From 5443dba2696cb12ea46e1bc66f647b1650b65779 Mon Sep 17 00:00:00 2001
From: Ahmed Darrazi <ahmed.darrazi@live.de>
Date: Thu, 14 May 2026 13:09:36 +0200
Subject: [PATCH] refactor: consolidate internal tenant model naming

---
 .../Concerns/WorkspaceScopedTenantRoutes.php  |   7 +-
 ...ChooseTenant.php => ChooseEnvironment.php} |   8 +-
 ...ge.php => CrossEnvironmentComparePage.php} | 248 ++++----
 ...Dashboard.php => EnvironmentDashboard.php} |  32 +-
 ...nostics.php => EnvironmentDiagnostics.php} |  16 +-
 ...php => EnvironmentRequiredPermissions.php} |  28 +-
 .../Pages/Findings/MyFindingsInbox.php        |   4 +-
 .../Pages/Governance/GovernanceInbox.php      |   4 +-
 .../Pages/Monitoring/EvidenceOverview.php     |  12 +-
 apps/platform/app/Filament/Pages/NoAccess.php |   2 +-
 .../Pages/Reviews/CustomerReviewWorkspace.php |  66 +--
 .../Filament/Pages/Reviews/ReviewRegister.php |  60 +-
 .../Filament/Pages/Tenancy/RegisterTenant.php |   4 +-
 ...=> ManagedEnvironmentOnboardingWizard.php} | 550 +++++++++---------
 ...ing.php => ManagedEnvironmentsLanding.php} |  10 +-
 .../Pages/ViewBaselineProfile.php             |  24 +-
 ...urce.php => EnvironmentReviewResource.php} | 176 +++---
 .../Pages/ListEnvironmentReviews.php          |  20 +
 .../Pages/ViewEnvironmentReview.php}          |  64 +-
 .../Resources/FindingExceptionResource.php    |   2 +-
 .../Pages/ListFindingExceptions.php           |   2 +-
 .../FindingResource/Pages/ListFindings.php    |   4 +-
 ...rce.php => ManagedEnvironmentResource.php} | 196 +++----
 .../Pages/EditManagedEnvironment.php}         |  14 +-
 .../Pages/ListManagedEnvironments.php}        |  26 +-
 .../Pages/ManageEnvironmentAccessScopes.php}  |   8 +-
 .../Pages/ViewManagedEnvironment.php}         |  54 +-
 ...EnvironmentMembershipsRelationManager.php} |  14 +-
 .../Filament/Resources/ReviewPackResource.php |  20 +-
 .../Pages/ListTenantReviews.php               |  20 -
 .../System/Pages/Directory/ViewTenant.php     |   8 +-
 .../Widgets/Dashboard/DashboardKpis.php       |   4 +-
 ...p => EnvironmentDashboardContextChips.php} |  10 +-
 ...w.php => EnvironmentDashboardOverview.php} |  10 +-
 .../AdminRolesSummaryWidget.php               |   4 +-
 .../BaselineCompareCoverageBanner.php         |   4 +-
 .../FindingExceptionStatsOverview.php         |   2 +-
 .../FindingStatsOverview.php                  |   2 +-
 .../ManagedEnvironmentArchivedBanner.php}     |   6 +-
 .../ManagedEnvironmentReviewPackCard.php}     |  12 +-
 ...gedEnvironmentTriageArrivalContinuity.php} |  46 +-
 .../ManagedEnvironmentVerificationReport.php} |  10 +-
 .../RecentOperationsSummary.php               |   4 +-
 .../AdminConsentCallbackController.php        |  10 +-
 ... => ClearEnvironmentContextController.php} |   6 +-
 ...anagedEnvironmentOnboardingController.php} |   6 +-
 .../OpenFindingExceptionsQueueController.php  |  10 +-
 .../ReviewPackDownloadController.php          |   4 +-
 ...er.php => SelectEnvironmentController.php} |   2 +-
 .../Middleware/EnsureWorkspaceSelected.php    |   2 +-
 apps/platform/app/Jobs/BulkTenantSyncJob.php  |   4 +-
 .../app/Jobs/CaptureBaselineSnapshotJob.php   |   6 +-
 ...ob.php => ComposeEnvironmentReviewJob.php} |  22 +-
 .../app/Jobs/GenerateReviewPackJob.php        |  24 +-
 ...CrossEnvironmentPromotionExecutionJob.php} |  42 +-
 .../Jobs/ProviderConnectionHealthCheckJob.php |   8 +-
 ...TenantReview.php => EnvironmentReview.php} |  32 +-
 ...ction.php => EnvironmentReviewSection.php} |  16 +-
 apps/platform/app/Models/EvidenceSnapshot.php |   6 +-
 .../app/Models/ManagedEnvironment.php         |   6 +-
 ...> ManagedEnvironmentOnboardingSession.php} |  18 +-
 ...n.php => ManagedEnvironmentPermission.php} |   2 +-
 ...php => ManagedEnvironmentTriageReview.php} |   2 +-
 apps/platform/app/Models/ReviewPack.php       |   6 +-
 ...Policy.php => EnvironmentReviewPolicy.php} |  28 +-
 ...gedEnvironmentOnboardingSessionPolicy.php} |  32 +-
 .../app/Providers/AuthServiceProvider.php     |  12 +-
 .../Providers/Filament/AdminPanelProvider.php |  18 +-
 .../Services/Audit/WorkspaceAuditLogger.php   |  74 +--
 ... ManagedEnvironmentDiagnosticsService.php} |   2 +-
 ...> ManagedEnvironmentMembershipManager.php} |   2 +-
 .../app/Services/Auth/RoleCapabilityMap.php   |  18 +-
 .../Auth/WorkspaceRoleCapabilityMap.php       |  50 +-
 .../Baselines/BaselineCaptureService.php      |   2 +-
 .../BaselineEvidenceCaptureResumeService.php  |   2 +-
 .../EnvironmentReviewComposer.php}            |  20 +-
 .../EnvironmentReviewFingerprint.php}         |   4 +-
 .../EnvironmentReviewLifecycleService.php}    |  50 +-
 .../EnvironmentReviewReadinessGate.php}       |  62 +-
 .../EnvironmentReviewRegisterService.php}     |  30 +-
 .../EnvironmentReviewSectionFactory.php}      |  30 +-
 .../EnvironmentReviewService.php}             |  54 +-
 ...> ManagedEnvironmentPermissionService.php} |  16 +-
 ...ntRequiredPermissionsViewModelBuilder.php} |  32 +-
 .../OnboardingDraftMutationService.php        |  48 +-
 .../Onboarding/OnboardingDraftResolver.php    |  26 +-
 .../OnboardingDraftStageResolver.php          |   6 +-
 .../Onboarding/OnboardingLifecycleService.php |  52 +-
 .../QueuedExecutionLegitimacyGate.php         |   2 +-
 .../PermissionPostureFindingGenerator.php     |   2 +-
 ...sEnvironmentPromotionExecutionService.php} |  48 +-
 ...ManagedEnvironmentTriageReviewService.php} |  38 +-
 .../app/Services/ReviewPackService.php        |  34 +-
 .../OperationRunTriageService.php             |   8 +-
 .../Tenants/TenantActionPolicySurface.php     |  14 +-
 .../Tenants/TenantOperabilityService.php      |   6 +-
 .../app/Support/Audit/AuditActionId.php       | 118 ++--
 .../app/Support/Auth/Capabilities.php         |  30 +-
 .../app/Support/Badges/BadgeCatalog.php       |  12 +-
 .../app/Support/Badges/BadgeDomain.php        |  10 +-
 ...nvironmentReviewCompletenessStateBadge.php |  28 +
 .../Domains/EnvironmentReviewStatusBadge.php  |  28 +
 ...mentOnboardingVerificationStatusBadge.php} |   4 +-
 ...nagedEnvironmentPermissionStatusBadge.php} |   2 +-
 ...nagedEnvironmentTriageReviewStateBadge.php |  26 +
 .../TenantReviewCompletenessStateBadge.php    |  28 -
 .../Domains/TenantReviewStatusBadge.php       |  28 -
 .../Domains/TenantTriageReviewStateBadge.php  |  26 -
 .../Badges/OperatorOutcomeTaxonomy.php        |   4 +-
 .../WorkspaceHealthSummaryQuery.php           |  16 +-
 .../EnvironmentDashboardSummary.php}          |   4 +-
 .../EnvironmentDashboardSummaryBuilder.php}   |  98 ++--
 ...=> EnvironmentReviewCompletenessState.php} |   2 +-
 ...Status.php => EnvironmentReviewStatus.php} |   2 +-
 .../Controls/ComplianceEvidenceMappingV1.php  |  16 +-
 .../GovernanceInboxSectionBuilder.php         |  32 +-
 .../TrustedState/TrustedStatePolicy.php       |  28 +-
 .../TrustedState/TrustedStateResolver.php     |   6 +-
 .../app/Support/ManagedEnvironmentLinks.php   |   6 +-
 .../Middleware/DenyNonMemberTenantAccess.php  |   2 +-
 .../EnsureFilamentTenantSelected.php          |   6 +-
 .../Navigation/CanonicalNavigationContext.php |   4 +-
 .../Onboarding/OnboardingCheckpoint.php       |   2 +-
 .../Onboarding/OnboardingDraftStage.php       |   2 +-
 .../Support/OperateHub/OperateHubShell.php    |   4 +
 .../platform/app/Support/OperationCatalog.php |   8 +-
 .../app/Support/OperationRunLinks.php         |  14 +-
 .../platform/app/Support/OperationRunType.php |   4 +-
 .../OperationalControlCatalog.php             |   2 +-
 .../OperationRunCapabilityResolver.php        |   4 +-
 .../GovernanceRunDiagnosticSummaryBuilder.php |  14 +-
 .../OpsUx/OperationRunProgressContract.php    |   2 +-
 .../Support/OpsUx/OperationUxPresenter.php    |   6 +-
 ...CrossEnvironmentComparePreviewBuilder.php} |  62 +-
 ...p => CrossEnvironmentCompareSelection.php} |  32 +-
 ...sEnvironmentPromotionExecutionPlanner.php} |  16 +-
 ...=> CrossEnvironmentPromotionPreflight.php} |  14 +-
 ...gedEnvironmentTriageReviewFingerprint.php} |   2 +-
 ...dEnvironmentTriageReviewStateResolver.php} |  20 +-
 .../PortfolioArrivalContextResolver.php       |   8 +-
 .../ProviderCapabilityEvaluator.php           |   8 +-
 .../SupportDiagnosticBundleBuilder.php        |  56 +-
 .../Support/Tenants/TenantActionContext.php   |   4 +-
 .../Tenants/TenantOperabilityContext.php      |   6 +-
 .../ActionSurface/ActionSurfaceExemptions.php |  60 +-
 .../ActionSurface/ActionSurfaceValidator.php  |   4 +-
 .../GovernanceActionCatalog.php               |  52 +-
 .../ArtifactTruthPresenter.php                |  86 +--
 .../SurfaceCompressionContext.php             |  10 +-
 ...gedEnvironmentPermissionCheckClusters.php} |  22 +-
 .../VerificationAssistViewModelBuilder.php    |   4 +-
 .../TenantOwnedModelFamilies.php              |  18 +-
 .../WorkspaceIsolation/TenantOwnedTables.php  |   4 +-
 .../Workspaces/WorkspaceOverviewBuilder.php   |  46 +-
 apps/platform/config/provider_boundaries.php  |   2 +-
 apps/platform/config/tenantpilot.php          |   8 +-
 ...ctory.php => EnvironmentReviewFactory.php} |  22 +-
 ...hp => EnvironmentReviewSectionFactory.php} |  20 +-
 ...edEnvironmentOnboardingSessionFactory.php} |  14 +-
 ...ManagedEnvironmentTriageReviewFactory.php} |  14 +-
 .../factories/ProductUsageEventFactory.php    |   2 +-
 ...managed_environment_permissions_table.php} |   4 +-
 ...12_11_192942_add_is_current_to_tenants.php |   4 +-
 ...2_12_150000_add_rbac_fields_to_tenants.php |   4 +-
 ...0304_add_workspace_id_to_tenants_table.php |   4 +-
 ...environment_onboarding_sessions_table.php} |   6 +-
 ...environment_onboarding_sessions_table.php} |   6 +-
 ...nment_onboarding_sessions_constraints.php} |  82 +--
 ...managed_environment_permissions_table.php} |   8 +-
 ...113_add_tenants_id_workspace_id_unique.php |   4 +-
 ...ace_id_not_null_on_tenant_owned_tables.php |   2 +-
 ...ion_constraints_to_tenant_owned_tables.php |   6 +-
 ...orkspace_id_fks_on_tenant_owned_tables.php |   2 +-
 ...15_120001_create_tenant_settings_table.php |   2 +-
 ...anaged_environment_onboarding_sessions.php |  49 ++
 ..._to_managed_tenant_onboarding_sessions.php |  49 --
 ...naged_environment_onboarding_sessions.php} |  40 +-
 ...000001_create_finding_exceptions_table.php |   2 +-
 ...eate_finding_exception_decisions_table.php |   2 +-
 ...ng_exception_evidence_references_table.php |   2 +-
 ...0000_create_environment_reviews_table.php} |  10 +-
 ...ate_environment_review_sections_table.php} |   8 +-
 ...nment_review_id_to_review_packs_table.php} |   8 +-
 ...aged_environment_triage_reviews_table.php} |  20 +-
 ...l_fields_to_managed_environments_table.php |   4 +-
 apps/platform/lang/de/localization.php        |   4 +-
 apps/platform/lang/en/localization.php        |   6 +-
 ...-onboarding-verification-report.blade.php} |   2 +-
 ...p => environment-review-section.blade.php} |   0
 ...p => environment-review-summary.blade.php} |   0
 ...blade.php => choose-environment.blade.php} |   6 +-
 ...hp => cross-environment-compare.blade.php} |  38 +-
 ....php => environment-diagnostics.blade.php} |   0
 ...nvironment-required-permissions.blade.php} |   0
 .../pages/reviews/review-register.blade.php   |   2 +-
 ...d-environment-onboarding-wizard.blade.php} |   0
 ...=> managed-environments-landing.blade.php} |   2 +-
 .../filament/partials/context-bar.blade.php   |  22 +-
 ...ment-onboarding-checkpoint-poll.blade.php} |   0
 .../pages/directory/view-tenant.blade.php     |   6 +-
 ...ronment-dashboard-context-chips.blade.php} |   0
 ... environment-dashboard-overview.blade.php} |   0
 .../admin-roles-summary.blade.php             |   0
 ...baseline-compare-coverage-banner.blade.php |   0
 ...ged-environment-archived-banner.blade.php} |   0
 ...ed-environment-review-pack-card.blade.php} |   0
 ...environment-verification-report.blade.php} |   0
 .../recent-operations-summary.blade.php       |   0
 .../triage-arrival-continuity.blade.php       |   4 +-
 apps/platform/routes/web.php                  |  36 +-
 ...TenantDashboardProductizationSmokeTest.php |   4 +-
 .../Browser/OnboardingDraftRefreshTest.php    |   6 +-
 .../OnboardingDraftVerificationResumeTest.php |  14 +-
 ...nvironmentPromotionExecutionSmokeTest.php} |  14 +-
 .../CustomerReviewWorkspaceSmokeTest.php      |  22 +-
 ...ec172DeferredOperatorSurfacesSmokeTest.php |  33 +-
 ...enceFreshnessPublicationTrustSmokeTest.php |  34 +-
 ...192RecordPageHeaderDisciplineSmokeTest.php |  32 +-
 ...193MonitoringSurfaceHierarchySmokeTest.php |   2 +-
 .../Spec194GovernanceFrictionSmokeTest.php    |  46 +-
 ...c202GovernanceSubjectTaxonomySmokeTest.php |   4 +-
 .../Spec265DecisionRegisterSmokeTest.php      |   4 +-
 ...ManagedEnvironmentCoreCutoverSmokeTest.php |   4 +-
 ...paceTenancyEnvironmentRoutingSmokeTest.php |   2 +-
 ...pec281ProviderConnectionScopeSmokeTest.php |   4 +-
 ...GovernanceArtifactRetargetingSmokeTest.php |   8 +-
 ...Spec284ArtifactSourceTaxonomySmokeTest.php |   8 +-
 ...orkspaceRbacEnvironmentAccessSmokeTest.php |  10 +-
 ...EnvironmentCopyNeutralizationSmokeTest.php |   2 +-
 ...nvironmentNamingConsolidationSmokeTest.php | 133 +++++
 .../Browser/TenantMembershipsPageTest.php     |   7 +-
 .../Feature/090/ActionSurfaceSmokeTest.php    |   4 +-
 .../Feature/AdminConsentCallbackTest.php      |   8 +-
 .../Audit/OnboardingDraftAuditTest.php        |  46 +-
 .../ProviderConnectionIdentityAuditTest.php   |   2 +-
 .../Audit/TenantLifecycleAuditLogTest.php     |   6 +-
 .../Audit/TenantMembershipAuditLogTest.php    |  10 +-
 .../Feature/Auth/AdminLocalSmokeLoginTest.php |   6 +-
 .../BackupHealthBrowserFixtureLoginTest.php   |   6 +-
 .../DbOnlyPagesDoNotMakeHttpRequestsTest.php  |   2 +-
 .../Auth/PostLoginRoutingByMembershipTest.php |   2 +-
 .../Auth/SessionSeparationSmokeTest.php       |   6 +-
 .../Auth/TenantChooserSelectionTest.php       |  14 +-
 ...torExplanationSurfaceAuthorizationTest.php |  10 +-
 .../Badges/OnboardingBadgeSemanticsTest.php   |   6 +-
 .../BaselineCaptureAuditEventsTest.php        |   2 +-
 ...aselineSnapshotNoTenantIdentifiersTest.php |   2 +-
 .../CaptureBaselineContentTest.php            |   2 +-
 ...CaptureBaselineFullContentOnDemandTest.php |   2 +-
 .../CaptureBaselineMetaFallbackTest.php       |   2 +-
 .../BaselineCaptureAmbiguousMatchGapTest.php  |   4 +-
 .../BaselineCaptureGapClassificationTest.php  |   2 +-
 ...BaselineCaptureRbacRoleDefinitionsTest.php |   2 +-
 .../Feature/Baselines/BaselineCaptureTest.php |  12 +-
 .../Baselines/BaselineCompareFindingsTest.php |   2 +-
 .../BaselineResolutionDeterminismTest.php     |   2 +-
 .../BuildsGovernanceArtifactTruthFixtures.php |  40 +-
 .../BuildsPortfolioCompareFixtures.php        |  20 +-
 .../BuildsPortfolioTriageFixtures.php         |  24 +-
 ...dBackupHealthBrowserFixtureCommandTest.php |   6 +-
 ...nantDashboardProductizationActionsTest.php |  34 +-
 ...shboardProductizationAuthorizationTest.php |  50 +-
 ...ntDashboardProductizationReadinessTest.php |  76 +--
 ...nantDashboardProductizationSummaryTest.php |  40 +-
 .../TenantGroupSelectorsDbOnlyTest.php        |   6 +-
 .../AdminRolesSummaryWidgetTest.php           |   2 +-
 .../EntraPermissionsRegistryTest.php          |  12 +-
 .../EnvironmentReviewAuditLogTest.php}        |  50 +-
 ...ntReviewCanonicalControlReferenceTest.php} |  10 +-
 .../EnvironmentReviewCreationTest.php}        |  18 +-
 .../EnvironmentReviewCycleTest.php}           |  16 +-
 .../EnvironmentReviewExecutivePackTest.php}   |  14 +-
 ...vironmentReviewExplanationSurfaceTest.php} |  16 +-
 ...vironmentReviewExportOperationsUxTest.php} |  14 +-
 .../EnvironmentReviewLifecycleTest.php}       |  50 +-
 .../EnvironmentReviewOperationsUxTest.php}    |  16 +-
 .../EnvironmentReviewRbacTest.php}            |  22 +-
 ...nvironmentReviewRegisterPrefilterTest.php} |  12 +-
 .../EnvironmentReviewRegisterRbacTest.php}    |  10 +-
 .../EnvironmentReviewRegisterTest.php}        |  32 +-
 .../EnvironmentReviewUiContractTest.php}      |  84 +--
 .../Evidence/EvidenceSnapshotResourceTest.php |   2 +-
 ...eEnvironmentWhenWorkspaceSelectedTest.php} |   0
 ...rfacesRedirectToChooseEnvironmentTest.php} |   2 +-
 .../Filament/ArchivedTenantViewTest.php       |   4 +-
 .../ArtifactSourceTaxonomySurfaceTest.php     |   8 +-
 .../BaselineCompareCoverageBannerTest.php     |   2 +-
 .../BaselineCompareSummaryConsistencyTest.php |   2 +-
 ...BaselineProfileCaptureStartSurfaceTest.php |  10 +-
 ...BaselineProfileCompareStartSurfaceTest.php |  10 +-
 ...yStateRegisterTenantCtaVisibilityTest.php} |   4 +-
 ...hooseEnvironmentIsWorkspaceScopedTest.php} |   4 +-
 ...hooseEnvironmentRequiresWorkspaceTest.php} |   4 +-
 .../Filament/CreateCtaPlacementTest.php       |  12 +-
 .../EditTenantHeaderDisciplineTest.php        |   6 +-
 .../EnvironmentContextSurfaceCopyTest.php     |   4 +-
 ...EnvironmentReviewHeaderDisciplineTest.php} |  36 +-
 ...anceArtifactAdminPanelRegistrationTest.php |   8 +-
 ...GovernanceArtifactDeepLinkContractTest.php |  14 +-
 ...vernanceArtifactEnvironmentContextTest.php |  18 +-
 ...anceArtifactLegacyTenantPanelGuardTest.php |  16 +-
 .../Feature/Filament/HousekeepingTest.php     |   8 +-
 ...edEnvironmentAccessScopeManagementTest.php |  16 +-
 ...nagedEnvironmentsLandingLifecycleTest.php} |  10 +-
 .../RecentOperationsSummaryWidgetTest.php     |   2 +-
 .../TenantWorkspaceRemovalTest.php            |   8 +-
 ...iewRegisterDerivedStateMemoizationTest.php |  20 +-
 ...ctEnvironmentPostPersistsLastUsedTest.php} |   6 +-
 ...edVerificationReportFamilyContractTest.php |   8 +-
 .../TableStandardsCriticalListsTest.php       |   4 +-
 .../Filament/TableStatePersistenceTest.php    |   4 +-
 .../TenantActionsAuthorizationTest.php        |  34 +-
 ...DashboardArrivalContextPerformanceTest.php |   4 +-
 .../TenantDashboardArrivalContextTest.php     |  28 +-
 .../Filament/TenantDashboardDbOnlyTest.php    |   6 +-
 .../TenantDashboardTenantScopeTest.php        |   6 +-
 .../Filament/TenantDiagnosticsRepairsTest.php |  10 +-
 .../TenantGlobalSearchLifecycleScopeTest.php  |  10 +-
 ...lePresentationAcrossTenantSurfacesTest.php |   8 +-
 ...antLifecycleStatusDomainSeparationTest.php |   4 +-
 .../Filament/TenantMakeCurrentTest.php        |  10 +-
 .../TenantMembersDbOnlyRenderTest.php         |   8 +-
 .../Feature/Filament/TenantMembersTest.php    |  20 +-
 .../TenantPortfolioContextSwitchTest.php      |  12 +-
 .../Feature/Filament/TenantRbacWizardTest.php |  24 +-
 .../TenantRegistryArrivalContextTest.php      |  10 +-
 .../TenantRegistryRecoveryTriageTest.php      |  22 +-
 .../TenantRegistryTriageReviewStateTest.php   |  42 +-
 .../TenantRequiredPermissionsPageTest.php     |  16 +-
 ...nantResourceIndexIsWorkspaceScopedTest.php |  10 +-
 ...enantRoleDefinitionsSelectorDbOnlyTest.php |   6 +-
 .../Feature/Filament/TenantScopingTest.php    |   4 +-
 .../Feature/Filament/TenantSetupTest.php      |  14 +-
 .../TenantSwitcherUrlResolvesTenantTest.php   |   4 +-
 .../TenantTruthCleanupSpec179Test.php         |  12 +-
 .../TenantVerificationReportWidgetTest.php    |  26 +-
 .../TenantViewHeaderUiEnforcementTest.php     |  18 +-
 ...aceContextTopbarAndTenantSelectionTest.php |   2 +-
 ...spaceOnlySurfaceTenantIndependenceTest.php |   6 +-
 .../WorkspaceOverviewAuthorizationTest.php    |  10 +-
 .../Filament/WorkspaceOverviewContentTest.php |  10 +-
 ...rkspaceOverviewDrilldownContinuityTest.php |  14 +-
 ...kspaceOverviewPermissionVisibilityTest.php |   6 +-
 .../WorkspaceOverviewSummaryMetricsTest.php   |  10 +-
 ...kspaceOverviewTriageReviewProgressTest.php |   8 +-
 .../Findings/FindingExceptionRegisterTest.php |   4 +-
 .../FindingOutcomeSummaryReportingTest.php    |   8 +-
 .../Findings/FindingsListEnterpriseUxTest.php |   2 +-
 .../Feature/Findings/MyWorkInboxTest.php      |   2 +-
 .../Governance/GovernanceInboxPageTest.php    |   8 +-
 .../Guards/ActionSurfaceContractTest.php      | 140 ++---
 .../Guards/ActionSurfaceValidatorTest.php     |   4 +-
 .../Guards/AdminTenantResolverGuardTest.php   |  14 +-
 .../Guards/ConfidenceLaneContractTest.php     |   2 +-
 ...EnvironmentCopyNeutralizationGuardTest.php |  10 +-
 .../FilamentTableStandardsGuardTest.php       |  32 +-
 .../HeavyGovernanceLaneContractTest.php       |   2 +-
 .../Guards/LivewireTrustedStateGuardTest.php  |   4 +-
 ...dEnvironmentCanonicalRouteContractTest.php |  14 +-
 .../NoActiveTenantResourceRoutesTest.php      |  15 +-
 .../NoAdHocFilamentAuthPatternsTest.php       |   8 +-
 ...oAdHocTenantLifecycleChecksSpec143Test.php |  10 +-
 ...acyProviderConnectionStateFallbackTest.php |   2 +-
 .../NoLegacyTenantProviderFallbackTest.php    |   4 +-
 .../NoPlatformCredentialFallbackTest.php      |   8 +-
 ...enantCredentialRuntimeReadsSpec081Test.php |   2 +-
 .../OperationLifecycleOpsUxGuardTest.php      |   2 +-
 .../OperationRunLinkContractGuardTest.php     |   4 +-
 .../Guards/ProfileLaneContractTest.php        |   2 +-
 .../ProviderConnectionNeutralityGuardTest.php |   2 +-
 .../ProviderDispatchGateCoverageTest.php      |   4 +-
 .../SharedDetailFamilyContractGuardTest.php   |   4 +-
 ...192RecordPageHeaderDisciplineGuardTest.php |  32 +-
 ...193MonitoringSurfaceHierarchyGuardTest.php |  16 +-
 ...c194GovernanceActionSemanticsGuardTest.php |   8 +-
 ...5ResidualActionSurfaceClosureGuardTest.php |  12 +-
 ...Spec288NoLegacyRouteAndHelperGuardTest.php |   2 +-
 ...8ProviderCoreAndRoleAuthorityGuardTest.php |   4 +-
 .../Guards/TestTaxonomyPlacementGuardTest.php |   4 +-
 .../Hardening/TenantRbacCardRenderTest.php    |  10 +-
 .../CustomerReviewSurfaceLocalizationTest.php |  28 +-
 .../EnvironmentContextTerminologyTest.php     |   4 +-
 .../LegacyTenantCoreGuardTest.php             |  44 +-
 .../ManagedEnvironmentPanelContextTest.php    |  14 +-
 .../ManagedEnvironmentRouteBindingTest.php    |  24 +-
 ...anagedEnvironmentOnboardingWizardTest.php} | 212 +++----
 .../AuthorizationSemanticsTest.php            |   9 +-
 .../OnboardingRedirectTest.php                |   0
 .../ArtifactTruthManualCasesDataset.php       |   6 +-
 .../Monitoring/ArtifactTruthRunDetailTest.php |   2 +-
 .../AuditCoverageGovernanceTest.php           |   4 +-
 .../GovernanceOperationRunSummariesTest.php   |   2 +-
 .../GovernanceRunExplanationFallbackTest.php  |   2 +-
 .../Monitoring/HeaderContextBarTest.php       |   4 +-
 .../OperationRunNotificationTest.php          |   4 +-
 ...ironmentLifecyclePresentationCopyTest.php} |  14 +-
 ...ronmentOnboardingCapabilityAssistTest.php} |   2 +-
 ...dEnvironmentOnboardingEntitlementTest.php} |  22 +-
 ...OnboardingProviderConnectionScopeTest.php} |   8 +-
 .../Onboarding/OnboardingActivationTest.php   |  32 +-
 .../Onboarding/OnboardingDraftAccessTest.php  |  18 +-
 .../OnboardingDraftAuthorizationTest.php      |  48 +-
 .../OnboardingDraftLifecycleTest.php          |  56 +-
 .../OnboardingDraftMultiTabTest.php           |   8 +-
 .../Onboarding/OnboardingDraftPickerTest.php  |  26 +-
 .../Onboarding/OnboardingDraftRoutingTest.php |  22 +-
 .../Onboarding/OnboardingFoundationsTest.php  |  32 +-
 ... => OnboardingIdentifyEnvironmentTest.php} |  16 +-
 .../OnboardingInlineConnectionEditTest.php    |  36 +-
 ...gProviderConnectionPlatformDefaultTest.php |  10 +-
 .../OnboardingProviderConnectionTest.php      |  28 +-
 .../OnboardingRbacSemanticsTest.php           |   8 +-
 .../Onboarding/OnboardingSecretSafetyTest.php |  12 +-
 .../OnboardingVerificationAssistTest.php      |  18 +-
 .../OnboardingVerificationClustersTest.php    |  16 +-
 .../Onboarding/OnboardingVerificationTest.php |  54 +-
 .../OnboardingVerificationV1_5UxTest.php      |  10 +-
 .../ProductKnowledgeOnboardingHelpTest.php    |   6 +-
 .../ProductTelemetryOnboardingCaptureTest.php |   8 +-
 .../OpsUx/ActivityFeedbackSurfaceTest.php     |   4 +-
 .../Feature/OpsUx/OperateHubShellTest.php     |  16 +-
 ...ssEnvironmentCompareAuthorizationTest.php} |  30 +-
 ...ssEnvironmentCompareLaunchContextTest.php} | 126 ++--
 ...hp => CrossEnvironmentComparePageTest.php} |  54 +-
 ...vironmentPromotionExecutionActionTest.php} |  34 +-
 ...nvironmentPromotionExecutionAuditTest.php} |  38 +-
 ...ntPromotionExecutionAuthorizationTest.php} |  90 +--
 ...nvironmentPromotionExecutionRunUxTest.php} |  20 +-
 ...nvironmentPromotionPreflightAuditTest.php} |  22 +-
 ...nectionViewsDbOnlyRenderingSpec081Test.php |   4 +-
 ...derOperationBlockedGuidanceSpec081Test.php |   4 +-
 .../ProviderCapabilityEvaluationTest.php      |   8 +-
 .../AdminGlobalSearchContextSafetyTest.php    |  12 +-
 ...DashboardRecoveryPostureVisibilityTest.php |   6 +-
 .../EditTenantArchiveUiEnforcementTest.php    |  10 +-
 ...tifactsWorkspaceFirstAuthorizationTest.php |  10 +-
 .../OnboardingWizardUiEnforcementTest.php     |  24 +-
 ...tionRunWorkspaceFirstAuthorizationTest.php |   2 +-
 .../TenantActionSurfaceConsistencyTest.php    |  64 +-
 .../Rbac/TenantAdminAuthorizationTest.php     |   4 +-
 ...tDashboardArrivalContextVisibilityTest.php |   4 +-
 .../Rbac/TenantLifecycleActionNamingTest.php  |  24 +-
 .../TenantLifecycleActionVisibilityTest.php   |  46 +-
 ...rshipsRelationManagerUiEnforcementTest.php |   8 +-
 ...antRequiredPermissionsTrustedStateTest.php |  10 +-
 .../Rbac/TenantResourceAuthorizationTest.php  |  48 +-
 .../TriageReviewStateAuthorizationTest.php    |  20 +-
 .../Rbac/UiEnforcementNonMemberHiddenTest.php |   4 +-
 .../GovernanceReasonPresentationTest.php      |   4 +-
 .../ProductTelemetryReportCaptureTest.php     |   2 +-
 .../RequiredPermissionsEmptyStateTest.php     |   4 +-
 .../RequiredPermissionsFiltersTest.php        |  20 +-
 .../RequiredPermissionsLinksTest.php          |   4 +-
 .../RequiredPermissionsOverviewTest.php       |   4 +-
 .../RequiredPermissionsSidebarTest.php        |   6 +-
 ...nvironmentReviewDerivedReviewPackTest.php} |  10 +-
 .../ReviewPackEntitlementEnforcementTest.php  |  14 +-
 .../ReviewPack/ReviewPackGenerationTest.php   |  10 +-
 .../ReviewPackRedactionIntegrityTest.php      |   5 +-
 .../ReviewPack/ReviewPackResourceTest.php     |  15 +-
 .../ReviewPackValidRiskAcceptanceTest.php     |   5 +-
 .../ReviewPack/ReviewPackWidgetTest.php       |  22 +-
 ...stomerReviewWorkspaceAuthorizationTest.php |   2 +-
 ...CustomerReviewWorkspaceLaunchLinksTest.php |  56 +-
 ...erReviewWorkspaceNavigationContextTest.php |  12 +-
 .../CustomerReviewWorkspacePackAccessTest.php |  56 +-
 .../CustomerReviewWorkspacePageTest.php       |  92 +--
 ...rkspaceManagedTenantAdminMigrationTest.php |  12 +-
 .../Spec085/DenyAsNotFoundSemanticsTest.php   |   4 +-
 .../Spec085/OperationsIndexHeaderTest.php     |   6 +-
 ...enantNavigationMonitoringShortcutsTest.php |   4 +-
 ...perationRunSupportDiagnosticActionTest.php |   6 +-
 .../ProductKnowledgeAuthorizationTest.php     |   6 +-
 ...ductKnowledgeSupportDiagnosticHelpTest.php |   4 +-
 ...TelemetrySupportDiagnosticsCaptureTest.php |   4 +-
 .../SupportDiagnosticAuditTest.php            |   4 +-
 .../SupportDiagnosticAuthorizationTest.php    |   6 +-
 .../TenantSupportDiagnosticActionTest.php     |  16 +-
 .../SupportRequestAuditTest.php               |   4 +-
 .../SupportRequestAuthorizationTest.php       |   4 +-
 ...SupportRequestExternalHandoffAuditTest.php |   4 +-
 ...equestExternalHandoffAuthorizationTest.php |   4 +-
 .../TenantSupportRequestActionTest.php        |   6 +-
 ...enantSupportRequestExternalHandoffTest.php |   4 +-
 .../NoAdHocTelemetryBypassTest.php            |   4 +-
 .../ProductTelemetryDashboardWidgetTest.php   |   4 +-
 .../System/Spec114/OpsFailuresViewTest.php    |   4 +-
 .../ArchivedTenantRouteAccessTest.php         |  20 +-
 .../Feature/TenantRBAC/LastOwnerGuardTest.php |   6 +-
 .../TenantRBAC/MembershipAuditLogTest.php     |   4 +-
 .../TenantDiagnosticsAccessTest.php           |   4 +-
 .../TenantGuidVsBigintGuardTest.php           |   4 +-
 .../TenantRBAC/TenantMembershipCrudTest.php   |   4 +-
 .../TenantRouteDenyAsNotFoundTest.php         |   4 +-
 .../TenantRBAC/TenantSwitcherScopeTest.php    |  22 +-
 .../TenantProviderBackedActionStartTest.php   |   6 +-
 .../TenantProviderConnectionsCtaTest.php      |  26 +-
 .../IntuneRbacPermissionCoverageTest.php      |   4 +-
 ...rConnectionHealthCheckWritesReportTest.php |   8 +-
 .../VerificationReportViewerDbOnlyTest.php    |   4 +-
 .../VerificationStartDedupeTest.php           |   4 +-
 .../TenantOwnedWorkspaceInvariantTest.php     |   4 +-
 .../WorkspaceIdForeignKeyConstraintTest.php   |   2 +-
 ...Test.php => ChooseEnvironmentPageTest.php} |  20 +-
 ...spaceRedirectsToChooseEnvironmentTest.php} |  12 +-
 .../EnsureWorkspaceSelectedMiddlewareTest.php |   8 +-
 .../GlobalContextShellContractTest.php        |   6 +-
 ...nvironmentOnboardingProviderStartTest.php} |  14 +-
 ...ManagedEnvironmentsLivewireUpdateTest.php} |   2 +-
 ...nagedEnvironmentsWorkspaceRoutingTest.php} |   8 +-
 ...hp => SelectEnvironmentControllerTest.php} |  14 +-
 ...Spec195ManagedEnvironmentsLandingTest.php} |  24 +-
 .../SwitchWorkspaceControllerTest.php         |   4 +-
 .../WorkspaceRedirectResolverTest.php         |   4 +-
 apps/platform/tests/Pest.php                  |  44 +-
 .../tests/Support/TestLaneManifest.php        |  16 +-
 .../Unit/Auth/NoRoleStringChecksTest.php      |   4 +-
 .../tests/Unit/Badges/BadgeCatalogTest.php    |   2 +-
 .../Badges/GovernanceArtifactTruthTest.php    |  12 +-
 ...nvironmentTriageReviewStateBadgesTest.php} |  12 +-
 .../Badges/OperatorOutcomeTaxonomyTest.php    |   2 +-
 .../tests/Unit/Badges/TenantBadgesTest.php    |  10 +-
 .../EnvironmentReviewBadgeTest.php            |  28 +
 .../EnvironmentReviewComposerTest.php}        |  30 +-
 ...nvironmentPermissionCheckClustersTest.php} |  12 +-
 ...nagedEnvironmentPermissionServiceTest.php} |  40 +-
 .../OnboardingDraftResolverTest.php           |   4 +-
 .../OnboardingDraftStageResolverTest.php      |  10 +-
 .../OnboardingLifecycleServiceTest.php        |  20 +-
 .../OperationLifecyclePolicyValidatorTest.php |   6 +-
 .../QueuedExecutionLegitimacyGateTest.php     |   6 +-
 ...nvironmentOnboardingSessionPolicyTest.php} |  10 +-
 .../ProviderConnectionBadgeMappingTest.php    |   8 +-
 .../ProviderOperationStartGateTest.php        |   8 +-
 .../WorkspaceHealthSummaryQueryTest.php       |   4 +-
 .../GovernanceInboxSectionBuilderTest.php     |  10 +-
 .../OperateHubShellResolutionTest.php         |   2 +-
 .../OperationalControlCatalogTest.php         |   2 +-
 .../OperationRunExplanationTest.php           |   2 +-
 ...ernanceRunDiagnosticSummaryBuilderTest.php |   4 +-
 .../OperationRunProgressContractTest.php      |   6 +-
 ...sEnvironmentComparePreviewBuilderTest.php} |  54 +-
 ...ironmentPromotionExecutionPlannerTest.php} |  40 +-
 ...rossEnvironmentPromotionPreflightTest.php} |  72 +--
 ...nvironmentTriageReviewFingerprintTest.php} |   8 +-
 ...ironmentTriageReviewStateResolverTest.php} |  26 +-
 .../ProductTelemetryRecorderTest.php          |   8 +-
 .../ProductTelemetrySafeMetadataTest.php      |   6 +-
 .../ProductTelemetrySummaryQueryTest.php      |   4 +-
 .../SupportDiagnosticBundleBuilderTest.php    |   4 +-
 .../RequestScopedDerivedStateStoreTest.php    |  24 +-
 .../CompressedGovernanceOutcomeTest.php       |   2 +-
 ...nantRequiredPermissionsCopyPayloadTest.php |  10 +-
 ...ntRequiredPermissionsFeatureImpactTest.php |   4 +-
 ...TenantRequiredPermissionsFilteringTest.php |  18 +-
 ...TenantRequiredPermissionsFreshnessTest.php |  12 +-
 ...ntRequiredPermissionsOverallStatusTest.php |  12 +-
 .../Unit/TenantResourceConsentUrlTest.php     |   6 +-
 .../TenantReview/TenantReviewBadgeTest.php    |  28 -
 .../Tenants/TenantActionPolicySurfaceTest.php |   4 +-
 .../Unit/Tenants/TenantPageCategoryTest.php   |   2 +-
 .../GovernanceActionCatalogTest.php           |   2 +-
 ...onmentPermissionCapabilityMappingTest.php} |   8 +-
 ...VerificationAssistViewModelBuilderTest.php |   8 +-
 ...cationReportSanitizerEvidenceKindsTest.php |   4 +-
 .../admin-canonical-tenant-rollout.md         |   4 +-
 ...-scoped-derived-state.logical.openapi.yaml |  22 +-
 .../allowed-tenant-references.md              |  58 ++
 .../checklists/requirements.md                |  56 ++
 .../final-tenant-reference-audit.md           | 169 ++++++
 .../plan.md                                   | 278 +++++++++
 .../spec.md                                   | 254 ++++++++
 .../tasks.md                                  | 175 ++++++
 .../tenant-reference-inventory.md             | 129 ++++
 574 files changed, 6178 insertions(+), 4846 deletions(-)
 rename apps/platform/app/Filament/Pages/{ChooseTenant.php => ChooseEnvironment.php} (95%)
 rename apps/platform/app/Filament/Pages/{CrossTenantComparePage.php => CrossEnvironmentComparePage.php} (71%)
 rename apps/platform/app/Filament/Pages/{TenantDashboard.php => EnvironmentDashboard.php} (95%)
 rename apps/platform/app/Filament/Pages/{TenantDiagnostics.php => EnvironmentDiagnostics.php} (84%)
 rename apps/platform/app/Filament/Pages/{TenantRequiredPermissions.php => EnvironmentRequiredPermissions.php} (94%)
 rename apps/platform/app/Filament/Pages/Workspaces/{ManagedTenantOnboardingWizard.php => ManagedEnvironmentOnboardingWizard.php} (91%)
 rename apps/platform/app/Filament/Pages/Workspaces/{ManagedTenantsLanding.php => ManagedEnvironmentsLanding.php} (92%)
 rename apps/platform/app/Filament/Resources/{TenantReviewResource.php => EnvironmentReviewResource.php} (84%)
 create mode 100644 apps/platform/app/Filament/Resources/EnvironmentReviewResource/Pages/ListEnvironmentReviews.php
 rename apps/platform/app/Filament/Resources/{TenantReviewResource/Pages/ViewTenantReview.php => EnvironmentReviewResource/Pages/ViewEnvironmentReview.php} (85%)
 rename apps/platform/app/Filament/Resources/{TenantResource.php => ManagedEnvironmentResource.php} (95%)
 rename apps/platform/app/Filament/Resources/{TenantResource/Pages/EditTenant.php => ManagedEnvironmentResource/Pages/EditManagedEnvironment.php} (64%)
 rename apps/platform/app/Filament/Resources/{TenantResource/Pages/ListTenants.php => ManagedEnvironmentResource/Pages/ListManagedEnvironments.php} (77%)
 rename apps/platform/app/Filament/Resources/{TenantResource/Pages/ManageTenantMemberships.php => ManagedEnvironmentResource/Pages/ManageEnvironmentAccessScopes.php} (76%)
 rename apps/platform/app/Filament/Resources/{TenantResource/Pages/ViewTenant.php => ManagedEnvironmentResource/Pages/ViewManagedEnvironment.php} (72%)
 rename apps/platform/app/Filament/Resources/{TenantResource/RelationManagers/TenantMembershipsRelationManager.php => ManagedEnvironmentResource/RelationManagers/ManagedEnvironmentMembershipsRelationManager.php} (94%)
 delete mode 100644 apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ListTenantReviews.php
 rename apps/platform/app/Filament/Widgets/Dashboard/{TenantDashboardContextChips.php => EnvironmentDashboardContextChips.php} (76%)
 rename apps/platform/app/Filament/Widgets/Dashboard/{TenantDashboardOverview.php => EnvironmentDashboardOverview.php} (85%)
 rename apps/platform/app/Filament/Widgets/{Tenant => ManagedEnvironment}/AdminRolesSummaryWidget.php (97%)
 rename apps/platform/app/Filament/Widgets/{Tenant => ManagedEnvironment}/BaselineCompareCoverageBanner.php (93%)
 rename apps/platform/app/Filament/Widgets/{Tenant => ManagedEnvironment}/FindingExceptionStatsOverview.php (95%)
 rename apps/platform/app/Filament/Widgets/{Tenant => ManagedEnvironment}/FindingStatsOverview.php (95%)
 rename apps/platform/app/Filament/Widgets/{Tenant/TenantArchivedBanner.php => ManagedEnvironment/ManagedEnvironmentArchivedBanner.php} (74%)
 rename apps/platform/app/Filament/Widgets/{Tenant/TenantReviewPackCard.php => ManagedEnvironment/ManagedEnvironmentReviewPackCard.php} (95%)
 rename apps/platform/app/Filament/Widgets/{Tenant/TenantTriageArrivalContinuity.php => ManagedEnvironment/ManagedEnvironmentTriageArrivalContinuity.php} (84%)
 rename apps/platform/app/Filament/Widgets/{Tenant/TenantVerificationReport.php => ManagedEnvironment/ManagedEnvironmentVerificationReport.php} (94%)
 rename apps/platform/app/Filament/Widgets/{Tenant => ManagedEnvironment}/RecentOperationsSummary.php (93%)
 rename apps/platform/app/Http/Controllers/{ClearTenantContextController.php => ClearEnvironmentContextController.php} (93%)
 rename apps/platform/app/Http/Controllers/{TenantOnboardingController.php => ManagedEnvironmentOnboardingController.php} (95%)
 rename apps/platform/app/Http/Controllers/{SelectTenantController.php => SelectEnvironmentController.php} (98%)
 rename apps/platform/app/Jobs/{ComposeTenantReviewJob.php => ComposeEnvironmentReviewJob.php} (73%)
 rename apps/platform/app/Jobs/Operations/{CrossTenantPromotionExecutionJob.php => CrossEnvironmentPromotionExecutionJob.php} (89%)
 rename apps/platform/app/Models/{TenantReview.php => EnvironmentReview.php} (85%)
 rename apps/platform/app/Models/{TenantReviewSection.php => EnvironmentReviewSection.php} (79%)
 rename apps/platform/app/Models/{TenantOnboardingSession.php => ManagedEnvironmentOnboardingSession.php} (93%)
 rename apps/platform/app/Models/{TenantPermission.php => ManagedEnvironmentPermission.php} (92%)
 rename apps/platform/app/Models/{TenantTriageReview.php => ManagedEnvironmentTriageReview.php} (98%)
 rename apps/platform/app/Policies/{TenantReviewPolicy.php => EnvironmentReviewPolicy.php} (70%)
 rename apps/platform/app/Policies/{TenantOnboardingSessionPolicy.php => ManagedEnvironmentOnboardingSessionPolicy.php} (73%)
 rename apps/platform/app/Services/Auth/{TenantDiagnosticsService.php => ManagedEnvironmentDiagnosticsService.php} (98%)
 rename apps/platform/app/Services/Auth/{TenantMembershipManager.php => ManagedEnvironmentMembershipManager.php} (99%)
 rename apps/platform/app/Services/{TenantReviews/TenantReviewComposer.php => EnvironmentReviews/EnvironmentReviewComposer.php} (95%)
 rename apps/platform/app/Services/{TenantReviews/TenantReviewFingerprint.php => EnvironmentReviews/EnvironmentReviewFingerprint.php} (94%)
 rename apps/platform/app/Services/{TenantReviews/TenantReviewLifecycleService.php => EnvironmentReviews/EnvironmentReviewLifecycleService.php} (78%)
 rename apps/platform/app/Services/{TenantReviews/TenantReviewReadinessGate.php => EnvironmentReviews/EnvironmentReviewReadinessGate.php} (55%)
 rename apps/platform/app/Services/{TenantReviews/TenantReviewRegisterService.php => EnvironmentReviews/EnvironmentReviewRegisterService.php} (82%)
 rename apps/platform/app/Services/{TenantReviews/TenantReviewSectionFactory.php => EnvironmentReviews/EnvironmentReviewSectionFactory.php} (94%)
 rename apps/platform/app/Services/{TenantReviews/TenantReviewService.php => EnvironmentReviews/EnvironmentReviewService.php} (87%)
 rename apps/platform/app/Services/Intune/{TenantPermissionService.php => ManagedEnvironmentPermissionService.php} (96%)
 rename apps/platform/app/Services/Intune/{TenantRequiredPermissionsViewModelBuilder.php => ManagedEnvironmentRequiredPermissionsViewModelBuilder.php} (93%)
 rename apps/platform/app/Services/PortfolioCompare/{CrossTenantPromotionExecutionService.php => CrossEnvironmentPromotionExecutionService.php} (74%)
 rename apps/platform/app/Services/PortfolioTriage/{TenantTriageReviewService.php => ManagedEnvironmentTriageReviewService.php} (79%)
 create mode 100644 apps/platform/app/Support/Badges/Domains/EnvironmentReviewCompletenessStateBadge.php
 create mode 100644 apps/platform/app/Support/Badges/Domains/EnvironmentReviewStatusBadge.php
 rename apps/platform/app/Support/Badges/Domains/{ManagedTenantOnboardingVerificationStatusBadge.php => ManagedEnvironmentOnboardingVerificationStatusBadge.php} (80%)
 rename apps/platform/app/Support/Badges/Domains/{TenantPermissionStatusBadge.php => ManagedEnvironmentPermissionStatusBadge.php} (89%)
 create mode 100644 apps/platform/app/Support/Badges/Domains/ManagedEnvironmentTriageReviewStateBadge.php
 delete mode 100644 apps/platform/app/Support/Badges/Domains/TenantReviewCompletenessStateBadge.php
 delete mode 100644 apps/platform/app/Support/Badges/Domains/TenantReviewStatusBadge.php
 delete mode 100644 apps/platform/app/Support/Badges/Domains/TenantTriageReviewStateBadge.php
 rename apps/platform/app/Support/{TenantDashboard/TenantDashboardSummary.php => EnvironmentDashboard/EnvironmentDashboardSummary.php} (95%)
 rename apps/platform/app/Support/{TenantDashboard/TenantDashboardSummaryBuilder.php => EnvironmentDashboard/EnvironmentDashboardSummaryBuilder.php} (95%)
 rename apps/platform/app/Support/{TenantReviewCompletenessState.php => EnvironmentReviewCompletenessState.php} (88%)
 rename apps/platform/app/Support/{TenantReviewStatus.php => EnvironmentReviewStatus.php} (95%)
 rename apps/platform/app/Support/PortfolioCompare/{CrossTenantComparePreviewBuilder.php => CrossEnvironmentComparePreviewBuilder.php} (86%)
 rename apps/platform/app/Support/PortfolioCompare/{CrossTenantCompareSelection.php => CrossEnvironmentCompareSelection.php} (59%)
 rename apps/platform/app/Support/PortfolioCompare/{CrossTenantPromotionExecutionPlanner.php => CrossEnvironmentPromotionExecutionPlanner.php} (93%)
 rename apps/platform/app/Support/PortfolioCompare/{CrossTenantPromotionPreflight.php => CrossEnvironmentPromotionPreflight.php} (86%)
 rename apps/platform/app/Support/PortfolioTriage/{TenantTriageReviewFingerprint.php => ManagedEnvironmentTriageReviewFingerprint.php} (98%)
 rename apps/platform/app/Support/PortfolioTriage/{TenantTriageReviewStateResolver.php => ManagedEnvironmentTriageReviewStateResolver.php} (88%)
 rename apps/platform/app/Support/Verification/{TenantPermissionCheckClusters.php => ManagedEnvironmentPermissionCheckClusters.php} (96%)
 rename apps/platform/database/factories/{TenantReviewFactory.php => EnvironmentReviewFactory.php} (78%)
 rename apps/platform/database/factories/{TenantReviewSectionFactory.php => EnvironmentReviewSectionFactory.php} (60%)
 rename apps/platform/database/factories/{TenantOnboardingSessionFactory.php => ManagedEnvironmentOnboardingSessionFactory.php} (93%)
 rename apps/platform/database/factories/{TenantTriageReviewFactory.php => ManagedEnvironmentTriageReviewFactory.php} (89%)
 rename apps/platform/database/migrations/{2025_12_11_122423_create_tenant_permissions_table.php => 2025_12_11_122423_create_managed_environment_permissions_table.php} (85%)
 rename apps/platform/database/migrations/{2026_02_03_090449_create_tenant_onboarding_sessions_table.php => 2026_02_03_090449_create_managed_environment_onboarding_sessions_table.php} (82%)
 rename apps/platform/database/migrations/{2026_02_03_150001_create_managed_tenant_onboarding_sessions_table.php => 2026_02_03_150001_create_managed_environment_onboarding_sessions_table.php} (81%)
 rename apps/platform/database/migrations/{2026_02_04_090010_update_tenant_onboarding_sessions_constraints.php => 2026_02_04_090010_update_managed_environment_onboarding_sessions_constraints.php} (65%)
 rename apps/platform/database/migrations/{2026_02_14_220112_add_workspace_id_to_tenant_permissions_table.php => 2026_02_14_220112_add_workspace_id_to_managed_environment_permissions_table.php} (59%)
 create mode 100644 apps/platform/database/migrations/2026_03_13_120000_add_cancelled_at_to_managed_environment_onboarding_sessions.php
 delete mode 100644 apps/platform/database/migrations/2026_03_13_120000_add_cancelled_at_to_managed_tenant_onboarding_sessions.php
 rename apps/platform/database/migrations/{2026_03_14_000001_add_lifecycle_and_version_to_managed_tenant_onboarding_sessions.php => 2026_03_14_000001_add_lifecycle_and_version_to_managed_environment_onboarding_sessions.php} (78%)
 rename apps/platform/database/migrations/{2026_03_20_000000_create_tenant_reviews_table.php => 2026_03_20_000000_create_environment_reviews_table.php} (84%)
 rename apps/platform/database/migrations/{2026_03_20_000100_create_tenant_review_sections_table.php => 2026_03_20_000100_create_environment_review_sections_table.php} (79%)
 rename apps/platform/database/migrations/{2026_03_20_000200_add_tenant_review_id_to_review_packs_table.php => 2026_03_20_000200_add_environment_review_id_to_review_packs_table.php} (69%)
 rename apps/platform/database/migrations/{2026_04_10_000003_create_tenant_triage_reviews_table.php => 2026_04_10_000003_create_managed_environment_triage_reviews_table.php} (65%)
 rename apps/platform/resources/views/filament/forms/components/{managed-tenant-onboarding-verification-report.blade.php => managed-environment-onboarding-verification-report.blade.php} (99%)
 rename apps/platform/resources/views/filament/infolists/entries/{tenant-review-section.blade.php => environment-review-section.blade.php} (100%)
 rename apps/platform/resources/views/filament/infolists/entries/{tenant-review-summary.blade.php => environment-review-summary.blade.php} (100%)
 rename apps/platform/resources/views/filament/pages/{choose-tenant.blade.php => choose-environment.blade.php} (97%)
 rename apps/platform/resources/views/filament/pages/{cross-tenant-compare.blade.php => cross-environment-compare.blade.php} (86%)
 rename apps/platform/resources/views/filament/pages/{tenant-diagnostics.blade.php => environment-diagnostics.blade.php} (100%)
 rename apps/platform/resources/views/filament/pages/{tenant-required-permissions.blade.php => environment-required-permissions.blade.php} (100%)
 rename apps/platform/resources/views/filament/pages/workspaces/{managed-tenant-onboarding-wizard.blade.php => managed-environment-onboarding-wizard.blade.php} (100%)
 rename apps/platform/resources/views/filament/pages/workspaces/{managed-tenants-landing.blade.php => managed-environments-landing.blade.php} (99%)
 rename apps/platform/resources/views/filament/schemas/components/{managed-tenant-onboarding-checkpoint-poll.blade.php => managed-environment-onboarding-checkpoint-poll.blade.php} (100%)
 rename apps/platform/resources/views/filament/widgets/dashboard/{tenant-dashboard-context-chips.blade.php => environment-dashboard-context-chips.blade.php} (100%)
 rename apps/platform/resources/views/filament/widgets/dashboard/{tenant-dashboard-overview.blade.php => environment-dashboard-overview.blade.php} (100%)
 rename apps/platform/resources/views/filament/widgets/{tenant => managed-environment}/admin-roles-summary.blade.php (100%)
 rename apps/platform/resources/views/filament/widgets/{tenant => managed-environment}/baseline-compare-coverage-banner.blade.php (100%)
 rename apps/platform/resources/views/filament/widgets/{tenant/tenant-archived-banner.blade.php => managed-environment/managed-environment-archived-banner.blade.php} (100%)
 rename apps/platform/resources/views/filament/widgets/{tenant/tenant-review-pack-card.blade.php => managed-environment/managed-environment-review-pack-card.blade.php} (100%)
 rename apps/platform/resources/views/filament/widgets/{tenant/tenant-verification-report.blade.php => managed-environment/managed-environment-verification-report.blade.php} (100%)
 rename apps/platform/resources/views/filament/widgets/{tenant => managed-environment}/recent-operations-summary.blade.php (100%)
 rename apps/platform/resources/views/filament/widgets/{tenant => managed-environment}/triage-arrival-continuity.blade.php (96%)
 rename apps/platform/tests/Browser/PortfolioCompare/{CrossTenantPromotionExecutionSmokeTest.php => CrossEnvironmentPromotionExecutionSmokeTest.php} (79%)
 create mode 100644 apps/platform/tests/Browser/Spec300ManagedEnvironmentNamingConsolidationSmokeTest.php
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewAuditLogTest.php => EnvironmentReview/EnvironmentReviewAuditLogTest.php} (68%)
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewCanonicalControlReferenceTest.php => EnvironmentReview/EnvironmentReviewCanonicalControlReferenceTest.php} (86%)
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewCreationTest.php => EnvironmentReview/EnvironmentReviewCreationTest.php} (72%)
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewCycleTest.php => EnvironmentReview/EnvironmentReviewCycleTest.php} (59%)
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewExecutivePackTest.php => EnvironmentReview/EnvironmentReviewExecutivePackTest.php} (87%)
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewExplanationSurfaceTest.php => EnvironmentReview/EnvironmentReviewExplanationSurfaceTest.php} (88%)
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewExportOperationsUxTest.php => EnvironmentReview/EnvironmentReviewExportOperationsUxTest.php} (82%)
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewLifecycleTest.php => EnvironmentReview/EnvironmentReviewLifecycleTest.php} (66%)
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewOperationsUxTest.php => EnvironmentReview/EnvironmentReviewOperationsUxTest.php} (69%)
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewRbacTest.php => EnvironmentReview/EnvironmentReviewRbacTest.php} (62%)
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewRegisterPrefilterTest.php => EnvironmentReview/EnvironmentReviewRegisterPrefilterTest.php} (93%)
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewRegisterRbacTest.php => EnvironmentReview/EnvironmentReviewRegisterRbacTest.php} (89%)
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewRegisterTest.php => EnvironmentReview/EnvironmentReviewRegisterTest.php} (82%)
 rename apps/platform/tests/Feature/{TenantReview/TenantReviewUiContractTest.php => EnvironmentReview/EnvironmentReviewUiContractTest.php} (72%)
 rename apps/platform/tests/Feature/Filament/{AdminHomeRedirectsToChooseTenantWhenWorkspaceSelectedTest.php => AdminHomeRedirectsToChooseEnvironmentWhenWorkspaceSelectedTest.php} (100%)
 rename apps/platform/tests/Feature/Filament/{AdminTenantScopedSurfacesRedirectToChooseTenantTest.php => AdminTenantScopedSurfacesRedirectToChooseEnvironmentTest.php} (99%)
 rename apps/platform/tests/Feature/Filament/{ChooseTenantEmptyStateRegisterTenantCtaVisibilityTest.php => ChooseEnvironmentEmptyStateRegisterTenantCtaVisibilityTest.php} (95%)
 rename apps/platform/tests/Feature/Filament/{ChooseTenantIsWorkspaceScopedTest.php => ChooseEnvironmentIsWorkspaceScopedTest.php} (96%)
 rename apps/platform/tests/Feature/Filament/{ChooseTenantRequiresWorkspaceTest.php => ChooseEnvironmentRequiresWorkspaceTest.php} (84%)
 rename apps/platform/tests/Feature/Filament/{TenantReviewHeaderDisciplineTest.php => EnvironmentReviewHeaderDisciplineTest.php} (57%)
 rename apps/platform/tests/Feature/Filament/{ManagedTenantsLandingLifecycleTest.php => ManagedEnvironmentsLandingLifecycleTest.php} (93%)
 rename apps/platform/tests/Feature/Filament/{SelectTenantPostPersistsLastUsedTest.php => SelectEnvironmentPostPersistsLastUsedTest.php} (88%)
 rename apps/platform/tests/Feature/{ManagedTenantOnboardingWizardTest.php => ManagedEnvironmentOnboardingWizardTest.php} (91%)
 rename apps/platform/tests/Feature/{ManagedTenants => ManagedEnvironments}/AuthorizationSemanticsTest.php (92%)
 rename apps/platform/tests/Feature/{ManagedTenants => ManagedEnvironments}/OnboardingRedirectTest.php (100%)
 rename apps/platform/tests/Feature/Onboarding/{TenantLifecyclePresentationCopyTest.php => EnvironmentLifecyclePresentationCopyTest.php} (79%)
 rename apps/platform/tests/Feature/Onboarding/{ManagedTenantOnboardingCapabilityAssistTest.php => ManagedEnvironmentOnboardingCapabilityAssistTest.php} (94%)
 rename apps/platform/tests/Feature/Onboarding/{ManagedTenantOnboardingEntitlementTest.php => ManagedEnvironmentOnboardingEntitlementTest.php} (93%)
 rename apps/platform/tests/Feature/Onboarding/{ManagedTenantOnboardingProviderConnectionScopeTest.php => ManagedEnvironmentOnboardingProviderConnectionScopeTest.php} (88%)
 rename apps/platform/tests/Feature/Onboarding/{OnboardingIdentifyTenantTest.php => OnboardingIdentifyEnvironmentTest.php} (85%)
 rename apps/platform/tests/Feature/PortfolioCompare/{CrossTenantCompareAuthorizationTest.php => CrossEnvironmentCompareAuthorizationTest.php} (73%)
 rename apps/platform/tests/Feature/PortfolioCompare/{CrossTenantCompareLaunchContextTest.php => CrossEnvironmentCompareLaunchContextTest.php} (63%)
 rename apps/platform/tests/Feature/PortfolioCompare/{CrossTenantComparePageTest.php => CrossEnvironmentComparePageTest.php} (59%)
 rename apps/platform/tests/Feature/PortfolioCompare/{CrossTenantPromotionExecutionActionTest.php => CrossEnvironmentPromotionExecutionActionTest.php} (77%)
 rename apps/platform/tests/Feature/PortfolioCompare/{CrossTenantPromotionExecutionAuditTest.php => CrossEnvironmentPromotionExecutionAuditTest.php} (77%)
 rename apps/platform/tests/Feature/PortfolioCompare/{CrossTenantPromotionExecutionAuthorizationTest.php => CrossEnvironmentPromotionExecutionAuthorizationTest.php} (63%)
 rename apps/platform/tests/Feature/PortfolioCompare/{CrossTenantPromotionExecutionRunUxTest.php => CrossEnvironmentPromotionExecutionRunUxTest.php} (72%)
 rename apps/platform/tests/Feature/PortfolioCompare/{CrossTenantPromotionPreflightAuditTest.php => CrossEnvironmentPromotionPreflightAuditTest.php} (67%)
 rename apps/platform/tests/Feature/ReviewPack/{TenantReviewDerivedReviewPackTest.php => EnvironmentReviewDerivedReviewPackTest.php} (88%)
 rename apps/platform/tests/Feature/Workspaces/{ChooseTenantPageTest.php => ChooseEnvironmentPageTest.php} (91%)
 rename apps/platform/tests/Feature/Workspaces/{ChooseWorkspaceRedirectsToChooseTenantTest.php => ChooseWorkspaceRedirectsToChooseEnvironmentTest.php} (87%)
 rename apps/platform/tests/Feature/Workspaces/{ManagedTenantOnboardingProviderStartTest.php => ManagedEnvironmentOnboardingProviderStartTest.php} (92%)
 rename apps/platform/tests/Feature/Workspaces/{ManagedTenantsLivewireUpdateTest.php => ManagedEnvironmentsLivewireUpdateTest.php} (96%)
 rename apps/platform/tests/Feature/Workspaces/{ManagedTenantsWorkspaceRoutingTest.php => ManagedEnvironmentsWorkspaceRoutingTest.php} (94%)
 rename apps/platform/tests/Feature/Workspaces/{SelectTenantControllerTest.php => SelectEnvironmentControllerTest.php} (92%)
 rename apps/platform/tests/Feature/Workspaces/{Spec195ManagedTenantsLandingTest.php => Spec195ManagedEnvironmentsLandingTest.php} (80%)
 rename apps/platform/tests/Unit/Badges/{TenantTriageReviewStateBadgesTest.php => ManagedEnvironmentTriageReviewStateBadgesTest.php} (52%)
 create mode 100644 apps/platform/tests/Unit/EnvironmentReview/EnvironmentReviewBadgeTest.php
 rename apps/platform/tests/Unit/{TenantReview/TenantReviewComposerTest.php => EnvironmentReview/EnvironmentReviewComposerTest.php} (75%)
 rename apps/platform/tests/Unit/{TenantPermissionCheckClustersTest.php => ManagedEnvironmentPermissionCheckClustersTest.php} (90%)
 rename apps/platform/tests/Unit/{TenantPermissionServiceTest.php => ManagedEnvironmentPermissionServiceTest.php} (80%)
 rename apps/platform/tests/Unit/Policies/{TenantOnboardingSessionPolicyTest.php => ManagedEnvironmentOnboardingSessionPolicyTest.php} (89%)
 rename apps/platform/tests/Unit/Support/PortfolioCompare/{CrossTenantComparePreviewBuilderTest.php => CrossEnvironmentComparePreviewBuilderTest.php} (76%)
 rename apps/platform/tests/Unit/Support/PortfolioCompare/{CrossTenantPromotionExecutionPlannerTest.php => CrossEnvironmentPromotionExecutionPlannerTest.php} (75%)
 rename apps/platform/tests/Unit/Support/PortfolioCompare/{CrossTenantPromotionPreflightTest.php => CrossEnvironmentPromotionPreflightTest.php} (73%)
 rename apps/platform/tests/Unit/Support/PortfolioTriage/{TenantTriageReviewFingerprintTest.php => ManagedEnvironmentTriageReviewFingerprintTest.php} (94%)
 rename apps/platform/tests/Unit/Support/PortfolioTriage/{TenantTriageReviewStateResolverTest.php => ManagedEnvironmentTriageReviewStateResolverTest.php} (88%)
 delete mode 100644 apps/platform/tests/Unit/TenantReview/TenantReviewBadgeTest.php
 rename apps/platform/tests/Unit/Verification/{TenantPermissionCapabilityMappingTest.php => ManagedEnvironmentPermissionCapabilityMappingTest.php} (65%)
 create mode 100644 specs/300-internal-tenant-model-naming-consolidation/allowed-tenant-references.md
 create mode 100644 specs/300-internal-tenant-model-naming-consolidation/checklists/requirements.md
 create mode 100644 specs/300-internal-tenant-model-naming-consolidation/final-tenant-reference-audit.md
 create mode 100644 specs/300-internal-tenant-model-naming-consolidation/plan.md
 create mode 100644 specs/300-internal-tenant-model-naming-consolidation/spec.md
 create mode 100644 specs/300-internal-tenant-model-naming-consolidation/tasks.md
 create mode 100644 specs/300-internal-tenant-model-naming-consolidation/tenant-reference-inventory.md

