From 4b0dc2a62ec7765cf53ad05928cb914066963b18 Mon Sep 17 00:00:00 2001 From: Ahmed Darrazi Date: Wed, 29 Apr 2026 14:56:17 +0200 Subject: [PATCH] chore: commit workspace changes (automated) --- docs/product/implementation-ledger.md | 67 +++++--- specs/900-policy-lifecycle/spec.md | 228 -------------------------- 2 files changed, 40 insertions(+), 255 deletions(-) delete mode 100644 specs/900-policy-lifecycle/spec.md diff --git a/docs/product/implementation-ledger.md b/docs/product/implementation-ledger.md index b5f12e4d..8bec9042 100644 --- a/docs/product/implementation-ledger.md +++ b/docs/product/implementation-ledger.md @@ -15,7 +15,7 @@ ## Purpose ## Current Product Position -TenantPilot ist aktuell ein starkes internes Governance- und Operations-Produkt mit belastbaren Foundations fuer Execution Truth, Baselines/Drift, Findings, Evidence, Reviews, Review Packs, Supportability, Telemetry und Safety Controls. Die Repo-Wahrheit liegt damit ueber einer simplen Lesart von "R1 done / R2 partial". Gleichzeitig ist das Produkt noch nicht voll als kundenseitig konsumierbare Review- und Portfolio-Plattform ausgereift: Customer-safe Review Consumption, Cross-Tenant-Workflows und kommerzielle Lifecycle-Reife sind noch unvollstaendig. Zusaetzlich zeigt der Repo-Stand eine schmale Findings-Cleanup-Lane: sichtbare Lifecycle-Backfill-Runtime-Surfaces, `acknowledged`-Kompatibilitaet und fehlende explizite Creation-Time-Invariant-Absicherung sollten als getrennte Folgespecs behandelt werden. +TenantPilot ist aktuell ein starkes internes Governance- und Operations-Produkt mit belastbaren Foundations fuer Execution Truth, Baselines/Drift, Findings, Evidence, Reviews, Review Packs, Supportability, Telemetry und Safety Controls und inzwischen repo-real umgesetzten Customer-safe Review Consumption, Risk-Acceptance/Exception-Workflow, Findings-/Governance-Inboxen und einer DE/EN-Locale-Foundation. Die Repo-Wahrheit liegt damit klar ueber einer simplen Lesart von "R1 done / R2 partial". Gleichzeitig ist das Produkt noch nicht voll als kundenseitig konsumierbare Portfolio- und Commercial-Plattform ausgereift: Cross-Tenant-Workflows, Compare/Promotion, Billing-/Lifecycle-Reife und Private-AI-Governance bleiben unvollstaendig. Zusaetzlich zeigt der Repo-Stand weiterhin eine schmale Findings-Cleanup-Lane: sichtbare Lifecycle-Backfill-Runtime-Surfaces, `acknowledged`-Kompatibilitaet und fehlende explizite Creation-Time-Invariant-Absicherung sollten als getrennte Folgespecs behandelt werden. ## Status Model @@ -41,24 +41,24 @@ ## Roadmap Coverage Summary | Roadmap Area | Status | Evidence Level | UI Ready | Tested | Sellable | Notes | |---|---|---:|---|---|---|---| | R1 Golden Master Governance | adopted | strong | yes | repo tests, not run | yes | Baselines, Drift, Findings und OperationRun-Truth sind breit im Produkt verankert. | -| R2 Tenant Reviews, Evidence & Control Foundation | adopted | strong | yes | repo tests, not run | almost | Review-, Evidence- und Control-Foundations sind stark; Customer Review Workspace fehlt noch. | +| R2 Tenant Reviews, Evidence & Control Foundation | adopted | strong | yes | repo tests, not run | yes | Reviews, Evidence, Review Packs, Customer Review Workspace und Control-/Exception-Layer greifen als reale Governance-Surface zusammen. | | Alert escalation + notification routing | implemented_verified | strong | partial | repo tests, not run | yes | Alert-Regeln, Dispatch, Cooldown und Quiet Hours sind real. | | Governance & Architecture Hardening | implemented_partial | strong | partial | repo tests, not run | foundation-only | Viele Hardening-Slices sind bereits im Code, die Lane bleibt aber aktiv. | -| UI & Product Maturity Polish | implemented_partial | medium | partial | partial repo tests, not run | no | Einzelne Polishing-Slices sind da, aber kein geschlossenes "fertig"-Signal auf Theme-Ebene. | +| UI & Product Maturity Polish | implemented_partial | strong | partial | partial repo tests, not run | no | Empty States, Navigation, Localization und read-only Review-Polish sind real, aber kein geschlossenes Theme-Completion-Signal. | | Secret & Security Hardening | implemented_verified | strong | yes | repo tests, not run | almost | Provider-Verifikation, Permission-Diagnostics und Redaction sind belastbar. | | Baseline Drift Engine (Cutover) | adopted | strong | yes | repo tests, not