ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
788efee1c2
TenantAtlas/specs/376-browser-audit-fixture-coverage-evidence-system-surfaces/artifacts/source-audit-summary.md
ahmido f6dbc89edb test: add spec 376 browser fixture coverage (#447) 
Adds browser fixture coverage for evidence system surfaces as described in Spec 376.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #447
2026-06-13 11:22:19 +00:00

4.4 KiB
Raw Blame History

Source Audit Summary

Scope

Spec 376 covers browser fixture reachability and evidence for these existing surfaces only:

Surface Current repo path Spec 376 handling
Evidence Snapshot View EvidenceSnapshotResource::getUrl('view', ...) under /admin/workspaces/{workspace}/environments/{environment}/evidence/{record} Fresh browser-verified screenshot using existing admin smoke-login fixture.
Required Permissions /admin/workspaces/{workspace}/environments/{environment}/required-permissions Fresh browser-verified screenshot using existing admin smoke-login fixture and deterministic permission rows.
System Dashboard /system Fresh browser-verified screenshot using PlatformUser on the platform guard.
System Operations /system/ops/runs Fresh browser-verified screenshot using PlatformUser on the platform guard.
Provider Connection Detail /admin/provider-connections/{record}?environment_id={environment} Fresh browser-verified screenshot using scoped provider connection data and explicit environment authority.

Input Evidence

Source Relevant signal Handling
Spec 368 findings.md Evidence Snapshot detail redirected to /admin/login; System Dashboard/Ops redirected to /system/login. Treated as the original blocker this spec closes.
Spec 368 audit.md Required Permissions, Evidence Snapshot, and System pages were blocked by auth/fixture reachability. Route/auth/data/browser truth is separated in Spec 376 reports.
Spec 353 Required Permissions and Provider Connection browser screenshots exist under the Spec 353 package. Used as completed context; not rewritten.
Spec 372 Evidence Snapshot View browser pass exists with customer/auditor fixture. Used as completed context; Spec 376 adds a consolidated fresh screenshot.
Spec 375 Evidence/system browser fixture coverage remained a deferred follow-up. Spec 376 implements that follow-up.

Related Completed Specs 370-375

Spec Relevant status Handling
370 Source audit named Evidence Snapshot, Required Permissions, System Dashboard, and System Operations as not available source limitations. Spec 376 adds browser fixture evidence for these limitations.
371 Backup Set browser verification passed and is outside the five-surface Spec 376 scope. Read-only context.
372 Evidence Snapshot View browser verification passed in customer/auditor safety flow. Read-only context plus fresh Spec 376 consolidated screenshot.
373 Diagnostic surfaces passed browser verification and explicitly did not recapture Provider Connections or Required Permissions. Read-only context.
374 Diagnostic entrypoint browser verification passed and remained scoped to diagnostic/support handoff surfaces. Read-only context.
375 Deferred evidence/system browser fixtures as a follow-up. Implemented by this package.

Repo Truth

  • Existing admin smoke-login route: GET /admin/local/smoke-login, local/testing-only, covered by AdminLocalSmokeLoginTest.
  • Existing system auth route and panel: SystemPanelProvider uses authGuard('platform'), UseSystemSessionCookie, and ensure-platform-capability:platform.access_system_panel.
  • Existing Pest Browser system proof: Spec276SupportAccessGovernanceSmokeTest authenticates with $this->actingAs($platformUser, 'platform').
  • EvidenceSnapshotResource has protected static bool $isGloballySearchable = false.
  • ProviderConnectionResource has protected static bool $isGloballySearchable = false.
  • Required Permissions and System surfaces are Filament pages, not globally searchable resources.

Implementation Option Selected

Reuse existing fixtures and add one bounded browser smoke file:

  • No new admin smoke route.
  • No new system smoke route.
  • No new Artisan fixture command.
  • No production auth, policy, resource, panel, model, migration, Graph, or OperationRun behavior change.

Fixture Gaps Closed

Gap Result
Evidence Snapshot auth fixture unclear Closed by smoke-login redirect to environment-scoped evidence URL.
Required Permissions auth/data fixture unclear Closed by smoke-login plus deterministic ManagedEnvironmentPermission rows.
System panel browser fixture absent Closed by direct Pest Browser platform-guard actingAs.
Provider Connection detail timeout vs real defect unclear Closed by scoped browser screenshot with explicit environment_id.