ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
98b80eba5b
TenantAtlas/specs/318-admin-surface-scope-shell-context-audit/mismatch-findings.md
Ahmed Darrazi 98b80eba5b
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 1m42s
Details
spec: add admin surface scope shell context audit
2026-05-16 20:29:24 +02:00

2.8 KiB
Raw Blame History

Mismatch Findings

ID Risk Finding Browser/code evidence Suspected code seam Recommended direction
M1 critical Baseline Compare URLs are not self-sufficient Direct clean and direct environment_id URLs return 403 after clearing environment context; environment sidebar works only with remembered context. BaselineCompareLanding, UsesAdminEnvironmentFilterQueryParameter, OperateHubShell Move to route-bound environment URL or explicitly resolve environment_id before access checks.
M2 high Baseline Profiles/Snapshots workspace data with environment shell Resources query workspace_id but environment sidebar/reload show YPTW2 shell on clean URLs. BaselineProfileResource, BaselineSnapshotResource, AdminSurfaceScope WorkspaceScoped Declare as workspace hubs/environmentless or move to environment-bound routing.
M7 high Audit Log filtered URL lacks visible environment chip /admin/audit-log?environment_id=4 preserves the query and keeps an environmentless shell, but the page does not show a visible Environment filter chip. AuditLog, WorkspaceHubRegistry, CanonicalAdminEnvironmentFilterState Either implement the filtered workspace hub chip/clear contract or reject/strip environment_id for Audit Log.
M3 medium Alerts filtered hub contract gap /admin/alerts?environment_id=4 drops query on redirect; child URLs show All environments and no chip. AlertsCluster, Alert resources, WorkspaceHubRegistry Either implement filtered hub chip/data filtering or strip/reject environment_id intentionally.
M4 medium Unregistered workspace analysis pages inherit remembered environment My Findings, Intake, Hygiene, Cross-environment Compare, and baseline detail/matrix pages show active env on clean URLs from env context. AdminSurfaceScope WorkspaceScoped allows remembered restore Add explicit classifier entries or make remembered restore opt-in.
M5 low Environment sidebar mixes workspace hubs and environment pages Most workspace hub rows behave correctly, but baseline rows do not match the same rule. AdminPanelProvider navigation, WorkspaceSidebarNavigation Add sidebar item scope declarations and regression coverage.
M6 low Managed environment edit tested path is dead /admin/workspaces/3/environments/{environment}/edit returned 404. ManagedEnvironmentResource registration Mark dead unless another edit URL is intended.

Status Counts From Matrix

  • OK: 135
  • blocked: 1
  • dead/unreachable: 1
  • mismatch: 24

Classification Counts From Matrix Rows

  • Canonical workspace record viewer: 2
  • Environment-scoped page: 50
  • Filtered workspace hub: 28
  • Onboarding workflow: 1
  • System/platform scoped page: 3
  • Workspace-scoped analysis page: 8
  • Workspace-scoped baseline surface: 14
  • Workspace-scoped hub: 55