TenantAtlas/specs/376-browser-audit-fixture-coverage-evidence-system-surfaces/artifacts/fixture-coverage-matrix.md

# Fixture Coverage Matrix

| Surface | Previous status | Required fixture | Implemented fixture | Reachability result | Screenshot | Verification level | Remaining limitation |
|---|---|---|---|---|---|---|---|
| Evidence Snapshot View | Spec 368 `auth-blocked`; Spec 372 later browser-proved in customer/auditor flow | admin user, workspace context, environment context, evidence snapshot | existing smoke-login + seeded evidence snapshot | reached | `artifacts/screenshots/001-evidence-snapshot-view.png` | `browser-verified` | Screenshot is a fixture proof, not a redesign audit. |
| Required Permissions | Spec 368 `auth-blocked`; Spec 353 later browser-proved provider guidance | admin user, workspace/environment context, permission rows | existing smoke-login + deterministic permission rows | reached | `artifacts/screenshots/002-required-permissions.png` | `browser-verified` | Uses configured permission registry; no live Graph permission check. |
| System Dashboard | Spec 368 `auth-blocked` via `/system/login` redirect | platform user with system dashboard capabilities | Pest Browser `actingAs(..., 'platform')` | reached | `artifacts/screenshots/003-system-dashboard.png` | `browser-verified` | Does not add a reusable manual system smoke-login URL. |
| System Operations | Spec 368 `auth-blocked` via `/system/login` redirect | platform user with operations capability | Pest Browser `actingAs(..., 'platform')` | reached with empty state | `artifacts/screenshots/004-system-operations.png` | `browser-verified` | Empty state is intentional; no operation run was created. |
| Provider Connection Detail | Spec 368 detail attempt timed out/was unstable; Spec 353 proved provider guidance | admin user, workspace context, provider connection, explicit environment authority | existing admin session + scoped provider connection fixture | reached | `artifacts/screenshots/005-provider-connection-detail.png` | `browser-verified` | Fixture uses fake provider identifiers and no live provider calls. |