diff --git a/apps/platform/app/Filament/Concerns/WorkspaceScopedTenantRoutes.php b/apps/platform/app/Filament/Concerns/WorkspaceScopedTenantRoutes.php
index 1f7048a1..17fb6d75 100644
--- a/apps/platform/app/Filament/Concerns/WorkspaceScopedTenantRoutes.php
+++ b/apps/platform/app/Filament/Concerns/WorkspaceScopedTenantRoutes.php
@@ -40,8 +40,9 @@ public static function getUrl(?string $name = null, array $parameters = [], bool
             return url('/admin');
         }
 
-        $parameters['tenant'] ??= $resolvedTenant;
+        $parameters['environment'] ??= $resolvedTenant;
         $parameters['workspace'] ??= $workspace;
+        unset($parameters['tenant']);
 
         return parent::getUrl($name, $parameters, $isAbsolute, $panelId, null, $shouldGuessMissingParameters);
     }
@@ -52,7 +53,7 @@ protected static function workspaceScopedSlug(string $slug, ?Panel $panel = null
             return $slug;
         }
 
-        $prefix = 'workspaces/{workspace}/environments/{tenant}/';
+        $prefix = 'workspaces/{workspace}/environments/{environment}/';
 
         return str_starts_with($slug, $prefix)
             ? $slug
@@ -148,4 +149,4 @@ protected static function workspaceScopedTenantRelationshipName(): string
             ? $relationshipName
             : 'tenant';
     }
-}
\ No newline at end of file
+}
diff --git a/apps/platform/app/Filament/Pages/ChooseTenant.php b/apps/platform/app/Filament/Pages/ChooseEnvironment.php
similarity index 95%
rename from apps/platform/app/Filament/Pages/ChooseTenant.php
rename to apps/platform/app/Filament/Pages/ChooseEnvironment.php
index 3bfa1f8f..7a5ad6a6 100644
--- a/apps/platform/app/Filament/Pages/ChooseTenant.php
+++ b/apps/platform/app/Filament/Pages/ChooseEnvironment.php
@@ -18,7 +18,7 @@
 use Illuminate\Database\Eloquent\Collection;
 use Illuminate\Support\Facades\Schema;
 
-class ChooseTenant extends Page
+class ChooseEnvironment extends Page
 {
     protected static string $layout = 'filament-panels::components.layout.simple';
 
@@ -26,9 +26,9 @@ class ChooseTenant extends Page
 
     protected static bool $isDiscovered = false;
 
-    protected static ?string $slug = 'choose-tenant';
+    protected static ?string $slug = 'choose-environment';
 
-    protected string $view = 'filament.pages.choose-tenant';
+    protected string $view = 'filament.pages.choose-environment';
 
     public function getTitle(): string
     {
@@ -66,7 +66,7 @@ public function getTenants(): Collection
         return app(TenantOperabilityService::class)->filterSelectable(collect($tenants));
     }
 
-    public function selectTenant(int $tenantId): void
+    public function selectEnvironment(int $tenantId): void
     {
         $user = auth()->user();
 
diff --git a/apps/platform/app/Filament/Pages/CrossTenantComparePage.php b/apps/platform/app/Filament/Pages/CrossEnvironmentComparePage.php
similarity index 71%
rename from apps/platform/app/Filament/Pages/CrossTenantComparePage.php
rename to apps/platform/app/Filament/Pages/CrossEnvironmentComparePage.php
index 4558695f..37459a95 100644
--- a/apps/platform/app/Filament/Pages/CrossTenantComparePage.php
+++ b/apps/platform/app/Filament/Pages/CrossEnvironmentComparePage.php
@@ -11,7 +11,7 @@
 use App\Services\Audit\WorkspaceAuditLogger;
 use App\Services\Auth\CapabilityResolver;
 use App\Services\Auth\WorkspaceCapabilityResolver;
-use App\Services\PortfolioCompare\CrossTenantPromotionExecutionService;
+use App\Services\PortfolioCompare\CrossEnvironmentPromotionExecutionService;
 use App\Support\Auth\Capabilities;
 use App\Support\ManagedEnvironmentLinks;
 use App\Support\Navigation\CanonicalNavigationContext;
@@ -19,9 +19,9 @@
 use App\Support\OperationRunLinks;
 use App\Support\OpsUx\OpsUxBrowserEvents;
 use App\Support\OpsUx\ProviderOperationStartResultPresenter;
-use App\Support\PortfolioCompare\CrossTenantComparePreviewBuilder;
-use App\Support\PortfolioCompare\CrossTenantCompareSelection;
-use App\Support\PortfolioCompare\CrossTenantPromotionPreflight;
+use App\Support\PortfolioCompare\CrossEnvironmentComparePreviewBuilder;
+use App\Support\PortfolioCompare\CrossEnvironmentCompareSelection;
+use App\Support\PortfolioCompare\CrossEnvironmentPromotionPreflight;
 use App\Support\Rbac\WorkspaceUiEnforcement;
 use App\Support\Ui\ActionSurface\ActionSurfaceDeclaration;
 use App\Support\Ui\ActionSurface\Enums\ActionSurfaceProfile;
@@ -42,13 +42,13 @@
 use Illuminate\Support\Str;
 use UnitEnum;
 
-class CrossTenantComparePage extends Page implements HasForms
+class CrossEnvironmentComparePage extends Page implements HasForms
 {
     use InteractsWithForms;
 
-    private const string SOURCE_TENANT_QUERY_KEY = 'source_tenant_id';
+    private const string SOURCE_ENVIRONMENT_QUERY_KEY = 'source_environment_id';
 
-    private const string TARGET_TENANT_QUERY_KEY = 'target_tenant_id';
+    private const string TARGET_ENVIRONMENT_QUERY_KEY = 'target_environment_id';
 
     private const string POLICY_TYPE_QUERY_KEY = 'policy_type';
 
@@ -60,15 +60,15 @@ class CrossTenantComparePage extends Page implements HasForms
 
     protected static string|UnitEnum|null $navigationGroup = 'Governance';
 
-    protected static ?string $title = 'Cross-ManagedEnvironment Compare';
+    protected static ?string $title = 'Cross-environment compare';
 
-    protected static ?string $slug = 'cross-tenant-compare';
+    protected static ?string $slug = 'cross-environment-compare';
 
-    protected string $view = 'filament.pages.cross-tenant-compare';
+    protected string $view = 'filament.pages.cross-environment-compare';
 
-    public ?string $sourceTenantId = null;
+    public ?string $sourceEnvironmentId = null;
 
-    public ?string $targetTenantId = null;
+    public ?string $targetEnvironmentId = null;
 
     /**
      * @var list<string>
@@ -95,12 +95,12 @@ class CrossTenantComparePage extends Page implements HasForms
     public static function actionSurfaceDeclaration(): ActionSurfaceDeclaration
     {
         return ActionSurfaceDeclaration::forPage(ActionSurfaceProfile::ListOnlyReadOnly)
-            ->satisfy(ActionSurfaceSlot::ListHeader, 'Header actions preserve return navigation, tenant drill-downs, and one dominant promotion-preflight action.')
+            ->satisfy(ActionSurfaceSlot::ListHeader, 'Header actions preserve return navigation, environment drill-downs, and one dominant promotion-preflight action.')
             ->exempt(ActionSurfaceSlot::InspectAffordance, 'The compare page uses explicit selection controls instead of row-click inspection.')
-            ->exempt(ActionSurfaceSlot::ListRowMoreMenu, 'Cross-tenant compare renders focused subject summaries instead of row-level overflow actions.')
+            ->exempt(ActionSurfaceSlot::ListRowMoreMenu, 'Cross-environment compare renders focused subject summaries instead of row-level overflow actions.')
             ->exempt(ActionSurfaceSlot::ListBulkMoreGroup, 'The compare page has no bulk actions.')
             ->satisfy(ActionSurfaceSlot::ListEmptyState, 'The compare page explains when a selection is incomplete or invalid before any preview exists.')
-            ->exempt(ActionSurfaceSlot::DetailHeader, 'Cross-tenant compare is a workspace decision page, not a record detail header.');
+            ->exempt(ActionSurfaceSlot::DetailHeader, 'Cross-environment compare is a workspace decision page, not a record detail header.');
     }
 
     public function mount(): void
@@ -124,24 +124,24 @@ public function form(Schema $schema): Schema
                     'xl' => 3,
                 ])
                     ->schema([
-                        Select::make('sourceTenantId')
-                            ->label('Source tenant')
-                            ->options(fn (): array => $this->tenantOptions())
+                        Select::make('sourceEnvironmentId')
+                            ->label('Source environment')
+                            ->options(fn (): array => $this->environmentOptions())
                             ->searchable()
                             ->preload()
                             ->native(false)
-                            ->placeholder('Select a source tenant')
-                            ->extraFieldWrapperAttributes(['data-testid' => 'cross-tenant-source'])
-                            ->extraInputAttributes(['data-testid' => 'cross-tenant-source']),
-                        Select::make('targetTenantId')
-                            ->label('Target tenant')
-                            ->options(fn (): array => $this->tenantOptions())
+                            ->placeholder('Select a source environment')
+                            ->extraFieldWrapperAttributes(['data-testid' => 'cross-environment-source'])
+                            ->extraInputAttributes(['data-testid' => 'cross-environment-source']),
+                        Select::make('targetEnvironmentId')
+                            ->label('Target environment')
+                            ->options(fn (): array => $this->environmentOptions())
                             ->searchable()
                             ->preload()
                             ->native(false)
-                            ->placeholder('Select a target tenant')
-                            ->extraFieldWrapperAttributes(['data-testid' => 'cross-tenant-target'])
-                            ->extraInputAttributes(['data-testid' => 'cross-tenant-target']),
+                            ->placeholder('Select a target environment')
+                            ->extraFieldWrapperAttributes(['data-testid' => 'cross-environment-target'])
+                            ->extraInputAttributes(['data-testid' => 'cross-environment-target']),
                         Select::make('selectedPolicyTypes')
                             ->label('Governed subjects')
                             ->options(fn (): array => $this->policyTypeOptions())
@@ -151,10 +151,10 @@ public function form(Schema $schema): Schema
                             ->native(false)
                             ->placeholder('All governed subjects')
                             ->helperText(fn (): ?string => $this->policyTypeOptions() === []
-                                ? 'Governed subject filters appear after authorized tenant inventory exists in the active workspace.'
+                                ? 'Governed subject filters appear after authorized environment inventory exists in the active workspace.'
                                 : null)
-                            ->extraFieldWrapperAttributes(['data-testid' => 'cross-tenant-policy-types'])
-                            ->extraInputAttributes(['data-testid' => 'cross-tenant-policy-types']),
+                            ->extraFieldWrapperAttributes(['data-testid' => 'cross-environment-policy-types'])
+                            ->extraInputAttributes(['data-testid' => 'cross-environment-policy-types']),
                     ]),
             ]);
     }
@@ -176,24 +176,24 @@ protected function getHeaderActions(): array
                 ->url($navigationContext->backLinkUrl);
         }
 
-        $sourceTenant = $this->selectedSourceTenant();
+        $sourceEnvironment = $this->selectedSourceEnvironment();
 
