Patrick Bass Area: Cross-cutting infra (audit p14) · Surface: /admin/legal (AdminLegalController) + public /terms, /privacy, /community-guidelines, /marketplace-rules (PageController) · Dimension: documentation · Severity: major
The legal-page management feature (a Tenant Super Admin capability that controls the live Terms of Service, Privacy Policy, Community Guidelines, and Marketplace Rules pages, with a static-template-fallback model that operators must understand) has no documentation in mobieusKnow. Operators have no guidance on how to take ownership of a legal page, that an empty body reverts to the seed template, or that Marketplace Rules is gated behind the marketplace feature flag.
Evidence
AdminLegalController@index/edit/update/delete (platform/src/Controllers/AdminLegalController.php:29-130) lets a Tenant Super Admin author Terms/Privacy/Community Guidelines/Marketplace Rules from /admin/legal, with a DB-vs-static-fallback model. The mobieusKnow index (curl https://support.mobieus.io/know, HTTP 200, title 'mobieusKnow Wiki Index') has NO 'legal' article — `grep -ioc legal /tmp/know-index.html` = 0, and the full slug list contains no legal-pages entry. Search confirms: `curl https://support.mobieus.io/know/search?q=legal+pages` returns only the unrelated /know/community-landing-pages. The only occurrences of 'terms'/'privacy' in the index are footer links (`<a href="/terms">`, `<a href="/privacy">`) and JSON-LD acquireLicensePage, not articles.Suggested fix. Add a /know/legal-pages article covering the four editable slugs, the 'Saved in DB' vs 'Falling back to static template' status, Markdown authoring, the revert-to-default (delete) behavior, and the marketplace-feature gate on Marketplace Rules. Seed it into docs/customer-help/ so it lands in every tenant wiki.
Filed by the automated tenant-app audit and adversarially evidence-verified. Status: verified. Open — not yet actioned.
Patrick Bass
@mobieus