run | yes | Compare- und Drift-Workflow wirken als produktive Kernfunktion. | -| R1.9 Platform Localization v1 | planned | none | no | no | no | Keine belastbare Locale-Foundation im Repo gefunden. | +| R1.9 Platform Localization v1 | implemented_verified | strong | yes | repo tests, not run | foundation-only | Locale-Resolver, Override/Praeferenz, Workspace-Default, Fallback und lokalisierte Notifications sind repo-real. | | Product Scalability & Self-Service Foundation | implemented_partial | strong | yes | repo tests, not run | almost | Onboarding, Support, Help und Entitlements sind weit; Billing, Trial und Demo-Reife fehlen. | | R2.0 Canonical Control Catalog Foundation | implemented_verified | strong | partial | repo tests, not run | foundation-only | Bereits implementiert und in Evidence/Reviews referenziert, aber kein eigenstaendiger Kundennutzen-Surface. | -| R2 Completion: customer review, support, help | implemented_partial | strong | yes | repo tests, not run | almost | Support und Help sind real; kundensichere Review-Consumption ist noch offen. | -| Findings Workflow v2 / Execution Layer | implemented_partial | strong | yes | repo tests, not run | almost | Triage, Ownership, Alerts und Hygiene sind vorhanden; der naechste Operator-Layer fehlt und Legacy-Cleanup um Backfill-/Status-Kompatibilitaet bleibt offen. | +| R2 Completion: customer review, support, help | adopted | strong | yes | repo tests, not run | yes | Customer Review Workspace, Support Diagnostics/Requests und Help-Katalog sind repo-real. | +| Findings Workflow v2 / Execution Layer | adopted | strong | yes | repo tests, not run | almost | Triage, Ownership, My Work, Intake, Governance Inbox, Exceptions und Alerts/Hygiene sind real; Cross-Tenant-Decisioning bleibt spaeter. | | Policy Lifecycle / Ghost Policies | specified | weak | no | no | no | Als Richtung sichtbar, aber nicht als repo-verifizierter Workflow. | | Platform Operations Maturity | implemented_partial | strong | yes | repo tests, not run | almost | System Panel, Control Tower und Ops Controls sind real; CSV/Raw Drilldowns bleiben offen. | | Product Usage, Customer Health & Operational Controls | adopted | strong | yes | repo tests, not run | almost | Diese Mid-term-Lane ist im Repo bereits substanziell vorhanden. | | Private AI Execution & Usage Governance Foundation | planned | none | no | no | no | Keine belastbare AI-Governance-Foundation im Repo. | | MSP Portfolio & Operations | implemented_partial | medium | partial | repo tests, not run | foundation-only | Portfolio-Triage ist da; Compare/Promotion und Decision Workboard fehlen. | -| Human-in-the-Loop Autonomous Governance | planned | none | no | no | no | Kein repo-verifizierter Decision-Pack- oder Approval-Workflow. | -| Drift & Change Governance | specified | weak | no | no | no | Einzelne Foundations existieren, die thematische Produkt-Lane aber nicht. | +| Human-in-the-Loop Autonomous Governance | planned | none | no | no | no | Kein repo-verifizierter Decision-Pack- oder Approval-Workflow jenseits des jetzigen Exception-/Review-Layers. | +| Drift & Change Governance | implemented_partial | strong | yes | repo tests, not run | almost | Drift review, accepted-risk governance, exception validity und Governance-Inbox-Surfaces sind repo-real; portfolio-weite Eskalation bleibt offen. | | Standardization & Policy Quality | planned | none | no | no | no | Keine starke Repo-Evidence fuer eine Intune-Linting- oder Policy-Quality-Oberflaeche. | | PSA / Ticketing Handoff | planned | none | no | no | no | Support Requests existieren, externe Handoff-Integration aber nicht. | @@ -69,10 +69,13 @@ ## Implemented Capabilities | OperationRun truth layer | implemented_verified | yes | partial | repo tests, not run | yes | foundation-only | `app/Models/OperationRun.php`; `tests/Feature/System/*`; `tests/Feature/ReviewPack/*` | | Baseline profiles, snapshots and compare | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Models/BaselineProfile.php`; `app/Models/BaselineSnapshot.php`; `app/Services/Baselines/BaselineCompareService.php` | | Drift findings and governance pressure | adopted | yes | yes | repo tests, not run | yes | yes | `app/Models/Finding.php`; `app/Filament/Widgets/Dashboard/RecentDriftFindings.php`; `tests/Feature/Findings/*` | +| Findings inboxes and governance inbox | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Filament/Pages/Findings/MyFindingsInbox.php`; `app/Filament/Pages/Findings/FindingsIntakeQueue.php`; `app/Filament/Pages/Governance/GovernanceInbox.php`; `tests/Feature/Findings/MyWorkInboxTest.php`; `tests/Feature/Governance/*` | +| Finding exceptions and risk acceptance workflow | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/FindingException.php`; `app/Services/Findings/FindingExceptionService.php`; `app/Filament/Resources/FindingExceptionResource.php`; `tests/Feature/Findings/FindingExceptionWorkflowTest.php` | | Restore workflow with safety gates | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Models/OperationRun.php`; restore gates and tests in `tests/Feature/Restore/*` | | Evidence snapshots | implemented_verified | yes | yes | repo tests, not run | yes | foundation-only | `app/Models/EvidenceSnapshot.php`; `app/Services/Evidence/EvidenceSnapshotService.php`; `tests/Feature/Evidence/*` | | Tenant reviews | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/TenantReview.php`; `app/Services/TenantReviews/TenantReviewService.php`; `tests/Feature/TenantReview/*` | | Review pack generation and export | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Models/ReviewPack.php`; `app/Services/ReviewPackService.php`; `tests/Feature/ReviewPack/*` | +| Customer review workspace | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`; `tests/Feature/Reviews/*`; `tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php` | | Alerts and notification routing | implemented_verified | yes | partial | repo tests, not run | yes | yes | `app/Services/Alerts/AlertDispatchService.php`; `tests/Feature/*Alert*` | | Provider health, onboarding readiness and required permissions | adopted | yes | yes | repo tests, not run | yes | almost | `app/Jobs/ProviderConnectionHealthCheckJob.php`; `app/Services/Onboarding/OnboardingLifecycleService.php`; `app/Filament/Pages/TenantRequiredPermissions.php` | | Permission posture reporting | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Services/PermissionPosture/PermissionPostureFindingGenerator.php`; `tests/Feature/PermissionPosture/*` | @@ -81,6 +84,7 @@ ## Implemented Capabilities | Support diagnostics | adopted | yes | yes | repo tests, not run | yes | almost | `app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php`; `app/Filament/Pages/TenantDashboard.php`; `tests/Feature/SupportDiagnostics/*` | | In-app support requests | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/SupportRequest.php`; `app/Support/SupportRequests/*`; `tests/Feature/SupportRequests/*` | | Product knowledge and contextual help | implemented_partial | yes | yes | repo tests, not run | partial | almost | `app/Support/ProductKnowledge/ContextualHelpCatalog.php`; `tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php` | +| Localization foundation | implemented_verified | yes | yes | repo tests, not run | partial | foundation-only | `app/Services/Localization/LocaleResolver.php`; `app/Http/Controllers/LocalizationController.php`; `tests/Feature/Localization/*` | | Product telemetry | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/ProductUsageEvent.php`; `app/Filament/System/Widgets/ProductTelemetryKpis.php`; `tests/Feature/System/ProductTelemetry/*` | | Customer health scoring | implemented_verified | yes | yes | repo tests, not run | partial | almost | `app/Filament/System/Widgets/CustomerHealthKpis.php`; `app/Filament/System/Widgets/CustomerHealthTopWorkspaces.php`; `tests/Feature/System/CustomerHealth/*` | | Operational controls | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/OperationalControlActivation.php`; `app/Support/OperationalControls/*`; `tests/Feature/System/OpsControls/*` | @@ -99,14 +103,15 @@ ## Foundation-Only Capabilities - Canonical control catalog: starke semantische Foundation fuer Evidence, Findings und Reviews. - Stored reports substrate: wichtig fuer Reports, Evidence und Diagnostics, aber kein eigenstaendiges Produktversprechen. - Evidence snapshot substrate: tragende technische Basis fuer Reviews und Exports. +- Localization foundation: resolved locale precedence, Workspace-Default, User-Praeferenz/Override und Notification-Formatting sind real, aber Enablement statt eigener Produkt-Surface. - Operational control registry and evaluator: starke Safety-Control-Foundation, primar operatorseitig. - Customer