-        if ($sourceTenant instanceof ManagedEnvironment) {
-            $actions[] = Action::make('open_source_tenant')
-                ->label('Open source tenant')
+        if ($sourceEnvironment instanceof ManagedEnvironment) {
+            $actions[] = Action::make('open_source_environment')
+                ->label('Open source environment')
                 ->icon('heroicon-o-arrow-top-right-on-square')
                 ->color('gray')
-                ->url(ManagedEnvironmentLinks::viewUrl($sourceTenant));
+                ->url(ManagedEnvironmentLinks::viewUrl($sourceEnvironment));
         }
 
-        $targetTenant = $this->selectedTargetTenant();
+        $targetEnvironment = $this->selectedTargetEnvironment();
 
-        if ($targetTenant instanceof ManagedEnvironment) {
-            $actions[] = Action::make('open_target_tenant')
-                ->label('Open target tenant')
+        if ($targetEnvironment instanceof ManagedEnvironment) {
+            $actions[] = Action::make('open_target_environment')
+                ->label('Open target environment')
                 ->icon('heroicon-o-arrow-top-right-on-square')
                 ->color('gray')
-                ->url(ManagedEnvironmentLinks::viewUrl($targetTenant));
+                ->url(ManagedEnvironmentLinks::viewUrl($targetEnvironment));
         }
 
         $preflightAction = Action::make('generatePromotionPreflight')
@@ -254,15 +254,15 @@ public function applySelection(): void
         $this->selectionMessage = null;
         $this->preflight = null;
 
-        $this->sourceTenantId = $this->normalizeTenantIdentifier($this->sourceTenantId);
-        $this->targetTenantId = $this->normalizeTenantIdentifier($this->targetTenantId);
+        $this->sourceEnvironmentId = $this->normalizeEnvironmentIdentifier($this->sourceEnvironmentId);
+        $this->targetEnvironmentId = $this->normalizeEnvironmentIdentifier($this->targetEnvironmentId);
         $this->selectedPolicyTypes = $this->normalizePolicyTypes($this->selectedPolicyTypes);
 
-        if ($this->sourceTenantId !== null
-            && $this->targetTenantId !== null
-            && $this->sourceTenantId === $this->targetTenantId) {
-            $this->selectionMessage = 'Choose two different tenants.';
-            $this->addError('targetTenantId', $this->selectionMessage);
+        if ($this->sourceEnvironmentId !== null
+            && $this->targetEnvironmentId !== null
+            && $this->sourceEnvironmentId === $this->targetEnvironmentId) {
+            $this->selectionMessage = 'Choose two different environments.';
+            $this->addError('targetEnvironmentId', $this->selectionMessage);
 
             return;
         }
@@ -285,20 +285,20 @@ public function generatePromotionPreflight(): void
 
         $selection = $this->compareSelection();
 
-        if (! $selection instanceof CrossTenantCompareSelection) {
+        if (! $selection instanceof CrossEnvironmentCompareSelection) {
             return;
         }
 
-        $this->preflight = app(CrossTenantPromotionPreflight::class)->build($this->preview);
+        $this->preflight = app(CrossEnvironmentPromotionPreflight::class)->build($this->preview);
 
         $workspace = $this->workspace();
         $user = auth()->user();
 
         if ($workspace instanceof Workspace && $user instanceof User) {
-            app(WorkspaceAuditLogger::class)->logCrossTenantPromotionPreflightGenerated(
+            app(WorkspaceAuditLogger::class)->logCrossEnvironmentPromotionPreflightGenerated(
                 workspace: $workspace,
-                sourceTenant: $selection->sourceTenant,
-                targetTenant: $selection->targetTenant,
+                sourceEnvironment: $selection->sourceEnvironment,
+                targetEnvironment: $selection->targetEnvironment,
                 preflight: $this->preflight,
                 actor: $user,
             );
@@ -323,7 +323,7 @@ public function executePromotion(): void
         $selection = $this->compareSelection();
         $user = auth()->user();
 
-        if (! $selection instanceof CrossTenantCompareSelection || ! $user instanceof User) {
+        if (! $selection instanceof CrossEnvironmentCompareSelection || ! $user instanceof User) {
             Notification::make()
                 ->title('Promotion execution unavailable')
                 ->body('Refresh the compare selection before executing promotion.')
@@ -334,7 +334,7 @@ public function executePromotion(): void
         }
 
         try {
-            $result = app(CrossTenantPromotionExecutionService::class)->start(
+            $result = app(CrossEnvironmentPromotionExecutionService::class)->start(
                 selection: $selection,
                 preview: $this->preview,
                 preflight: $this->preflight,
@@ -376,8 +376,8 @@ public function executePromotion(): void
     public function clearSelectionUrl(): string
     {
         return static::getUrl($this->routeParameters([
-            self::SOURCE_TENANT_QUERY_KEY => null,
-            self::TARGET_TENANT_QUERY_KEY => null,
+            self::SOURCE_ENVIRONMENT_QUERY_KEY => null,
+            self::TARGET_ENVIRONMENT_QUERY_KEY => null,
             self::POLICY_TYPE_QUERY_KEY => null,
         ]), panel: 'admin');
     }
@@ -388,18 +388,18 @@ public function selectionUrl(): string
     }
 
     public static function launchUrl(
-        ?ManagedEnvironment $sourceTenant = null,
-        ?ManagedEnvironment $targetTenant = null,
+        ?ManagedEnvironment $sourceEnvironment = null,
+        ?ManagedEnvironment $targetEnvironment = null,
         ?CanonicalNavigationContext $navigationContext = null,
     ): string {
         $parameters = [];
 
-        if ($sourceTenant instanceof ManagedEnvironment) {
-            $parameters[self::SOURCE_TENANT_QUERY_KEY] = (int) $sourceTenant->getKey();
+        if ($sourceEnvironment instanceof ManagedEnvironment) {
+            $parameters[self::SOURCE_ENVIRONMENT_QUERY_KEY] = (int) $sourceEnvironment->getKey();
         }
 
-        if ($targetTenant instanceof ManagedEnvironment) {
-            $parameters[self::TARGET_TENANT_QUERY_KEY] = (int) $targetTenant->getKey();
+        if ($targetEnvironment instanceof ManagedEnvironment) {
+            $parameters[self::TARGET_ENVIRONMENT_QUERY_KEY] = (int) $targetEnvironment->getKey();
         }
 
         if ($navigationContext instanceof CanonicalNavigationContext) {
@@ -411,8 +411,8 @@ public static function launchUrl(
 
     public function hasActiveSelection(): bool
     {
-        return $this->sourceTenantId !== null
-            || $this->targetTenantId !== null
+        return $this->sourceEnvironmentId !== null
+            || $this->targetEnvironmentId !== null
             || $this->selectedPolicyTypes !== [];
     }
 
@@ -438,26 +438,26 @@ public function reasonLabel(string $reasonCode): string
         return Str::headline(str_replace('_', ' ', $reasonCode));
     }
 
-    public function sourceTenantUrl(): ?string
+    public function sourceEnvironmentUrl(): ?string
     {
-        $tenant = $this->selectedSourceTenant();
+        $environment = $this->selectedSourceEnvironment();
 
-        if (! $tenant instanceof ManagedEnvironment) {
+        if (! $environment instanceof ManagedEnvironment) {
             return null;
         }
 
-        return ManagedEnvironmentLinks::viewUrl($tenant);
+        return ManagedEnvironmentLinks::viewUrl($environment);
     }
 
-    public function targetTenantUrl(): ?string
+    public function targetEnvironmentUrl(): ?string
     {
-        $tenant = $this->selectedTargetTenant();
+        $environment = $this->selectedTargetEnvironment();
 
-        if (! $tenant instanceof ManagedEnvironment) {
+        if (! $environment instanceof ManagedEnvironment) {
             return null;
         }
 
-        return ManagedEnvironmentLinks::viewUrl($tenant);
+        return ManagedEnvironmentLinks::viewUrl($environment);
     }
 
     /**
@@ -466,16 +466,16 @@ public function targetTenantUrl(): ?string
     private function formState(): array
     {
         return [
-            'sourceTenantId' => $this->sourceTenantId,
-            'targetTenantId' => $this->targetTenantId,
+            'sourceEnvironmentId' => $this->sourceEnvironmentId,
+            'targetEnvironmentId' => $this->targetEnvironmentId,
             'selectedPolicyTypes' => $this->selectedPolicyTypes,
         ];
     }
 
     private function hydrateSelectionFromRequest(): void
     {
-        $this->sourceTenantId = $this->normalizeTenantIdentifier(request()->query(self::SOURCE_TENANT_QUERY_KEY));
-        $this->targetTenantId = $this->normalizeTenantIdentifier(request()->query(self::TARGET_TENANT_QUERY_KEY));
+        $this->sourceEnvironmentId = $this->normalizeEnvironmentIdentifier(request()->query(self::SOURCE_ENVIRONMENT_QUERY_KEY));
+        $this->targetEnvironmentId = $this->normalizeEnvironmentIdentifier(request()->query(self::TARGET_ENVIRONMENT_QUERY_KEY));
         $this->selectedPolicyTypes = $this->normalizePolicyTypes(request()->query(self::POLICY_TYPE_QUERY_KEY, []));
     }
 
@@ -487,11 +487,11 @@ private function refreshPreview(): void
 
         $selection = $this->compareSelection();
 
-        if (! $selection instanceof CrossTenantCompareSelection) {
+        if (! $selection instanceof CrossEnvironmentCompareSelection) {
             return;
         }
 
-        $this->preview = app(CrossTenantComparePreviewBuilder::class)->build($selection);
+        $this->preview = app(CrossEnvironmentComparePreviewBuilder::class)->build($selection);
     }
 
     private function authorizePageAccess(): void
@@ -554,61 +554,61 @@ private function authorizePromotionExecution(): void
             abort(403);
         }
 
-        $targetTenant = $this->selectedTargetTenant();
+        $targetEnvironment = $this->selectedTargetEnvironment();
 
-        if (! $targetTenant instanceof ManagedEnvironment) {
+        if (! $targetEnvironment instanceof ManagedEnvironment) {
             abort(404);
         }
 
         /** @var CapabilityResolver $resolver */
         $resolver = app(CapabilityResolver::class);
 
-        if (! $resolver->can($user, $targetTenant, Capabilities::TENANT_MANAGE)) {
+        if (! $resolver->can($user, $targetEnvironment, Capabilities::TENANT_MANAGE)) {
             abort(403);
         }
     }
 
-    private function compareSelection(): ?CrossTenantCompareSelection
+    private function compareSelection(): ?CrossEnvironmentCompareSelection
     {
-        $sourceTenant = $this->selectedSourceTenant();
-        $targetTenant = $this->selectedTargetTenant();
+        $sourceEnvironment = $this->selectedSourceEnvironment();
+        $targetEnvironment = $this->selectedTargetEnvironment();
 
-        if (! $sourceTenant instanceof ManagedEnvironment || ! $targetTenant instanceof ManagedEnvironment) {
+        if (! $sourceEnvironment instanceof ManagedEnvironment || ! $targetEnvironment instanceof ManagedEnvironment) {
             return null;
         }
 
-        if ((int) $sourceTenant->getKey() === (int) $targetTenant->getKey()) {
-            $this->selectionMessage = 'Choose two different tenants.';
+        if ((int) $sourceEnvironment->getKey() === (int) $targetEnvironment->getKey()) {
+            $this->selectionMessage = 'Choose two different environments.';
 
             return null;
         }
 
-        return new CrossTenantCompareSelection(
-            sourceTenant: $sourceTenant,
-            targetTenant: $targetTenant,
+        return new CrossEnvironmentCompareSelection(
+            sourceEnvironment: $sourceEnvironment,
+            targetEnvironment: $targetEnvironment,
             policyTypes: $this->selectedPolicyTypes,
         );
     }
 
-    private function selectedSourceTenant(): ?ManagedEnvironment
+    private function selectedSourceEnvironment(): ?ManagedEnvironment
     {
-        if ($this->sourceTenantId === null) {
+        if ($this->sourceEnvironmentId === null) {
             return null;
         }
 
-        return $this->resolveAuthorizedTenant($this->sourceTenantId);
+        return $this->resolveAuthorizedEnvironment($this->sourceEnvironmentId);
     }
 
-    private function selectedTargetTenant(): ?ManagedEnvironment
+    private function selectedTargetEnvironment(): ?ManagedEnvironment
     {
-        if ($this->targetTenantId === null) {
+        if ($this->targetEnvironmentId === null) {
             return null;
         }
 
-        return $this->resolveAuthorizedTenant($this->targetTenantId);
+        return $this->resolveAuthorizedEnvironment($this->targetEnvironmentId);
     }
 
-    private function resolveAuthorizedTenant(string $tenantId): ManagedEnvironment
+    private function resolveAuthorizedEnvironment(string $environmentId): ManagedEnvironment
     {
         $workspace = $this->workspace();
         $user = auth()->user();
@@ -617,29 +617,29 @@ private function resolveAuthorizedTenant(string $tenantId): ManagedEnvironment
             abort(404);
         }
 
-        $tenant = ManagedEnvironment::query()
+        $environment = ManagedEnvironment::query()
             ->where('workspace_id', (int) $workspace->getKey())
-            ->whereKey((int) $tenantId)
+            ->whereKey((int) $environmentId)
             ->first();
 
-        if (! $tenant instanceof ManagedEnvironment) {
+        if (! $environment instanceof ManagedEnvironment) {
             abort(404);
         }
 
         /** @var CapabilityResolver $resolver */
         $resolver = app(CapabilityResolver::class);
 
-        if (! $user->canAccessTenant($tenant) || ! $resolver->can($user, $tenant, Capabilities::TENANT_VIEW)) {
+        if (! $user->canAccessTenant($environment) || ! $resolver->can($user, $environment, Capabilities::TENANT_VIEW)) {
             abort(404);
         }
 
-        return $tenant;
+        return $environment;
     }
 
     /**
      * @return array<string, string>
      */
-    private function tenantOptions(): array
+    private function environmentOptions(): array
     {
         $workspace = $this->workspace();
         $user = auth()->user();
@@ -651,17 +651,17 @@ private function tenantOptions(): array
         /** @var CapabilityResolver $resolver */
         $resolver = app(CapabilityResolver::class);
 
-        $tenants = $user->accessibleManagedEnvironmentsQuery((int) $workspace->getKey())
+        $environments = $user->accessibleManagedEnvironmentsQuery((int) $workspace->getKey())
             ->select('managed_environments.*')
             ->orderBy('managed_environments.name')
             ->get();
 
-        $resolver->primeMemberships($user, $tenants->modelKeys());
+        $resolver->primeMemberships($user, $environments->modelKeys());
 
-        return $tenants
-            ->filter(fn (ManagedEnvironment $tenant): bool => $resolver->can($user, $tenant, Capabilities::TENANT_VIEW))
-            ->mapWithKeys(fn (ManagedEnvironment $tenant): array => [
-                (string) $tenant->getKey() => (string) $tenant->name,
+        return $environments
+            ->filter(fn (ManagedEnvironment $environment): bool => $resolver->can($user, $environment, Capabilities::TENANT_VIEW))
+            ->mapWithKeys(fn (ManagedEnvironment $environment): array => [
+                (string) $environment->getKey() => (string) $environment->name,
             ])
             ->all();
     }
@@ -671,14 +671,14 @@ private function tenantOptions(): array
      */
     private function policyTypeOptions(): array
     {
-        $tenantIds = array_map(static fn (string $tenantId): int => (int) $tenantId, array_keys($this->tenantOptions()));
+        $environmentIds = array_map(static fn (string $environmentId): int => (int) $environmentId, array_keys($this->environmentOptions()));
 
-        if ($tenantIds === []) {
+        if ($environmentIds === []) {
             return [];
         }
 
         return InventoryItem::query()
-            ->whereIn('managed_environment_id', $tenantIds)
+            ->whereIn('managed_environment_id', $environmentIds)
             ->whereNotNull('policy_type')
             ->where('policy_type', '!=', '')
             ->distinct()
@@ -697,7 +697,7 @@ private function preflightDisabledReason(): ?string
         }
 
         if (! is_array($this->preview)) {
-            return 'Select an authorized source and target tenant to generate a promotion preflight.';
+            return 'Select an authorized source and target environment to generate a promotion preflight.';
         }
 
         if ((int) data_get($this->preview, 'summary.total', 0) === 0) {
@@ -737,14 +737,14 @@ private function executePromotionDisabledReason(): ?string
                 return 'You need workspace baseline manage access to execute promotion.';
             }
 
-            $targetTenant = $this->selectedTargetTenant();
+            $targetEnvironment = $this->selectedTargetEnvironment();
 
-            if ($targetTenant instanceof ManagedEnvironment) {
+            if ($targetEnvironment instanceof ManagedEnvironment) {
                 /** @var CapabilityResolver $resolver */
                 $resolver = app(CapabilityResolver::class);
 
-                if (! $resolver->can($user, $targetTenant, Capabilities::TENANT_MANAGE)) {
-                    return 'You need target tenant manage access to execute promotion.';
+                if (! $resolver->can($user, $targetEnvironment, Capabilities::TENANT_MANAGE)) {
+                    return 'You need target environment manage access to execute promotion.';
                 }
             }
         }
@@ -760,13 +760,13 @@ private function executePromotionConfirmationDescription(): string
         $manualMappingRequired = (int) data_get($this->preflight, 'summary.manual_mapping_required', 0);
         $excluded = $blocked + $manualMappingRequired;
 
-        $sourceTenantName = $selection?->sourceTenant->name ?? 'Source tenant';
-        $targetTenantName = $selection?->targetTenant->name ?? 'Target tenant';
+        $sourceEnvironmentName = $selection?->sourceEnvironment->name ?? 'Source environment';
+        $targetEnvironmentName = $selection?->targetEnvironment->name ?? 'Target environment';
 
         return sprintf(
             'Queue one promotion run from %s to %s for %d ready governed subject%s. %d subject%s remain excluded on the compare page.',
-            $sourceTenantName,
-            $targetTenantName,
+            $sourceEnvironmentName,
+            $targetEnvironmentName,
             $ready,
             $ready === 1 ? '' : 's',
             $excluded,
@@ -777,7 +777,7 @@ private function executePromotionConfirmationDescription(): string
     /**
      * @param  mixed  $value
      */
-    private function normalizeTenantIdentifier(mixed $value): ?string
+    private function normalizeEnvironmentIdentifier(mixed $value): ?string
     {
         if (! is_string($value) && ! is_int($value)) {
             return null;
@@ -815,8 +815,8 @@ private function normalizePolicyTypes(mixed $value): array
     private function routeParameters(array $overrides = []): array
     {
         $parameters = [
-            self::SOURCE_TENANT_QUERY_KEY => $this->sourceTenantId,
-            self::TARGET_TENANT_QUERY_KEY => $this->targetTenantId,
+            self::SOURCE_ENVIRONMENT_QUERY_KEY => $this->sourceEnvironmentId,
+            self::TARGET_ENVIRONMENT_QUERY_KEY => $this->targetEnvironmentId,
             self::POLICY_TYPE_QUERY_KEY => $this->selectedPolicyTypes,
         ];
 
diff --git a/apps/platform/app/Filament/Pages/TenantDashboard.php b/apps/platform/app/Filament/Pages/EnvironmentDashboard.php
similarity index 95%
rename from apps/platform/app/Filament/Pages/TenantDashboard.php
rename to apps/platform/app/Filament/Pages/EnvironmentDashboard.php
index c8656c03..0de101b2 100644
--- a/apps/platform/app/Filament/Pages/TenantDashboard.php
+++ b/apps/platform/app/Filament/Pages/EnvironmentDashboard.php
@@ -5,9 +5,9 @@
 namespace App\Filament\Pages;
 
 use App\Filament\Pages\Governance\GovernanceInbox;
-use App\Filament\Widgets\Tenant\TenantTriageArrivalContinuity;
-use App\Filament\Widgets\Dashboard\TenantDashboardContextChips;
-use App\Filament\Widgets\Dashboard\TenantDashboardOverview;
+use App\Filament\Widgets\ManagedEnvironment\ManagedEnvironmentTriageArrivalContinuity;
+use App\Filament\Widgets\Dashboard\EnvironmentDashboardContextChips;
+use App\Filament\Widgets\Dashboard\EnvironmentDashboardOverview;
 use App\Models\SupportRequest;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
@@ -21,8 +21,8 @@
 use App\Support\SupportDiagnostics\SupportDiagnosticBundleBuilder;
 use App\Support\SupportRequests\ExternalSupportDeskHandoffService;
 use App\Support\SupportRequests\SupportRequestSubmissionService;
-use App\Support\TenantDashboard\TenantDashboardSummary;
-use App\Support\TenantDashboard\TenantDashboardSummaryBuilder;
+use App\Support\EnvironmentDashboard\EnvironmentDashboardSummary;
+use App\Support\EnvironmentDashboard\EnvironmentDashboardSummaryBuilder;
 use Filament\Actions\Action;
 use Filament\Actions\ActionGroup;
 use Filament\Facades\Filament;
@@ -43,7 +43,7 @@
 
 use App\Filament\Widgets\Dashboard\DashboardKpis;
 
-class TenantDashboard extends Dashboard
+class EnvironmentDashboard extends Dashboard
 {
     protected Width|string|null $maxContentWidth = Width::Full;
 
@@ -52,7 +52,7 @@ class TenantDashboard extends Dashboard
      */
     public array $supportDiagnosticsAuditKeys = [];
 
-    private ?TenantDashboardSummary $dashboardSummary = null;
+    private ?EnvironmentDashboardSummary $dashboardSummary = null;
 
     public static function getNavigationLabel(): string
     {
@@ -69,7 +69,7 @@ public function getTitle(): string | Htmlable
 
         $summary = $this->dashboardSummary();
 
-        if (! $summary instanceof TenantDashboardSummary) {
+        if (! $summary instanceof EnvironmentDashboardSummary) {
             return (string) $tenant->name;
         }
 
@@ -112,7 +112,7 @@ public static function getUrl(array $parameters = [], bool $isAbsolute = true, ?
     protected function getHeaderWidgets(): array
     {
         return [
-            TenantDashboardContextChips::class,
+            EnvironmentDashboardContextChips::class,
         ];
     }
 
@@ -127,9 +127,9 @@ public function getHeaderWidgetsColumns(): int|array
     public function getWidgets(): array
     {
         return [
-            TenantTriageArrivalContinuity::class,
+            ManagedEnvironmentTriageArrivalContinuity::class,
             DashboardKpis::class,
-            TenantDashboardOverview::class,
+            EnvironmentDashboardOverview::class,
         ];
     }
 
@@ -204,7 +204,7 @@ private function primaryFollowUpHeaderPayload(): ?array
     {
         $summary = $this->dashboardSummary();
 
-        if (! $summary instanceof TenantDashboardSummary) {
+        if (! $summary instanceof EnvironmentDashboardSummary) {
             return null;
         }
 
@@ -222,7 +222,7 @@ private function secondaryHeaderPayload(): ?array
     {
         $summary = $this->dashboardSummary();
 
-        if (! $summary instanceof TenantDashboardSummary) {
+        if (! $summary instanceof EnvironmentDashboardSummary) {
             return null;
         }
 
@@ -304,9 +304,9 @@ private function summaryHeaderAction(string $name, array $payload, string $color
         return $action;
     }
 
-    private function dashboardSummary(): ?TenantDashboardSummary
+    private function dashboardSummary(): ?EnvironmentDashboardSummary
     {
-        if ($this->dashboardSummary instanceof TenantDashboardSummary) {
+        if ($this->dashboardSummary instanceof EnvironmentDashboardSummary) {
             return $this->dashboardSummary;
         }
 
@@ -317,7 +317,7 @@ private function dashboardSummary(): ?TenantDashboardSummary
             return null;
         }
 
-        $this->dashboardSummary = app(TenantDashboardSummaryBuilder::class)->build($tenant, $user);
+        $this->dashboardSummary = app(EnvironmentDashboardSummaryBuilder::class)->build($tenant, $user);
 
         return $this->dashboardSummary;
     }
diff --git a/apps/platform/app/Filament/Pages/TenantDiagnostics.php b/apps/platform/app/Filament/Pages/EnvironmentDiagnostics.php
similarity index 84%
rename from apps/platform/app/Filament/Pages/TenantDiagnostics.php
rename to apps/platform/app/Filament/Pages/EnvironmentDiagnostics.php
index 04ef13b3..48a6081b 100644
--- a/apps/platform/app/Filament/Pages/TenantDiagnostics.php
+++ b/apps/platform/app/Filament/Pages/EnvironmentDiagnostics.php
@@ -6,8 +6,8 @@
 
 use App\Filament\Concerns\ResolvesPanelTenantContext;
 use App\Models\User;
-use App\Services\Auth\TenantDiagnosticsService;
-use App\Services\Auth\TenantMembershipManager;
+use App\Services\Auth\ManagedEnvironmentDiagnosticsService;
+use App\Services\Auth\ManagedEnvironmentMembershipManager;
 use App\Support\Auth\Capabilities;
 use App\Support\Rbac\UiEnforcement;
 use App\Support\Rbac\UiTooltips;
@@ -17,7 +17,7 @@
 use Filament\Actions\Action;
 use Filament\Pages\Page;
 
-class TenantDiagnostics extends Page
+class EnvironmentDiagnostics extends Page
 {
     use ResolvesPanelTenantContext;
 
@@ -25,7 +25,7 @@ class TenantDiagnostics extends Page
 
     protected static ?string $slug = 'diagnostics';
 
-    protected string $view = 'filament.pages.tenant-diagnostics';
+    protected string $view = 'filament.pages.environment-diagnostics';
 
     public static function actionSurfaceDeclaration(): ActionSurfaceDeclaration
     {
@@ -44,14 +44,14 @@ public static function actionSurfaceDeclaration(): ActionSurfaceDeclaration
     public function mount(): void
     {
         $tenant = static::resolveTenantContextForCurrentPanelOrFail();
-        $this->missingOwner = app(TenantDiagnosticsService::class)->tenantHasNoOwners($tenant);
+        $this->missingOwner = app(ManagedEnvironmentDiagnosticsService::class)->tenantHasNoOwners($tenant);
 
         $user = auth()->user();
         if (! $user instanceof User) {
             abort(403, 'Not allowed');
         }
 
-        $this->hasDuplicateMembershipsForCurrentUser = app(TenantDiagnosticsService::class)
+        $this->hasDuplicateMembershipsForCurrentUser = app(ManagedEnvironmentDiagnosticsService::class)
             ->userHasDuplicateMemberships($tenant, $user);
     }
 
@@ -96,7 +96,7 @@ public function bootstrapOwner(): void
             abort(403, 'Not allowed');
         }
 
-        app(TenantMembershipManager::class)->grantScope($tenant, $user, $user, sourceRef: 'diagnostic');
+        app(ManagedEnvironmentMembershipManager::class)->grantScope($tenant, $user, $user, sourceRef: 'diagnostic');
 
         $this->mount();
     }
@@ -110,7 +110,7 @@ public function mergeDuplicateMemberships(): void
             abort(403, 'Not allowed');
         }
 
-        app(TenantDiagnosticsService::class)->mergeDuplicateMembershipsForUser($tenant, $user, $user);
+        app(ManagedEnvironmentDiagnosticsService::class)->mergeDuplicateMembershipsForUser($tenant, $user, $user);
 
         $this->mount();
     }
diff --git a/apps/platform/app/Filament/Pages/TenantRequiredPermissions.php b/apps/platform/app/Filament/Pages/EnvironmentRequiredPermissions.php
similarity index 94%
rename from apps/platform/app/Filament/Pages/TenantRequiredPermissions.php
rename to apps/platform/app/Filament/Pages/EnvironmentRequiredPermissions.php
index 4fba214d..4e3128a8 100644
--- a/apps/platform/app/Filament/Pages/TenantRequiredPermissions.php
+++ b/apps/platform/app/Filament/Pages/EnvironmentRequiredPermissions.php
@@ -7,7 +7,7 @@
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\WorkspaceMembership;
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 use App\Support\Badges\BadgeDomain;
 use App\Support\Badges\BadgeRenderer;
 use App\Support\Filament\TablePaginationProfiles;
@@ -29,7 +29,7 @@
 use Livewire\Attributes\Locked;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
-class TenantRequiredPermissions extends Page implements HasTable
+class EnvironmentRequiredPermissions extends Page implements HasTable
 {
     use InteractsWithTable;
 
@@ -37,11 +37,11 @@ class TenantRequiredPermissions extends Page implements HasTable
 
     protected static bool $shouldRegisterNavigation = false;
 
-    protected static ?string $slug = 'workspaces/{workspace}/environments/{tenant}/required-permissions';
+    protected static ?string $slug = 'workspaces/{workspace}/environments/{environment}/required-permissions';
 
     protected static ?string $title = 'Required permissions';
 
-    protected string $view = 'filament.pages.tenant-required-permissions';
+    protected string $view = 'filament.pages.environment-required-permissions';
 
     public static function actionSurfaceDeclaration(): ActionSurfaceDeclaration
     {
@@ -73,9 +73,9 @@ public function currentTenant(): ?ManagedEnvironment
         return $this->trustedScopedTenant();
     }
 
-    public function mount(ManagedEnvironment|string|null $tenant = null): void
+    public function mount(ManagedEnvironment|string|null $environment = null): void
     {
-        $tenant = static::resolveScopedTenant($tenant);
+        $tenant = static::resolveScopedTenant($environment);
 
         if (! $tenant instanceof ManagedEnvironment || ! static::hasScopedTenantAccess($tenant)) {
             abort(404);
@@ -151,10 +151,10 @@ public function table(Table $table): Table
                 TextColumn::make('status')
                     ->label('Status')
                     ->badge()
-                    ->formatStateUsing(BadgeRenderer::label(BadgeDomain::TenantPermissionStatus))
-                    ->color(BadgeRenderer::color(BadgeDomain::TenantPermissionStatus))
-                    ->icon(BadgeRenderer::icon(BadgeDomain::TenantPermissionStatus))
-                    ->iconColor(BadgeRenderer::iconColor(BadgeDomain::TenantPermissionStatus))
+                    ->formatStateUsing(BadgeRenderer::label(BadgeDomain::ManagedEnvironmentPermissionStatus))
+                    ->color(BadgeRenderer::color(BadgeDomain::ManagedEnvironmentPermissionStatus))
+                    ->icon(BadgeRenderer::icon(BadgeDomain::ManagedEnvironmentPermissionStatus))
+                    ->iconColor(BadgeRenderer::iconColor(BadgeDomain::ManagedEnvironmentPermissionStatus))
                     ->sortable(),
                 TextColumn::make('features_label')
                     ->label('Features')
@@ -235,7 +235,7 @@ protected static function resolveScopedTenant(ManagedEnvironment|string|null $te
                 ->first();
         }
 
-        $routeTenant = request()->route('tenant');
+        $routeTenant = request()->route('environment') ?? request()->route('tenant');
 
         if ($routeTenant instanceof ManagedEnvironment) {
             return $routeTenant;
@@ -333,7 +333,7 @@ private function trustedScopedTenant(): ?ManagedEnvironment
      */
     private function filterState(array $filters = [], ?string $search = null): array
     {
-        return TenantRequiredPermissionsViewModelBuilder::normalizeFilterState([
+        return ManagedEnvironmentRequiredPermissionsViewModelBuilder::normalizeFilterState([
             'status' => $filters['status']['value'] ?? data_get($this->tableFilters, 'status.value'),
             'type' => $filters['type']['value'] ?? data_get($this->tableFilters, 'type.value'),
             'features' => $filters['features']['values'] ?? data_get($this->tableFilters, 'features.values', []),
@@ -359,7 +359,7 @@ private function viewModelForState(array $state): array
             return $this->cachedViewModel;
         }
 
-        $builder = app(TenantRequiredPermissionsViewModelBuilder::class);
+        $builder = app(ManagedEnvironmentRequiredPermissionsViewModelBuilder::class);
 
         $this->cachedViewModelStateKey = $stateKey ?: null;
         $this->cachedViewModel = $builder->build($tenant, $state);
@@ -514,7 +514,7 @@ private function seedTableStateFromQuery(): void
 
         $queryFeatures = request()->query('features', []);
 
-        $state = TenantRequiredPermissionsViewModelBuilder::normalizeFilterState([
+        $state = ManagedEnvironmentRequiredPermissionsViewModelBuilder::normalizeFilterState([
             'status' => request()->query('status', 'missing'),
             'type' => request()->query('type', 'all'),
             'features' => is_array($queryFeatures) ? $queryFeatures : [],
diff --git a/apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php b/apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php
index fac0bd2b..bd22ae4d 100644
--- a/apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php
+++ b/apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php
@@ -288,10 +288,10 @@ public function emptyState(): array
             'title' => 'No visible assigned findings right now',
             'body' => 'Nothing currently assigned to you needs attention across the visible environment scope. Choose an environment to continue working elsewhere in the workspace.',
             'icon' => 'heroicon-o-clipboard-document-check',
-            'action_name' => 'choose_tenant_empty',
+            'action_name' => 'choose_environment_empty',
             'action_label' => 'Choose an environment',
             'action_kind' => 'url',
-            'action_url' => route('filament.admin.pages.choose-tenant'),
+            'action_url' => route('filament.admin.pages.choose-environment'),
         ];
     }
 
diff --git a/apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php b/apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php
index 13bef1f2..2d917839 100644
--- a/apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php
+++ b/apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php
@@ -11,7 +11,7 @@
 use App\Models\Workspace;
 use App\Services\Auth\CapabilityResolver;
 use App\Services\Auth\WorkspaceCapabilityResolver;
-use App\Services\TenantReviews\TenantReviewRegisterService;
+use App\Services\EnvironmentReviews\EnvironmentReviewRegisterService;
 use App\Support\Auth\Capabilities;
 use App\Support\GovernanceInbox\GovernanceInboxSectionBuilder;
 use App\Support\Navigation\CanonicalNavigationContext;
@@ -333,7 +333,7 @@ private function reviewTenants(): array
             return $this->reviewTenants = [];
         }
 
-        $service = app(TenantReviewRegisterService::class);
+        $service = app(EnvironmentReviewRegisterService::class);
 
         if (! $service->canAccessWorkspace($user, $workspace)) {
             return $this->reviewTenants = [];
diff --git a/apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php b/apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php
index b1f005d1..6ff4f0ab 100644
--- a/apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php
+++ b/apps/platform/app/Filament/Pages/Monitoring/EvidenceOverview.php
@@ -7,11 +7,11 @@
 use App\Filament\Resources\EvidenceSnapshotResource;
 use App\Models\EvidenceSnapshot;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Support\Badges\BadgeCatalog;
 use App\Support\Badges\BadgeDomain;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Ui\ActionSurface\ActionSurfaceDeclaration;
 use App\Support\Ui\ActionSurface\Enums\ActionSurfaceInspectAffordance;
 use App\Support\Ui\ActionSurface\Enums\ActionSurfaceProfile;
@@ -398,13 +398,13 @@ private function latestAccessibleSnapshots(): Collection
      */
     private function currentReviewTenantIds(Collection $snapshots): array
     {
-        return TenantReview::query()
+        return EnvironmentReview::query()
             ->where('workspace_id', $this->workspaceId())
             ->whereIn('managed_environment_id', $snapshots->pluck('managed_environment_id')->map(static fn (mixed $tenantId): int => (int) $tenantId)->all())
             ->whereIn('status', [
-                TenantReviewStatus::Draft->value,
-                TenantReviewStatus::Ready->value,
-                TenantReviewStatus::Published->value,
+                EnvironmentReviewStatus::Draft->value,
+                EnvironmentReviewStatus::Ready->value,
+                EnvironmentReviewStatus::Published->value,
             ])
             ->pluck('managed_environment_id')
             ->mapWithKeys(static fn (mixed $tenantId): array => [(int) $tenantId => true])
diff --git a/apps/platform/app/Filament/Pages/NoAccess.php b/apps/platform/app/Filament/Pages/NoAccess.php
index 09389ff9..c69b1f81 100644
--- a/apps/platform/app/Filament/Pages/NoAccess.php
+++ b/apps/platform/app/Filament/Pages/NoAccess.php
@@ -93,6 +93,6 @@ public function createWorkspace(array $data): void
             ->success()
             ->send();
 
-        $this->redirect(ChooseTenant::getUrl());
+        $this->redirect(ChooseEnvironment::getUrl());
     }
 }
diff --git a/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php b/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php
index 5b178df6..2ea649e7 100644
--- a/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php
+++ b/apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php
@@ -4,16 +4,16 @@
 
 namespace App\Filament\Pages\Reviews;
 
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\EvidenceSnapshot;
 use App\Models\FindingException;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Services\Audit\WorkspaceAuditLogger;
-use App\Services\TenantReviews\TenantReviewRegisterService;
+use App\Services\EnvironmentReviews\EnvironmentReviewRegisterService;
 use App\Support\Audit\AuditActionId;
 use App\Support\Auth\Capabilities;
 use App\Support\Findings\FindingOutcomeSemantics;
@@ -21,7 +21,7 @@
 use App\Support\Governance\Controls\ComplianceEvidenceMappingV1;
 use App\Support\Navigation\CanonicalNavigationContext;
 use App\Support\ReviewPackStatus;
-use App\Support\TenantReviewCompletenessState;
+use App\Support\EnvironmentReviewCompletenessState;
 use App\Support\Ui\ActionSurface\ActionSurfaceDeclaration;
 use App\Support\Ui\ActionSurface\Enums\ActionSurfaceInspectAffordance;
 use App\Support\Ui\ActionSurface\Enums\ActionSurfaceProfile;
@@ -236,7 +236,7 @@ public function authorizedTenants(): array
             return $this->authorizedTenants = [];
         }
 
-        return $this->authorizedTenants = app(TenantReviewRegisterService::class)->authorizedTenants($user, $workspace);
+        return $this->authorizedTenants = app(EnvironmentReviewRegisterService::class)->authorizedTenants($user, $workspace);
     }
 
     private function authorizePageAccess(): void
@@ -252,7 +252,7 @@ private function authorizePageAccess(): void
             throw new NotFoundHttpException;
         }
 
-        $service = app(TenantReviewRegisterService::class);
+        $service = app(EnvironmentReviewRegisterService::class);
 
         if (! $service->canAccessWorkspace($user, $workspace)) {
             throw new NotFoundHttpException;
@@ -300,7 +300,7 @@ private function workspaceQuery(): Builder
             return ManagedEnvironment::query()->whereRaw('1 = 0');
         }
 
-        return app(TenantReviewRegisterService::class)->customerWorkspaceTenantQuery($user, $workspace);
+        return app(EnvironmentReviewRegisterService::class)->customerWorkspaceTenantQuery($user, $workspace);
     }
 
     /**
@@ -377,18 +377,18 @@ private function workspace(): ?Workspace
             : null;
     }
 
-    private function latestPublishedReview(ManagedEnvironment $tenant): ?TenantReview
+    private function latestPublishedReview(ManagedEnvironment $tenant): ?EnvironmentReview
     {
-        $review = $tenant->tenantReviews->first();
+        $review = $tenant->environmentReviews->first();
 
-        return $review instanceof TenantReview ? $review : null;
+        return $review instanceof EnvironmentReview ? $review : null;
     }
 
     private function latestReviewUrl(ManagedEnvironment $tenant): ?string
     {
         $review = $this->latestPublishedReview($tenant);
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return null;
         }
 
@@ -404,7 +404,7 @@ private function latestReviewUrl(ManagedEnvironment $tenant): ?string
             static fn (mixed $value): bool => $value !== null && $value !== '',
         );
 
-        return $this->appendQuery(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant), $query);
+        return $this->appendQuery(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant), $query);
     }
 
     private function latestPublishedAt(ManagedEnvironment $tenant): ?\Illuminate\Support\Carbon
@@ -416,8 +416,8 @@ private function reviewTruth(ManagedEnvironment $tenant): ?ArtifactTruthEnvelope
     {
         $review = $this->latestPublishedReview($tenant);
 
