Audit rbac

This workflow generates a map of which routes are protected by which roles.

1. Scan Route Files:
2. Apps/platform/src/app (recursively).

3. Look for layout.tsx and page.tsx.

4. Analyze Protection:

5. Search for checkRouteAccess(path, role) calls.

6. Search for requireRole(['admin', 'staff']) calls in Server Actions (src/app/_actions).

7. Generate Report:

8. Create or Update RBAC_CURRENT_MAP.md.
9. Format: | Route/Action | Roles Required | Source File |

10. Highlight any routes that appear unprotected (missing checks).

11. Verify Blueprint:

12. Compare findings against apps/platform/RBAC_IMPLEMENTATION_BLUEPRINT.md (if applicable) to see if we are meeting our goals.