace baseline detail/report | mismatch | Clean URL inherits remembered environment until context clear. |
| My Findings / Findings Intake / Findings Hygiene / Cross-environment Compare | Workspace analysis pages | mismatch | Clean URLs inherit remembered environment because not registered workspace hubs. |
| Choose Workspace / Choose Environment / No Access | System/platform | OK | System scoped; no product environment ownership. |
| Onboarding | Onboarding workflow | OK | Out of ordinary shell contract; no active environment shell in capture. |
| Auth/local/consent/rbac/system panel endpoints | Out of scope | OK | Callbacks, auth, smoke tooling, POST context endpoints, and separate system panel are not ordinary admin product surfaces. |
| Empty fixture detail routes | Blocked | blocked | No local records for many detail pages; classified by route ownership and documented as blocked. |
Empty Fixture Blockers
The local workspace 3/environment 4 fixture had no records for baseline snapshots, alert deliveries, alert rules, alert destinations, backup schedules, backup sets, restore runs, inventory items, policy versions, findings, finding exceptions, evidence snapshots, environment reviews, review packs, or Entra groups. List/create pages were verified where reachable. Detail view/edit pages for those empty models are blocked by fixture absence and classified by route ownership.
Out-of-scope With Reason
Auth routes, local smoke-login routes, consent/rbac callbacks, localization endpoints, POST context switch endpoints, downloadable artifacts, and the separate System panel are not ordinary admin product surfaces for shell context consistency. They are classified as system/platform or out of scope.