-        return $review instanceof TenantReview
-            ? app(ArtifactTruthPresenter::class)->forTenantReview($review)
+        return $review instanceof EnvironmentReview
+            ? app(ArtifactTruthPresenter::class)->forEnvironmentReview($review)
             : null;
     }
 
@@ -427,7 +427,7 @@ private function reviewOutcome(ManagedEnvironment $tenant): ?CompressedGovernanc
         $review = $this->latestPublishedReview($tenant);
         $truth = $this->reviewTruth($tenant);
 
-        if (! $review instanceof TenantReview || ! $truth instanceof ArtifactTruthEnvelope) {
+        if (! $review instanceof EnvironmentReview || ! $truth instanceof ArtifactTruthEnvelope) {
             return null;
         }
 
@@ -439,7 +439,7 @@ private function latestReviewStateLabel(ManagedEnvironment $tenant): string
     {
         $review = $this->latestPublishedReview($tenant);
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return __('localization.review.no_published_review');
         }
 
@@ -452,7 +452,7 @@ private function latestReviewStateColor(ManagedEnvironment $tenant): string
     {
         $review = $this->latestPublishedReview($tenant);
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return 'gray';
         }
 
@@ -481,7 +481,7 @@ private function reviewOutcomeDescription(ManagedEnvironment $tenant): ?string
     {
         $review = $this->latestPublishedReview($tenant);
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return __('localization.review.no_published_review_available');
         }
 
@@ -524,7 +524,7 @@ private function governancePackageSummary(ManagedEnvironment $tenant): array
     {
         $review = $this->latestPublishedReview($tenant);
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return [];
         }
 
@@ -541,7 +541,7 @@ private function governancePackageAvailability(ManagedEnvironment $tenant): arra
     {
         $review = $this->latestPublishedReview($tenant);
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return [
                 'state' => 'unavailable',
                 'label' => __('localization.review.governance_package_unavailable'),
@@ -553,8 +553,8 @@ private function governancePackageAvailability(ManagedEnvironment $tenant): arra
         $user = auth()->user();
         $limitations = is_array($review->controlInterpretation()['limitations'] ?? null) ? $review->controlInterpretation()['limitations'] : [];
         $isPartialReview = in_array((string) $review->completeness_state, [
-            TenantReviewCompletenessState::Partial->value,
-            TenantReviewCompletenessState::Stale->value,
+            EnvironmentReviewCompletenessState::Partial->value,
+            EnvironmentReviewCompletenessState::Stale->value,
         ], true) || $limitations !== [];
 
         if (! $pack instanceof ReviewPack) {
@@ -652,7 +652,7 @@ private function controlReadinessDescription(ManagedEnvironment $tenant): string
     {
         $review = $this->latestPublishedReview($tenant);
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return __('localization.review.no_published_review_available');
         }
 
@@ -720,7 +720,7 @@ private function workspaceReviewNeedsAttention(ManagedEnvironment $tenant): bool
     {
         $review = $this->latestPublishedReview($tenant);
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return true;
         }
 
@@ -739,7 +739,7 @@ private function evidenceStatusState(ManagedEnvironment $tenant): string
     {
         $review = $this->latestPublishedReview($tenant);
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return 'pending';
         }
 
@@ -802,7 +802,7 @@ private function primaryControlSummary(ManagedEnvironment $tenant): ?array
     {
         $review = $this->latestPublishedReview($tenant);
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return null;
         }
 
@@ -818,7 +818,7 @@ private function primaryControlSummary(ManagedEnvironment $tenant): ?array
             ->first();
     }
 
-    private function controlLimitationSummary(TenantReview $review): ?string
+    private function controlLimitationSummary(EnvironmentReview $review): ?string
     {
         $counts = $review->controlInterpretationLimitationCounts();
 
@@ -842,7 +842,7 @@ private function findingSummary(ManagedEnvironment $tenant): string
     {
         $review = $this->latestPublishedReview($tenant);
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return __('localization.review.no_published_review_available');
         }
 
@@ -869,7 +869,7 @@ private function acceptedRiskSummary(ManagedEnvironment $tenant): string
     {
         $review = $this->latestPublishedReview($tenant);
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return __('localization.review.no_published_review_available');
         }
 
@@ -897,7 +897,7 @@ private function evidenceProofAvailability(ManagedEnvironment $tenant): string
     {
         $review = $this->latestPublishedReview($tenant);
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return __('localization.review.no_published_review_available');
         }
 
@@ -941,10 +941,10 @@ private function visibleInterpretationVersions(): array
             return [];
         }
 
-        return app(TenantReviewRegisterService::class)
+        return app(EnvironmentReviewRegisterService::class)
             ->latestPublishedQuery($user, $workspace)
             ->get()
-            ->map(static fn (TenantReview $review): ?string => $review->controlInterpretationVersion())
+            ->map(static fn (EnvironmentReview $review): ?string => $review->controlInterpretationVersion())
             ->filter()
             ->unique()
             ->values()
@@ -965,7 +965,7 @@ private function currentTenantFilterInterpretationVersion(): ?string
             return null;
         }
 
-        return $tenant->tenantReviews()->published()
+        return $tenant->environmentReviews()->published()
             ->latest('published_at')
             ->latest('generated_at')
             ->latest('id')
diff --git a/apps/platform/app/Filament/Pages/Reviews/ReviewRegister.php b/apps/platform/app/Filament/Pages/Reviews/ReviewRegister.php
index cc86abf2..6aac6e0d 100644
--- a/apps/platform/app/Filament/Pages/Reviews/ReviewRegister.php
+++ b/apps/platform/app/Filament/Pages/Reviews/ReviewRegister.php
@@ -4,13 +4,13 @@
 
 namespace App\Filament\Pages\Reviews;
 
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Services\ReviewPackService;
-use App\Services\TenantReviews\TenantReviewRegisterService;
+use App\Services\EnvironmentReviews\EnvironmentReviewRegisterService;
 use App\Support\Auth\Capabilities;
 use App\Support\Badges\BadgeCatalog;
 use App\Support\Badges\BadgeDomain;
@@ -19,7 +19,7 @@
 use App\Support\Filament\CanonicalAdminTenantFilterState;
 use App\Support\Filament\FilterPresets;
 use App\Support\Filament\TablePaginationProfiles;
-use App\Support\TenantReviewCompletenessState;
+use App\Support\EnvironmentReviewCompletenessState;
 use App\Support\Ui\ActionSurface\ActionSurfaceDeclaration;
 use App\Support\Ui\ActionSurface\Enums\ActionSurfaceInspectAffordance;
 use App\Support\Ui\ActionSurface\Enums\ActionSurfaceProfile;
@@ -112,15 +112,15 @@ public function table(Table $table): Table
             ->persistFiltersInSession()
             ->persistSearchInSession()
             ->persistSortInSession()
-            ->recordUrl(fn (TenantReview $record): string => TenantReviewResource::tenantScopedUrl('view', ['record' => $record], $record->tenant))
+            ->recordUrl(fn (EnvironmentReview $record): string => EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $record], $record->tenant))
             ->columns([
                 TextColumn::make('tenant.name')->label('ManagedEnvironment')->searchable(),
                 TextColumn::make('status')
                     ->badge()
-                    ->formatStateUsing(BadgeRenderer::label(BadgeDomain::TenantReviewStatus))
-                    ->color(BadgeRenderer::color(BadgeDomain::TenantReviewStatus))
-                    ->icon(BadgeRenderer::icon(BadgeDomain::TenantReviewStatus))
-                    ->iconColor(BadgeRenderer::iconColor(BadgeDomain::TenantReviewStatus)),
+                    ->formatStateUsing(BadgeRenderer::label(BadgeDomain::EnvironmentReviewStatus))
+                    ->color(BadgeRenderer::color(BadgeDomain::EnvironmentReviewStatus))
+                    ->icon(BadgeRenderer::icon(BadgeDomain::EnvironmentReviewStatus))
+                    ->iconColor(BadgeRenderer::iconColor(BadgeDomain::EnvironmentReviewStatus)),
                 TextColumn::make('outcome')
                     ->label('Outcome')
                     ->badge()
@@ -154,7 +154,7 @@ public function table(Table $table): Table
                     ]),
                 SelectFilter::make('completeness_state')
                     ->label('Completeness')
-                    ->options(BadgeCatalog::options(BadgeDomain::TenantReviewCompleteness, TenantReviewCompletenessState::values())),
+                    ->options(BadgeCatalog::options(BadgeDomain::EnvironmentReviewCompleteness, EnvironmentReviewCompletenessState::values())),
                 SelectFilter::make('published_state')
                     ->label('Published state')
                     ->options([
@@ -174,11 +174,11 @@ public function table(Table $table): Table
                 Action::make('export_executive_pack')
                     ->label('Export executive pack')
                     ->icon('heroicon-o-arrow-down-tray')
-                    ->visible(fn (TenantReview $record): bool => auth()->user() instanceof User
-                        && auth()->user()->can(Capabilities::TENANT_REVIEW_MANAGE, $record->tenant)
+                    ->visible(fn (EnvironmentReview $record): bool => auth()->user() instanceof User
+                        && auth()->user()->can(Capabilities::ENVIRONMENT_REVIEW_MANAGE, $record->tenant)
                         && in_array($record->status, ['ready', 'published'], true))
-                    ->disabled(fn (TenantReview $record): bool => (bool) (app(ReviewPackService::class)->reviewPackGenerationDecisionForTenant($record->tenant)['is_blocked'] ?? false))
-                    ->tooltip(function (TenantReview $record): ?string {
+                    ->disabled(fn (EnvironmentReview $record): bool => (bool) (app(ReviewPackService::class)->reviewPackGenerationDecisionForTenant($record->tenant)['is_blocked'] ?? false))
+                    ->tooltip(function (EnvironmentReview $record): ?string {
                         $decision = app(ReviewPackService::class)->reviewPackGenerationDecisionForTenant($record->tenant);
 
                         if ((bool) ($decision['is_blocked'] ?? false)) {
@@ -195,7 +195,7 @@ public function table(Table $table): Table
 
                         return null;
                     })
-                    ->action(fn (TenantReview $record): mixed => TenantReviewResource::executeExport($record)),
+                    ->action(fn (EnvironmentReview $record): mixed => EnvironmentReviewResource::executeExport($record)),
             ])
             ->bulkActions([])
             ->emptyStateHeading('No review records match this view')
@@ -225,7 +225,7 @@ public function authorizedTenants(): array
             return $this->authorizedTenants = [];
         }
 
-        return $this->authorizedTenants = app(TenantReviewRegisterService::class)->authorizedTenants($user, $workspace);
+        return $this->authorizedTenants = app(EnvironmentReviewRegisterService::class)->authorizedTenants($user, $workspace);
     }
 
     private function authorizePageAccess(): void
@@ -241,7 +241,7 @@ private function authorizePageAccess(): void
             throw new NotFoundHttpException;
         }
 
-        $service = app(TenantReviewRegisterService::class);
+        $service = app(EnvironmentReviewRegisterService::class);
 
         if (! $service->canAccessWorkspace($user, $workspace)) {
             throw new NotFoundHttpException;
@@ -258,10 +258,10 @@ private function registerQuery(): Builder
         $workspace = $this->workspace();
 
         if (! $user instanceof User || ! $workspace instanceof Workspace) {
-            return TenantReview::query()->whereRaw('1 = 0');
+            return EnvironmentReview::query()->whereRaw('1 = 0');
         }
 
-        return app(TenantReviewRegisterService::class)->query($user, $workspace);
+        return app(EnvironmentReviewRegisterService::class)->query($user, $workspace);
     }
 
     /**
@@ -341,36 +341,36 @@ private function workspace(): ?Workspace
             : null;
     }
 
-    private function reviewTruth(TenantReview $record, bool $fresh = false): ArtifactTruthEnvelope
+    private function reviewTruth(EnvironmentReview $record, bool $fresh = false): ArtifactTruthEnvelope
     {
         $presenter = app(ArtifactTruthPresenter::class);
 
         return $fresh
-            ? $presenter->forTenantReviewFresh($record)
-            : $presenter->forTenantReview($record);
+            ? $presenter->forEnvironmentReviewFresh($record)
+            : $presenter->forEnvironmentReview($record);
     }
 
-    private function reviewOutcomeLabel(TenantReview $record): string
+    private function reviewOutcomeLabel(EnvironmentReview $record): string
     {
         return $this->reviewOutcome($record)->primaryLabel;
     }
 
-    private function reviewOutcomeBadgeColor(TenantReview $record): string
+    private function reviewOutcomeBadgeColor(EnvironmentReview $record): string
     {
         return $this->reviewOutcome($record)->primaryBadge->color;
     }
 
-    private function reviewOutcomeBadgeIcon(TenantReview $record): ?string
+    private function reviewOutcomeBadgeIcon(EnvironmentReview $record): ?string
     {
         return $this->reviewOutcome($record)->primaryBadge->icon;
     }
 
-    private function reviewOutcomeBadgeIconColor(TenantReview $record): ?string
+    private function reviewOutcomeBadgeIconColor(EnvironmentReview $record): ?string
     {
         return $this->reviewOutcome($record)->primaryBadge->iconColor;
     }
 
-    private function reviewOutcomeDescription(TenantReview $record): ?string
+    private function reviewOutcomeDescription(EnvironmentReview $record): ?string
     {
         $primaryReason = $this->reviewOutcome($record)->primaryReason;
         $findingOutcomeSummary = $this->findingOutcomeSummary($record);
@@ -382,12 +382,12 @@ private function reviewOutcomeDescription(TenantReview $record): ?string
         return trim($primaryReason.' Terminal outcomes: '.$findingOutcomeSummary.'.');
     }
 
-    private function reviewOutcomeNextStep(TenantReview $record): string
+    private function reviewOutcomeNextStep(EnvironmentReview $record): string
     {
         return $this->reviewOutcome($record)->nextActionText;
     }
 
-    private function reviewOutcome(TenantReview $record, bool $fresh = false): CompressedGovernanceOutcome
+    private function reviewOutcome(EnvironmentReview $record, bool $fresh = false): CompressedGovernanceOutcome
     {
         $presenter = app(ArtifactTruthPresenter::class);
         $truth = $fresh
@@ -401,7 +401,7 @@ private function reviewOutcome(TenantReview $record, bool $fresh = false): Compr
             );
     }
 
-    private function findingOutcomeSummary(TenantReview $record): ?string
+    private function findingOutcomeSummary(EnvironmentReview $record): ?string
     {
         $summary = is_array($record->summary) ? $record->summary : [];
         $outcomeCounts = $summary['finding_outcomes'] ?? [];
diff --git a/apps/platform/app/Filament/Pages/Tenancy/RegisterTenant.php b/apps/platform/app/Filament/Pages/Tenancy/RegisterTenant.php
index 7ba646d5..fb9b8259 100644
--- a/apps/platform/app/Filament/Pages/Tenancy/RegisterTenant.php
+++ b/apps/platform/app/Filament/Pages/Tenancy/RegisterTenant.php
@@ -6,7 +6,7 @@
 use App\Models\User;
 use App\Models\WorkspaceMembership;
 use App\Services\Auth\ManagedEnvironmentAccessScopeResolver;
-use App\Services\Auth\TenantMembershipManager;
+use App\Services\Auth\ManagedEnvironmentMembershipManager;
 use App\Support\Workspaces\WorkspaceContext;
 use Filament\Forms;
 use Filament\Pages\Tenancy\RegisterTenant as BaseRegisterTenant;
@@ -105,7 +105,7 @@ protected function handleRegistration(array $data): Model
                 ->allowedManagedEnvironmentIdsForWorkspace($user, $workspaceId);
 
             if (is_array($explicitScopes)) {
-                app(TenantMembershipManager::class)->grantScope(
+                app(ManagedEnvironmentMembershipManager::class)->grantScope(
                     tenant: $tenant,
                     actor: $user,
                     member: $user,
diff --git a/apps/platform/app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php b/apps/platform/app/Filament/Pages/Workspaces/ManagedEnvironmentOnboardingWizard.php
similarity index 91%
rename from apps/platform/app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php
rename to apps/platform/app/Filament/Pages/Workspaces/ManagedEnvironmentOnboardingWizard.php
index 63bd8558..680e4c35 100644
--- a/apps/platform/app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php
+++ b/apps/platform/app/Filament/Pages/Workspaces/ManagedEnvironmentOnboardingWizard.php
@@ -7,7 +7,7 @@
 use BackedEnum;
 use App\Exceptions\Onboarding\OnboardingDraftConflictException;
 use App\Exceptions\Onboarding\OnboardingDraftImmutableException;
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Filament\Support\VerificationReportChangeIndicator;
 use App\Filament\Support\VerificationReportViewer;
 use App\Jobs\ProviderComplianceSnapshotJob;
@@ -16,14 +16,14 @@
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\VerificationCheckAcknowledgement;
 use App\Models\Workspace;
 use App\Services\Audit\WorkspaceAuditLogger;
-use App\Services\Auth\TenantMembershipManager;
+use App\Services\Auth\ManagedEnvironmentMembershipManager;
 use App\Services\Intune\AuditLogger;
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 use App\Services\Onboarding\OnboardingDraftMutationService;
 use App\Services\Onboarding\OnboardingDraftResolver;
 use App\Services\Onboarding\OnboardingDraftStageResolver;
@@ -102,7 +102,7 @@
 use RuntimeException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
-class ManagedTenantOnboardingWizard extends Page
+class ManagedEnvironmentOnboardingWizard extends Page
 {
     use AuthorizesRequests;
 
@@ -114,7 +114,7 @@ class ManagedTenantOnboardingWizard extends Page
 
     protected static bool $isDiscovered = false;
 
-    protected static ?string $title = 'Managed tenant onboarding';
+    protected static ?string $title = 'Managed environment onboarding';
 
     protected static ?string $slug = 'onboarding';
 
@@ -132,12 +132,12 @@ protected function getLayoutData(): array
 
     public Workspace $workspace;
 
-    public ?ManagedEnvironment $managedTenant = null;
+    public ?ManagedEnvironment $managedEnvironment = null;
 
     #[Locked]
-    public ?int $managedTenantId = null;
+    public ?int $managedEnvironmentId = null;
 
-    public ?TenantOnboardingSession $onboardingSession = null;
+    public ?ManagedEnvironmentOnboardingSession $onboardingSession = null;
 
     #[Locked]
     public ?int $onboardingSessionId = null;
@@ -169,7 +169,7 @@ protected function getHeaderActions(): array
     {
         $actions = [];
         $draft = $this->currentOnboardingSessionRecord();
-        $tenant = $this->currentManagedTenantRecord();
+        $tenant = $this->currentManagedEnvironmentRecord();
 
         if (isset($this->workspace)) {
             $actions[] = Action::make('back_to_workspace')
@@ -185,9 +185,9 @@ protected function getHeaderActions(): array
                 ->url(route('admin.onboarding'));
         }
 
-        if ($this->canViewLinkedTenant()) {
-            $actions[] = Action::make('view_linked_tenant')
-                ->label($this->linkedTenantActionLabel())
+        if ($this->canViewLinkedEnvironment()) {
+            $actions[] = Action::make('view_linked_environment')
+                ->label($this->linkedEnvironmentActionLabel())
                 ->color('gray')
                 ->url($tenant instanceof ManagedEnvironment ? ManagedEnvironmentLinks::viewUrl($tenant) : null);
         }
@@ -199,7 +199,7 @@ protected function getHeaderActions(): array
                 ->requiresConfirmation()
                 ->modalHeading('Cancel onboarding draft')
                 ->modalDescription('This draft will become non-resumable. Confirm only if you intend to stop this onboarding flow.')
-                ->visible(fn (): bool => $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CANCEL))
+                ->visible(fn (): bool => $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CANCEL))
                 ->action(fn () => $this->cancelOnboardingDraft());
         }
 
@@ -209,19 +209,19 @@ protected function getHeaderActions(): array
                 ->color('danger')
                 ->requiresConfirmation()
                 ->modalHeading('Delete onboarding draft')
-                ->modalDescription('This permanently deletes the onboarding draft record. The linked tenant record, if any, is not deleted.')
+                ->modalDescription('This permanently deletes the onboarding draft record. The linked environment record, if any, is not deleted.')
                 ->modalSubmitActionLabel('Delete draft')
-                ->visible(fn (): bool => $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CANCEL))
+                ->visible(fn (): bool => $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CANCEL))
                 ->action(fn () => $this->deleteOnboardingDraft());
         }
 
         return $actions;
     }
 
-    private function canViewLinkedTenant(): bool
+    private function canViewLinkedEnvironment(): bool
     {
         $user = auth()->user();
-        $tenant = $this->currentManagedTenantRecord();
+        $tenant = $this->currentManagedEnvironmentRecord();
 
         if (! $user instanceof User || ! $tenant instanceof ManagedEnvironment) {
             return false;
@@ -240,21 +240,21 @@ private function canViewLinkedTenant(): bool
         )->allowed;
     }
 
-    private function linkedTenantActionLabel(): string
+    private function linkedEnvironmentActionLabel(): string
     {
-        $tenant = $this->currentManagedTenantRecord();
+        $tenant = $this->currentManagedEnvironmentRecord();
 
         if (! $tenant instanceof ManagedEnvironment) {
-            return 'View tenant';
+            return 'View environment';
         }
 
         return sprintf(
-            'View tenant (%s)',
+            'View environment (%s)',
             TenantLifecyclePresentation::fromTenant($tenant)->label,
         );
     }
 
-    public function mount(TenantOnboardingSession|int|string|null $onboardingDraft = null): void
+    public function mount(ManagedEnvironmentOnboardingSession|int|string|null $onboardingDraft = null): void
     {
         $user = auth()->user();
 
@@ -286,7 +286,7 @@ public function mount(TenantOnboardingSession|int|string|null $onboardingDraft =
 
         $this->workspace = $workspace;
 
-        $this->authorize('viewAny', TenantOnboardingSession::class);
+        $this->authorize('viewAny', ManagedEnvironmentOnboardingSession::class);
 
         if ($onboardingDraft !== null) {
             $this->loadOnboardingDraft($user, $onboardingDraft);
@@ -316,18 +316,18 @@ public function content(Schema $schema): Schema
         return $schema
             ->statePath('data')
             ->schema([
-                SchemaView::make('filament.schemas.components.managed-tenant-onboarding-checkpoint-poll')
+                SchemaView::make('filament.schemas.components.managed-environment-onboarding-checkpoint-poll')
                     ->visible(fn (): bool => $this->shouldPollCheckpointLifecycle()),
                 ...$this->resumeContextSchema(),
                 ...$this->routeBoundReadinessSchema(),
                 Wizard::make([
-                    Step::make('Identify managed tenant')
-                        ->description('Create or resume a managed tenant in this workspace.')
+                    Step::make('Identify managed environment')
+                        ->description('Create or resume a managed environment in this workspace.')
                         ->schema([
-                            Section::make('ManagedEnvironment')
+                            Section::make('Managed environment')
                                 ->schema([
                                     TextInput::make('entra_tenant_id')
-                                        ->label('ManagedEnvironment ID (GUID)')
+                                        ->label('Entra tenant ID (GUID)')
                                         ->required()
                                         ->placeholder('xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx')
                                         ->rules(['uuid'])
@@ -358,22 +358,22 @@ public function content(Schema $schema): Schema
                         ->afterValidation(function (): void {
                             $entraTenantId = (string) ($this->data['entra_tenant_id'] ?? '');
                             $environment = (string) ($this->data['environment'] ?? 'other');
-                            $tenantName = (string) ($this->data['name'] ?? '');
+                            $environmentName = (string) ($this->data['name'] ?? '');
                             $primaryDomain = (string) ($this->data['primary_domain'] ?? '');
                             $notes = (string) ($this->data['notes'] ?? '');
 
                             try {
-                                $this->identifyManagedTenant([
+                                $this->identifyManagedEnvironment([
                                     'entra_tenant_id' => $entraTenantId,
                                     'environment' => $environment,
-                                    'name' => $tenantName,
+                                    'name' => $environmentName,
                                     'primary_domain' => $primaryDomain,
                                     'notes' => $notes,
                                 ]);
                             } catch (NotFoundHttpException) {
                                 Notification::make()
                                     ->title('ManagedEnvironment not available')
-                                    ->body('This tenant cannot be onboarded in this workspace.')
+                                    ->body('This environment cannot be onboarded in this workspace.')
                                     ->danger()
                                     ->send();
 
@@ -414,8 +414,8 @@ public function content(Schema $schema): Schema
                                                 ->closeModalByClickingAway(false)
                                                 ->visible(fn (Get $get): bool => $get('connection_mode') === 'existing'
                                                     && is_numeric($get('provider_connection_id')))
-                                                ->disabled(fn (): bool => ! $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE))
-                                                ->tooltip(fn (): ?string => $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE)
+                                                ->disabled(fn (): bool => ! $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE))
+                                                ->tooltip(fn (): ?string => $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE)
                                                     ? null
                                                     : 'You don\'t have permission to edit connections.')
                                                 ->fillForm(function (Get $get): array {
@@ -474,7 +474,7 @@ public function content(Schema $schema): Schema
                                         ->visible(fn (Get $get): bool => $get('connection_mode') === 'new'),
                                     TextInput::make('new_connection.target_scope_id')
                                         ->label('Target scope ID')
-                                        ->default(fn (): string => $this->currentManagedTenantRecord()?->managed_environment_id ?? '')
+                                        ->default(fn (): string => $this->currentManagedEnvironmentRecord()?->managed_environment_id ?? '')
                                         ->disabled()
                                         ->dehydrated(false)
                                         ->visible(fn (Get $get): bool => $get('connection_mode') === 'new')
@@ -517,7 +517,7 @@ public function content(Schema $schema): Schema
                                 ]),
                         ])
                         ->afterValidation(function (): void {
-                            if (! $this->managedTenant instanceof ManagedEnvironment) {
+                            if (! $this->managedEnvironment instanceof ManagedEnvironment) {
                                 throw new Halt;
                             }
 
@@ -566,9 +566,9 @@ public function content(Schema $schema): Schema
                                     SchemaActions::make([
                                         Action::make('wizardStartVerification')
                                             ->label('Start verification')
-                                            ->visible(fn (): bool => $this->managedTenant instanceof ManagedEnvironment && ! $this->verificationRunIsActive())
-                                            ->disabled(fn (): bool => ! $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_VERIFICATION_START))
-                                            ->tooltip(fn (): ?string => $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_VERIFICATION_START)
+                                            ->visible(fn (): bool => $this->managedEnvironment instanceof ManagedEnvironment && ! $this->verificationRunIsActive())
+                                            ->disabled(fn (): bool => ! $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_VERIFICATION_START))
+                                            ->tooltip(fn (): ?string => $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_VERIFICATION_START)
                                                 ? null
                                                 : 'You do not have permission to start verification.')
                                             ->action(fn () => $this->startVerification()),
@@ -580,9 +580,9 @@ public function content(Schema $schema): Schema
                                     ViewField::make('verification_report')
                                         ->label('')
                                         ->default(null)
-                                        ->view('filament.forms.components.managed-tenant-onboarding-verification-report')
+                                        ->view('filament.forms.components.managed-environment-onboarding-verification-report')
                                         ->viewData(fn (): array => $this->verificationReportViewData())
-                                        ->visible(fn (): bool => $this->managedTenant instanceof ManagedEnvironment),
+                                        ->visible(fn (): bool => $this->managedEnvironment instanceof ManagedEnvironment),
                                 ]),
                         ])
                         ->beforeValidation(function (): void {
@@ -611,7 +611,7 @@ public function content(Schema $schema): Schema
                                     SchemaActions::make([
                                         Action::make('wizardStartBootstrap')
                                             ->label('Start bootstrap')
-                                            ->visible(fn (): bool => $this->managedTenant instanceof ManagedEnvironment)
+                                            ->visible(fn (): bool => $this->managedEnvironment instanceof ManagedEnvironment)
                                             ->disabled(fn (): bool => ! $this->canStartAnyBootstrap())
                                             ->tooltip(fn (): ?string => $this->canStartAnyBootstrap()
                                                 ? null
@@ -636,18 +636,18 @@ public function content(Schema $schema): Schema
                         }),
 
                     Step::make('Complete')
-                        ->description('Review configuration and complete onboarding for this tenant.')
+                        ->description('Review configuration and complete onboarding for this environment.')
                         ->schema([
                             Section::make('Review & Complete onboarding')
-                                ->description('Review the onboarding summary before completing onboarding for this tenant.')
+                                ->description('Review the onboarding summary before completing onboarding for this environment.')
                                 ->schema([
                                     Section::make('Onboarding summary')
                                         ->compact()
                                         ->columns(2)
                                         ->schema([
-                                            Text::make('ManagedEnvironment')
+                                            Text::make('Managed environment')
                                                 ->color('gray'),
-                                            Text::make(fn (): string => $this->completionSummaryTenantLine())
+                                            Text::make(fn (): string => $this->completionSummaryEnvironmentLine())
                                                 ->weight(FontWeight::SemiBold),
                                             Text::make('Provider connection')
                                                 ->color('gray'),
@@ -691,7 +691,7 @@ public function content(Schema $schema): Schema
                                         ->label('Override blocked verification')
                                         ->helperText('Owner-only. Requires a reason and will be recorded in the audit log.')
                                         ->visible(fn (): bool => $this->verificationStatus() === 'blocked'
-                                            && $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_ACTIVATE)),
+                                            && $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_ACTIVATE)),
                                     Textarea::make('override_reason')
                                         ->label('Override reason')
                                         ->required(fn (Get $get): bool => (bool) $get('override_blocked'))
@@ -704,12 +704,12 @@ public function content(Schema $schema): Schema
                                             ->color('success')
                                             ->requiresConfirmation()
                                             ->modalHeading('Complete onboarding')
-                                            ->modalDescription(fn (): string => $this->managedTenant instanceof ManagedEnvironment
-                                                ? sprintf('Are you sure you want to complete onboarding for "%s"? This will make the tenant operational.', $this->managedTenant->name)
-                                                : 'Are you sure you want to complete onboarding for this tenant?')
+                                            ->modalDescription(fn (): string => $this->managedEnvironment instanceof ManagedEnvironment
+                                                ? sprintf('Are you sure you want to complete onboarding for "%s"? This will make the environment operational.', $this->managedEnvironment->name)
+                                                : 'Are you sure you want to complete onboarding for this environment?')
                                             ->modalSubmitActionLabel('Yes, complete onboarding')
                                             ->disabled(fn (): bool => ! $this->canCompleteOnboarding()
-                                                || ! $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_ACTIVATE))
+                                                || ! $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_ACTIVATE))
                                             ->tooltip(fn (): ?string => $this->completionActionTooltip())
                                             ->action(fn () => $this->completeOnboarding()),
                                     ]),
@@ -733,7 +733,7 @@ private function resolveLandingState(User $user): bool
         if ($drafts->count() === 1) {
             $draft = $drafts->first();
 
-            if ($draft instanceof TenantOnboardingSession) {
+            if ($draft instanceof ManagedEnvironmentOnboardingSession) {
                 $this->redirect(route('admin.onboarding.draft', ['onboardingDraft' => $draft]));
 
                 return true;
@@ -747,7 +747,7 @@ private function resolveLandingState(User $user): bool
         return false;
     }
 
-    private function loadOnboardingDraft(User $user, TenantOnboardingSession|int|string $onboardingDraft): void
+    private function loadOnboardingDraft(User $user, ManagedEnvironmentOnboardingSession|int|string $onboardingDraft): void
     {
         $draft = app(OnboardingDraftResolver::class)->resolve($onboardingDraft, $user, $this->workspace);
 
@@ -755,10 +755,10 @@ private function loadOnboardingDraft(User $user, TenantOnboardingSession|int|str
         $this->showStartState = false;
         $this->setOnboardingSession($draft);
 
-        $tenant = $draft->tenant;
+        $tenant = $draft->managedEnvironment;
 
         if ($tenant instanceof ManagedEnvironment && (int) $tenant->workspace_id === (int) $this->workspace->getKey()) {
-            $this->setManagedTenant($tenant);
+            $this->setManagedEnvironment($tenant);
         }
 
         $providerConnectionId = $draft->state['provider_connection_id'] ?? null;
@@ -828,8 +828,8 @@ private function normalizeBootstrapOperationType(string $operationType): string
     private function supportedBootstrapCapabilities(): array
     {
         return [
-            'inventory.sync' => Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC,
-            'compliance.snapshot' => Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_POLICY_SYNC,
+            'inventory.sync' => Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC,
+            'compliance.snapshot' => Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_POLICY_SYNC,
         ];
     }
 
@@ -844,7 +844,7 @@ private function persistBootstrapSelection(array $operationTypes): void
             abort(403);
         }
 
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             return;
         }
 
@@ -864,7 +864,7 @@ private function persistBootstrapSelection(array $operationTypes): void
                 actor: $user,
                 expectedVersion: $this->expectedDraftVersion(),
                 incrementVersion: false,
-                mutator: function (TenantOnboardingSession $draft) use ($normalized): void {
+                mutator: function (ManagedEnvironmentOnboardingSession $draft) use ($normalized): void {
                     $state = is_array($draft->state) ? $draft->state : [];
                     $state['bootstrap_operation_types'] = $normalized;
 
@@ -883,7 +883,7 @@ private function persistBootstrapSelection(array $operationTypes): void
     }
 
     /**
-     * @return Collection<int, TenantOnboardingSession>
+     * @return Collection<int, ManagedEnvironmentOnboardingSession>
      */
     private function availableDraftsFor(User $user): Collection
     {
@@ -962,7 +962,7 @@ private function resumeContextSchema(): array
     {
         $draft = $this->currentOnboardingSessionRecord();
 
-        if (! $draft instanceof TenantOnboardingSession) {
+        if (! $draft instanceof ManagedEnvironmentOnboardingSession) {
             return [];
         }
 
@@ -999,7 +999,7 @@ private function routeBoundReadinessSchema(): array
     {
         $draft = $this->currentOnboardingSessionRecord();
 
-        if (! $draft instanceof TenantOnboardingSession) {
+        if (! $draft instanceof ManagedEnvironmentOnboardingSession) {
             return [];
         }
 
@@ -1045,7 +1045,7 @@ private function routeBoundReadinessSchema(): array
     /**
      * @return array<int, \Filament\Schemas\Components\Component>
      */
-    private function draftCompactReadinessSchema(TenantOnboardingSession $draft): array
+    private function draftCompactReadinessSchema(ManagedEnvironmentOnboardingSession $draft): array
     {
         $payload = $this->onboardingReadinessPayload($draft);
 
@@ -1203,7 +1203,7 @@ private function readinessPermissionDiagnosticsSchema(array $payload, string $ke
 
     /**
      * @return array{
-     *     draft: array{id: int, tenant_name: string, stage_label: string, draft_status_label: string, started_by: string, updated_by: string, last_updated_human: string},
+     *     draft: array{id: int, environment_name: string, stage_label: string, draft_status_label: string, started_by: string, updated_by: string, last_updated_human: string},
      *     checkpoint: array{current_checkpoint: string|null, current_checkpoint_label: string|null, last_completed_checkpoint: string|null, lifecycle_state: string, lifecycle_label: string},
      *     provider_summary: array<string, mixed>|null,
     *     verification: array{status: string, status_label: string, run_id: int|null, run_url: string|null, is_active: bool, has_report: bool, matches_selected_connection: bool|null, overall: string|null},
@@ -1215,7 +1215,7 @@ private function readinessPermissionDiagnosticsSchema(array $payload, string $ke
      *     supporting_links: list<array{label: string, url: string}>
      * }
      */
-    private function onboardingReadinessPayload(TenantOnboardingSession $draft): array
+    private function onboardingReadinessPayload(ManagedEnvironmentOnboardingSession $draft): array
     {
         $snapshot = $this->lifecycleService()->snapshot($draft);
         $stage = app(OnboardingDraftStageResolver::class)->resolve($draft);
@@ -1229,7 +1229,7 @@ private function onboardingReadinessPayload(TenantOnboardingSession $draft): arr
             ? $snapshot['last_completed_checkpoint']
             : null;
 
-        $tenant = $draft->tenant instanceof ManagedEnvironment ? $draft->tenant : null;
+        $tenant = $draft->managedEnvironment instanceof ManagedEnvironment ? $draft->managedEnvironment : null;
         $providerConnection = $this->readinessProviderConnection($draft);
         $selectedProviderConnectionId = $providerConnection instanceof ProviderConnection
             ? (int) $providerConnection->getKey()
@@ -1275,7 +1275,7 @@ private function onboardingReadinessPayload(TenantOnboardingSession $draft): arr
         return [
             'draft' => [
                 'id' => (int) $draft->getKey(),
-                'tenant_name' => $this->draftTitle($draft),
+                'environment_name' => $this->draftTitle($draft),
                 'stage_label' => $stage->label(),
                 'draft_status_label' => $draft->status()->label(),
                 'started_by' => $draft->startedByUser?->name ?? 'Unknown',
@@ -1292,7 +1292,7 @@ private function onboardingReadinessPayload(TenantOnboardingSession $draft): arr
             'provider_summary' => $this->readinessProviderSummary($providerConnection),
             'verification' => [
                 'status' => $verificationStatus,
-                'status_label' => BadgeCatalog::spec(BadgeDomain::ManagedTenantOnboardingVerificationStatus, $verificationStatus)->label,
+                'status_label' => BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentOnboardingVerificationStatus, $verificationStatus)->label,
                 'run_id' => $verificationRun instanceof OperationRun ? (int) $verificationRun->getKey() : null,
                 'run_url' => $verificationRun instanceof OperationRun && $this->canInspectOperationRun($verificationRun)
                     ? OperationRunLinks::tenantlessView($verificationRun)
@@ -1440,7 +1440,7 @@ private function readinessPrimaryNextActionComponent(array $payload, string $key
             ->color($this->readinessNextActionColor($kind));
     }
 
-    private function readinessProviderConnection(TenantOnboardingSession $draft): ?ProviderConnection
+    private function readinessProviderConnection(ManagedEnvironmentOnboardingSession $draft): ?ProviderConnection
     {
         $state = is_array($draft->state) ? $draft->state : [];
         $providerConnectionId = $this->normalizeReadinessInteger(
@@ -1494,7 +1494,7 @@ private function readinessProviderSummary(?ProviderConnection $connection): ?arr
      */
     private function readinessPermissionOverview(ManagedEnvironment $tenant): array
     {
-        $viewModel = app(TenantRequiredPermissionsViewModelBuilder::class)->build($tenant, [
+        $viewModel = app(ManagedEnvironmentRequiredPermissionsViewModelBuilder::class)->build($tenant, [
             'status' => 'all',
             'type' => 'all',
             'features' => [],
@@ -1656,7 +1656,7 @@ private function readinessFreshnessNote(
      * @param  array<string, mixed>|null  $permissions
      */
     private function readinessSummaryText(
-        TenantOnboardingSession $draft,
+        ManagedEnvironmentOnboardingSession $draft,
         OnboardingLifecycleState $lifecycleState,
         ?ProviderConnection $providerConnection,
         ?OperationRun $verificationRun,
@@ -1665,7 +1665,7 @@ private function readinessSummaryText(
         bool $connectionRecentlyUpdated,
         bool $verificationMismatch,
     ): string {
-        if (! $this->readinessDraftHasTenantIdentity($draft)) {
+        if (! $this->readinessDraftHasEnvironmentIdentity($draft)) {
             return 'ManagedEnvironment identity required';
         }
 
