Back to readinessOpen admin login
Non-destructive preview
Admin compliance preview
Read-only web evidence surface for the admin, division admin, and super admin parity gate. This keeps audit, import, licensing, configuration, correction, and role-security proof visible without touching live school data.
Admin evidence gates
The web app may only leave this area as Ready after authenticated staging users prove the same tenant-scoped records and write receipts as the native admin console.
| Gate | Native evidence | Web preview | Required next proof |
|---|---|---|---|
| Audit log | macOS Admin Console reads audit_logs through MacAdminComplianceClient. | Preview lists the audit surface and keeps production read proof blocked. | Sign in as admin against staging and verify tenant-scoped audit log search. |
| Enrollment/import | OneRoster validator and SIS readiness docs cover dry-run import review. | Preview keeps import dry-run and destructive apply as separate gates. | Upload deterministic OneRoster fixtures and verify counts, issues, and no production apply. |
| Licensing | division_licenses are tenant-scoped for non-super-admin native users. | Preview shows license visibility as a required admin proof point. | Verify admin, division admin, and super admin license visibility boundaries. |
| Configuration | Admin, division, and super admin roles exist in the shared route catalog. | Preview keeps school/division configuration behind authenticated admin routes. | Prove school settings load and save with audit receipts in staging. |
| Data correction | LAFOIP correction review uses data_correction_requests approve/deny updates. | Preview surfaces correction review without exposing live student records. | Verify approve/deny review writes reviewed_by, reviewed_at, and review_notes. |
| RLS proof | macOS readiness requires tenant memberships and role-scoped data paths. | Preview names RLS as a hard blocker before any equality claim. | Run web role-boundary tests with admin, division admin, and super admin staging accounts. |
What this does not prove
This preview does not prove live admin authorization, Supabase RLS, destructive import safeguards, license write paths, correction updates, or audit receipts. Those remain staging-backed blockers.