health scoring: reale interne SaaS-Operations-Layer, aber noch keine eigenstaendige Kundenoberflaeche. - Portfolio triage continuity: sinnvoller Multi-Tenant-Unterbau, aber noch kein vollstaendiges Portfolio-Produkt. ## Partial Capabilities -- Customer-facing review consumption: Tenant Reviews, Evidence Snapshots und Review Packs sind stark, aber ein repo-verifizierter Customer Review Workspace fehlt. -- Findings Workflow v2: Triage, Assignment, Hygiene und Notifications sind vorhanden, aber kein konsolidierter Decision-/Inbox-Layer; zusaetzlich bleibt Cleanup debt um Lifecycle-Backfill-Surfaces, `acknowledged`-Kompatibilitaet und explizite Creation-Time-Invarianten. +- Customer-facing review consumption: Tenant Reviews, Evidence Snapshots, Review Packs und der Customer Review Workspace sind repo-real, aber portfolio-weite Consumption- und Sharing-Patterns bleiben offen. +- Findings Workflow v2: Triage, Assignment, My Work, Intake, Governance Inbox, Exceptions und Notifications sind vorhanden; spaetere Cross-Tenant-Decisioning-Layer und Cleanup debt um Lifecycle-Backfill-Surfaces, `acknowledged`-Kompatibilitaet und explizite Creation-Time-Invarianten bleiben offen. - Product scalability and self-service: Onboarding, Support, Help und Entitlements sind weit, Billing-, Trial- und Demo-Reife aber nicht. - MSP portfolio operations: Portfolio-Triage ist vorhanden, Cross-Tenant Compare und Promotion fehlen. - Platform operations maturity: Control Tower und Ops Controls sind stark, aber einige geplante operatorseitige Drilldowns/Exports fehlen noch. @@ -114,13 +119,12 @@ ## Partial Capabilities ## Planned But Not Implemented -- Platform Localization v1 - Private AI Execution & Usage Governance Foundation - Human-in-the-Loop Autonomous Governance - Standardization & Policy Quality / Intune Linting - PSA / Ticketing Handoff -- Customer Review Workspace v1 - Cross-Tenant Compare and Promotion v1 +- Policy Lifecycle / Ghost Policies - Later compliance overlays beyond the current control/evidence foundation ## Release Readiness @@ -128,8 +132,8 @@ ## Release Readiness | Release / Theme | Readiness | Notes | |---|---|---| | R1 Golden Master Governance | implemented | Die zentrale Governance- und Execution-Layer ist repo-verifiziert und breit adoptiert. | -| R2 Tenant Reviews & Evidence Packs | partially implemented | Reviews, Evidence Snapshots und Review Packs sind stark; kundensichere Consumption fehlt noch. | -| R3 MSP Portfolio OS | foundation only | Portfolio-Triage ist da, aber Compare/Promotion und Decision Workflows fehlen. | +| R2 Tenant Reviews & Evidence Packs | implemented | Reviews, Evidence Snapshots, Review Packs, Customer Review Workspace und Exception-/Accepted-Risk-Workflow sind repo-real; breitere Commercial-Polish-Themen bleiben separat. | +| R3 MSP Portfolio OS | foundation only | Portfolio-Triage und Governance-Surfaces sind da, aber Compare/Promotion und portfolio-weite Action-Layer fehlen. | | Later Compliance Light | foundation only | Canonical Controls, Evidence und Exceptions existieren als Grundlage; ein Compliance-Produkt ist nicht repo-proven. | ## Commercial Readiness @@ -138,14 +142,16 @@ ### Demo-ready - Baseline compare and drift walkthroughs - Review pack generation and export +- Customer-safe review workspace walkthroughs - Provider health, onboarding readiness and required permissions - Support diagnostics - Permission posture and Entra admin roles reporting ### Almost sellable -- Review-driven governance workflow around tenant reviews and review packs +- Review-driven governance workflow rund um Tenant Reviews, Customer Review Workspace, accepted risks und Review Packs - Baseline drift and restore governance +- Findings workflow mit persönlicher Inbox, Intake, Governance Inbox und Exception-Handling - Alerting and run visibility for governance operations - Support requests with contextual diagnostics - Provider readiness and permission posture reporting @@ -159,6 +165,7 @@ ### Foundation-only - Canonical control catalog - Stored reports substrate - Evidence snapshot substrate +- Localization foundation - Product telemetry - Customer health scoring - Operational controls @@ -166,9 +173,7 @@ ### Foundation-only ### Not sellable yet -- Customer Review Workspace v1 - Cross-Tenant Compare and Promotion v1 -- Localization v1 - Private AI Execution Governance Foundation - External Support Desk / PSA Handoff - Compliance Light product layer @@ -177,40 +182,39 @@ ## Open Gaps & Blockers | Gap | Type | Impact | Roadmap Area | Recommended Spec | |---|---|---|---|---| -| Customer-safe review workspace is missing | Release blocker | Existing review and evidence assets cannot yet be consumed as a clear customer-facing surface | R2 completion / Tenant Reviews | P0 Customer Review Workspace v1 | -| No consolidated operator decision inbox | UX blocker | Operators still move between findings, runs, alerts and portfolio surfaces to act | Findings Workflow / MSP Portfolio | P0 Decision-Based Governance Inbox v1 | +| Decisioning still spans multiple repo-real inboxes | UX blocker | My Findings, Intake, Governance Inbox und Exception Queue sind real, aber Operators springen weiter zwischen mehreren Spezial-Surfaces und es gibt noch keinen portfolio-weiten Action-Layer | Findings Workflow / MSP Portfolio | P1 Governance Decision Surface Convergence | | Findings lifecycle backfill runtime surfaces remain productized | Cleanup blocker | Runbooks, commands, capabilities and tenant actions still expose a pre-production repair path that should not ship as product truth | Findings Workflow / Legacy Removal | P1 Remove Findings Lifecycle Backfill Runtime Surfaces | | Legacy `acknowledged` status compatibility still survives | Semantics blocker | Status helpers, filters, badges, capability aliases and tests keep non-canonical workflow semantics alive | Findings Workflow / RBAC | P1 Remove Legacy Acknowledged Finding Status Compatibility | | Creation-time finding invariants are implied but not explicitly protected | Integrity blocker | Future finding generators could regress into partial lifecycle writes and recreate the need for repair tooling | Findings Workflow / Data Integrity | P1 Enforce Creation-Time Finding Invariants | | Cross-tenant compare and promotion is not repo-proven | Release blocker | MSP portfolio story remains partial | MSP Portfolio & Operations | P1 Cross-Tenant Compare and Promotion v1 | -| Localization foundation is absent | UX blocker | Product polish and DACH-readiness remain limited | R1.9 Platform Localization v1 | P1 Localization v1 | | Entitlements stop short of full commercial lifecycle | Commercialization blocker | Plan gating exists, but trial, grace and suspension semantics remain incomplete | Product Scalability & Self-Service Foundation | P2 Commercial Entitlements and Billing-State Maturity | | Support requests do not hand off to an external desk | Commercialization blocker | Support operations still depend on manual follow-through outside the product | R2 completion / Support | P2 External Support Desk / PSA Handoff | | AI governance foundation is absent | Architecture blocker | Future AI features would risk trust and policy drift if added directly | Private AI Execution & Usage Governance | P3 Private AI Execution Governance Foundation | -| Roadmap understates current repo truth | Architecture blocker | Prioritization can drift because strategy docs lag implementation | Product planning / roadmap maintenance | none - docs alignment | +| Roadmap understates current repo truth | Architecture blocker | Prioritization can drift because strategy docs still lag neuere Review-, Findings- und Localization-Surfaces | Product planning / roadmap maintenance | none - docs alignment | | Test files were not executed for this ledger update | Testing blocker | This document relies on code plus test presence, not live runtime validation | all areas | none - run targeted suites | ## Recommended Next Specs -- `P0 Customer Review Workspace v1`: turns existing reviews, evidence and review-pack outputs into a customer-safe read-only product surface. -- `P0 Decision-Based Governance Inbox v1`: consolidates existing findings, runs, alerts and triage signals into one operator work surface. +- `P1 Governance Decision Surface Convergence`: verbindet My Findings, Intake, Governance Inbox, Customer Review Workspace und Exception Queue zu weniger Operator-Journeys und bereitet die Portfolio-Ebene vor. - `P1 Remove Findings Lifecycle Backfill Runtime Surfaces`: removes visible pre-production repair tooling from runbooks, commands, actions, capabilities and deploy/runtime hooks. - `P1 Remove Legacy Acknowledged Finding Status Compatibility`: collapses findings workflow