@@ -1736,7 +1736,7 @@ private function readinessSummaryText(
      * @return array{label: string, kind: string, url: string|null, action_name: string|null, required_capability: string|null}
      */
     private function readinessNextAction(
-        TenantOnboardingSession $draft,
+        ManagedEnvironmentOnboardingSession $draft,
         OnboardingLifecycleState $lifecycleState,
         ?ProviderConnection $providerConnection,
         ?OperationRun $verificationRun,
@@ -1747,8 +1747,8 @@ private function readinessNextAction(
         bool $verificationMismatch,
         array $supportingLinks,
     ): array {
-        if (! $this->readinessDraftHasTenantIdentity($draft)) {
-            return $this->readinessAction('Identify tenant', 'start_onboarding');
+        if (! $this->readinessDraftHasEnvironmentIdentity($draft)) {
+            return $this->readinessAction('Identify environment', 'start_onboarding');
         }
 
         if (! $providerConnection instanceof ProviderConnection) {
@@ -1770,7 +1770,7 @@ private function readinessNextAction(
             return $this->readinessAction(
                 label: 'Grant admin consent',
                 kind: 'grant_consent',
-                url: $draft->tenant instanceof ManagedEnvironment ? RequiredPermissionsLinks::adminConsentPrimaryUrl($draft->tenant) : null,
+                url: $draft->managedEnvironment instanceof ManagedEnvironment ? RequiredPermissionsLinks::adminConsentPrimaryUrl($draft->managedEnvironment) : null,
             );
         }
 
@@ -1784,7 +1784,7 @@ private function readinessNextAction(
             return $this->readinessAction(
                 label: 'Grant admin consent',
                 kind: 'grant_consent',
-                url: $draft->tenant instanceof ManagedEnvironment ? RequiredPermissionsLinks::adminConsentPrimaryUrl($draft->tenant) : null,
+                url: $draft->managedEnvironment instanceof ManagedEnvironment ? RequiredPermissionsLinks::adminConsentPrimaryUrl($draft->managedEnvironment) : null,
             );
         }
 
@@ -1792,7 +1792,7 @@ private function readinessNextAction(
             return $this->readinessAction(
                 label: 'Review provider capability',
                 kind: 'review_permissions',
-                url: $draft->tenant instanceof ManagedEnvironment ? RequiredPermissionsLinks::requiredPermissions($draft->tenant) : null,
+                url: $draft->managedEnvironment instanceof ManagedEnvironment ? RequiredPermissionsLinks::requiredPermissions($draft->managedEnvironment) : null,
             );
         }
 
@@ -1801,7 +1801,7 @@ private function readinessNextAction(
                 label: 'Start verification',
                 kind: 'start_verification',
                 actionName: 'wizardStartVerification',
-                requiredCapability: Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_VERIFICATION_START,
+                requiredCapability: Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_VERIFICATION_START,
             );
         }
 
@@ -1810,7 +1810,7 @@ private function readinessNextAction(
                 label: 'Rerun verification',
                 kind: 'rerun_verification',
                 actionName: 'wizardStartVerification',
-                requiredCapability: Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_VERIFICATION_START,
+                requiredCapability: Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_VERIFICATION_START,
             );
         }
 
@@ -1831,7 +1831,7 @@ private function readinessNextAction(
                 label: 'Complete onboarding',
                 kind: 'complete_onboarding',
                 actionName: 'wizardCompleteOnboarding',
-                requiredCapability: Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_ACTIVATE,
+                requiredCapability: Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_ACTIVATE,
             );
         }
 
@@ -1860,7 +1860,7 @@ private function readinessAction(
     /**
      * @return list<array{label: string, url: string}>
      */
-    private function readinessSupportingLinks(?OperationRun $verificationRun, TenantOnboardingSession $draft, ?int $selectedProviderConnectionId): array
+    private function readinessSupportingLinks(?OperationRun $verificationRun, ManagedEnvironmentOnboardingSession $draft, ?int $selectedProviderConnectionId): array
     {
         $links = [];
 
@@ -1919,14 +1919,14 @@ private function readinessRunMatchesSelectedConnection(OperationRun $run, ?int $
         return $runProviderConnectionId !== null && $runProviderConnectionId === $selectedProviderConnectionId;
     }
 
-    private function readinessConnectionRecentlyUpdated(TenantOnboardingSession $draft): bool
+    private function readinessConnectionRecentlyUpdated(ManagedEnvironmentOnboardingSession $draft): bool
     {
         $state = is_array($draft->state) ? $draft->state : [];
 
         return (bool) ($state['connection_recently_updated'] ?? false);
     }
 
-    private function readinessDraftHasTenantIdentity(TenantOnboardingSession $draft): bool
+    private function readinessDraftHasEnvironmentIdentity(ManagedEnvironmentOnboardingSession $draft): bool
     {
         if ($draft->managed_environment_id !== null) {
             return true;
@@ -1964,7 +1964,7 @@ private function nonResumableSummarySchema(): array
     {
         $draft = $this->currentOnboardingSessionRecord();
 
-        if (! $draft instanceof TenantOnboardingSession) {
+        if (! $draft instanceof ManagedEnvironmentOnboardingSession) {
             return [];
         }
 
@@ -2008,7 +2008,7 @@ private function nonResumableSummarySchema(): array
                     ->color('danger')
                     ->requiresConfirmation()
                     ->modalHeading('Delete onboarding draft')
-                    ->modalDescription('This permanently deletes the onboarding draft record. The linked tenant record, if any, is not deleted.')
+                    ->modalDescription('This permanently deletes the onboarding draft record. The linked environment record, if any, is not deleted.')
                     ->modalSubmitActionLabel('Delete draft')
                     ->visible(fn (): bool => $this->canDeleteDraft($this->currentOnboardingSessionRecord() ?? $draft))
                     ->action(fn () => $this->deleteOnboardingDraft()),
@@ -2020,7 +2020,7 @@ private function startNewOnboardingDraft(): void
     {
         $this->showDraftPicker = false;
         $this->showStartState = true;
-        $this->setManagedTenant(null);
+        $this->setManagedEnvironment(null);
         $this->setOnboardingSession(null);
         $this->selectedProviderConnectionId = null;
         $this->selectedBootstrapOperationTypes = [];
@@ -2042,7 +2042,7 @@ private function resumeOnboardingDraft(int $draftId, bool $logSelection): void
         if ($logSelection) {
             app(WorkspaceAuditLogger::class)->log(
                 workspace: $this->workspace,
-                action: AuditActionId::ManagedTenantOnboardingDraftSelected->value,
+                action: AuditActionId::ManagedEnvironmentOnboardingDraftSelected->value,
                 context: [
                     'metadata' => [
                         'workspace_id' => (int) $this->workspace->getKey(),
@@ -2052,7 +2052,7 @@ private function resumeOnboardingDraft(int $draftId, bool $logSelection): void
                 ],
                 actor: $user,
                 status: 'success',
-                resourceType: 'managed_tenant_onboarding_session',
+                resourceType: 'managed_environment_onboarding_session',
                 resourceId: (string) $draft->getKey(),
             );
         }
@@ -2068,7 +2068,7 @@ private function cancelOnboardingDraft(): void
             abort(403);
         }
 
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             abort(404);
         }
 
@@ -2099,7 +2099,7 @@ private function cancelOnboardingDraft(): void
                 draft: $this->onboardingSession,
                 actor: $user,
                 expectedVersion: $this->expectedDraftVersion(),
-                mutator: function (TenantOnboardingSession $draft): void {
+                mutator: function (ManagedEnvironmentOnboardingSession $draft): void {
                     $draft->current_step = 'cancelled';
                     $draft->completed_at = null;
                     $draft->cancelled_at = now();
@@ -2117,7 +2117,7 @@ private function cancelOnboardingDraft(): void
 
         app(WorkspaceAuditLogger::class)->log(
             workspace: $this->workspace,
-            action: AuditActionId::ManagedTenantOnboardingCancelled->value,
+            action: AuditActionId::ManagedEnvironmentOnboardingCancelled->value,
             context: [
                 'metadata' => [
                     'workspace_id' => (int) $this->workspace->getKey(),
@@ -2127,7 +2127,7 @@ private function cancelOnboardingDraft(): void
             ],
             actor: $user,
             status: 'success',
-            resourceType: 'managed_tenant_onboarding_session',
+            resourceType: 'managed_environment_onboarding_session',
             resourceId: (string) $this->onboardingSession->getKey(),
         );
 
@@ -2146,7 +2146,7 @@ private function cancelOnboardingDraft(): void
                 ],
             );
 
-            $this->setManagedTenant($normalizedTenant);
+            $this->setManagedEnvironment($normalizedTenant);
         }
 
         Notification::make()
@@ -2165,7 +2165,7 @@ private function deleteOnboardingDraft(): void
             abort(403);
         }
 
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             abort(404);
         }
 
@@ -2201,7 +2201,7 @@ private function deleteOnboardingDraft(): void
 
         app(WorkspaceAuditLogger::class)->log(
             workspace: $this->workspace,
-            action: AuditActionId::ManagedTenantOnboardingDeleted->value,
+            action: AuditActionId::ManagedEnvironmentOnboardingDeleted->value,
             context: [
                 'metadata' => [
                     'workspace_id' => (int) $this->workspace->getKey(),
@@ -2213,12 +2213,12 @@ private function deleteOnboardingDraft(): void
             ],
             actor: $user,
             status: 'success',
-            resourceType: 'managed_tenant_onboarding_session',
+            resourceType: 'managed_environment_onboarding_session',
             resourceId: (string) $draftId,
             targetLabel: $draftTitle,
         );
 
-        $this->setManagedTenant(null);
+        $this->setManagedEnvironment(null);
         $this->setOnboardingSession(null);
 
         Notification::make()
@@ -2233,15 +2233,15 @@ private function showsNonResumableSummary(): bool
     {
         $draft = $this->currentOnboardingSessionRecord();
 
-        return $draft instanceof TenantOnboardingSession
+        return $draft instanceof ManagedEnvironmentOnboardingSession
             && ! $this->canResumeDraft($draft);
     }
 
-    private function canDeleteDraft(?TenantOnboardingSession $draft): bool
+    private function canDeleteDraft(?ManagedEnvironmentOnboardingSession $draft): bool
     {
-        return $draft instanceof TenantOnboardingSession
+        return $draft instanceof ManagedEnvironmentOnboardingSession
             && ! $this->canResumeDraft($draft)
-            && $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CANCEL);
+            && $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CANCEL);
     }
 
     private function onboardingDraftLandingActionLabel(): string
@@ -2262,14 +2262,14 @@ private function resumeOnboardingActionLabel(): string
 
     private function onboardingEntryActionDescriptor(int $resumableDraftCount): \App\Support\Tenants\TenantActionDescriptor
     {
-        return TenantResource::tenantActionPolicy()->onboardingEntryDescriptor($resumableDraftCount);
+        return ManagedEnvironmentResource::tenantActionPolicy()->onboardingEntryDescriptor($resumableDraftCount);
     }
 
     private function shouldShowDraftLandingAction(): bool
     {
         $draft = $this->currentOnboardingSessionRecord();
 
-        if (! $draft instanceof TenantOnboardingSession) {
+        if (! $draft instanceof ManagedEnvironmentOnboardingSession) {
             return false;
         }
 
@@ -2290,21 +2290,21 @@ private function shouldShowDraftLandingAction(): bool
         return $this->availableDraftsFor($user)->count() > 1;
     }
 
-    private function draftTitle(TenantOnboardingSession $draft): string
+    private function draftTitle(ManagedEnvironmentOnboardingSession $draft): string
     {
         $state = is_array($draft->state) ? $draft->state : [];
-        $tenantName = $state['tenant_name'] ?? $draft->tenant?->name ?? null;
-        $tenantName = is_string($tenantName) && trim($tenantName) !== '' ? trim($tenantName) : 'Unidentified tenant';
+        $environmentName = $state['environment_name'] ?? $draft->managedEnvironment?->name ?? null;
+        $environmentName = is_string($environmentName) && trim($environmentName) !== '' ? trim($environmentName) : 'Unidentified environment';
         $entraTenantId = $state['entra_tenant_id'] ?? $draft->entra_tenant_id;
 
         if (is_string($entraTenantId) && trim($entraTenantId) !== '') {
-            return sprintf('%s (%s)', $tenantName, trim($entraTenantId));
+            return sprintf('%s (%s)', $environmentName, trim($entraTenantId));
         }
 
-        return $tenantName;
+        return $environmentName;
     }
 
-    private function draftDescription(TenantOnboardingSession $draft): string
+    private function draftDescription(ManagedEnvironmentOnboardingSession $draft): string
     {
         $state = is_array($draft->state) ? $draft->state : [];
         $environment = $state['environment'] ?? null;
@@ -2316,12 +2316,12 @@ private function draftDescription(TenantOnboardingSession $draft): string
         ])->filter()->implode(' · ');
     }
 
-    private function draftStageLabel(TenantOnboardingSession $draft): string
+    private function draftStageLabel(ManagedEnvironmentOnboardingSession $draft): string
     {
         return app(OnboardingDraftStageResolver::class)->resolve($draft)->label();
     }
 
-    private function draftStageColor(TenantOnboardingSession $draft): string
+    private function draftStageColor(ManagedEnvironmentOnboardingSession $draft): string
     {
         return match (app(OnboardingDraftStageResolver::class)->resolve($draft)) {
             OnboardingDraftStage::Identify => 'gray',
@@ -2334,7 +2334,7 @@ private function draftStageColor(TenantOnboardingSession $draft): string
         };
     }
 
-    private function draftStatusColor(TenantOnboardingSession $draft): string
+    private function draftStatusColor(ManagedEnvironmentOnboardingSession $draft): string
     {
         return match ($draft->status()->value) {
             'draft' => 'info',
@@ -2368,46 +2368,46 @@ private function expectedDraftVersion(): ?int
             : null;
     }
 
-    private function setOnboardingSession(?TenantOnboardingSession $draft): void
+    private function setOnboardingSession(?ManagedEnvironmentOnboardingSession $draft): void
     {
         $this->onboardingSession = $draft;
-        $this->onboardingSessionId = $draft instanceof TenantOnboardingSession
+        $this->onboardingSessionId = $draft instanceof ManagedEnvironmentOnboardingSession
             ? (int) $draft->getKey()
             : null;
-        $this->onboardingSessionVersion = $draft instanceof TenantOnboardingSession
+        $this->onboardingSessionVersion = $draft instanceof ManagedEnvironmentOnboardingSession
             ? $draft->expectedVersion()
             : null;
 
-        if ($draft instanceof TenantOnboardingSession && $draft->tenant instanceof ManagedEnvironment) {
-            $this->setManagedTenant($draft->tenant);
+        if ($draft instanceof ManagedEnvironmentOnboardingSession && $draft->managedEnvironment instanceof ManagedEnvironment) {
+            $this->setManagedEnvironment($draft->managedEnvironment);
 
             return;
         }
 
-        if ($draft instanceof TenantOnboardingSession && $draft->managed_environment_id !== null) {
-            $this->managedTenantId = (int) $draft->managed_environment_id;
+        if ($draft instanceof ManagedEnvironmentOnboardingSession && $draft->managed_environment_id !== null) {
+            $this->managedEnvironmentId = (int) $draft->managed_environment_id;
 
             return;
         }
 
-        $this->setManagedTenant(null);
+        $this->setManagedEnvironment(null);
     }
 
-    private function setManagedTenant(?ManagedEnvironment $tenant): void
+    private function setManagedEnvironment(?ManagedEnvironment $tenant): void
     {
-        $this->managedTenant = $tenant;
-        $this->managedTenantId = $tenant instanceof ManagedEnvironment
+        $this->managedEnvironment = $tenant;
+        $this->managedEnvironmentId = $tenant instanceof ManagedEnvironment
             ? (int) $tenant->getKey()
             : null;
 
-        if ($this->onboardingSession instanceof TenantOnboardingSession && $tenant instanceof ManagedEnvironment) {
-            $this->onboardingSession->setRelation('tenant', $tenant);
+        if ($this->onboardingSession instanceof ManagedEnvironmentOnboardingSession && $tenant instanceof ManagedEnvironment) {
+            $this->onboardingSession->setRelation('managedEnvironment', $tenant);
         }
     }
 
-    private function currentOnboardingSessionRecord(): ?TenantOnboardingSession
+    private function currentOnboardingSessionRecord(): ?ManagedEnvironmentOnboardingSession
     {
-        if ($this->onboardingSession instanceof TenantOnboardingSession
+        if ($this->onboardingSession instanceof ManagedEnvironmentOnboardingSession
             && $this->onboardingSessionId !== null
             && (int) $this->onboardingSession->getKey() === $this->onboardingSessionId) {
             return $this->onboardingSession;
@@ -2417,8 +2417,8 @@ private function currentOnboardingSessionRecord(): ?TenantOnboardingSession
             return $this->onboardingSession;
         }
 
-        $query = TenantOnboardingSession::query()
-            ->with(['tenant', 'startedByUser', 'updatedByUser'])
+        $query = ManagedEnvironmentOnboardingSession::query()
+            ->with(['managedEnvironment', 'startedByUser', 'updatedByUser'])
             ->whereKey($this->onboardingSessionId);
 
         if (isset($this->workspace)) {
@@ -2428,25 +2428,25 @@ private function currentOnboardingSessionRecord(): ?TenantOnboardingSession
         return $query->first();
     }
 
-    private function currentManagedTenantRecord(): ?ManagedEnvironment
+    private function currentManagedEnvironmentRecord(): ?ManagedEnvironment
     {
         $draft = $this->currentOnboardingSessionRecord();
 
-        if ($draft instanceof TenantOnboardingSession && $draft->tenant instanceof ManagedEnvironment) {
-            return $draft->tenant;
+        if ($draft instanceof ManagedEnvironmentOnboardingSession && $draft->managedEnvironment instanceof ManagedEnvironment) {
+            return $draft->managedEnvironment;
         }
 
-        if ($this->managedTenant instanceof ManagedEnvironment
-            && $this->managedTenantId !== null
-            && (int) $this->managedTenant->getKey() === $this->managedTenantId) {
-            return $this->managedTenant;
+        if ($this->managedEnvironment instanceof ManagedEnvironment
+            && $this->managedEnvironmentId !== null
+            && (int) $this->managedEnvironment->getKey() === $this->managedEnvironmentId) {
+            return $this->managedEnvironment;
         }
 
-        if ($this->managedTenantId === null) {
-            return $this->managedTenant;
+        if ($this->managedEnvironmentId === null) {
+            return $this->managedEnvironment;
         }
 
-        $query = ManagedEnvironment::query()->withTrashed()->whereKey($this->managedTenantId);
+        $query = ManagedEnvironment::query()->withTrashed()->whereKey($this->managedEnvironmentId);
 
         if (isset($this->workspace)) {
             $query->where('workspace_id', (int) $this->workspace->getKey());
@@ -2459,7 +2459,7 @@ private function refreshOnboardingDraftFromBackend(): void
     {
         $draft = $this->currentOnboardingSessionRecord();
 
-        if (! $draft instanceof TenantOnboardingSession) {
+        if (! $draft instanceof ManagedEnvironmentOnboardingSession) {
             return;
         }
 
@@ -2506,7 +2506,7 @@ private function lifecycleState(): OnboardingLifecycleState
     {
         $draft = $this->currentOnboardingSessionRecord();
 
-        if (! $draft instanceof TenantOnboardingSession) {
+        if (! $draft instanceof ManagedEnvironmentOnboardingSession) {
             return OnboardingLifecycleState::Draft;
         }
 
@@ -2535,7 +2535,7 @@ private function currentCheckpointLabel(): string
     {
         $draft = $this->currentOnboardingSessionRecord();
 
-        if (! $draft instanceof TenantOnboardingSession) {
+        if (! $draft instanceof ManagedEnvironmentOnboardingSession) {
             return OnboardingCheckpoint::Identify->label();
         }
 
@@ -2547,7 +2547,7 @@ public function shouldPollCheckpointLifecycle(): bool
     {
         $draft = $this->currentOnboardingSessionRecord();
 
-        return $draft instanceof TenantOnboardingSession
+        return $draft instanceof ManagedEnvironmentOnboardingSession
             && $this->lifecycleService()->hasActiveCheckpoint($draft);
     }
 
@@ -2555,16 +2555,16 @@ public function refreshCheckpointLifecycle(): void
     {
         $draft = $this->currentOnboardingSessionRecord();
 
-        if (! $draft instanceof TenantOnboardingSession) {
+        if (! $draft instanceof ManagedEnvironmentOnboardingSession) {
             return;
         }
 
         $this->setOnboardingSession($this->lifecycleService()->syncPersistedLifecycle($draft));
 
-        $tenant = $this->currentManagedTenantRecord();
+        $tenant = $this->currentManagedEnvironmentRecord();
 
         if ($tenant instanceof ManagedEnvironment) {
-            $this->setManagedTenant($tenant->fresh());
+            $this->setManagedEnvironment($tenant->fresh());
         }
 
         $this->initializeWizardData();
@@ -2591,7 +2591,7 @@ private function initializeWizardData(): void
             $this->data['new_connection']['is_default'] ??= true;
         }
 
-        $tenant = $this->currentManagedTenantRecord();
+        $tenant = $this->currentManagedEnvironmentRecord();
 
         if ($tenant instanceof ManagedEnvironment) {
             $this->data['entra_tenant_id'] ??= (string) $tenant->managed_environment_id;
@@ -2608,7 +2608,7 @@ private function initializeWizardData(): void
 
         $draft = $this->currentOnboardingSessionRecord();
 
-        if ($draft instanceof TenantOnboardingSession) {
+        if ($draft instanceof ManagedEnvironmentOnboardingSession) {
             $state = is_array($draft->state) ? $draft->state : [];
 
             if (isset($state['entra_tenant_id']) && is_string($state['entra_tenant_id']) && trim($state['entra_tenant_id']) !== '') {
@@ -2619,8 +2619,8 @@ private function initializeWizardData(): void
                 $this->data['environment'] ??= trim($state['environment']);
             }
 
-            if (isset($state['tenant_name']) && is_string($state['tenant_name']) && trim($state['tenant_name']) !== '') {
-                $this->data['name'] ??= trim($state['tenant_name']);
+            if (isset($state['environment_name']) && is_string($state['environment_name']) && trim($state['environment_name']) !== '') {
+                $this->data['name'] ??= trim($state['environment_name']);
             }
 
             if (array_key_exists('primary_domain', $state)) {
@@ -2672,7 +2672,7 @@ private function computeWizardStartStep(): int
      */
     private function providerConnectionOptions(): array
     {
-        $tenant = $this->currentManagedTenantRecord();
+        $tenant = $this->currentManagedEnvironmentRecord();
 
         if (! $tenant instanceof ManagedEnvironment) {
             return [];
@@ -2735,7 +2735,7 @@ private function providerConnectionTargetScopeAuditMetadata(ProviderConnection $
     private function verificationStatusLabel(): string
     {
         return BadgeCatalog::spec(
-            BadgeDomain::ManagedTenantOnboardingVerificationStatus,
+            BadgeDomain::ManagedEnvironmentOnboardingVerificationStatus,
             $this->verificationStatus(),
         )->label;
     }
@@ -2744,7 +2744,7 @@ private function verificationStatus(): string
     {
         $draft = $this->currentOnboardingSessionRecord();
 
-        if (! $draft instanceof TenantOnboardingSession) {
+        if (! $draft instanceof ManagedEnvironmentOnboardingSession) {
             return 'not_started';
         }
 
@@ -2859,7 +2859,7 @@ private function verificationRunIsActive(): bool
     private function verificationStatusColor(): string
     {
         return BadgeCatalog::spec(
-            BadgeDomain::ManagedTenantOnboardingVerificationStatus,
+            BadgeDomain::ManagedEnvironmentOnboardingVerificationStatus,
             $this->verificationStatus(),
         )->color;
     }
@@ -2937,8 +2937,8 @@ private function verificationReportViewData(): array
         $previousRunUrl = $this->verificationPreviousRunUrl($changeIndicator);
 
         $user = auth()->user();
-        $canAcknowledge = $user instanceof User && $this->managedTenant instanceof ManagedEnvironment
-            ? $user->can(Capabilities::TENANT_VERIFICATION_ACKNOWLEDGE, $this->managedTenant)
+        $canAcknowledge = $user instanceof User && $this->managedEnvironment instanceof ManagedEnvironment
+            ? $user->can(Capabilities::TENANT_VERIFICATION_ACKNOWLEDGE, $this->managedEnvironment)
             : false;
 
         $acknowledgements = VerificationCheckAcknowledgement::query()
@@ -3032,7 +3032,7 @@ private function verificationReportViewData(): array
      */
     private function verificationContextualHelp(array $verificationReport, OperationRun $run): ?array
     {
-        $tenant = $this->managedTenant;
+        $tenant = $this->managedEnvironment;
 
         if (! $tenant instanceof ManagedEnvironment) {
             return null;
@@ -3125,11 +3125,11 @@ public function acknowledgeVerificationCheckAction(): Action
                     abort(403);
                 }
 
-                if (! $this->managedTenant instanceof ManagedEnvironment) {
+                if (! $this->managedEnvironment instanceof ManagedEnvironment) {
                     abort(404);
                 }
 
-                $tenant = $this->managedTenant->fresh();
+                $tenant = $this->managedEnvironment->fresh();
 
                 if (! $tenant instanceof ManagedEnvironment) {
                     abort(404);
@@ -3177,11 +3177,11 @@ public function acknowledgeVerificationCheckAction(): Action
                     return false;
                 }
 
-                if (! $this->managedTenant instanceof ManagedEnvironment) {
+                if (! $this->managedEnvironment instanceof ManagedEnvironment) {
                     return false;
                 }
 
-                if (! $user->can(Capabilities::TENANT_VERIFICATION_ACKNOWLEDGE, $this->managedTenant)) {
+                if (! $user->can(Capabilities::TENANT_VERIFICATION_ACKNOWLEDGE, $this->managedEnvironment)) {
                     return false;
                 }
 
@@ -3238,7 +3238,7 @@ public function acknowledgeVerificationCheckAction(): Action
 
     private function bootstrapRunsLabel(): string
     {
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             return '';
         }
 
@@ -3270,7 +3270,7 @@ private function touchOnboardingSessionStep(string $step): void
             abort(403);
         }
 
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             return;
         }
 
@@ -3284,7 +3284,7 @@ private function touchOnboardingSessionStep(string $step): void
                 actor: $user,
                 expectedVersion: $this->expectedDraftVersion(),
                 incrementVersion: false,
-                mutator: function (TenantOnboardingSession $draft) use ($step): void {
+                mutator: function (ManagedEnvironmentOnboardingSession $draft) use ($step): void {
                     $draft->current_step = $step;
                 },
             ));
@@ -3300,7 +3300,7 @@ private function touchOnboardingSessionStep(string $step): void
 
         app(WorkspaceAuditLogger::class)->log(
             workspace: $this->workspace,
-            action: AuditActionId::ManagedTenantOnboardingDraftUpdated->value,
+            action: AuditActionId::ManagedEnvironmentOnboardingDraftUpdated->value,
             context: [
                 'metadata' => [
                     'workspace_id' => (int) $this->workspace->getKey(),
@@ -3311,7 +3311,7 @@ private function touchOnboardingSessionStep(string $step): void
             ],
             actor: $user,
             status: 'success',
-            resourceType: 'managed_tenant_onboarding_session',
+            resourceType: 'managed_environment_onboarding_session',
             resourceId: (string) $this->onboardingSession->getKey(),
         );
     }
@@ -3327,7 +3327,7 @@ private function authorizeWorkspaceMutation(User $user, string $capability): voi
 
     private function authorizeEditableDraft(User $user): void
     {
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             return;
         }
 
@@ -3351,9 +3351,9 @@ private function authorizeEditableDraft(User $user): void
         }
     }
 
-    private function trustedManagedTenantForUser(User $user): ManagedEnvironment
+    private function trustedManagedEnvironmentForUser(User $user): ManagedEnvironment
     {
-        $tenant = $this->currentManagedTenantRecord();
+        $tenant = $this->currentManagedEnvironmentRecord();
 
         if (! $tenant instanceof ManagedEnvironment) {
             abort(404);
@@ -3367,25 +3367,25 @@ private function trustedManagedTenantForUser(User $user): ManagedEnvironment
 
         $tenant = app(WorkspaceContext::class)->ensureTenantAccessibleInCurrentWorkspace($tenant, $user, request());
 
-        $this->setManagedTenant($tenant);
+        $this->setManagedEnvironment($tenant);
 
         return $tenant;
     }
 
-    private function canResumeDraft(?TenantOnboardingSession $draft): bool
+    private function canResumeDraft(?ManagedEnvironmentOnboardingSession $draft): bool
     {
-        if (! $draft instanceof TenantOnboardingSession) {
+        if (! $draft instanceof ManagedEnvironmentOnboardingSession) {
             return false;
         }
 
-        if (! $draft->tenant instanceof ManagedEnvironment) {
+        if (! $draft->managedEnvironment instanceof ManagedEnvironment) {
             return $this->lifecycleService()->canResumeDraft($draft);
         }
 
         $user = $this->currentUser();
 
         return app(TenantOperabilityService::class)->outcomeFor(
-            tenant: $draft->tenant,
+            tenant: $draft->managedEnvironment,
             question: TenantOperabilityQuestion::ResumeOnboardingEligibility,
             actor: $user instanceof User ? $user : null,
             workspaceId: isset($this->workspace) ? (int) $this->workspace->getKey() : null,
@@ -3403,7 +3403,7 @@ private function authorizeWorkspaceMember(User $user): void
         );
     }
 
-    private function resolveWorkspaceIdForUnboundTenant(ManagedEnvironment $tenant): ?int
+    private function resolveWorkspaceIdForUnboundEnvironment(ManagedEnvironment $tenant): ?int
     {
         $workspaceId = DB::table('managed_environment_memberships')
             ->join('workspace_memberships', 'workspace_memberships.user_id', '=', 'managed_environment_memberships.user_id')
@@ -3417,7 +3417,7 @@ private function resolveWorkspaceIdForUnboundTenant(ManagedEnvironment $tenant):
     /**
      * @param  array{entra_tenant_id: string, environment: string, name: string, primary_domain?: string, notes?: string}  $data
      */
-    public function identifyManagedTenant(array $data): void
+    public function identifyManagedEnvironment(array $data): void
     {
         $user = auth()->user();
 
@@ -3425,15 +3425,15 @@ public function identifyManagedTenant(array $data): void
             abort(403);
         }
 
-        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_IDENTIFY);
+        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_IDENTIFY);
 
         $entraTenantId = (string) ($data['entra_tenant_id'] ?? '');
-        $tenantName = (string) ($data['name'] ?? '');
+        $environmentName = (string) ($data['name'] ?? '');
         $environment = (string) ($data['environment'] ?? 'other');
         $primaryDomain = trim((string) ($data['primary_domain'] ?? ''));
         $notes = trim((string) ($data['notes'] ?? ''));
 
-        if ($entraTenantId === '' || $tenantName === '') {
+        if ($entraTenantId === '' || $environmentName === '') {
             abort(422);
         }
 
@@ -3448,9 +3448,9 @@ public function identifyManagedTenant(array $data): void
         $notificationBody = null;
 
         try {
-            DB::transaction(function () use ($user, $entraTenantId, $tenantName, $environment, $primaryDomain, $notes, &$notificationTitle, &$notificationBody): void {
+            DB::transaction(function () use ($user, $entraTenantId, $environmentName, $environment, $primaryDomain, $notes, &$notificationTitle, &$notificationBody): void {
                 $auditLogger = app(WorkspaceAuditLogger::class);
-                $membershipManager = app(TenantMembershipManager::class);
+                $membershipManager = app(ManagedEnvironmentMembershipManager::class);
                 $currentDraftId = $this->onboardingSession?->getKey();
                 $sessionWasCreated = false;
 
@@ -3465,7 +3465,7 @@ public function identifyManagedTenant(array $data): void
                     }
 
                     if ($existingTenant->workspace_id === null) {
-                        $resolvedWorkspaceId = $this->resolveWorkspaceIdForUnboundTenant($existingTenant);
+                        $resolvedWorkspaceId = $this->resolveWorkspaceIdForUnboundEnvironment($existingTenant);
 
                         if ($resolvedWorkspaceId === (int) $this->workspace->getKey()) {
                             $existingTenant->forceFill(['workspace_id' => $resolvedWorkspaceId])->save();
@@ -3477,7 +3477,7 @@ public function identifyManagedTenant(array $data): void
                     }
 
                     $existingTenant->forceFill([
-                        'name' => $tenantName,
+                        'name' => $environmentName,
                         'environment' => $environment,
                         'domain' => $primaryDomain,
                         'status' => $existingTenant->status === ManagedEnvironment::STATUS_DRAFT ? ManagedEnvironment::STATUS_ONBOARDING : $existingTenant->status,
@@ -3491,7 +3491,7 @@ public function identifyManagedTenant(array $data): void
                     try {
                         $tenant = ManagedEnvironment::query()->create([
                             'workspace_id' => (int) $this->workspace->getKey(),
-                            'name' => $tenantName,
+                            'name' => $environmentName,
                             'slug' => $entraTenantId,
                             'domain' => $primaryDomain,
                             'environment' => $environment,
@@ -3535,12 +3535,12 @@ public function identifyManagedTenant(array $data): void
                     entraTenantId: $entraTenantId,
                     preferredDraft: $this->onboardingSession,
                     expectedVersion: $this->expectedDraftVersion(),
-                    mutator: function (TenantOnboardingSession $draft) use ($tenant, $entraTenantId, $tenantName, $environment, $primaryDomain, $notes): void {
+                    mutator: function (ManagedEnvironmentOnboardingSession $draft) use ($tenant, $entraTenantId, $environmentName, $environment, $primaryDomain, $notes): void {
                         $draft->managed_environment_id = (int) $tenant->getKey();
                         $draft->current_step = 'identify';
                         $draft->state = array_merge($draft->state ?? [], [
                             'entra_tenant_id' => $entraTenantId,
-                            'tenant_name' => $tenantName,
+                            'environment_name' => $environmentName,
                             'environment' => $environment,
                             'primary_domain' => $primaryDomain,
                             'notes' => $notes,
@@ -3562,21 +3562,21 @@ public function identifyManagedTenant(array $data): void
                     ? 'Existing onboarding draft resumed'
                     : 'Onboarding draft ready';
                 $notificationBody = $didResumeExistingDraft
-                    ? 'A resumable draft already exists for this tenant. TenantAtlas reopened it instead of creating a duplicate.'
+                    ? 'A resumable draft already exists for this environment. TenantAtlas reopened it instead of creating a duplicate.'
                     : null;
 
                 $auditLogger->log(
                     workspace: $this->workspace,
                     action: ($sessionWasCreated
-                        ? AuditActionId::ManagedTenantOnboardingStart
-                        : AuditActionId::ManagedTenantOnboardingResume
+                        ? AuditActionId::ManagedEnvironmentOnboardingStart
+                        : AuditActionId::ManagedEnvironmentOnboardingResume
                     )->value,
                     context: [
                         'metadata' => [
                             'workspace_id' => (int) $this->workspace->getKey(),
                             'tenant_db_id' => (int) $tenant->getKey(),
                             'entra_tenant_id' => $entraTenantId,
-                            'tenant_name' => $tenantName,
+                            'environment_name' => $environmentName,
                             'onboarding_session_id' => (int) $session->getKey(),
                             'current_step' => (string) $session->current_step,
                         ],
@@ -3587,7 +3587,7 @@ public function identifyManagedTenant(array $data): void
                     resourceId: (string) $tenant->getKey(),
                 );
 
-                $this->setManagedTenant($tenant);
+                $this->setManagedEnvironment($tenant);
                 $this->setOnboardingSession($session);
             });
         } catch (OnboardingDraftConflictException) {
@@ -3610,7 +3610,7 @@ public function identifyManagedTenant(array $data): void
 
         $notification->send();
 
-        if ($this->onboardingSession instanceof TenantOnboardingSession) {
+        if ($this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             $this->redirect(route('admin.onboarding.draft', ['onboardingDraft' => $this->onboardingSession]));
         }
     }
@@ -3623,10 +3623,10 @@ public function selectProviderConnection(int $providerConnectionId): void
             abort(403);
         }
 
-        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_VIEW);
+        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_VIEW);
         $this->authorizeEditableDraft($user);
 
-        $tenant = $this->trustedManagedTenantForUser($user);
+        $tenant = $this->trustedManagedEnvironmentForUser($user);
 
         $connection = ProviderConnection::query()
             ->where('workspace_id', (int) $this->workspace->getKey())
@@ -3642,13 +3642,13 @@ public function selectProviderConnection(int $providerConnectionId): void
 
         $this->selectedProviderConnectionId = (int) $connection->getKey();
 
-        if ($this->onboardingSession instanceof TenantOnboardingSession) {
+        if ($this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             try {
                 $this->setOnboardingSession($this->mutationService()->mutate(
                     draft: $this->onboardingSession,
                     actor: $user,
                     expectedVersion: $this->expectedDraftVersion(),
-                    mutator: function (TenantOnboardingSession $draft) use ($connection, $previousProviderConnectionId): void {
+                    mutator: function (ManagedEnvironmentOnboardingSession $draft) use ($connection, $previousProviderConnectionId): void {
                         $draft->state = $this->resetDependentOnboardingStateOnConnectionChange(
                             state: array_merge($draft->state ?? [], [
                                 'provider_connection_id' => (int) $connection->getKey(),
@@ -3672,7 +3672,7 @@ public function selectProviderConnection(int $providerConnectionId): void
 
         app(WorkspaceAuditLogger::class)->log(
             workspace: $this->workspace,
-            action: AuditActionId::ManagedTenantOnboardingProviderConnectionChanged->value,
+            action: AuditActionId::ManagedEnvironmentOnboardingProviderConnectionChanged->value,
             context: [
                 'metadata' => $this->providerConnectionTargetScopeAuditMetadata($connection, [
                     'workspace_id' => (int) $this->workspace->getKey(),
@@ -3705,10 +3705,10 @@ public function createProviderConnection(array $data): void
             abort(403);
         }
 
-        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE);
+        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE);
         $this->authorizeEditableDraft($user);
 
-        $tenant = $this->trustedManagedTenantForUser($user)->fresh();
+        $tenant = $this->trustedManagedEnvironmentForUser($user)->fresh();
 
         if (! $tenant instanceof ManagedEnvironment) {
             abort(404);
@@ -3748,7 +3748,7 @@ public function createProviderConnection(array $data): void
         }
 
         if ($usesDedicatedCredential) {
-            $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE_DEDICATED);
+            $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE_DEDICATED);
         }
 
         if ($usesDedicatedCredential && ($clientId === '' || $clientSecret === '')) {
@@ -3826,7 +3826,7 @@ public function createProviderConnection(array $data): void
                     'metadata' => $this->providerConnectionTargetScopeAuditMetadata($connection, [
                         'workspace_id' => (int) $this->workspace->getKey(),
                         'connection_type' => $connection->connection_type->value,
-                        'source' => 'managed_tenant_onboarding_wizard.create',
+                        'source' => 'managed_environment_onboarding_wizard.create',
                     ]),
                 ],
                 actorId: $actorId,
@@ -3847,7 +3847,7 @@ public function createProviderConnection(array $data): void
                         'workspace_id' => (int) $this->workspace->getKey(),
                         'from_connection_type' => $previousConnectionType->value,
                         'to_connection_type' => $connection->connection_type->value,
-                        'source' => 'managed_tenant_onboarding_wizard.create',
+                        'source' => 'managed_environment_onboarding_wizard.create',
                     ]),
                 ],
                 actorId: $actorId,
@@ -3861,7 +3861,7 @@ public function createProviderConnection(array $data): void
 
         $this->selectedProviderConnectionId = (int) $connection->getKey();
 
