1.7 KiB
Recommended Fixes
This audit did not apply any fixes. Recommended work should be split into small follow-up specs.
1. Baseline Compare Environment Classification Fix
Make Baseline Compare explicitly environment-scoped and shareable. Prefer a route-bound environment URL under /admin/workspaces/{workspace}/environments/{environment}/baseline-compare. Update the environment dashboard CTA, environment sidebar URL generation, and regression coverage for direct URL access without remembered context.
2. Workspace-Owned Baseline Registry Contract
Decide whether Baselines and Baseline Snapshots are workspace hubs or environment pages. Current code says workspace-owned. If workspace-owned, force environmentless shell and adjust sidebar/copy. If environment-owned, add route-bound environment URLs and data scoping.
3. Alerts and Audit Log Filter Contract
Make Alerts and Audit Log either true filtered workspace hubs or explicitly unfiltered workspace hubs. Preserve and apply environment_id with a visible chip and clear action, or strip/reject environment_id consistently.
4. Admin Surface Scope Regression Guard
Add classifier coverage for every admin path category in AdminSurfaceScope. Assert shell context for workspace hubs, environment pages, filtered workspace hubs, system pages, and canonical workspace record viewers. Add browser smoke coverage for reload and back/forward on high-risk pages.
5. Sidebar Placement / Surface Scope Contract
Add a source-of-truth registry for sidebar item product scope. Require each item to declare whether it opens an environment-bound page, a clean workspace hub, or a filtered workspace hub. Assert URL, shell, breadcrumb, page copy, chips, and active sidebar state against that declaration.