semantics onto the canonical `triaged` model and removes stale RBAC/query aliases. - `P1 Enforce Creation-Time Finding Invariants`: proves that new findings are lifecycle-ready at write time so no repair backfill has to return later. - `P1 Cross-Tenant Compare and Promotion v1`: needed to move from portfolio visibility to portfolio action. -- `P1 Localization v1`: still absent in repo and becomes more expensive the later it lands. - `P2 Commercial Entitlements and Billing-State Maturity`: extends the already real entitlement substrate into a usable commercial lifecycle. - `P2 External Support Desk / PSA Handoff`: extends support requests beyond internal persistence. - `P3 Private AI Execution Governance Foundation`: should exist before feature-level AI adoption, not after it. ## Roadmap Drift Notes +- `roadmap.md` understates current R2 completion. Customer Review Workspace, published review handoff, review-pack downloads und der Finding-Exception-/Risk-Acceptance-Workflow sind bereits repo-real. +- `roadmap.md` understates findings workflow maturity. My Findings, Intake, Governance Inbox und Exception Queue existieren bereits im Repo. +- `roadmap.md` understates localization maturity. Locale resolution order, Workspace-Default, User-Praeferenz, lokalisierte Notifications und Fallback-Tests sind implementiert. - `roadmap.md` understates the current R2 control foundation. Canonical controls, stored reports, permission posture and Entra admin roles are already repo-real, not just near-term ideas. - `roadmap.md` understates product supportability. Support diagnostics, in-app support requests and contextual help already exist in the repo. - `roadmap.md` understates operational maturity. Product telemetry, customer health and operational controls are already implemented and wired into the system panel. - `roadmap.md` understates commercial foundations. A workspace entitlement resolver, plan profiles and enforcement points already exist, even though full billing-state maturity does not. -- The roadmap is stronger at describing missing customer-facing consumption than missing backend foundations. Customer Review Workspace v1, Cross-Tenant Compare and Promotion, Localization and AI Governance still look genuinely unimplemented. -- The main drift pattern is underestimation, not overestimation. The only place where optimism should still be resisted is customer-facing review maturity: internal review and evidence foundations are strong, but the repo does not yet prove a finished customer review workspace. +- The roadmap is now better at describing still-missing portfolio- und commercial-Layer than the current state of review/findings/localization implementation. Cross-Tenant Compare and Promotion, full billing-state maturity, external PSA handoff and AI Governance still look genuinely unimplemented. +- The main drift pattern is underestimation, not overestimation. Customer-facing review consumption is no longer the clearest missing piece; portfolio action and commercial lifecycle are. ## Evidence Sources @@ -227,12 +231,19 @@ ## Evidence Sources - `apps/platform/app/Filament/Pages/TenantDashboard.php` - `apps/platform/app/Filament/System/Pages/Dashboard.php` - `apps/platform/app/Filament/Pages/TenantRequiredPermissions.php` +- `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php` +- `apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php` +- `apps/platform/app/Filament/Pages/Findings/FindingsIntakeQueue.php` +- `apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php` +- `apps/platform/app/Filament/Pages/Monitoring/FindingExceptionsQueue.php` Wichtige Models: - `apps/platform/app/Models/OperationRun.php` - `apps/platform/app/Models/Finding.php` - `apps/platform/app/Models/FindingException.php` +- `apps/platform/app/Models/FindingExceptionDecision.php` +- `apps/platform/app/Models/FindingExceptionEvidenceReference.php` - `apps/platform/app/Models/BaselineProfile.php` - `apps/platform/app/Models/BaselineSnapshot.php` - `apps/platform/app/Models/EvidenceSnapshot.php` @@ -251,6 +262,7 @@ ## Evidence Sources - `apps/platform/app/Services/Evidence/EvidenceSnapshotService.php` - `apps/platform/app/Services/Baselines/BaselineCompareService.php` - `apps/platform/app/Services/Alerts/AlertDispatchService.php` +- `apps/platform/app/Services/Findings/FindingExceptionService.php` - `apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php` - `apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php` - `apps/platform/app/Services/Entitlements/WorkspaceEntitlementResolver.php` @@ -258,6 +270,7 @@ ## Evidence Sources - `apps/platform/app/Support/Governance/Controls/CanonicalControlCatalog.php` - `apps/platform/app/Services/Audit/WorkspaceAuditLogger.php` - `apps/platform/app/Services/Auth/CapabilityResolver.php` +- `apps/platform/app/Services/Localization/LocaleResolver.php` Wichtige Test-Anker im Repo: @@ -276,4 +289,4 @@ ## Evidence Sources ## Last Updated -2026-04-27 on branch `248-private-ai-policy-foundation` +2026-04-29 on branch `platform-dev` diff --git a/specs/900-policy-lifecycle/spec.md b/specs/900-policy-lifecycle/spec.md deleted file mode 100644 index 873c1dc3..00000000 --- a/specs/900-policy-lifecycle/spec.md +++ /dev/null @@ -1,228 +0,0 @@ -# Feature 005: Policy Lifecycle Management - -## Overview -Implement proper lifecycle management for policies that are deleted in Intune, including soft delete, UI indicators, and orphaned policy handling. - -## Problem Statement -Currently, when a policy is deleted in Intune: -- ❌ Policy remains in TenantAtlas database indefinitely -- ❌ No indication that policy no longer exists in Intune -- ❌ Backup Items reference "ghost" policies -- ❌ Users cannot distinguish between active and deleted policies - -**Discovered during**: Feature 004 manual testing (user deleted policy in Intune) - -## Goals -- **Primary**: Implement soft delete for policies removed from Intune -- **Secondary**: Show clear UI indicators for deleted policies -- **Tertiary**: Maintain referential integrity for Backup Items and Policy Versions - -## Scope -- **Policy Sync**: Detect missing policies during `SyncPoliciesJob` -- **Data Model**: Add `deleted_at`, `deleted_by` columns (Laravel Soft Delete pattern) -- **UI**: Badge indicators, filters, restore capability -- **Audit**: Log when policies are soft-deleted and restored - ---- - -## User Stories - -### User Story 1 - Automatic Soft Delete on Sync - -**As a system administrator**, I want policies deleted in Intune to be automatically marked as deleted in TenantAtlas, so that the inventory reflects the current Intune state. - -**Acceptance Criteria:** -1. **Given** a policy exists in TenantAtlas with `external_id` "abc-123", - **When** the next policy sync runs and "abc-123" is NOT returned by Graph API, - **Then** the policy is soft-deleted (sets `deleted_at = now()`) - -2. **Given** a soft-deleted policy, - **When** it re-appears in Intune (same `external_id`), - **Then** the policy is automatically restored (`deleted_at = null`) - -3. **Given** multiple policies are deleted in Intune, - **When** sync runs, - **Then** all missing policies are soft-deleted in a single transaction - ---- - -### User Story 2 - UI Indicators for Deleted Policies - -**As an admin**, I want to see clear indicators when viewing deleted policies, so I understand their status. - -**Acceptance Criteria:** -1. **Given** I view a Backup Item referencing a deleted policy, - **When** I see the policy name, - **Then** it shows a red "Deleted" badge next to the name - -2. **Given** I view the Policies list, - **When** I enable the "Show Deleted" filter, - **Then** deleted policies appear with: - - Red "Deleted" badge - - Deleted date in "Last Synced" column - - Grayed-out appearance - -3. **Given** a policy was deleted, - **When** I view the Policy detail page, - **Then** I see: - - Warning banner: "This policy was deleted from Intune on {date}" - - All data remains readable (versions, snapshots, metadata) - ---- - -### User Story 3 - Restore Workflow - -**As an admin**, I want to restore a deleted policy from backup, so I can recover accidentally deleted configurations. - -**Acceptance Criteria:** -1. **Given** I view a deleted policy's detail page, - **When** I click the "Restore to Intune" action, - **Then** the restore wizard opens pre-filled with the latest policy snapshot - -2. **Given** a policy is successfully restored to Intune, - **When** the next sync runs, - **Then** the policy is automatically undeleted in TenantAtlas (`deleted_at = null`) - ---- - -## Functional Requirements - -### Data Model - -**FR-005.1**: Policies table MUST use Laravel Soft Delete pattern: -```php -Schema::table('policies', function (Blueprint $table) { - $table->softDeletes(); // deleted_at - $table->string('deleted_by')->nullable(); // admin email who triggered deletion -}); -``` - -**FR-005.2**: Policy model MUST use `SoftDeletes` trait: -```php -use Illuminate\Database\Eloquent\SoftDeletes; - -class Policy extends Model { - use SoftDeletes; -} -``` - -### Policy Sync Behavior - -**FR-005.3**: `PolicySyncService::syncPolicies()` MUST detect missing policies: -- Collect all `external_id` values returned by Graph API -- Query existing policies for this tenant: `whereNotIn('external_id', $currentExternalIds)` -- Soft delete missing policies: `each(fn($p) => $p->delete())` - -**FR-005.4**: System MUST restore policies that re-appear: -- Check if policy exists with `Policy::withTrashed()->where('external_id', $id)->first()` -- If soft-deleted: call `$policy->restore()` -- Update `last_synced_at` timestamp - -**FR-005.5**: System MUST log audit entries: -- `policy.deleted` (when soft-deleted during sync) -- `policy.restored` (when re-appears in Intune) - -### UI Display - -**FR-005.6**: PolicyResource table MUST: -- Default query: exclude soft-deleted policies -- Add filter "Show Deleted" (includes `withTrashed()` in query) -- Show "Deleted" badge for soft-deleted policies - -**FR-005.7**: BackupItemsRelationManager MUST: -- Show "Deleted" badge when `policy->trashed()` returns true -- Allow viewing deleted policy details (read-only) - -**FR-005.8**: Policy detail view MUST: -- Show warning banner when policy is soft-deleted -- Display deletion date and reason (if available) -- Disable edit actions (policy no longer exists in Intune) - ---- - -## Non-Functional Requirements - -**NFR-005.1**: Soft delete MUST NOT break existing features: -- Backup Items keep valid foreign keys -- Policy Versions remain accessible -- Restore functionality works for deleted policies - -**NFR-005.2**: Performance: Sync detection MUST NOT cause N+1 queries: -- Use single `whereNotIn()` query to find missing policies -- Batch soft-delete operation - -**NFR-005.3**: Data retention: Soft-deleted policies MUST be retained for audit purposes (no automatic purging) - ---- - -## Implementation Plan - -### Phase 1: Data Model (30 min) -1. Create migration for `policies` soft delete columns -2. Add `SoftDeletes` trait to Policy model -3. Run migration on dev environment - -### Phase 2: Sync Logic (1 hour) -1. Update `PolicySyncService::syncPolicies()` - - Track current external IDs from Graph - - Soft delete missing policies - - Restore re-appeared policies -2. Add audit logging -3. Test with manual deletion in Intune - -### Phase 3: UI Indicators (1.5 hours) -1. Update `PolicyResource`: - - Add "Show Deleted" filter - - Add "Deleted" badge column - - Modify query to exclude deleted by default -2. Update `BackupItemsRelationManager`: - - Show "Deleted" badge for `policy->trashed()` -3. Update Policy detail view: - - Warning banner for deleted policies - - Disable edit actions - -### Phase 4: Testing (1 hour) -1. Unit tests: - - Test soft delete on sync - - Test restore on re-appearance -2. Feature tests: - - E2E sync with deleted policies - - UI filter behavior -3. Manual QA: - - Delete policy in Intune → sync → verify soft delete - - Re-create policy → sync → verify restore - -**Total Estimated Duration**: ~4-5 hours - ---- - -## Risks & Mitigations - -| Risk | Mitigation | -|------|------------| -| Foreign key constraints block soft delete | Laravel soft delete only sets timestamp, constraints remain valid | -| Bulk delete impacts performance | Use chunked queries if tenant has 1000+ policies | -| Deleted policies clutter UI | Default filter hides them, "Show Deleted" is opt-in | - ---- - -## Success Criteria -1. ✅ Policies deleted in Intune are soft-deleted in TenantAtlas within 1 sync cycle -2. ✅ Re-appearing policies are automatically restored -3. ✅ UI clearly indicates deleted status -4. ✅ Backup Items and Versions remain accessible for deleted policies -5. ✅ No breaking changes to existing features - ---- - -## Related Features -- Feature 004: Assignments & Scope Tags (discovered this issue during testing) -- Feature 001: Backup/Restore (must work with deleted policies) - ---- - -**Status**: Planned (Post-Feature 004) -**Priority**: P2 (Quality of Life improvement) -**Created**: 2025-12-22 -**Author**: AI + Ahmed -**Next Steps**: Implement after Feature 004 Phase 3 testing complete