-        if ($this->onboardingSession instanceof TenantOnboardingSession) {
+        if ($this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             $previousProviderConnectionId = $this->onboardingSession->state['provider_connection_id'] ?? null;
             $previousProviderConnectionId = is_int($previousProviderConnectionId)
                 ? $previousProviderConnectionId
@@ -3872,7 +3872,7 @@ public function createProviderConnection(array $data): void
                     draft: $this->onboardingSession,
                     actor: $user,
                     expectedVersion: $this->expectedDraftVersion(),
-                    mutator: function (TenantOnboardingSession $draft) use ($connection, $previousProviderConnectionId): void {
+                    mutator: function (ManagedEnvironmentOnboardingSession $draft) use ($connection, $previousProviderConnectionId): void {
                         $draft->state = $this->resetDependentOnboardingStateOnConnectionChange(
                             state: array_merge($draft->state ?? [], [
                                 'provider_connection_id' => (int) $connection->getKey(),
@@ -3896,7 +3896,7 @@ public function createProviderConnection(array $data): void
 
         app(WorkspaceAuditLogger::class)->log(
             workspace: $this->workspace,
-            action: AuditActionId::ManagedTenantOnboardingProviderConnectionChanged->value,
+            action: AuditActionId::ManagedEnvironmentOnboardingProviderConnectionChanged->value,
             context: [
                 'metadata' => [
                     'workspace_id' => (int) $this->workspace->getKey(),
@@ -3928,7 +3928,7 @@ private function platformAppClientId(): string
 
     private function canManageDedicatedOverride(): bool
     {
-        return $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE_DEDICATED);
+        return $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE_DEDICATED);
     }
 
     public function startVerification(): void
@@ -3939,14 +3939,14 @@ public function startVerification(): void
             abort(403);
         }
 
-        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_VERIFICATION_START);
+        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_VERIFICATION_START);
         $this->authorizeEditableDraft($user);
 
         try {
-            $tenant = $this->trustedManagedTenantForUser($user)->fresh();
+            $tenant = $this->trustedManagedEnvironmentForUser($user)->fresh();
         } catch (\Symfony\Component\HttpKernel\Exception\NotFoundHttpException) {
             Notification::make()
-                ->title('Identify a managed tenant first')
+                ->title('Identify a managed environment first')
                 ->warning()
                 ->send();
 
@@ -3976,7 +3976,7 @@ public function startVerification(): void
                 draft: $this->onboardingSession,
                 actor: $user,
                 expectedVersion: $this->expectedDraftVersion(),
-                mutator: function (TenantOnboardingSession $draft) use ($tenant, $user, $connection, &$result): void {
+                mutator: function (ManagedEnvironmentOnboardingSession $draft) use ($tenant, $user, $connection, &$result): void {
                     $result = app(ProviderOperationStartGate::class)->start(
                         tenant: $tenant,
                         connection: $connection,
@@ -3992,7 +3992,7 @@ public function startVerification(): void
                         initiator: $user,
                         extraContext: [
                             'wizard' => [
-                                'flow' => 'managed_tenant_onboarding',
+                                'flow' => 'managed_environment_onboarding',
                                 'step' => 'verification',
                             ],
                         ],
@@ -4033,7 +4033,7 @@ public function startVerification(): void
 
         app(WorkspaceAuditLogger::class)->log(
             workspace: $this->workspace,
-            action: AuditActionId::ManagedTenantOnboardingVerificationStart->value,
+            action: AuditActionId::ManagedEnvironmentOnboardingVerificationStart->value,
             context: [
                 'metadata' => [
                     'workspace_id' => (int) $this->workspace->getKey(),
@@ -4049,10 +4049,10 @@ public function startVerification(): void
             resourceId: (string) $result->run->getKey(),
         );
 
-        if ($this->onboardingSession instanceof TenantOnboardingSession) {
+        if ($this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             app(WorkspaceAuditLogger::class)->log(
                 workspace: $this->workspace,
-                action: AuditActionId::ManagedTenantOnboardingVerificationPersisted->value,
+                action: AuditActionId::ManagedEnvironmentOnboardingVerificationPersisted->value,
                 context: [
                     'metadata' => [
                         'workspace_id' => (int) $this->workspace->getKey(),
@@ -4063,7 +4063,7 @@ public function startVerification(): void
                 ],
                 actor: $user,
                 status: 'success',
-                resourceType: 'managed_tenant_onboarding_session',
+                resourceType: 'managed_environment_onboarding_session',
                 resourceId: (string) $this->onboardingSession->getKey(),
             );
         }
@@ -4132,7 +4132,7 @@ public function startBootstrap(array $operationTypes): void
         $this->authorizeWorkspaceMember($user);
         $this->authorizeEditableDraft($user);
 
-        $tenant = $this->trustedManagedTenantForUser($user)->fresh();
+        $tenant = $this->trustedManagedEnvironmentForUser($user)->fresh();
 
         if (! $tenant instanceof ManagedEnvironment) {
             abort(404);
@@ -4195,7 +4195,7 @@ public function startBootstrap(array $operationTypes): void
                 draft: $this->onboardingSession,
                 actor: $user,
                 expectedVersion: $this->expectedDraftVersion(),
-                mutator: function (TenantOnboardingSession $draft) use ($tenant, $connection, $types, $registry, $user, &$result): void {
+                mutator: function (ManagedEnvironmentOnboardingSession $draft) use ($tenant, $connection, $types, $registry, $user, &$result): void {
                     $nextOperationType = $this->nextBootstrapOperationType($draft, $types, (int) $connection->getKey());
 
                     if ($nextOperationType === null) {
@@ -4230,7 +4230,7 @@ public function startBootstrap(array $operationTypes): void
                         initiator: $user,
                         extraContext: [
                             'wizard' => [
-                                'flow' => 'managed_tenant_onboarding',
+                                'flow' => 'managed_environment_onboarding',
                                 'step' => 'bootstrap',
                             ],
                             'required_capability' => $capability,
@@ -4302,7 +4302,7 @@ public function startBootstrap(array $operationTypes): void
             ? array_values(array_filter($result['remaining_types'], static fn (mixed $value): bool => is_string($value) && $value !== ''))
             : [];
 
-        if ($this->onboardingSession instanceof TenantOnboardingSession) {
+        if ($this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             $auditStatus = match ($result['status']) {
                 'started' => 'success',
                 'deduped' => 'deduped',
@@ -4312,7 +4312,7 @@ public function startBootstrap(array $operationTypes): void
 
             app(WorkspaceAuditLogger::class)->log(
                 workspace: $this->workspace,
-                action: AuditActionId::ManagedTenantOnboardingBootstrapStarted->value,
+                action: AuditActionId::ManagedEnvironmentOnboardingBootstrapStarted->value,
                 context: [
                     'metadata' => [
                         'workspace_id' => (int) $this->workspace->getKey(),
@@ -4326,7 +4326,7 @@ public function startBootstrap(array $operationTypes): void
                 ],
                 actor: $user,
                 status: $auditStatus,
-                resourceType: 'managed_tenant_onboarding_session',
+                resourceType: 'managed_environment_onboarding_session',
                 resourceId: (string) $this->onboardingSession->getKey(),
             );
         }
@@ -4383,7 +4383,7 @@ private function dispatchBootstrapJob(
     /**
      * @param  array<int, string>  $types
      */
-    private function nextBootstrapOperationType(TenantOnboardingSession $draft, array $types, int $providerConnectionId): ?string
+    private function nextBootstrapOperationType(ManagedEnvironmentOnboardingSession $draft, array $types, int $providerConnectionId): ?string
     {
         foreach ($types as $type) {
             if (! $this->bootstrapOperationSucceeded($draft, $type, $providerConnectionId)) {
@@ -4394,7 +4394,7 @@ private function nextBootstrapOperationType(TenantOnboardingSession $draft, arra
         return null;
     }
 
-    private function bootstrapOperationSucceeded(TenantOnboardingSession $draft, string $type, int $providerConnectionId): bool
+    private function bootstrapOperationSucceeded(ManagedEnvironmentOnboardingSession $draft, string $type, int $providerConnectionId): bool
     {
         $state = is_array($draft->state) ? $draft->state : [];
         $runMap = $state['bootstrap_operation_runs'] ?? [];
@@ -4550,19 +4550,19 @@ public function verificationSucceeded(): bool
 
     private function verificationCanProceed(): bool
     {
-        return $this->onboardingSession instanceof TenantOnboardingSession
+        return $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession
             && $this->lifecycleService()->verificationCanProceed($this->onboardingSession, $this->selectedProviderConnectionId);
     }
 
     private function verificationIsBlocked(): bool
     {
-        return $this->onboardingSession instanceof TenantOnboardingSession
+        return $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession
             && $this->lifecycleService()->verificationIsBlocked($this->onboardingSession, $this->selectedProviderConnectionId);
     }
 
     private function canCompleteOnboarding(): bool
     {
-        if (! $this->managedTenant instanceof ManagedEnvironment) {
+        if (! $this->managedEnvironment instanceof ManagedEnvironment) {
             return false;
         }
 
@@ -4573,7 +4573,7 @@ private function canCompleteOnboarding(): bool
         $user = $this->currentUser();
 
         if (! app(TenantOperabilityService::class)->outcomeFor(
-            tenant: $this->managedTenant,
+            tenant: $this->managedEnvironment,
             question: TenantOperabilityQuestion::OnboardingCompletionEligibility,
             actor: $user instanceof User ? $user : null,
             workspaceId: isset($this->workspace) ? (int) $this->workspace->getKey() : null,
@@ -4583,7 +4583,7 @@ private function canCompleteOnboarding(): bool
             return false;
         }
 
-        if (! $this->resolveSelectedProviderConnection($this->managedTenant)) {
+        if (! $this->resolveSelectedProviderConnection($this->managedEnvironment)) {
             return false;
         }
 
@@ -4653,8 +4653,8 @@ private function completionSummaryEntitlementDetail(): string
         $sourceLabel = $this->completionSummaryEntitlementSourceLabel($entitlementDecision);
         $rationale = is_string($decision['rationale'] ?? null) ? $decision['rationale'] : null;
         $message = sprintf(
-            '%s Current usage is %d active managed tenant%s out of %d allowed. Source: %s.',
-            (string) ($decision['message'] ?? 'Managed-tenant activation is available for this workspace commercial state.'),
+            '%s Current usage is %d active managed environment%s out of %d allowed. Source: %s.',
+            (string) ($decision['message'] ?? 'Managed-environment activation is available for this workspace commercial state.'),
             $currentUsage,
             $currentUsage === 1 ? '' : 's',
             $effectiveValue,
@@ -4713,7 +4713,7 @@ private function completionSummaryCommercialSourceLabel(array $decision): string
 
     private function completionActionTooltip(): ?string
     {
-        if (! $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_ACTIVATE)) {
+        if (! $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_ACTIVATE)) {
             return 'Owner required to complete onboarding.';
         }
 
@@ -4724,9 +4724,9 @@ private function completionActionTooltip(): ?string
         return null;
     }
 
-    private function completionSummaryTenantLine(): string
+    private function completionSummaryEnvironmentLine(): string
     {
-        $tenant = $this->currentManagedTenantRecord();
+        $tenant = $this->currentManagedEnvironmentRecord();
 
         if (! $tenant instanceof ManagedEnvironment) {
             return '—';
@@ -4740,7 +4740,7 @@ private function completionSummaryTenantLine(): string
 
     private function completionSummaryConnectionLabel(): string
     {
-        $tenant = $this->currentManagedTenantRecord();
+        $tenant = $this->currentManagedEnvironmentRecord();
 
         if (! $tenant instanceof ManagedEnvironment) {
             return '—';
@@ -4765,11 +4765,11 @@ private function completionSummaryConnectionLabel(): string
 
     private function completionSummaryConnectionDetail(): string
     {
-        if (! $this->managedTenant instanceof ManagedEnvironment) {
+        if (! $this->managedEnvironment instanceof ManagedEnvironment) {
             return '';
         }
 
-        $connection = $this->resolveSelectedProviderConnection($this->managedTenant);
+        $connection = $this->resolveSelectedProviderConnection($this->managedEnvironment);
 
         if (! $connection instanceof ProviderConnection) {
             return '';
@@ -4830,7 +4830,7 @@ private function completionSummaryVerificationDetail(): string
 
     private function completionSummaryBootstrapLabel(): string
     {
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             return $this->completionSummarySelectedBootstrapTypes() === []
                 ? 'Skipped'
                 : 'Selected';
@@ -4856,7 +4856,7 @@ private function completionSummaryBootstrapLabel(): string
 
     private function completionSummaryBootstrapDetail(): string
     {
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             $selectedTypes = $this->completionSummarySelectedBootstrapTypes();
 
             return $selectedTypes === []
@@ -4903,7 +4903,7 @@ private function completionSummaryBootstrapSummary(): string
 
     private function completionSummaryBootstrapCompleted(): bool
     {
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             return false;
         }
 
@@ -4989,7 +4989,7 @@ private function completionSummaryBootstrapActionRequiredDetail(): ?string
 
     private function completionSummaryBootstrapReasonCode(): ?string
     {
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             return null;
         }
 
@@ -5001,7 +5001,7 @@ private function completionSummaryBootstrapReasonCode(): ?string
     private function completionSummaryBootstrapFailedRun(): ?OperationRun
     {
         return once(function (): ?OperationRun {
-            if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+            if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
                 return null;
             }
 
@@ -5052,7 +5052,7 @@ private function completionSummarySelectedBootstrapTypes(): array
             return $this->normalizeBootstrapOperationTypes($this->selectedBootstrapOperationTypes);
         }
 
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             return [];
         }
 
@@ -5071,14 +5071,14 @@ public function completeOnboarding(): void
             abort(403);
         }
 
-        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_ACTIVATE);
+        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_ACTIVATE);
         $this->authorizeEditableDraft($user);
 
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             abort(404);
         }
 
-        $tenant = $this->trustedManagedTenantForUser($user);
+        $tenant = $this->trustedManagedEnvironmentForUser($user);
 
         $completionOutcome = app(TenantOperabilityService::class)->outcomeFor(
             tenant: $tenant,
@@ -5092,7 +5092,7 @@ public function completeOnboarding(): void
         if (! $completionOutcome->allowed) {
             Notification::make()
                 ->title('Onboarding unavailable')
-                ->body('This tenant can no longer be completed from the current onboarding workflow state.')
+                ->body('This environment can no longer be completed from the current onboarding workflow state.')
                 ->warning()
                 ->send();
 
@@ -5171,7 +5171,7 @@ public function completeOnboarding(): void
                     draft: $this->onboardingSession,
                     actor: $user,
                     expectedVersion: $this->expectedDraftVersion(),
-                    mutator: function (TenantOnboardingSession $draft): void {
+                    mutator: function (ManagedEnvironmentOnboardingSession $draft): void {
                         $draft->completed_at = now();
                         $draft->cancelled_at = null;
                         $draft->current_step = 'complete';
@@ -5203,7 +5203,7 @@ public function completeOnboarding(): void
         if ($overrideBlocked) {
             app(WorkspaceAuditLogger::class)->log(
                 workspace: $this->workspace,
-                action: AuditActionId::ManagedTenantOnboardingActivationOverrideUsed->value,
+                action: AuditActionId::ManagedEnvironmentOnboardingActivationOverrideUsed->value,
                 context: [
                     'metadata' => [
                         'workspace_id' => (int) $this->workspace->getKey(),
@@ -5215,14 +5215,14 @@ public function completeOnboarding(): void
                 ],
                 actor: $user,
                 status: 'override',
-                resourceType: 'managed_tenant_onboarding_session',
+                resourceType: 'managed_environment_onboarding_session',
                 resourceId: (string) $this->onboardingSession->getKey(),
             );
         }
 
         app(WorkspaceAuditLogger::class)->log(
             workspace: $this->workspace,
-            action: AuditActionId::ManagedTenantOnboardingActivation->value,
+            action: AuditActionId::ManagedEnvironmentOnboardingActivation->value,
             context: [
                 'metadata' => [
                     'workspace_id' => (int) $this->workspace->getKey(),
@@ -5245,7 +5245,7 @@ public function completeOnboarding(): void
 
     private function verificationRun(): ?OperationRun
     {
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             return null;
         }
 
@@ -5273,7 +5273,7 @@ private function verificationRunMatchesSelectedConnection(OperationRun $run): bo
     {
         $selectedProviderConnectionId = $this->selectedProviderConnectionId;
 
-        if ($selectedProviderConnectionId === null && $this->onboardingSession instanceof TenantOnboardingSession) {
+        if ($selectedProviderConnectionId === null && $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             $candidate = $this->onboardingSession->state['provider_connection_id'] ?? null;
             $selectedProviderConnectionId = $this->resolvePersistedProviderConnectionId($candidate);
         }
@@ -5300,7 +5300,7 @@ private function verificationRunMatchesSelectedConnection(OperationRun $run): bo
      */
     private function verificationAssistVisibility(): array
     {
-        $tenant = $this->managedTenant;
+        $tenant = $this->managedEnvironment;
         $user = $this->currentUser();
         $run = $this->verificationRun();
 
@@ -5341,7 +5341,7 @@ private function verificationAssistVisibility(): array
      */
     private function verificationAssistViewModel(): array
     {
-        $tenant = $this->managedTenant;
+        $tenant = $this->managedEnvironment;
         $user = $this->currentUser();
         $run = $this->verificationRun();
 
@@ -5366,7 +5366,7 @@ private function verificationAssistViewModel(): array
             verificationStatus: $this->verificationStatus(),
             isVerificationStale: $this->verificationRunIsStaleForSelectedConnection(),
             staleReason: $this->verificationAssistStaleReason(),
-            canAccessProviderConnectionDiagnostics: $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_VIEW),
+            canAccessProviderConnectionDiagnostics: $this->currentUserCan(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_VIEW),
         );
     }
 
@@ -5417,7 +5417,7 @@ private function resetDependentOnboardingStateOnConnectionChange(array $state, ?
 
     private function connectionRecentlyUpdated(): bool
     {
-        if (! $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             return false;
         }
 
@@ -5435,16 +5435,16 @@ private function inlineEditSelectedConnectionFill(int $providerConnectionId): ar
             abort(403);
         }
 
-        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE);
+        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE);
 
-        if (! $this->managedTenant instanceof ManagedEnvironment) {
+        if (! $this->managedEnvironment instanceof ManagedEnvironment) {
             abort(404);
         }
 
         $connection = ProviderConnection::query()
             ->with('credential')
             ->where('workspace_id', (int) $this->workspace->getKey())
-            ->where('managed_environment_id', (int) $this->managedTenant->getKey())
+            ->where('managed_environment_id', (int) $this->managedEnvironment->getKey())
             ->whereKey($providerConnectionId)
             ->first();
 
@@ -5474,16 +5474,16 @@ public function updateSelectedProviderConnectionInline(int $providerConnectionId
             abort(403);
         }
 
-        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE);
+        $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE);
 
-        if (! $this->managedTenant instanceof ManagedEnvironment) {
+        if (! $this->managedEnvironment instanceof ManagedEnvironment) {
             abort(404);
         }
 
         $connection = ProviderConnection::query()
             ->with('credential')
             ->where('workspace_id', (int) $this->workspace->getKey())
-            ->where('managed_environment_id', (int) $this->managedTenant->getKey())
+            ->where('managed_environment_id', (int) $this->managedEnvironment->getKey())
             ->whereKey($providerConnectionId)
             ->first();
 
@@ -5525,7 +5525,7 @@ public function updateSelectedProviderConnectionInline(int $providerConnectionId
         }
 
         if ($targetType === ProviderConnectionType::Dedicated) {
-            $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE_DEDICATED);
+            $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE_DEDICATED);
 
             if ($clientId === '') {
                 throw ValidationException::withMessages([
@@ -5549,7 +5549,7 @@ public function updateSelectedProviderConnectionInline(int $providerConnectionId
         }
 
         if ($targetType === ProviderConnectionType::Platform && $existingType === ProviderConnectionType::Dedicated) {
-            $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE_DEDICATED);
+            $this->authorizeWorkspaceMutation($user, Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE_DEDICATED);
         }
 
         DB::transaction(function () use ($connection, $displayName, $clientId, $clientSecret, $targetType, $existingType, $existingClientId): void {
@@ -5576,14 +5576,14 @@ public function updateSelectedProviderConnectionInline(int $providerConnectionId
 
         if (in_array('connection_type', $changedFields, true)) {
             app(AuditLogger::class)->log(
-                tenant: $this->managedTenant,
+                tenant: $this->managedEnvironment,
                 action: 'provider_connection.connection_type_changed',
                 context: [
                     'metadata' => $this->providerConnectionTargetScopeAuditMetadata($connection, [
                         'workspace_id' => (int) $this->workspace->getKey(),
                         'from_connection_type' => $existingType->value,
                         'to_connection_type' => $targetType->value,
-                        'source' => 'managed_tenant_onboarding_wizard.inline_edit',
+                        'source' => 'managed_environment_onboarding_wizard.inline_edit',
                     ]),
                 ],
                 actorId: (int) $user->getKey(),
@@ -5597,14 +5597,14 @@ public function updateSelectedProviderConnectionInline(int $providerConnectionId
 
         if ($changedFields !== []) {
             app(AuditLogger::class)->log(
-                tenant: $this->managedTenant,
+                tenant: $this->managedEnvironment,
                 action: 'provider_connection.updated',
                 context: [
                     'metadata' => $this->providerConnectionTargetScopeAuditMetadata($connection, [
                         'workspace_id' => (int) $this->workspace->getKey(),
                         'fields' => app(ProviderConnectionTargetScopeNormalizer::class)->auditFieldNames($changedFields),
                         'connection_type' => $targetType->value,
-                        'source' => 'managed_tenant_onboarding_wizard.inline_edit',
+                        'source' => 'managed_environment_onboarding_wizard.inline_edit',
                     ]),
                 ],
                 actorId: (int) $user->getKey(),
@@ -5616,13 +5616,13 @@ public function updateSelectedProviderConnectionInline(int $providerConnectionId
             );
         }
 
-        if ($this->onboardingSession instanceof TenantOnboardingSession) {
+        if ($this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             try {
                 $this->setOnboardingSession($this->mutationService()->mutate(
                     draft: $this->onboardingSession,
                     actor: $user,
                     expectedVersion: $this->expectedDraftVersion(),
-                    mutator: function (TenantOnboardingSession $draft) use ($connection): void {
+                    mutator: function (ManagedEnvironmentOnboardingSession $draft) use ($connection): void {
                         $state = is_array($draft->state) ? $draft->state : [];
 
                         unset(
@@ -5697,7 +5697,7 @@ private function resolveSelectedProviderConnection(ManagedEnvironment $tenant):
     {
         $providerConnectionId = $this->selectedProviderConnectionId;
 
-        if (! is_int($providerConnectionId) && $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! is_int($providerConnectionId) && $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             $candidate = $this->onboardingSession->state['provider_connection_id'] ?? null;
             $providerConnectionId = is_int($candidate) ? $candidate : null;
         }
@@ -5727,9 +5727,9 @@ private function resolvePersistedProviderConnectionId(mixed $providerConnectionI
             return null;
         }
 
-        $tenantId = $this->managedTenant?->getKey();
+        $tenantId = $this->managedEnvironment?->getKey();
 
-        if (! is_int($tenantId) && $this->onboardingSession instanceof TenantOnboardingSession) {
+        if (! is_int($tenantId) && $this->onboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             $tenantId = is_numeric($this->onboardingSession->managed_environment_id) ? (int) $this->onboardingSession->managed_environment_id : null;
         }
 
diff --git a/apps/platform/app/Filament/Pages/Workspaces/ManagedTenantsLanding.php b/apps/platform/app/Filament/Pages/Workspaces/ManagedEnvironmentsLanding.php
similarity index 92%
rename from apps/platform/app/Filament/Pages/Workspaces/ManagedTenantsLanding.php
rename to apps/platform/app/Filament/Pages/Workspaces/ManagedEnvironmentsLanding.php
index a7d9fcff..19f8190c 100644
--- a/apps/platform/app/Filament/Pages/Workspaces/ManagedTenantsLanding.php
+++ b/apps/platform/app/Filament/Pages/Workspaces/ManagedEnvironmentsLanding.php
@@ -4,7 +4,7 @@
 
 namespace App\Filament\Pages\Workspaces;
 
-use App\Filament\Pages\ChooseTenant;
+use App\Filament\Pages\ChooseEnvironment;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\Workspace;
@@ -17,7 +17,7 @@
 use Filament\Pages\Page;
 use Illuminate\Database\Eloquent\Collection;
 
-class ManagedTenantsLanding extends Page
+class ManagedEnvironmentsLanding extends Page
 {
     protected static bool $shouldRegisterNavigation = false;
 
@@ -25,7 +25,7 @@ class ManagedTenantsLanding extends Page
 
     protected static string $layout = 'filament-panels::components.layout.simple';
 
-    protected string $view = 'filament.pages.workspaces.managed-tenants-landing';
+    protected string $view = 'filament.pages.workspaces.managed-environments-landing';
 
     public Workspace $workspace;
 
@@ -90,9 +90,9 @@ public function getTenants(): Collection
             ->values();
     }
 
-    public function goToChooseTenant(): void
+    public function goToChooseEnvironment(): void
     {
-        $this->redirect(route('admin.workspace.managed-tenants.index', ['workspace' => $this->workspace]));
+        $this->redirect(route('admin.workspace.managed-environments.index', ['workspace' => $this->workspace]));
     }
 
     public function openTenant(int $tenantId): void
diff --git a/apps/platform/app/Filament/Resources/BaselineProfileResource/Pages/ViewBaselineProfile.php b/apps/platform/app/Filament/Resources/BaselineProfileResource/Pages/ViewBaselineProfile.php
index a2ae0d97..3c650038 100644
--- a/apps/platform/app/Filament/Resources/BaselineProfileResource/Pages/ViewBaselineProfile.php
+++ b/apps/platform/app/Filament/Resources/BaselineProfileResource/Pages/ViewBaselineProfile.php
@@ -64,8 +64,8 @@ private function captureAction(): Action
             : 'Capture baseline';
 
         $modalDescription = $captureMode === BaselineCaptureMode::FullContent
-            ? 'Select the source tenant. This will capture content evidence on demand (redacted) and may take longer depending on scope.'
-            : 'Select the source tenant whose current inventory will be captured as the baseline snapshot.';
+            ? 'Select the source environment. This will capture content evidence on demand (redacted) and may take longer depending on scope.'
+            : 'Select the source environment whose current inventory will be captured as the baseline snapshot.';
 
         $action = Action::make('capture')
             ->label($label)
@@ -76,8 +76,8 @@ private function captureAction(): Action
             ->modalHeading($label)
             ->modalDescription($modalDescription)
             ->form([
-                Select::make('source_tenant_id')
-                    ->label('Source ManagedEnvironment')
+                Select::make('source_environment_id')
+                    ->label('Source managed environment')
                     ->options(fn (): array => $this->getWorkspaceTenantOptions())
                     ->required()
                     ->searchable(),
@@ -91,11 +91,11 @@ private function captureAction(): Action
 
                 /** @var BaselineProfile $profile */
                 $profile = $this->getRecord();
-                $sourceTenant = ManagedEnvironment::query()->find((int) $data['source_tenant_id']);
+                $sourceTenant = ManagedEnvironment::query()->find((int) $data['source_environment_id']);
 
                 if (! $sourceTenant instanceof ManagedEnvironment) {
                     Notification::make()
-                        ->title('Source tenant not found')
+                        ->title('Source environment not found')
                         ->danger()
                         ->send();
 
@@ -175,8 +175,8 @@ private function compareNowAction(): Action
             : 'Compare now';
 
         $modalDescription = $captureMode === BaselineCaptureMode::FullContent
-            ? 'Select the target tenant. This will refresh content evidence on demand (redacted) before comparing.'
-            : 'Select the target tenant to compare its current inventory against the effective current baseline snapshot.';
+            ? 'Select the target environment. This will refresh content evidence on demand (redacted) before comparing.'
+            : 'Select the target environment to compare its current inventory against the effective current baseline snapshot.';
 
         return Action::make('compareNow')
             ->label($label)
@@ -187,8 +187,8 @@ private function compareNowAction(): Action
             ->modalHeading($label)
             ->modalDescription($modalDescription)
             ->form([
-                Select::make('target_tenant_id')
-                    ->label('Target ManagedEnvironment')
+                Select::make('target_environment_id')
+                    ->label('Target managed environment')
                     ->options(fn (): array => $this->getEligibleCompareTenantOptions())
                     ->required()
                     ->searchable(),
@@ -204,11 +204,11 @@ private function compareNowAction(): Action
                 /** @var BaselineProfile $profile */
                 $profile = $this->getRecord();
 
-                $targetTenant = ManagedEnvironment::query()->find((int) $data['target_tenant_id']);
+                $targetTenant = ManagedEnvironment::query()->find((int) $data['target_environment_id']);
 
                 if (! $targetTenant instanceof ManagedEnvironment || (int) $targetTenant->workspace_id !== (int) $profile->workspace_id) {
                     Notification::make()
-                        ->title('Target tenant not found')
+                        ->title('Target environment not found')
                         ->danger()
                         ->send();
 
diff --git a/apps/platform/app/Filament/Resources/TenantReviewResource.php b/apps/platform/app/Filament/Resources/EnvironmentReviewResource.php
similarity index 84%
rename from apps/platform/app/Filament/Resources/TenantReviewResource.php
rename to apps/platform/app/Filament/Resources/EnvironmentReviewResource.php
index 699edbc8..601c59f4 100644
--- a/apps/platform/app/Filament/Resources/TenantReviewResource.php
+++ b/apps/platform/app/Filament/Resources/EnvironmentReviewResource.php
@@ -8,16 +8,16 @@
 use App\Filament\Concerns\ResolvesPanelTenantContext;
 use App\Filament\Concerns\WorkspaceScopedTenantRoutes;
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
-use App\Filament\Resources\TenantReviewResource\Pages;
+use App\Filament\Resources\EnvironmentReviewResource\Pages;
 use App\Exceptions\Entitlements\WorkspaceEntitlementBlockedException;
 use App\Models\EvidenceSnapshot;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
-use App\Models\TenantReviewSection;
+use App\Models\EnvironmentReview;
+use App\Models\EnvironmentReviewSection;
 use App\Models\User;
 use App\Services\ReviewPackService;
-use App\Services\TenantReviews\TenantReviewService;
+use App\Services\EnvironmentReviews\EnvironmentReviewService;
 use App\Support\Auth\Capabilities;
 use App\Support\Auth\UiTooltips as AuthUiTooltips;
 use App\Support\Badges\BadgeCatalog;
@@ -31,8 +31,8 @@
 use App\Support\ReasonTranslation\ReasonPresenter;
 use App\Support\ReviewPackStatus;
 use App\Support\Rbac\UiEnforcement;
-use App\Support\TenantReviewCompletenessState;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewCompletenessState;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Ui\ActionSurface\ActionSurfaceDeclaration;
 use App\Support\Ui\ActionSurface\Enums\ActionSurfaceInspectAffordance;
 use App\Support\Ui\ActionSurface\Enums\ActionSurfaceProfile;
@@ -62,7 +62,7 @@
 use Illuminate\Support\Str;
 use UnitEnum;
 
-class TenantReviewResource extends Resource
+class EnvironmentReviewResource extends Resource
 {
     use InteractsWithTenantOwnedRecords;
     use ResolvesPanelTenantContext;
@@ -70,7 +70,7 @@ class TenantReviewResource extends Resource
 
     protected static bool $isDiscovered = false;
 
-    protected static ?string $model = TenantReview::class;
+    protected static ?string $model = EnvironmentReview::class;
 
     protected static ?string $slug = 'reviews';
 
@@ -95,7 +95,7 @@ public static function shouldRegisterNavigation(): bool
     public static function getSlug(?Panel $panel = null): string
     {
         $slug = $panel?->getId() === 'admin'
-            ? 'tenant-reviews'
+            ? 'environment-reviews'
             : parent::getSlug($panel);
 
         return static::workspaceScopedSlug($slug, $panel);
@@ -134,7 +134,7 @@ public static function canViewAny(): bool
             return false;
         }
 
-        return $user->can(Capabilities::TENANT_REVIEW_VIEW, $tenant);
+        return $user->can(Capabilities::ENVIRONMENT_REVIEW_VIEW, $tenant);
     }
 
     public static function canView(Model $record): bool
@@ -142,7 +142,7 @@ public static function canView(Model $record): bool
         $tenant = static::resolveTenantContextForCurrentPanel();
         $user = auth()->user();
 
-        if (! $tenant instanceof ManagedEnvironment || ! $user instanceof User || ! $record instanceof TenantReview) {
+        if (! $tenant instanceof ManagedEnvironment || ! $user instanceof User || ! $record instanceof EnvironmentReview) {
             return false;
         }
 
@@ -194,7 +194,7 @@ public static function infolist(Schema $schema): Schema
                     ViewEntry::make('artifact_truth')
                         ->hiddenLabel()
                         ->view('filament.infolists.entries.governance-artifact-truth')
-                        ->state(fn (TenantReview $record): array => static::truthState($record))
+                        ->state(fn (EnvironmentReview $record): array => static::truthState($record))
                         ->columnSpanFull(),
                 ])
                 ->columnSpanFull(),
@@ -202,30 +202,30 @@ public static function infolist(Schema $schema): Schema
                 ->schema([
                     TextEntry::make('status')
                         ->badge()
-                        ->formatStateUsing(BadgeRenderer::label(BadgeDomain::TenantReviewStatus))
-                        ->color(BadgeRenderer::color(BadgeDomain::TenantReviewStatus))
-                        ->icon(BadgeRenderer::icon(BadgeDomain::TenantReviewStatus))
-                        ->iconColor(BadgeRenderer::iconColor(BadgeDomain::TenantReviewStatus)),
+                        ->formatStateUsing(BadgeRenderer::label(BadgeDomain::EnvironmentReviewStatus))
+                        ->color(BadgeRenderer::color(BadgeDomain::EnvironmentReviewStatus))
+                        ->icon(BadgeRenderer::icon(BadgeDomain::EnvironmentReviewStatus))
+                        ->iconColor(BadgeRenderer::iconColor(BadgeDomain::EnvironmentReviewStatus)),
                     TextEntry::make('completeness_state')
                         ->label(__('localization.review.completeness'))
                         ->badge()
-                        ->formatStateUsing(BadgeRenderer::label(BadgeDomain::TenantReviewCompleteness))
-                        ->color(BadgeRenderer::color(BadgeDomain::TenantReviewCompleteness))
-                        ->icon(BadgeRenderer::icon(BadgeDomain::TenantReviewCompleteness))
-                        ->iconColor(BadgeRenderer::iconColor(BadgeDomain::TenantReviewCompleteness)),
+                        ->formatStateUsing(BadgeRenderer::label(BadgeDomain::EnvironmentReviewCompleteness))
+                        ->color(BadgeRenderer::color(BadgeDomain::EnvironmentReviewCompleteness))
+                        ->icon(BadgeRenderer::icon(BadgeDomain::EnvironmentReviewCompleteness))
+                        ->iconColor(BadgeRenderer::iconColor(BadgeDomain::EnvironmentReviewCompleteness)),
                     TextEntry::make('tenant.name')->label(__('localization.review.tenant')),
                     TextEntry::make('generated_at')->dateTime()->placeholder('—'),
                     TextEntry::make('published_at')->dateTime()->placeholder('—'),
                     TextEntry::make('evidenceSnapshot.id')
                         ->label(__('localization.review.evidence_snapshot'))
                         ->formatStateUsing(fn (?int $state): string => $state ? '#'.$state : '—')
-                        ->url(fn (TenantReview $record): ?string => $record->evidenceSnapshot
+                        ->url(fn (EnvironmentReview $record): ?string => $record->evidenceSnapshot
                             ? EvidenceSnapshotResource::getUrl('view', ['record' => $record->evidenceSnapshot], tenant: $record->tenant)
                             : null),
                     TextEntry::make('currentExportReviewPack.id')
                         ->label(__('localization.review.current_export'))
                         ->formatStateUsing(fn (?int $state): string => $state ? '#'.$state : '—')
-                        ->url(fn (TenantReview $record): ?string => $record->currentExportReviewPack
+                        ->url(fn (EnvironmentReview $record): ?string => $record->currentExportReviewPack
                             ? ReviewPackResource::getUrl('view', ['record' => $record->currentExportReviewPack], tenant: $record->tenant)
                             : null),
                     TextEntry::make('fingerprint')
@@ -242,32 +242,32 @@ public static function infolist(Schema $schema): Schema
                 ->schema([
                     ViewEntry::make('review_summary')
                         ->hiddenLabel()
-                        ->view('filament.infolists.entries.tenant-review-summary')
-                        ->state(fn (TenantReview $record): array => static::summaryPresentation($record))
+                        ->view('filament.infolists.entries.environment-review-summary')
+                        ->state(fn (EnvironmentReview $record): array => static::summaryPresentation($record))
                         ->columnSpanFull(),
                 ])
                 ->columnSpanFull(),
             Section::make(__('localization.review.sections'))
                 ->schema([
                     RepeatableEntry::make('sections')
-                        ->state(fn (TenantReview $record): array => static::visibleSections($record))
+                        ->state(fn (EnvironmentReview $record): array => static::visibleSections($record))
                         ->hiddenLabel()
                         ->schema([
                             TextEntry::make('title'),
                             TextEntry::make('completeness_state')
                                 ->label(__('localization.review.completeness'))
                                 ->badge()
-                                ->formatStateUsing(BadgeRenderer::label(BadgeDomain::TenantReviewCompleteness))
-                                ->color(BadgeRenderer::color(BadgeDomain::TenantReviewCompleteness))
-                                ->icon(BadgeRenderer::icon(BadgeDomain::TenantReviewCompleteness))
-                                ->iconColor(BadgeRenderer::iconColor(BadgeDomain::TenantReviewCompleteness)),
+                                ->formatStateUsing(BadgeRenderer::label(BadgeDomain::EnvironmentReviewCompleteness))
+                                ->color(BadgeRenderer::color(BadgeDomain::EnvironmentReviewCompleteness))
+                                ->icon(BadgeRenderer::icon(BadgeDomain::EnvironmentReviewCompleteness))
+                                ->iconColor(BadgeRenderer::iconColor(BadgeDomain::EnvironmentReviewCompleteness)),
                             TextEntry::make('measured_at')->dateTime()->placeholder('—'),
                             Section::make(__('localization.review.details'))
                                 ->schema([
                                     ViewEntry::make('section_payload')
                                         ->hiddenLabel()
-                                        ->view('filament.infolists.entries.tenant-review-section')
-                                        ->state(fn (TenantReviewSection $record): array => static::sectionPresentation($record))
+                                        ->view('filament.infolists.entries.environment-review-section')
+                                        ->state(fn (EnvironmentReviewSection $record): array => static::sectionPresentation($record))
                                         ->columnSpanFull(),
                                 ])
                                 ->collapsible()
@@ -281,12 +281,12 @@ public static function infolist(Schema $schema): Schema
     }
 
     /**
-     * @return array<int, TenantReviewSection>
+     * @return array<int, EnvironmentReviewSection>
      */
-    private static function visibleSections(TenantReview $record): array
+    private static function visibleSections(EnvironmentReview $record): array
     {
         return $record->sections
-            ->reject(fn (TenantReviewSection $section): bool => static::isCustomerWorkspaceMode() && $section->isControlInterpretation())
+            ->reject(fn (EnvironmentReviewSection $section): bool => static::isCustomerWorkspaceMode() && $section->isControlInterpretation())
             ->values()
             ->all();
     }
@@ -297,43 +297,43 @@ public static function table(Table $table): Table
             Actions\Action::make('export_executive_pack')
                 ->label(__('localization.review.export_executive_pack'))
                 ->icon('heroicon-o-arrow-down-tray')
-                ->visible(fn (TenantReview $record): bool => in_array($record->status, [
-                    TenantReviewStatus::Ready->value,
-                    TenantReviewStatus::Published->value,
+                ->visible(fn (EnvironmentReview $record): bool => in_array($record->status, [
+                    EnvironmentReviewStatus::Ready->value,
+                    EnvironmentReviewStatus::Published->value,
                 ], true))
-                ->disabled(fn (TenantReview $record): bool => static::reviewPackGenerationBlocked($record->tenant))
-                ->action(fn (TenantReview $record): mixed => static::executeExport($record)),
-            fn (TenantReview $record): TenantReview => $record,
+                ->disabled(fn (EnvironmentReview $record): bool => static::reviewPackGenerationBlocked($record->tenant))
+                ->action(fn (EnvironmentReview $record): mixed => static::executeExport($record)),
+            fn (EnvironmentReview $record): EnvironmentReview => $record,
         )
-            ->requireCapability(Capabilities::TENANT_REVIEW_MANAGE)
+            ->requireCapability(Capabilities::ENVIRONMENT_REVIEW_MANAGE)
             ->preserveVisibility()
             ->preserveDisabled()
             ->apply();
 
