{ "type": "api", "module": "multi-tenant", "feature": "same-api-key-selection", "runId": "run-001", "capturedAtUtc": "2026-02-22T23:18:33Z", "transport": "xUnit v3 in-process API integration via dotnet run", "checks": [ { "service": "authority", "scope": "admin client assignment CRUD", "testsRun": 8, "testsPassed": 8, "evidenceFile": "evidence/authority-console-admin-tenant-assignments.txt", "behaviorVerified": [ "Create and update admin client endpoints persist multi-tenant assignments.", "Duplicate, missing, and invalid tenant assignment payloads are rejected deterministically.", "Audit event properties include before/after tenant assignment fields." ], "result": "pass" }, { "service": "authority", "scope": "console tenants selected marker", "testsRun": 1, "testsPassed": 1, "evidenceFile": "evidence/authority-console-tenants-selected-marker.txt", "behaviorVerified": [ "/console/tenants returns assigned tenant set and selectedTenant marker for immediate UI hydration." ], "result": "pass" }, { "service": "authority", "scope": "token issuance and validation tenant selection", "testsRun": 8, "testsPassed": 8, "evidenceFile": "evidence/authority-token-tenant-selection-targeted.txt", "behaviorVerified": [ "Client credentials and password grants select requested tenant when assigned.", "Ambiguous or unassigned tenant selections are rejected.", "Access token validation rejects tenant mismatch and out-of-assignment tenant claims." ], "result": "pass" }, { "service": "platform", "scope": "resolver + topology + context endpoints", "testsRun": 14, "testsPassed": 14, "evidenceFile": "evidence/platform-tenant-isolation-targeted.txt", "behaviorVerified": [ "Resolver returns tenant_missing and tenant_conflict errors deterministically.", "Topology endpoints return bad request when tenant header is missing.", "Topology and context data are isolated across tenants with overlapping identifiers." ], "result": "pass" }, { "service": "scanner", "scope": "resolver + scans + triage + unknowns + webhook lookup", "testsRun": 13, "testsPassed": 13, "evidenceFile": "evidence/scanner-tenant-isolation-targeted.txt", "behaviorVerified": [ "Resolver returns deterministic missing/conflict outcomes with canonical and legacy headers.", "Cross-tenant scan status, triage evidence, and callgraph submission attempts are rejected.", "Webhook source resolution is tenant-scoped and same sourceName collisions do not cross-dispatch." ], "result": "pass" }, { "service": "graph", "scope": "tenant resolver + authorization alignment", "testsRun": 7, "testsPassed": 7, "evidenceFile": "evidence/graph-tenant-alignment-targeted.txt", "observedHttpStatuses": [ "200", "400", "403" ], "behaviorVerified": [ "Canonical tenant header + scope yields success for query path.", "Conflicting tenant headers produce tenant_conflict/bad request behavior.", "Missing required scope returns forbidden deterministically." ], "result": "pass" } ], "summary": { "testsRun": 51, "testsPassed": 51, "testsFailed": 0, "crossTenantAttemptsDenied": true }, "verdict": "pass" }