-        $exportExecutivePackAction->tooltip(fn (TenantReview $record): ?string => static::reviewPackGenerationActionTooltip($record->tenant));
+        $exportExecutivePackAction->tooltip(fn (EnvironmentReview $record): ?string => static::reviewPackGenerationActionTooltip($record->tenant));
 
         return $table
             ->defaultSort('generated_at', 'desc')
             ->persistFiltersInSession()
             ->persistSearchInSession()
             ->persistSortInSession()
-            ->recordUrl(fn (TenantReview $record): string => static::tenantScopedUrl('view', ['record' => $record], $record->tenant))
+            ->recordUrl(fn (EnvironmentReview $record): string => static::tenantScopedUrl('view', ['record' => $record], $record->tenant))
             ->columns([
                 Tables\Columns\TextColumn::make('status')
                     ->badge()
-                    ->formatStateUsing(BadgeRenderer::label(BadgeDomain::TenantReviewStatus))
-                    ->color(BadgeRenderer::color(BadgeDomain::TenantReviewStatus))
-                    ->icon(BadgeRenderer::icon(BadgeDomain::TenantReviewStatus))
-                    ->iconColor(BadgeRenderer::iconColor(BadgeDomain::TenantReviewStatus))
+                    ->formatStateUsing(BadgeRenderer::label(BadgeDomain::EnvironmentReviewStatus))
+                    ->color(BadgeRenderer::color(BadgeDomain::EnvironmentReviewStatus))
+                    ->icon(BadgeRenderer::icon(BadgeDomain::EnvironmentReviewStatus))
+                    ->iconColor(BadgeRenderer::iconColor(BadgeDomain::EnvironmentReviewStatus))
                     ->sortable(),
                 Tables\Columns\TextColumn::make('outcome')
                     ->label(__('localization.review.outcome'))
                     ->badge()
-                    ->getStateUsing(fn (TenantReview $record): string => static::compressedOutcome($record)->primaryLabel)
-                    ->color(fn (TenantReview $record): string => static::compressedOutcome($record)->primaryBadge->color)
-                    ->icon(fn (TenantReview $record): ?string => static::compressedOutcome($record)->primaryBadge->icon)
-                    ->iconColor(fn (TenantReview $record): ?string => static::compressedOutcome($record)->primaryBadge->iconColor)
-                    ->description(fn (TenantReview $record): ?string => static::compressedOutcome($record)->primaryReason)
+                    ->getStateUsing(fn (EnvironmentReview $record): string => static::compressedOutcome($record)->primaryLabel)
+                    ->color(fn (EnvironmentReview $record): string => static::compressedOutcome($record)->primaryBadge->color)
+                    ->icon(fn (EnvironmentReview $record): ?string => static::compressedOutcome($record)->primaryBadge->icon)
+                    ->iconColor(fn (EnvironmentReview $record): ?string => static::compressedOutcome($record)->primaryBadge->iconColor)
+                    ->description(fn (EnvironmentReview $record): ?string => static::compressedOutcome($record)->primaryReason)
                     ->wrap(),
                 Tables\Columns\TextColumn::make('generated_at')->dateTime()->placeholder('—')->sortable(),
                 Tables\Columns\TextColumn::make('published_at')->dateTime()->placeholder('—')->sortable(),
@@ -342,7 +342,7 @@ public static function table(Table $table): Table
                     ->boolean(),
                 Tables\Columns\TextColumn::make('next_step')
                     ->label(__('localization.review.next_step'))
-                    ->getStateUsing(fn (TenantReview $record): string => static::compressedOutcome($record)->nextActionText)
+                    ->getStateUsing(fn (EnvironmentReview $record): string => static::compressedOutcome($record)->nextActionText)
                     ->wrap(),
                 Tables\Columns\TextColumn::make('fingerprint')
                     ->toggleable(isToggledHiddenByDefault: true)
@@ -350,18 +350,18 @@ public static function table(Table $table): Table
             ])
             ->filters([
                 Tables\Filters\SelectFilter::make('status')
-                    ->options(collect(TenantReviewStatus::cases())
-                        ->mapWithKeys(fn (TenantReviewStatus $status): array => [$status->value => Str::headline($status->value)])
+                    ->options(collect(EnvironmentReviewStatus::cases())
+                        ->mapWithKeys(fn (EnvironmentReviewStatus $status): array => [$status->value => Str::headline($status->value)])
                         ->all()),
                 Tables\Filters\SelectFilter::make('completeness_state')
-                    ->options(BadgeCatalog::options(BadgeDomain::TenantReviewCompleteness, TenantReviewCompletenessState::values())),
+                    ->options(BadgeCatalog::options(BadgeDomain::EnvironmentReviewCompleteness, EnvironmentReviewCompletenessState::values())),
                 \App\Support\Filament\FilterPresets::dateRange('review_date', __('localization.review.review_date'), 'generated_at'),
             ])
             ->actions([
                 $exportExecutivePackAction,
             ])
             ->bulkActions([])
-            ->emptyStateHeading(__('localization.review.no_tenant_reviews_yet'))
+            ->emptyStateHeading(__('localization.review.no_environment_reviews_yet'))
             ->emptyStateDescription(__('localization.review.create_first_review_description'))
             ->emptyStateActions([
                 static::makeCreateReviewAction(
@@ -375,8 +375,8 @@ public static function table(Table $table): Table
     public static function getPages(): array
     {
         return [
-            'index' => Pages\ListTenantReviews::route('/'),
-            'view' => Pages\ViewTenantReview::route('/{record}'),
+            'index' => Pages\ListEnvironmentReviews::route('/'),
+            'view' => Pages\ViewEnvironmentReview::route('/{record}'),
         ];
     }
 
@@ -406,7 +406,7 @@ public static function makeCreateReviewAction(
                 ])
                 ->action(fn (array $data): mixed => static::executeCreateReview($data)),
         )
-            ->requireCapability(Capabilities::TENANT_REVIEW_MANAGE)
+            ->requireCapability(Capabilities::ENVIRONMENT_REVIEW_MANAGE)
             ->apply();
     }
 
@@ -428,7 +428,7 @@ public static function executeCreateReview(array $data): void
             abort(404);
         }
 
-        if (! $user->can(Capabilities::TENANT_REVIEW_MANAGE, $tenant)) {
+        if (! $user->can(Capabilities::ENVIRONMENT_REVIEW_MANAGE, $tenant)) {
             abort(403);
         }
 
@@ -447,7 +447,7 @@ public static function executeCreateReview(array $data): void
         }
 
         try {
-            $review = app(TenantReviewService::class)->create($tenant, $snapshot, $user);
+            $review = app(EnvironmentReviewService::class)->create($tenant, $snapshot, $user);
         } catch (\Throwable $throwable) {
             Notification::make()->danger()->title(__('localization.review.unable_create_review'))->body($throwable->getMessage())->send();
 
@@ -471,7 +471,7 @@ public static function executeCreateReview(array $data): void
             return;
         }
 
-        $toast = OperationUxPresenter::queuedToast(OperationRunType::TenantReviewCompose->value)
+        $toast = OperationUxPresenter::queuedToast(OperationRunType::EnvironmentReviewCompose->value)
             ->body(__('localization.review.review_composing_background'));
 
         if ($review->operation_run_id) {
@@ -535,7 +535,7 @@ public static function reviewPackGenerationActionTooltip(?ManagedEnvironment $te
         $tenant ??= static::panelTenantContext();
         $user = auth()->user();
 
-        if ($tenant instanceof ManagedEnvironment && $user instanceof User && ! $user->can(Capabilities::TENANT_REVIEW_MANAGE, $tenant)) {
+        if ($tenant instanceof ManagedEnvironment && $user instanceof User && ! $user->can(Capabilities::ENVIRONMENT_REVIEW_MANAGE, $tenant)) {
             return AuthUiTooltips::insufficientPermission();
         }
 
@@ -543,7 +543,7 @@ public static function reviewPackGenerationActionTooltip(?ManagedEnvironment $te
             ?? static::reviewPackGenerationWarningReason($tenant);
     }
 
-    public static function executeExport(TenantReview $review): void
+    public static function executeExport(EnvironmentReview $review): void
     {
         $review->loadMissing(['tenant', 'currentExportReviewPack']);
         $user = auth()->user();
@@ -654,13 +654,13 @@ private static function evidenceSnapshotOptions(): array
 
     private static function reviewCompletenessCountLabel(string $state): string
     {
-        return BadgeCatalog::spec(BadgeDomain::TenantReviewCompleteness, $state)->label;
+        return BadgeCatalog::spec(BadgeDomain::EnvironmentReviewCompleteness, $state)->label;
     }
 
     /**
      * @return array<string, mixed>
      */
-    private static function summaryPresentation(TenantReview $record): array
+    private static function summaryPresentation(EnvironmentReview $record): array
     {
         $summary = is_array($record->summary) ? $record->summary : [];
         $truthEnvelope = static::truthEnvelope($record);
@@ -706,7 +706,7 @@ private static function summaryPresentation(TenantReview $record): array
      * @param  array<string, mixed>  $packagePresentation
      * @return array<int, array{label:string,value:string}>
      */
-    private static function customerWorkspaceMetrics(TenantReview $record, array $summary, array $packagePresentation): array
+    private static function customerWorkspaceMetrics(EnvironmentReview $record, array $summary, array $packagePresentation): array
     {
         $acceptedRisk = is_array($summary['risk_acceptance'] ?? null) ? $summary['risk_acceptance'] : [];
 
@@ -719,9 +719,9 @@ private static function customerWorkspaceMetrics(TenantReview $record, array $su
         ];
     }
 
-    private static function customerReviewStatusLabel(TenantReview $record): string
+    private static function customerReviewStatusLabel(EnvironmentReview $record): string
     {
-        if ($record->isPublished() && (string) $record->completeness_state === TenantReviewCompletenessState::Complete->value) {
+        if ($record->isPublished() && (string) $record->completeness_state === EnvironmentReviewCompletenessState::Complete->value) {
             return __('localization.review.review_completed');
         }
 
@@ -732,7 +732,7 @@ private static function customerReviewStatusLabel(TenantReview $record): string
         return Str::headline((string) $record->status);
     }
 
-    private static function customerEvidenceStatusLabel(TenantReview $record): string
+    private static function customerEvidenceStatusLabel(EnvironmentReview $record): string
     {
         $snapshot = $record->evidenceSnapshot;
         $tenant = $record->tenant;
@@ -775,7 +775,7 @@ private static function customerAcceptedRiskStatusLabel(array $acceptedRisk): st
     /**
      * @return array<string, mixed>
      */
-    private static function governancePackagePresentation(TenantReview $record): array
+    private static function governancePackagePresentation(EnvironmentReview $record): array
     {
         $summary = is_array($record->summary) ? $record->summary : [];
         $package = is_array($summary['governance_package'] ?? null) ? $summary['governance_package'] : [];
@@ -793,7 +793,7 @@ private static function governancePackagePresentation(TenantReview $record): arr
     /**
      * @return array{state:string,label:string,description:string}
      */
-    private static function governancePackageAvailability(TenantReview $record): array
+    private static function governancePackageAvailability(EnvironmentReview $record): array
     {
         $pack = $record->currentExportReviewPack;
         $tenant = $record->tenant;
@@ -801,8 +801,8 @@ private static function governancePackageAvailability(TenantReview $record): arr
         $controlInterpretation = $record->controlInterpretation();
         $limitations = is_array($controlInterpretation['limitations'] ?? null) ? $controlInterpretation['limitations'] : [];
         $isPartialReview = in_array((string) $record->completeness_state, [
-            TenantReviewCompletenessState::Partial->value,
-            TenantReviewCompletenessState::Stale->value,
+            EnvironmentReviewCompletenessState::Partial->value,
+            EnvironmentReviewCompletenessState::Stale->value,
         ], true) || $limitations !== [];
 
         if (! $pack instanceof ReviewPack) {
@@ -855,7 +855,7 @@ private static function governancePackageAvailability(TenantReview $record): arr
     /**
      * @return array<int, array{title:string,label:string,url:?string,description:string}>
      */
-    private static function summaryContextLinks(TenantReview $record, bool $customerWorkspaceMode = false): array
+    private static function summaryContextLinks(EnvironmentReview $record, bool $customerWorkspaceMode = false): array
     {
         $links = [];
 
@@ -913,15 +913,15 @@ private static function summaryContextLinks(TenantReview $record, bool $customer
     /**
      * @return array<string, mixed>
      */
-    private static function sectionPresentation(TenantReviewSection $section): array
+    private static function sectionPresentation(EnvironmentReviewSection $section): array
     {
         $summary = is_array($section->summary_payload) ? $section->summary_payload : [];
         $render = is_array($section->render_payload) ? $section->render_payload : [];
-        $review = $section->tenantReview;
+        $review = $section->environmentReview;
         $tenant = $section->tenant;
         $links = [];
 
-        if ($section->isControlInterpretation() && $review instanceof TenantReview && $tenant instanceof ManagedEnvironment && $review->evidenceSnapshot instanceof EvidenceSnapshot) {
+        if ($section->isControlInterpretation() && $review instanceof EnvironmentReview && $tenant instanceof ManagedEnvironment && $review->evidenceSnapshot instanceof EvidenceSnapshot) {
             $user = auth()->user();
 
             if ($user instanceof User && $user->can(Capabilities::EVIDENCE_VIEW, $tenant)) {
@@ -960,34 +960,34 @@ private static function sectionPresentation(TenantReviewSection $section): array
         ];
     }
 
-    private static function truthEnvelope(TenantReview $record, bool $fresh = false): ArtifactTruthEnvelope
+    private static function truthEnvelope(EnvironmentReview $record, bool $fresh = false): ArtifactTruthEnvelope
     {
         $presenter = app(ArtifactTruthPresenter::class);
 
         return $fresh
-            ? $presenter->forTenantReviewFresh($record)
-            : $presenter->forTenantReview($record);
+            ? $presenter->forEnvironmentReviewFresh($record)
+            : $presenter->forEnvironmentReview($record);
     }
 
     /**
      * @return array<string, mixed>
      */
-    private static function truthState(TenantReview $record, bool $fresh = false): array
+    private static function truthState(EnvironmentReview $record, bool $fresh = false): array
     {
         $presenter = app(ArtifactTruthPresenter::class);
 
-        return $presenter->surfaceStateFor($record, SurfaceCompressionContext::tenantReview(), $fresh)
+        return $presenter->surfaceStateFor($record, SurfaceCompressionContext::environmentReview(), $fresh)
             ?? static::truthEnvelope($record, $fresh)->toArray(static::compressedOutcome($record, $fresh));
     }
 
-    private static function compressedOutcome(TenantReview $record, bool $fresh = false): CompressedGovernanceOutcome
+    private static function compressedOutcome(EnvironmentReview $record, bool $fresh = false): CompressedGovernanceOutcome
     {
         $presenter = app(ArtifactTruthPresenter::class);
 
-        return $presenter->compressedOutcomeFor($record, SurfaceCompressionContext::tenantReview(), $fresh)
+        return $presenter->compressedOutcomeFor($record, SurfaceCompressionContext::environmentReview(), $fresh)
             ?? $presenter->compressedOutcomeFromEnvelope(
                 static::truthEnvelope($record, $fresh),
-                SurfaceCompressionContext::tenantReview(),
+                SurfaceCompressionContext::environmentReview(),
             );
     }
 
@@ -1013,7 +1013,7 @@ private static function isCustomerWorkspaceMode(): bool
     /**
      * @return array<string, mixed>
      */
-    private static function customerWorkspaceEvidenceQuery(TenantReview $record): array
+    private static function customerWorkspaceEvidenceQuery(EnvironmentReview $record): array
     {
         return array_filter([
             'source_surface' => CustomerReviewWorkspace::SOURCE_SURFACE,
diff --git a/apps/platform/app/Filament/Resources/EnvironmentReviewResource/Pages/ListEnvironmentReviews.php b/apps/platform/app/Filament/Resources/EnvironmentReviewResource/Pages/ListEnvironmentReviews.php
new file mode 100644
index 00000000..a9f8ea13
--- /dev/null
+++ b/apps/platform/app/Filament/Resources/EnvironmentReviewResource/Pages/ListEnvironmentReviews.php
@@ -0,0 +1,20 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Filament\Resources\EnvironmentReviewResource\Pages;
+
+use App\Filament\Resources\EnvironmentReviewResource;
+use Filament\Resources\Pages\ListRecords;
+
+class ListEnvironmentReviews extends ListRecords
+{
+    protected static string $resource = EnvironmentReviewResource::class;
+
+    protected function getHeaderActions(): array
+    {
+        return [
+            EnvironmentReviewResource::makeCreateReviewAction(),
+        ];
+    }
+}
diff --git a/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php b/apps/platform/app/Filament/Resources/EnvironmentReviewResource/Pages/ViewEnvironmentReview.php
similarity index 85%
rename from apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php
rename to apps/platform/app/Filament/Resources/EnvironmentReviewResource/Pages/ViewEnvironmentReview.php
index 56836621..82569c68 100644
--- a/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ViewTenantReview.php
+++ b/apps/platform/app/Filament/Resources/EnvironmentReviewResource/Pages/ViewEnvironmentReview.php
@@ -2,23 +2,23 @@
 
 declare(strict_types=1);
 
-namespace App\Filament\Resources\TenantReviewResource\Pages;
+namespace App\Filament\Resources\EnvironmentReviewResource\Pages;
 
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Services\ReviewPackService;
 use App\Services\Audit\WorkspaceAuditLogger;
-use App\Services\TenantReviews\TenantReviewLifecycleService;
-use App\Services\TenantReviews\TenantReviewService;
+use App\Services\EnvironmentReviews\EnvironmentReviewLifecycleService;
+use App\Services\EnvironmentReviews\EnvironmentReviewService;
 use App\Support\Audit\AuditActionId;
 use App\Support\Auth\Capabilities;
 use App\Support\Rbac\UiEnforcement;
 use App\Support\ReviewPackStatus;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Ui\GovernanceActions\GovernanceActionCatalog;
 use Filament\Actions;
 use Filament\Forms\Components\Textarea;
@@ -26,9 +26,9 @@
 use Filament\Resources\Pages\ViewRecord;
 use Illuminate\Database\Eloquent\Model;
 
-class ViewTenantReview extends ViewRecord
+class ViewEnvironmentReview extends ViewRecord
 {
-    protected static string $resource = TenantReviewResource::class;
+    protected static string $resource = EnvironmentReviewResource::class;
 
     public function mount(int|string $record): void
     {
@@ -39,16 +39,16 @@ public function mount(int|string $record): void
 
     protected function resolveRecord(int|string $key): Model
     {
-        return TenantReviewResource::resolveScopedRecordOrFail($key);
+        return EnvironmentReviewResource::resolveScopedRecordOrFail($key);
     }
 
     protected function authorizeAccess(): void
     {
-        $tenant = TenantReviewResource::panelTenantContext();
+        $tenant = EnvironmentReviewResource::panelTenantContext();
         $record = $this->getRecord();
         $user = auth()->user();
 
-        if (! $user instanceof User || ! $tenant instanceof ManagedEnvironment || ! $record instanceof TenantReview) {
+        if (! $user instanceof User || ! $tenant instanceof ManagedEnvironment || ! $record instanceof EnvironmentReview) {
             abort(404);
         }
 
@@ -108,11 +108,11 @@ private function primaryLifecycleActionName(): ?string
             return null;
         }
 
-        if ((string) $this->record->status === TenantReviewStatus::Published->value) {
+        if ((string) $this->record->status === EnvironmentReviewStatus::Published->value) {
             return 'export_executive_pack';
         }
 
-        if ((string) $this->record->status === TenantReviewStatus::Ready->value) {
+        if ((string) $this->record->status === EnvironmentReviewStatus::Ready->value) {
             return 'publish_review';
         }
 
@@ -157,8 +157,8 @@ private function secondaryLifecycleActionNames(): array
         }
 
         if (in_array((string) $this->record->status, [
-            TenantReviewStatus::Ready->value,
-            TenantReviewStatus::Published->value,
+            EnvironmentReviewStatus::Ready->value,
+            EnvironmentReviewStatus::Published->value,
         ], true)) {
             $names[] = 'export_executive_pack';
         }
@@ -194,7 +194,7 @@ private function refreshReviewAction(): Actions\Action
                     }
 
                     try {
-                        app(TenantReviewService::class)->refresh($this->record, $user);
+                        app(EnvironmentReviewService::class)->refresh($this->record, $user);
                     } catch (\Throwable $throwable) {
                         Notification::make()->danger()->title('Unable to refresh review')->body($throwable->getMessage())->send();
 
@@ -204,7 +204,7 @@ private function refreshReviewAction(): Actions\Action
                     Notification::make()->success()->title($rule->successTitle)->send();
                 }),
         )
-            ->requireCapability(Capabilities::TENANT_REVIEW_MANAGE)
+            ->requireCapability(Capabilities::ENVIRONMENT_REVIEW_MANAGE)
             ->apply();
     }
 
@@ -236,7 +236,7 @@ private function publishReviewAction(): Actions\Action
                     }
 
                     try {
-                        app(TenantReviewLifecycleService::class)->publish(
+                        app(EnvironmentReviewLifecycleService::class)->publish(
                             $this->record,
                             $user,
                             (string) ($data['publish_reason'] ?? ''),
@@ -251,7 +251,7 @@ private function publishReviewAction(): Actions\Action
                     Notification::make()->success()->title($rule->successTitle)->send();
                 }),
         )
-            ->requireCapability(Capabilities::TENANT_REVIEW_MANAGE)
+            ->requireCapability(Capabilities::ENVIRONMENT_REVIEW_MANAGE)
             ->preserveVisibility()
             ->apply();
     }
@@ -264,18 +264,18 @@ private function exportExecutivePackAction(): Actions\Action
                 ->icon('heroicon-o-arrow-down-tray')
                 ->color('primary')
                 ->hidden(fn (): bool => ! in_array((string) $this->record->status, [
-                    TenantReviewStatus::Ready->value,
-                    TenantReviewStatus::Published->value,
+                    EnvironmentReviewStatus::Ready->value,
+                    EnvironmentReviewStatus::Published->value,
                 ], true))
-                ->disabled(fn (): bool => TenantReviewResource::reviewPackGenerationBlocked($this->record->tenant))
-                ->action(fn (): mixed => TenantReviewResource::executeExport($this->record)),
+                ->disabled(fn (): bool => EnvironmentReviewResource::reviewPackGenerationBlocked($this->record->tenant))
+                ->action(fn (): mixed => EnvironmentReviewResource::executeExport($this->record)),
         )
-            ->requireCapability(Capabilities::TENANT_REVIEW_MANAGE)
+            ->requireCapability(Capabilities::ENVIRONMENT_REVIEW_MANAGE)
             ->preserveVisibility()
             ->preserveDisabled()
             ->apply();
 
-        $action->tooltip(fn (): ?string => TenantReviewResource::reviewPackGenerationActionTooltip($this->record->tenant));
+        $action->tooltip(fn (): ?string => EnvironmentReviewResource::reviewPackGenerationActionTooltip($this->record->tenant));
 
         return $action;
     }
@@ -295,17 +295,17 @@ private function createNextReviewAction(): Actions\Action
                     }
 
                     try {
-                        $nextReview = app(TenantReviewLifecycleService::class)->createNextReview($this->record, $user);
+                        $nextReview = app(EnvironmentReviewLifecycleService::class)->createNextReview($this->record, $user);
                     } catch (\Throwable $throwable) {
                         Notification::make()->danger()->title('Unable to create next review')->body($throwable->getMessage())->send();
 
                         return;
                     }
 
-                    $this->redirect(TenantReviewResource::tenantScopedUrl('view', ['record' => $nextReview], $nextReview->tenant));
+                    $this->redirect(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $nextReview], $nextReview->tenant));
                 }),
         )
-            ->requireCapability(Capabilities::TENANT_REVIEW_MANAGE)
+            ->requireCapability(Capabilities::ENVIRONMENT_REVIEW_MANAGE)
             ->preserveVisibility()
             ->apply();
     }
@@ -337,7 +337,7 @@ private function archiveReviewAction(): Actions\Action
                         abort(403);
                     }
 
-                    app(TenantReviewLifecycleService::class)->archive(
+                    app(EnvironmentReviewLifecycleService::class)->archive(
                         $this->record,
                         $user,
                         (string) ($data['archive_reason'] ?? ''),
@@ -347,7 +347,7 @@ private function archiveReviewAction(): Actions\Action
                     Notification::make()->success()->title($rule->successTitle)->send();
                 }),
         )
-            ->requireCapability(Capabilities::TENANT_REVIEW_MANAGE)
+            ->requireCapability(Capabilities::ENVIRONMENT_REVIEW_MANAGE)
             ->preserveVisibility()
             ->apply();
     }
@@ -443,7 +443,7 @@ private function auditCustomerWorkspaceOpen(): void
 
         app(WorkspaceAuditLogger::class)->log(
             workspace: $tenant->workspace,
-            action: AuditActionId::TenantReviewOpened,
+            action: AuditActionId::EnvironmentReviewOpened,
             context: [
                 'metadata' => [
                     'review_id' => (int) $this->record->getKey(),
@@ -453,7 +453,7 @@ private function auditCustomerWorkspaceOpen(): void
                 ],
             ],
             actor: $user,
-            resourceType: 'tenant_review',
+            resourceType: 'environment_review',
             resourceId: (string) $this->record->getKey(),
             targetLabel: sprintf('ManagedEnvironment review #%d', (int) $this->record->getKey()),
             tenant: $tenant,
diff --git a/apps/platform/app/Filament/Resources/FindingExceptionResource.php b/apps/platform/app/Filament/Resources/FindingExceptionResource.php
index 37bc51f8..98e3a271 100644
--- a/apps/platform/app/Filament/Resources/FindingExceptionResource.php
+++ b/apps/platform/app/Filament/Resources/FindingExceptionResource.php
@@ -681,7 +681,7 @@ public static function approvalQueueUrl(?ManagedEnvironment $tenant = null): ?st
         }
 
         return route('admin.finding-exceptions.open-queue', [
-            'tenant' => (string) $tenant->external_id,
+            'environment' => (string) $tenant->external_id,
         ]);
     }
 }
diff --git a/apps/platform/app/Filament/Resources/FindingExceptionResource/Pages/ListFindingExceptions.php b/apps/platform/app/Filament/Resources/FindingExceptionResource/Pages/ListFindingExceptions.php
index 972f1351..88fbbae1 100644
--- a/apps/platform/app/Filament/Resources/FindingExceptionResource/Pages/ListFindingExceptions.php
+++ b/apps/platform/app/Filament/Resources/FindingExceptionResource/Pages/ListFindingExceptions.php
@@ -6,7 +6,7 @@
 
 use App\Filament\Resources\FindingExceptionResource;
 use App\Filament\Resources\FindingResource;
-use App\Filament\Widgets\Tenant\FindingExceptionStatsOverview;
+use App\Filament\Widgets\ManagedEnvironment\FindingExceptionStatsOverview;
 use App\Models\FindingException;
 use Filament\Actions\Action;
 use Filament\Resources\Pages\ListRecords;
diff --git a/apps/platform/app/Filament/Resources/FindingResource/Pages/ListFindings.php b/apps/platform/app/Filament/Resources/FindingResource/Pages/ListFindings.php
index b1519a1b..7841e1f9 100644
--- a/apps/platform/app/Filament/Resources/FindingResource/Pages/ListFindings.php
+++ b/apps/platform/app/Filament/Resources/FindingResource/Pages/ListFindings.php
@@ -4,8 +4,8 @@
 
 use App\Filament\Concerns\ResolvesPanelTenantContext;
 use App\Filament\Resources\FindingResource;
-use App\Filament\Widgets\Tenant\BaselineCompareCoverageBanner;
-use App\Filament\Widgets\Tenant\FindingStatsOverview;
+use App\Filament\Widgets\ManagedEnvironment\BaselineCompareCoverageBanner;
+use App\Filament\Widgets\ManagedEnvironment\FindingStatsOverview;
 use App\Models\Finding;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
diff --git a/apps/platform/app/Filament/Resources/TenantResource.php b/apps/platform/app/Filament/Resources/ManagedEnvironmentResource.php
similarity index 95%
rename from apps/platform/app/Filament/Resources/TenantResource.php
rename to apps/platform/app/Filament/Resources/ManagedEnvironmentResource.php
index 6c1654ae..ff55d277 100644
--- a/apps/platform/app/Filament/Resources/TenantResource.php
+++ b/apps/platform/app/Filament/Resources/ManagedEnvironmentResource.php
@@ -2,9 +2,9 @@
 
 namespace App\Filament\Resources;
 
-use App\Filament\Pages\CrossTenantComparePage;
-use App\Filament\Resources\TenantResource\Pages;
-use App\Filament\Resources\TenantResource\RelationManagers;
+use App\Filament\Pages\CrossEnvironmentComparePage;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages;
+use App\Filament\Resources\ManagedEnvironmentResource\RelationManagers;
 use App\Http\Controllers\RbacDelegatedAuthController;
 use App\Jobs\BulkTenantSyncJob;
 use App\Jobs\SyncPoliciesJob;
@@ -12,8 +12,8 @@
 use App\Models\EntraRoleDefinition;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentOnboardingSession;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Services\Audit\WorkspaceAuditLogger;
@@ -26,7 +26,7 @@
 use App\Services\Intune\RbacOnboardingService;
 use App\Services\OperationRunService;
 use App\Services\Operations\BulkSelectionIdentity;
-use App\Services\PortfolioTriage\TenantTriageReviewService;
+use App\Services\PortfolioTriage\ManagedEnvironmentTriageReviewService;
 use App\Services\Providers\AdminConsentUrlFactory;
 use App\Services\Tenants\TenantActionPolicySurface;
 use App\Services\Tenants\TenantOperabilityService;
@@ -49,7 +49,7 @@
 use App\Support\OpsUx\OpsUxBrowserEvents;
 use App\Support\Navigation\CanonicalNavigationContext;
 use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
-use App\Support\PortfolioTriage\TenantTriageReviewStateResolver;
+use App\Support\PortfolioTriage\ManagedEnvironmentTriageReviewStateResolver;
 use App\Support\Rbac\UiEnforcement;
 use App\Support\Navigation\RelatedContextEntry;
 use App\Support\Navigation\UnavailableRelationState;
@@ -93,7 +93,7 @@
 use Illuminate\Support\Str;
 use UnitEnum;
 
-class TenantResource extends Resource
+class ManagedEnvironmentResource extends Resource
 {
     // ... [Properties Omitted for Brevity] ...
     protected static ?string $model = ManagedEnvironment::class;
@@ -119,7 +119,7 @@ class TenantResource extends Resource
 
     private const string POSTURE_SNAPSHOT_REQUEST_KEY = 'tenant_resource.posture_snapshot';
 
-    private const string TRIAGE_REVIEW_SNAPSHOT_REQUEST_KEY = 'tenant_resource.triage_review_snapshot';
+    private const string TRIAGE_REVIEW_SNAPSHOT_REQUEST_KEY = 'managed_environment_resource.triage_review_snapshot';
 
     /**
      * @var array<string, true>
@@ -297,7 +297,7 @@ public static function makeTenantViewMarkReviewedAction(): Actions\Action
             ->modalDescription(fn (ManagedEnvironment $record): string => static::triageReviewActionModalDescription(
                 $record,
                 static::tenantViewTriageState(),
-                TenantTriageReview::STATE_REVIEWED,
+                ManagedEnvironmentTriageReview::STATE_REVIEWED,
             ))
             ->visible(fn (ManagedEnvironment $record): bool => static::selectedActionTriageReviewRowForTenant(
                 $record,
@@ -308,11 +308,11 @@ public static function makeTenantViewMarkReviewedAction(): Actions\Action
             ->before(function (ManagedEnvironment $record): void {
                 static::authorizeTriageReviewAction($record);
             })
-            ->action(function (ManagedEnvironment $record, TenantTriageReviewService $service): void {
+            ->action(function (ManagedEnvironment $record, ManagedEnvironmentTriageReviewService $service): void {
                 static::handleTriageReviewMutation(
                     tenant: $record,
                     triageState: static::tenantViewTriageState(),
-                    targetManualState: TenantTriageReview::STATE_REVIEWED,
+                    targetManualState: ManagedEnvironmentTriageReview::STATE_REVIEWED,
                     service: $service,
                 );
             });
@@ -329,7 +329,7 @@ public static function makeTenantViewMarkFollowUpNeededAction(): Actions\Action
             ->modalDescription(fn (ManagedEnvironment $record): string => static::triageReviewActionModalDescription(
                 $record,
                 static::tenantViewTriageState(),
-                TenantTriageReview::STATE_FOLLOW_UP_NEEDED,
+                ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED,
             ))
             ->visible(fn (ManagedEnvironment $record): bool => static::selectedActionTriageReviewRowForTenant(
                 $record,
@@ -340,11 +340,11 @@ public static function makeTenantViewMarkFollowUpNeededAction(): Actions\Action
             ->before(function (ManagedEnvironment $record): void {
                 static::authorizeTriageReviewAction($record);
             })
-            ->action(function (ManagedEnvironment $record, TenantTriageReviewService $service): void {
+            ->action(function (ManagedEnvironment $record, ManagedEnvironmentTriageReviewService $service): void {
                 static::handleTriageReviewMutation(
                     tenant: $record,
                     triageState: static::tenantViewTriageState(),
-                    targetManualState: TenantTriageReview::STATE_FOLLOW_UP_NEEDED,
+                    targetManualState: ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED,
                     service: $service,
                 );
             });
@@ -826,10 +826,10 @@ public static function table(Table $table): Table
                         $record,
                         static::currentPortfolioTriageState($livewire),
                     )['derived_state'] ?? null)
-                    ->formatStateUsing(BadgeRenderer::label(BadgeDomain::TenantTriageReviewState))
-                    ->color(BadgeRenderer::color(BadgeDomain::TenantTriageReviewState))
-                    ->icon(BadgeRenderer::icon(BadgeDomain::TenantTriageReviewState))
-                    ->iconColor(BadgeRenderer::iconColor(BadgeDomain::TenantTriageReviewState))
+                    ->formatStateUsing(BadgeRenderer::label(BadgeDomain::ManagedEnvironmentTriageReviewState))
+                    ->color(BadgeRenderer::color(BadgeDomain::ManagedEnvironmentTriageReviewState))
+                    ->icon(BadgeRenderer::icon(BadgeDomain::ManagedEnvironmentTriageReviewState))
+                    ->iconColor(BadgeRenderer::iconColor(BadgeDomain::ManagedEnvironmentTriageReviewState))
                     ->description(fn (ManagedEnvironment $record, mixed $livewire): ?string => static::triageReviewDescriptionForTenant(
                         $record,
                         static::currentPortfolioTriageState($livewire),
@@ -953,7 +953,7 @@ public static function table(Table $table): Table
                             return '#';
                         }
 
-                        $triageState = $livewire instanceof Pages\ListTenants
+                        $triageState = $livewire instanceof Pages\ListManagedEnvironments
                             ? static::currentPortfolioTriageState($livewire)
                             : [];
 
@@ -976,12 +976,12 @@ public static function table(Table $table): Table
                         ->url(fn (ManagedEnvironment $record): string => static::relatedOnboardingDraftUrl($record) ?? route('admin.onboarding'))
                         ->visible(fn (ManagedEnvironment $record): bool => static::relatedOnboardingDraftAction($record, TenantActionSurface::TenantIndexRow) instanceof TenantActionDescriptor
                             && static::tenantIndexPrimaryAction($record)?->key !== 'related_onboarding'),
-                    Actions\Action::make('compareTenants')
+                    Actions\Action::make('compareEnvironments')
                         ->label('Compare tenants')
                         ->icon('heroicon-o-scale')
                         ->color('gray')
                         ->url(function (ManagedEnvironment $record, mixed $livewire): string {
-                            $triageState = $livewire instanceof Pages\ListTenants
+                            $triageState = $livewire instanceof Pages\ListManagedEnvironments
                                 ? static::currentPortfolioTriageState($livewire)
                                 : [];
 
@@ -994,9 +994,9 @@ public static function table(Table $table): Table
                                 $triageState = static::portfolioReturnFiltersFromRequest(request()->query());
                             }
 
-                            return static::crossTenantCompareOpenUrl($record, $triageState);
+                            return static::crossEnvironmentCompareOpenUrl($record, $triageState);
                         })
-                        ->visible(fn (ManagedEnvironment $record): bool => static::crossTenantCompareActionVisible($record)),
+                        ->visible(fn (ManagedEnvironment $record): bool => static::crossEnvironmentCompareActionVisible($record)),
                     UiEnforcement::forAction(
                         Actions\Action::make('edit')
                             ->label('Edit')
@@ -1019,7 +1019,7 @@ public static function table(Table $table): Table
                         ->modalDescription(fn (ManagedEnvironment $record, mixed $livewire): string => static::triageReviewActionModalDescription(
                             $record,
                             static::currentPortfolioTriageState($livewire),
-                            TenantTriageReview::STATE_REVIEWED,
+                            ManagedEnvironmentTriageReview::STATE_REVIEWED,
                         ))
                         ->visible(fn (ManagedEnvironment $record, mixed $livewire): bool => static::selectedTriageReviewRowForTenant(
                             $record,
@@ -1033,12 +1033,12 @@ public static function table(Table $table): Table
                         ->action(function (
                             ManagedEnvironment $record,
                             mixed $livewire,
-                            TenantTriageReviewService $service,
+                            ManagedEnvironmentTriageReviewService $service,
                         ): void {
                             static::handleTriageReviewMutation(
                                 tenant: $record,
                                 triageState: static::currentPortfolioTriageState($livewire),
-                                targetManualState: TenantTriageReview::STATE_REVIEWED,
+                                targetManualState: ManagedEnvironmentTriageReview::STATE_REVIEWED,
                                 service: $service,
                             );
                         }),
@@ -1051,7 +1051,7 @@ public static function table(Table $table): Table
                         ->modalDescription(fn (ManagedEnvironment $record, mixed $livewire): string => static::triageReviewActionModalDescription(
                             $record,
                             static::currentPortfolioTriageState($livewire),
-                            TenantTriageReview::STATE_FOLLOW_UP_NEEDED,
+                            ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED,
                         ))
                         ->visible(fn (ManagedEnvironment $record, mixed $livewire): bool => static::selectedTriageReviewRowForTenant(
                             $record,
@@ -1065,12 +1065,12 @@ public static function table(Table $table): Table
                         ->action(function (
                             ManagedEnvironment $record,
                             mixed $livewire,
-                            TenantTriageReviewService $service,
+                            ManagedEnvironmentTriageReviewService $service,
                         ): void {
                             static::handleTriageReviewMutation(
                                 tenant: $record,
                                 triageState: static::currentPortfolioTriageState($livewire),
-                                targetManualState: TenantTriageReview::STATE_FOLLOW_UP_NEEDED,
+                                targetManualState: ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED,
                                 service: $service,
                             );
                         }),
@@ -1149,13 +1149,13 @@ public static function table(Table $table): Table
                         ->visible(fn (): bool => auth()->user() instanceof User)
                         ->authorize(fn (): bool => auth()->user() instanceof User)
                         ->extraAttributes(fn (mixed $livewire): array => [
-                            'x-bind:aria-disabled' => static::crossTenantCompareBulkClientDisabledExpression($livewire).' ? true : null',
-                            'x-bind:disabled' => static::crossTenantCompareBulkClientDisabledExpression($livewire),
-                            'x-bind:title' => static::crossTenantCompareBulkClientTooltipExpression($livewire),
-                            'x-bind:class' => "{ 'fi-disabled': ".static::crossTenantCompareBulkClientDisabledExpression($livewire).' }',
+                            'x-bind:aria-disabled' => static::crossEnvironmentCompareBulkClientDisabledExpression($livewire).' ? true : null',
+                            'x-bind:disabled' => static::crossEnvironmentCompareBulkClientDisabledExpression($livewire),
+                            'x-bind:title' => static::crossEnvironmentCompareBulkClientTooltipExpression($livewire),
+                            'x-bind:class' => "{ 'fi-disabled': ".static::crossEnvironmentCompareBulkClientDisabledExpression($livewire).' }',
                         ])
                         ->action(function (Collection $records, mixed $livewire): void {
-                            $disabledReason = static::crossTenantCompareBulkDisabledReason($records);
+                            $disabledReason = static::crossEnvironmentCompareBulkDisabledReason($records);
 
                             if ($disabledReason !== null) {
                                 Notification::make()
@@ -1167,7 +1167,7 @@ public static function table(Table $table): Table
                             }
 
                             if (method_exists($livewire, 'redirect')) {
-                                $livewire->redirect(static::crossTenantCompareBulkOpenUrl($records, $livewire), navigate: true);
+                                $livewire->redirect(static::crossEnvironmentCompareBulkOpenUrl($records, $livewire), navigate: true);
                             }
                         }),
                     Actions\BulkAction::make('syncSelected')
@@ -1324,7 +1324,7 @@ public static function sanitizeReviewStates(mixed $value): array
     {
         return static::sanitizeRequestedValues(
             $value,
-            TenantTriageReview::DERIVED_STATES,
+            ManagedEnvironmentTriageReview::DERIVED_STATES,
         );
     }
 
@@ -1366,10 +1366,10 @@ public static function tenantDashboardOpenUrl(ManagedEnvironment $record, array
      *     triage_sort?: string|null
      * }  $triageState
      */
-    public static function crossTenantCompareOpenUrl(ManagedEnvironment $record, array $triageState = []): string
+    public static function crossEnvironmentCompareOpenUrl(ManagedEnvironment $record, array $triageState = []): string
     {
-        return static::crossTenantCompareOpenUrlForSelection(
-            targetTenant: $record,
+        return static::crossEnvironmentCompareOpenUrlForSelection(
+            targetEnvironment: $record,
             triageState: $triageState,
         );
     }
@@ -1382,10 +1382,10 @@ public static function crossTenantCompareOpenUrl(ManagedEnvironment $record, arr
      *     triage_sort?: string|null
      * }  $triageState
      */
-    public static function crossTenantCompareOpenUrlForSelection(
-        ManagedEnvironment $targetTenant,
+    public static function crossEnvironmentCompareOpenUrlForSelection(
+        ManagedEnvironment $targetEnvironment,
         array $triageState = [],
-        ?ManagedEnvironment $sourceTenant = null,
+        ?ManagedEnvironment $sourceEnvironment = null,
     ): string {
         $normalizedState = static::portfolioReturnFilters(
             static::sanitizeBackupPostures($triageState['backup_posture'] ?? []),
@@ -1394,12 +1394,12 @@ public static function crossTenantCompareOpenUrlForSelection(
             static::sanitizeTriageSort($triageState['triage_sort'] ?? null),
         );
 
-        return CrossTenantComparePage::launchUrl(
-            sourceTenant: $sourceTenant,
-            targetTenant: $targetTenant,
+        return CrossEnvironmentComparePage::launchUrl(
+            sourceEnvironment: $sourceEnvironment,
+            targetEnvironment: $targetEnvironment,
             navigationContext: CanonicalNavigationContext::forTenantRegistry(
                 backLinkUrl: static::getUrl(panel: 'admin', parameters: $normalizedState),
-                tenantId: $sourceTenant instanceof ManagedEnvironment ? null : (int) $targetTenant->getKey(),
+                tenantId: $sourceEnvironment instanceof ManagedEnvironment ? null : (int) $targetEnvironment->getKey(),
             ),
         );
     }
@@ -1494,7 +1494,7 @@ private static function portfolioReturnFiltersFromRequest(array $query): array
         );
     }
 
-    private static function crossTenantCompareActionVisible(ManagedEnvironment $record): bool
+    private static function crossEnvironmentCompareActionVisible(ManagedEnvironment $record): bool
     {
         if (! $record->isActive()) {
             return false;
@@ -1533,7 +1533,7 @@ private static function crossTenantCompareActionVisible(ManagedEnvironment $reco
             && $tenantResolver->can($user, $record, Capabilities::TENANT_VIEW);
     }
 
-    private static function crossTenantCompareBulkDisabledReason(Collection $records): ?string
+    private static function crossEnvironmentCompareBulkDisabledReason(Collection $records): ?string
     {
         $user = auth()->user();
 
@@ -1541,20 +1541,20 @@ private static function crossTenantCompareBulkDisabledReason(Collection $records
             return UiTooltips::insufficientPermission();
         }
 
-        $tenants = $records
+        $environments = $records
             ->filter(fn ($record): bool => $record instanceof ManagedEnvironment)
             ->values();
 
-        if ($records->count() !== 2 || $tenants->count() !== 2) {
-            return 'Select exactly two tenants to compare.';
+        if ($records->count() !== 2 || $environments->count() !== 2) {
+            return 'Select exactly two environments to compare.';
         }
 
-        if ($tenants->contains(fn (ManagedEnvironment $tenant): bool => ! $tenant->isActive())) {
-            return 'Only active tenants can be compared.';
+        if ($environments->contains(fn (ManagedEnvironment $environment): bool => ! $environment->isActive())) {
+            return 'Only active environments can be compared.';
         }
 
-        $workspaceIds = $tenants
-            ->map(fn (ManagedEnvironment $tenant): int => (int) $tenant->workspace_id)
+        $workspaceIds = $environments
+            ->map(fn (ManagedEnvironment $environment): int => (int) $environment->workspace_id)
             ->unique()
             ->values();
 
@@ -1578,32 +1578,32 @@ private static function crossTenantCompareBulkDisabledReason(Collection $records
             return UiTooltips::insufficientPermission();
         }
 
-        /** @var CapabilityResolver $tenantResolver */
-        $tenantResolver = app(CapabilityResolver::class);
+        /** @var CapabilityResolver $environmentResolver */
+        $environmentResolver = app(CapabilityResolver::class);
 
-        $isDenied = $tenants->contains(fn (ManagedEnvironment $tenant): bool => ! $user->canAccessTenant($tenant)
-            || ! $tenantResolver->can($user, $tenant, Capabilities::TENANT_VIEW));
+        $isDenied = $environments->contains(fn (ManagedEnvironment $environment): bool => ! $user->canAccessTenant($environment)
+            || ! $environmentResolver->can($user, $environment, Capabilities::TENANT_VIEW));
 
         return $isDenied ? UiTooltips::insufficientPermission() : null;
     }
 
-    private static function crossTenantCompareBulkClientDisabledExpression(mixed $livewire): string
+    private static function crossEnvironmentCompareBulkClientDisabledExpression(mixed $livewire): string
     {
-        $containsInactiveSelection = static::crossTenantCompareBulkContainsInactiveSelectionExpression($livewire);
+        $containsInactiveSelection = static::crossEnvironmentCompareBulkContainsInactiveSelectionExpression($livewire);
 
         return "getSelectedRecordsCount() !== 2 || {$containsInactiveSelection}";
     }
 
-    private static function crossTenantCompareBulkClientTooltipExpression(mixed $livewire): string
+    private static function crossEnvironmentCompareBulkClientTooltipExpression(mixed $livewire): string
     {
-        $containsInactiveSelection = static::crossTenantCompareBulkContainsInactiveSelectionExpression($livewire);
+        $containsInactiveSelection = static::crossEnvironmentCompareBulkContainsInactiveSelectionExpression($livewire);
 
-        return "getSelectedRecordsCount() !== 2 ? 'Select exactly two tenants to compare.' : ({$containsInactiveSelection} ? 'Only active tenants can be compared.' : null)";
+        return "getSelectedRecordsCount() !== 2 ? 'Select exactly two environments to compare.' : ({$containsInactiveSelection} ? 'Only active environments can be compared.' : null)";
     }
 
-    private static function crossTenantCompareBulkContainsInactiveSelectionExpression(mixed $livewire): string
+    private static function crossEnvironmentCompareBulkContainsInactiveSelectionExpression(mixed $livewire): string
     {
-        $inactiveRecordKeys = \Illuminate\Support\Js::from(static::crossTenantCompareInactiveSelectionRecordKeys($livewire));
+        $inactiveRecordKeys = \Illuminate\Support\Js::from(static::crossEnvironmentCompareInactiveSelectionRecordKeys($livewire));
 
         return "[...selectedRecords].some((key) => {$inactiveRecordKeys}.includes(key))";
     }
@@ -1611,7 +1611,7 @@ private static function crossTenantCompareBulkContainsInactiveSelectionExpressio
     /**
      * @return list<string>
      */
-    private static function crossTenantCompareInactiveSelectionRecordKeys(mixed $livewire): array
+    private static function crossEnvironmentCompareInactiveSelectionRecordKeys(mixed $livewire): array
     {
         if (! $livewire instanceof HasTable || ! method_exists($livewire, 'getTableRecordKey')) {
             return [];
@@ -1630,9 +1630,9 @@ private static function crossTenantCompareInactiveSelectionRecordKeys(mixed $liv
             ->all();
     }
 
-    private static function crossTenantCompareBulkOpenUrl(Collection $records, mixed $livewire): string
+    private static function crossEnvironmentCompareBulkOpenUrl(Collection $records, mixed $livewire): string
     {
-        $triageState = $livewire instanceof Pages\ListTenants
+        $triageState = $livewire instanceof Pages\ListManagedEnvironments
             ? static::currentPortfolioTriageState($livewire)
             : [];
 
@@ -1649,10 +1649,10 @@ private static function crossTenantCompareBulkOpenUrl(Collection $records, mixed
             ->filter(fn ($record): bool => $record instanceof ManagedEnvironment)
             ->values();
 
-        return static::crossTenantCompareOpenUrlForSelection(
-            targetTenant: $tenants->get(1),
+        return static::crossEnvironmentCompareOpenUrlForSelection(
+            targetEnvironment: $tenants->get(1),
             triageState: $triageState,
-            sourceTenant: $tenants->get(0),
+            sourceEnvironment: $tenants->get(0),
         );
     }
 
@@ -1808,9 +1808,9 @@ private static function recoveryEvidenceForTenant(ManagedEnvironment $tenant): ?
      */
     private static function reviewStateOptions(): array
     {
-        return collect(TenantTriageReview::DERIVED_STATES)
+        return collect(ManagedEnvironmentTriageReview::DERIVED_STATES)
             ->mapWithKeys(static fn (string $state): array => [
-                $state => BadgeRenderer::spec(BadgeDomain::TenantTriageReviewState, $state)->label,
+                $state => BadgeRenderer::spec(BadgeDomain::ManagedEnvironmentTriageReviewState, $state)->label,
             ])
             ->all();
     }
@@ -1854,7 +1854,7 @@ private static function triageReviewSnapshot(): array
             return $resolved;
         }
 
-        $resolved = app(TenantTriageReviewStateResolver::class)->resolveMany(
+        $resolved = app(ManagedEnvironmentTriageReviewStateResolver::class)->resolveMany(
             workspaceId: $workspaceId,
             tenantIds: $snapshot['tenant_ids'],
             backupHealthByTenant: $snapshot['backup_health'],
@@ -2035,8 +2035,8 @@ private static function triageReviewActionModalDescription(
             return 'This triage slice no longer points at a current visible concern.';
         }
 
-        $currentLabel = BadgeRenderer::spec(BadgeDomain::TenantTriageReviewState, $row['derived_state'])->label;
-        $targetLabel = BadgeRenderer::spec(BadgeDomain::TenantTriageReviewState, $targetManualState)->label;
+        $currentLabel = BadgeRenderer::spec(BadgeDomain::ManagedEnvironmentTriageReviewState, $row['derived_state'])->label;
+        $targetLabel = BadgeRenderer::spec(BadgeDomain::ManagedEnvironmentTriageReviewState, $targetManualState)->label;
 
         return implode("\n\n", [
             'Concern family: '.$row['concern_family_label'],
@@ -2071,7 +2071,7 @@ private static function triageReviewActionIsDisabled(ManagedEnvironment $tenant)
             return true;
         }
 
-        return ! $resolver->can($user, $tenant, Capabilities::TENANT_TRIAGE_REVIEW_MANAGE);
+        return ! $resolver->can($user, $tenant, Capabilities::MANAGED_ENVIRONMENT_TRIAGE_REVIEW_MANAGE);
     }
 
     private static function triageReviewActionTooltip(ManagedEnvironment $tenant): ?string
@@ -2084,7 +2084,7 @@ private static function triageReviewActionTooltip(ManagedEnvironment $tenant): ?
 
         $resolver = app(CapabilityResolver::class);
 
-        if ($resolver->isMember($user, $tenant) && ! $resolver->can($user, $tenant, Capabilities::TENANT_TRIAGE_REVIEW_MANAGE)) {
+        if ($resolver->isMember($user, $tenant) && ! $resolver->can($user, $tenant, Capabilities::MANAGED_ENVIRONMENT_TRIAGE_REVIEW_MANAGE)) {
             return UiTooltips::insufficientPermission();
         }
 
@@ -2105,7 +2105,7 @@ private static function authorizeTriageReviewAction(ManagedEnvironment $tenant):
             abort(404);
         }
 
-        if (! $resolver->can($user, $tenant, Capabilities::TENANT_TRIAGE_REVIEW_MANAGE)) {
+        if (! $resolver->can($user, $tenant, Capabilities::MANAGED_ENVIRONMENT_TRIAGE_REVIEW_MANAGE)) {
             abort(403);
         }
     }
@@ -2122,7 +2122,7 @@ private static function handleTriageReviewMutation(
         ManagedEnvironment $tenant,
         array $triageState,
         string $targetManualState,
-        TenantTriageReviewService $service,
+        ManagedEnvironmentTriageReviewService $service,
     ): void {
         $row = static::selectedActionTriageReviewRowForTenant($tenant, $triageState);
 
@@ -2141,14 +2141,14 @@ private static function handleTriageReviewMutation(
         $recoveryEvidence = static::recoveryEvidenceForTenant($tenant);
 
         $review = match ($targetManualState) {
-            TenantTriageReview::STATE_REVIEWED => $service->markReviewed(
+            ManagedEnvironmentTriageReview::STATE_REVIEWED => $service->markReviewed(
                 tenant: $tenant,
                 concernFamily: (string) $row['concern_family'],
                 backupHealth: $backupHealth,
                 recoveryEvidence: $recoveryEvidence,
                 actor: $actor instanceof User ? $actor : null,
             ),
-            TenantTriageReview::STATE_FOLLOW_UP_NEEDED => $service->markFollowUpNeeded(
+            ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED => $service->markFollowUpNeeded(
                 tenant: $tenant,
                 concernFamily: (string) $row['concern_family'],
                 backupHealth: $backupHealth,
@@ -2158,7 +2158,7 @@ private static function handleTriageReviewMutation(
             default => null,
         };
 
-        if (! $review instanceof TenantTriageReview) {
+        if (! $review instanceof ManagedEnvironmentTriageReview) {
             return;
         }
 
@@ -2169,7 +2169,7 @@ private static function handleTriageReviewMutation(
             ->body(sprintf(
                 '%s is now %s for %s.',
                 $tenant->name,
-                BadgeRenderer::spec(BadgeDomain::TenantTriageReviewState, $review->current_state)->label,
+                BadgeRenderer::spec(BadgeDomain::ManagedEnvironmentTriageReviewState, $review->current_state)->label,
                 static::triageConcernFamilyLabel((string) $review->concern_family),
             ))
             ->success()
@@ -2197,7 +2197,7 @@ private static function selectedActionTriageReviewRowForTenant(ManagedEnvironmen
         $backupHealth = app(TenantBackupHealthResolver::class)->assess($tenant);
         $recoveryEvidence = app(RestoreSafetyResolver::class)->dashboardRecoveryEvidence($tenant);
 
-        $rows = app(TenantTriageReviewStateResolver::class)->resolveMany(
+        $rows = app(ManagedEnvironmentTriageReviewStateResolver::class)->resolveMany(
             workspaceId: $workspaceId,
             tenantIds: [$tenantId],
             backupHealthByTenant: [$tenantId => $backupHealth],
@@ -2640,10 +2640,10 @@ public static function infolist(Schema $schema): Schema
                                     ->formatStateUsing(fn ($state) => is_array($state) ? implode(', ', $state) : (string) $state),
                                 Infolists\Components\TextEntry::make('status')
                                     ->badge()
-                                    ->formatStateUsing(BadgeRenderer::label(BadgeDomain::TenantPermissionStatus))
-                                    ->color(BadgeRenderer::color(BadgeDomain::TenantPermissionStatus))
-                                    ->icon(BadgeRenderer::icon(BadgeDomain::TenantPermissionStatus))
-                                    ->iconColor(BadgeRenderer::iconColor(BadgeDomain::TenantPermissionStatus)),
+                                    ->formatStateUsing(BadgeRenderer::label(BadgeDomain::ManagedEnvironmentPermissionStatus))
+                                    ->color(BadgeRenderer::color(BadgeDomain::ManagedEnvironmentPermissionStatus))
+                                    ->icon(BadgeRenderer::icon(BadgeDomain::ManagedEnvironmentPermissionStatus))
+                                    ->iconColor(BadgeRenderer::iconColor(BadgeDomain::ManagedEnvironmentPermissionStatus)),
                             ])
                             ->columnSpanFull(),
                     ])
@@ -2730,7 +2730,7 @@ public static function tenantIndexPrimaryAction(ManagedEnvironment $tenant): ?Te
         return $catalog[1] ?? null;
     }
 
-    public static function relatedOnboardingDraft(ManagedEnvironment $tenant): ?TenantOnboardingSession
+    public static function relatedOnboardingDraft(ManagedEnvironment $tenant): ?ManagedEnvironmentOnboardingSession
     {
         return static::tenantActionPolicy()->relatedOnboardingDraft($tenant);
     }
@@ -2749,7 +2749,7 @@ public static function relatedOnboardingDraftUrl(ManagedEnvironment $tenant): ?s
     {
         $draft = static::relatedOnboardingDraft($tenant);
 
-        if (! $draft instanceof TenantOnboardingSession) {
+        if (! $draft instanceof ManagedEnvironmentOnboardingSession) {
             return null;
         }
 
@@ -3119,17 +3119,17 @@ private static function validatedLifecycleReason(string $reason, string $field):
     public static function getPages(): array
     {
         return [
-            'index' => Pages\ListTenants::route('/'),
-            'view' => Pages\ViewTenant::route('/{record}'),
-            'edit' => Pages\EditTenant::route('/{record}/edit'),
-            'memberships' => Pages\ManageTenantMemberships::route('/{record}/memberships'),
+            'index' => Pages\ListManagedEnvironments::route('/'),
+            'view' => Pages\ViewManagedEnvironment::route('/{record}'),
+            'edit' => Pages\EditManagedEnvironment::route('/{record}/edit'),
+            'memberships' => Pages\ManageEnvironmentAccessScopes::route('/{record}/memberships'),
         ];
     }
 
     public static function getRelations(): array
     {
         return [
-            RelationManagers\TenantMembershipsRelationManager::class,
+            RelationManagers\ManagedEnvironmentMembershipsRelationManager::class,
         ];
     }
 
diff --git a/apps/platform/app/Filament/Resources/TenantResource/Pages/EditTenant.php b/apps/platform/app/Filament/Resources/ManagedEnvironmentResource/Pages/EditManagedEnvironment.php
similarity index 64%
rename from apps/platform/app/Filament/Resources/TenantResource/Pages/EditTenant.php
rename to apps/platform/app/Filament/Resources/ManagedEnvironmentResource/Pages/EditManagedEnvironment.php
index 75d0ed9f..15adde8e 100644
--- a/apps/platform/app/Filament/Resources/TenantResource/Pages/EditTenant.php
+++ b/apps/platform/app/Filament/Resources/ManagedEnvironmentResource/Pages/EditManagedEnvironment.php
@@ -1,26 +1,26 @@
 <?php
 
-namespace App\Filament\Resources\TenantResource\Pages;
+namespace App\Filament\Resources\ManagedEnvironmentResource\Pages;
 
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\ManagedEnvironment;
 use App\Support\Tenants\TenantActionSurface;
 use Filament\Actions;
 use Filament\Resources\Pages\EditRecord;
 
-class EditTenant extends EditRecord
+class EditManagedEnvironment extends EditRecord
 {
-    protected static string $resource = TenantResource::class;
+    protected static string $resource = ManagedEnvironmentResource::class;
 
     protected function getHeaderActions(): array
     {
         return array_values(array_filter([
             Actions\ActionGroup::make([
-                TenantResource::makeRestoreTenantAction(
+                ManagedEnvironmentResource::makeRestoreTenantAction(
                     TenantActionSurface::TenantEditHeader,
                     'You do not have permission to restore tenants.',
                 ),
-                TenantResource::makeArchiveTenantAction(
+                ManagedEnvironmentResource::makeArchiveTenantAction(
                     TenantActionSurface::TenantEditHeader,
                     'You do not have permission to archive tenants.',
                 ),
@@ -30,7 +30,7 @@ protected function getHeaderActions(): array
                 ->color('gray')
                 ->visible(fn (): bool => $this->getRecord() instanceof ManagedEnvironment
                     && in_array(
-                        TenantResource::lifecycleActionDescriptor($this->getRecord(), TenantActionSurface::TenantEditHeader)?->key,
+                        ManagedEnvironmentResource::lifecycleActionDescriptor($this->getRecord(), TenantActionSurface::TenantEditHeader)?->key,
                         ['archive', 'restore'],
                         true,
                     )),
diff --git a/apps/platform/app/Filament/Resources/TenantResource/Pages/ListTenants.php b/apps/platform/app/Filament/Resources/ManagedEnvironmentResource/Pages/ListManagedEnvironments.php
similarity index 77%
rename from apps/platform/app/Filament/Resources/TenantResource/Pages/ListTenants.php
rename to apps/platform/app/Filament/Resources/ManagedEnvironmentResource/Pages/ListManagedEnvironments.php
index 162f8fe5..9e09f312 100644
--- a/apps/platform/app/Filament/Resources/TenantResource/Pages/ListTenants.php
+++ b/apps/platform/app/Filament/Resources/ManagedEnvironmentResource/Pages/ListManagedEnvironments.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-namespace App\Filament\Resources\TenantResource\Pages;
+namespace App\Filament\Resources\ManagedEnvironmentResource\Pages;
 
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Services\Onboarding\OnboardingDraftResolver;
@@ -13,9 +13,9 @@
 use Filament\Actions;
 use Filament\Resources\Pages\ListRecords;
 
-class ListTenants extends ListRecords
+class ListManagedEnvironments extends ListRecords
 {
-    protected static string $resource = TenantResource::class;
+    protected static string $resource = ManagedEnvironmentResource::class;
 
     public function mount(): void
     {
@@ -64,7 +64,7 @@ protected function getTableEmptyStateDescription(): ?string
 
     private function makeOnboardingEntryAction(): Actions\Action
     {
-        $descriptor = TenantResource::tenantActionPolicy()->onboardingEntryDescriptor($this->accessibleResumableDraftCount());
+        $descriptor = ManagedEnvironmentResource::tenantActionPolicy()->onboardingEntryDescriptor($this->accessibleResumableDraftCount());
 
         return Actions\Action::make('add_tenant')
             ->label($descriptor->label)
@@ -92,10 +92,10 @@ private function applyRequestedTriageIntent(): void
             return;
         }
 
-        $backupPostures = TenantResource::sanitizeBackupPostures(request()->query('backup_posture'));
-        $recoveryEvidence = TenantResource::sanitizeRecoveryEvidenceStates(request()->query('recovery_evidence'));
-        $reviewStates = TenantResource::sanitizeReviewStates(request()->query('review_state'));
-        $triageSort = TenantResource::sanitizeTriageSort(request()->query('triage_sort'));
+        $backupPostures = ManagedEnvironmentResource::sanitizeBackupPostures(request()->query('backup_posture'));
+        $recoveryEvidence = ManagedEnvironmentResource::sanitizeRecoveryEvidenceStates(request()->query('recovery_evidence'));
+        $reviewStates = ManagedEnvironmentResource::sanitizeReviewStates(request()->query('review_state'));
+        $triageSort = ManagedEnvironmentResource::sanitizeTriageSort(request()->query('triage_sort'));
 
         foreach (['backup_posture', 'recovery_evidence', 'review_state', 'triage_sort'] as $filterName) {
             data_forget($this->tableFilters, $filterName);
@@ -139,10 +139,10 @@ private function hasActiveTriageEmptyState(): bool
     public function currentPortfolioTriageReturnState(): array
     {
         return [
-            'backup_posture' => TenantResource::sanitizeBackupPostures(data_get($this->tableFilters, 'backup_posture.values', [])),
-            'recovery_evidence' => TenantResource::sanitizeRecoveryEvidenceStates(data_get($this->tableFilters, 'recovery_evidence.values', [])),
-            'review_state' => TenantResource::sanitizeReviewStates(data_get($this->tableFilters, 'review_state.values', [])),
-            'triage_sort' => TenantResource::sanitizeTriageSort(data_get($this->tableFilters, 'triage_sort.value')),
+            'backup_posture' => ManagedEnvironmentResource::sanitizeBackupPostures(data_get($this->tableFilters, 'backup_posture.values', [])),
+            'recovery_evidence' => ManagedEnvironmentResource::sanitizeRecoveryEvidenceStates(data_get($this->tableFilters, 'recovery_evidence.values', [])),
+            'review_state' => ManagedEnvironmentResource::sanitizeReviewStates(data_get($this->tableFilters, 'review_state.values', [])),
+            'triage_sort' => ManagedEnvironmentResource::sanitizeTriageSort(data_get($this->tableFilters, 'triage_sort.value')),
         ];
     }
 
diff --git a/apps/platform/app/Filament/Resources/TenantResource/Pages/ManageTenantMemberships.php b/apps/platform/app/Filament/Resources/ManagedEnvironmentResource/Pages/ManageEnvironmentAccessScopes.php
similarity index 76%
rename from apps/platform/app/Filament/Resources/TenantResource/Pages/ManageTenantMemberships.php
rename to apps/platform/app/Filament/Resources/ManagedEnvironmentResource/Pages/ManageEnvironmentAccessScopes.php
index b238f59e..58517792 100644
--- a/apps/platform/app/Filament/Resources/TenantResource/Pages/ManageTenantMemberships.php
+++ b/apps/platform/app/Filament/Resources/ManagedEnvironmentResource/Pages/ManageEnvironmentAccessScopes.php
@@ -1,18 +1,18 @@
 <?php
 
-namespace App\Filament\Resources\TenantResource\Pages;
+namespace App\Filament\Resources\ManagedEnvironmentResource\Pages;
 
 use App\Models\ManagedEnvironment;
 use App\Support\ManagedEnvironmentLinks;
 use Filament\Actions\Action;
 
-class ManageTenantMemberships extends ViewTenant
+class ManageEnvironmentAccessScopes extends ViewManagedEnvironment
 {
     protected static ?string $title = 'Manage environment access scope';
 
-    public function mount(int|string|ManagedEnvironment $tenant): void
+    public function mount(int|string|ManagedEnvironment $environment): void
     {
-        parent::mount($tenant instanceof ManagedEnvironment ? (string) $tenant->getRouteKey() : $tenant);
+        parent::mount($environment instanceof ManagedEnvironment ? (string) $environment->getRouteKey() : $environment);
     }
 
     public function getSubheading(): ?string
diff --git a/apps/platform/app/Filament/Resources/TenantResource/Pages/ViewTenant.php b/apps/platform/app/Filament/Resources/ManagedEnvironmentResource/Pages/ViewManagedEnvironment.php
similarity index 72%
rename from apps/platform/app/Filament/Resources/TenantResource/Pages/ViewTenant.php
rename to apps/platform/app/Filament/Resources/ManagedEnvironmentResource/Pages/ViewManagedEnvironment.php
index bec06f66..7ae1fdf4 100644
--- a/apps/platform/app/Filament/Resources/TenantResource/Pages/ViewTenant.php
+++ b/apps/platform/app/Filament/Resources/ManagedEnvironmentResource/Pages/ViewManagedEnvironment.php
@@ -1,12 +1,12 @@
 <?php
 
-namespace App\Filament\Resources\TenantResource\Pages;
+namespace App\Filament\Resources\ManagedEnvironmentResource\Pages;
 
-use App\Filament\Resources\TenantResource;
-use App\Filament\Widgets\Tenant\AdminRolesSummaryWidget;
-use App\Filament\Widgets\Tenant\RecentOperationsSummary;
-use App\Filament\Widgets\Tenant\TenantArchivedBanner;
-use App\Filament\Widgets\Tenant\TenantVerificationReport;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Widgets\ManagedEnvironment\AdminRolesSummaryWidget;
+use App\Filament\Widgets\ManagedEnvironment\RecentOperationsSummary;
+use App\Filament\Widgets\ManagedEnvironment\ManagedEnvironmentArchivedBanner;
+use App\Filament\Widgets\ManagedEnvironment\ManagedEnvironmentVerificationReport;
 use App\Jobs\RefreshTenantRbacHealthJob;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
@@ -22,9 +22,9 @@
 use Filament\Notifications\Notification;
 use Filament\Resources\Pages\ViewRecord;
 
-class ViewTenant extends ViewRecord
+class ViewManagedEnvironment extends ViewRecord
 {
-    protected static string $resource = TenantResource::class;
+    protected static string $resource = ManagedEnvironmentResource::class;
 
     public static function verificationHeaderActionLabel(): string
     {
@@ -44,9 +44,9 @@ public function getHeaderWidgetsColumns(): int|array
     protected function getHeaderWidgets(): array
     {
         return [
-            TenantArchivedBanner::class,
+            ManagedEnvironmentArchivedBanner::class,
             RecentOperationsSummary::class,
-            TenantVerificationReport::class,
+            ManagedEnvironmentVerificationReport::class,
             AdminRolesSummaryWidget::class,
         ];
     }
@@ -54,27 +54,27 @@ protected function getHeaderWidgets(): array
     protected function getHeaderActions(): array
     {
         return array_values(array_filter([
-            TenantResource::makeMembershipsAction(),
+            ManagedEnvironmentResource::makeMembershipsAction(),
             Actions\ActionGroup::make([
-                TenantResource::makeAdminConsentAction(),
-                TenantResource::makeOpenInEntraAction(),
+                ManagedEnvironmentResource::makeAdminConsentAction(),
+                ManagedEnvironmentResource::makeOpenInEntraAction(),
             ])
                 ->label('External links')
                 ->icon('heroicon-o-arrow-top-right-on-square')
                 ->color('gray')
                 ->visible(fn (): bool => $this->getRecord() instanceof ManagedEnvironment
-                    && TenantResource::tenantViewExternalGroupVisible($this->getRecord())),
+                    && ManagedEnvironmentResource::tenantViewExternalGroupVisible($this->getRecord())),
             Actions\ActionGroup::make([
-                TenantResource::makeSyncTenantAction(),
-                TenantResource::makeVerifyConfigurationAction('tenant_view_header'),
-                TenantResource::rbacAction(),
+                ManagedEnvironmentResource::makeSyncTenantAction(),
+                ManagedEnvironmentResource::makeVerifyConfigurationAction('tenant_view_header'),
+                ManagedEnvironmentResource::rbacAction(),
                 UiEnforcement::forAction(
                     Actions\Action::make('refresh_rbac')
                         ->label('Refresh RBAC status')
                         ->icon('heroicon-o-arrow-path')
                         ->color('primary')
                         ->requiresConfirmation()
-                        ->visible(fn (ManagedEnvironment $record): bool => TenantResource::tenantSetupMutationVisible($record))
+                        ->visible(fn (ManagedEnvironment $record): bool => ManagedEnvironmentResource::tenantSetupMutationVisible($record))
                         ->action(function (ManagedEnvironment $record): void {
                             $user = auth()->user();
 
@@ -140,27 +140,27 @@ protected function getHeaderActions(): array
                 ->icon('heroicon-o-wrench-screwdriver')
                 ->color('gray')
                 ->visible(fn (): bool => $this->getRecord() instanceof ManagedEnvironment
-                    && TenantResource::tenantViewSetupGroupVisible($this->getRecord())),
+                    && ManagedEnvironmentResource::tenantViewSetupGroupVisible($this->getRecord())),
             Actions\ActionGroup::make([
-                TenantResource::makeTenantViewMarkReviewedAction(),
-                TenantResource::makeTenantViewMarkFollowUpNeededAction(),
+                ManagedEnvironmentResource::makeTenantViewMarkReviewedAction(),
+                ManagedEnvironmentResource::makeTenantViewMarkFollowUpNeededAction(),
             ])
                 ->label('Triage')
                 ->icon('heroicon-o-check-circle')
                 ->color('gray')
                 ->visible(fn (): bool => $this->getRecord() instanceof ManagedEnvironment
-                    && TenantResource::tenantViewTriageGroupVisible($this->getRecord())),
+                    && ManagedEnvironmentResource::tenantViewTriageGroupVisible($this->getRecord())),
             Actions\ActionGroup::make([
-                TenantResource::makeRestoreTenantAction(TenantActionSurface::TenantViewHeader),
-                TenantResource::makeRestoreTenantToWorkspaceAction(),
-                TenantResource::makeRemoveTenantFromWorkspaceAction(),
-                TenantResource::makeArchiveTenantAction(TenantActionSurface::TenantViewHeader),
+                ManagedEnvironmentResource::makeRestoreTenantAction(TenantActionSurface::TenantViewHeader),
+                ManagedEnvironmentResource::makeRestoreTenantToWorkspaceAction(),
+                ManagedEnvironmentResource::makeRemoveTenantFromWorkspaceAction(),
+                ManagedEnvironmentResource::makeArchiveTenantAction(TenantActionSurface::TenantViewHeader),
             ])
                 ->label('Lifecycle')
                 ->icon('heroicon-o-archive-box')
                 ->color('gray')
                 ->visible(fn (): bool => $this->getRecord() instanceof ManagedEnvironment
-                    && TenantResource::tenantViewLifecycleGroupVisible($this->getRecord())),
+                    && ManagedEnvironmentResource::tenantViewLifecycleGroupVisible($this->getRecord())),
         ]));
     }
 }
diff --git a/apps/platform/app/Filament/Resources/TenantResource/RelationManagers/TenantMembershipsRelationManager.php b/apps/platform/app/Filament/Resources/ManagedEnvironmentResource/RelationManagers/ManagedEnvironmentMembershipsRelationManager.php
similarity index 94%
rename from apps/platform/app/Filament/Resources/TenantResource/RelationManagers/TenantMembershipsRelationManager.php
rename to apps/platform/app/Filament/Resources/ManagedEnvironmentResource/RelationManagers/ManagedEnvironmentMembershipsRelationManager.php
index d43b6ae7..8b71affd 100644
--- a/apps/platform/app/Filament/Resources/TenantResource/RelationManagers/TenantMembershipsRelationManager.php
+++ b/apps/platform/app/Filament/Resources/ManagedEnvironmentResource/RelationManagers/ManagedEnvironmentMembershipsRelationManager.php
@@ -1,13 +1,13 @@
 <?php
 
-namespace App\Filament\Resources\TenantResource\RelationManagers;
+namespace App\Filament\Resources\ManagedEnvironmentResource\RelationManagers;
 
-use App\Filament\Resources\TenantResource\Pages\ManageTenantMemberships;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ManageEnvironmentAccessScopes;
 use App\Models\ManagedEnvironment;
 use App\Models\ManagedEnvironmentMembership;
 use App\Models\User;
 use App\Services\Auth\CapabilityResolver;
-use App\Services\Auth\TenantMembershipManager;
+use App\Services\Auth\ManagedEnvironmentMembershipManager;
 use App\Support\Auth\Capabilities;
 use App\Support\Rbac\UiEnforcement;
 use App\Support\Ui\ActionSurface\ActionSurfaceDeclaration;
@@ -22,7 +22,7 @@
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Model;
 
-class TenantMembershipsRelationManager extends RelationManager
+class ManagedEnvironmentMembershipsRelationManager extends RelationManager
 {
     protected static string $relationship = 'memberships';
 
@@ -42,7 +42,7 @@ public static function canViewForRecord(Model $ownerRecord, string $pageClass):
             return false;
         }
 
-        if ($pageClass !== ManageTenantMemberships::class) {
+        if ($pageClass !== ManageEnvironmentAccessScopes::class) {
             return false;
         }
 
@@ -103,7 +103,7 @@ public function table(Table $table): Table
                                 ->searchable()
                                 ->options(fn (): array => $this->workspaceMemberOptions()),
                         ])
-                        ->action(function (array $data, TenantMembershipManager $manager): void {
+                        ->action(function (array $data, ManagedEnvironmentMembershipManager $manager): void {
                             $tenant = $this->getOwnerRecord();
 
                             if (! $tenant instanceof ManagedEnvironment) {
@@ -155,7 +155,7 @@ public function table(Table $table): Table
                         ->color('danger')
                         ->icon('heroicon-o-x-mark')
                         ->requiresConfirmation()
-                        ->action(function (ManagedEnvironmentMembership $record, TenantMembershipManager $manager): void {
+                        ->action(function (ManagedEnvironmentMembership $record, ManagedEnvironmentMembershipManager $manager): void {
                             $tenant = $this->getOwnerRecord();
 
                             if (! $tenant instanceof ManagedEnvironment) {
diff --git a/apps/platform/app/Filament/Resources/ReviewPackResource.php b/apps/platform/app/Filament/Resources/ReviewPackResource.php
index f5e9ecee..fe9798d4 100644
--- a/apps/platform/app/Filament/Resources/ReviewPackResource.php
+++ b/apps/platform/app/Filament/Resources/ReviewPackResource.php
@@ -200,11 +200,11 @@ public static function infolist(Schema $schema): Schema
                 Section::make('Metadata')
                     ->schema([
                         TextEntry::make('initiator.name')->label('Initiated by')->placeholder('—'),
-                        TextEntry::make('tenantReview.id')
+                        TextEntry::make('environmentReview.id')
                             ->label('ManagedEnvironment review')
                             ->formatStateUsing(fn (?int $state): string => $state ? '#'.$state : '—')
-                            ->url(fn (ReviewPack $record): ?string => $record->tenantReview && $record->tenant
-                                ? TenantReviewResource::tenantScopedUrl('view', ['record' => $record->tenantReview], $record->tenant)
+                            ->url(fn (ReviewPack $record): ?string => $record->environmentReview && $record->tenant
+                                ? EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $record->environmentReview], $record->tenant)
                                 : null)
                             ->placeholder('—'),
                         TextEntry::make('customer_workspace')
@@ -217,10 +217,10 @@ public static function infolist(Schema $schema): Schema
                         TextEntry::make('summary.review_status')
                             ->label('Review status')
                             ->badge()
-                            ->formatStateUsing(BadgeRenderer::label(BadgeDomain::TenantReviewStatus))
-                            ->color(BadgeRenderer::color(BadgeDomain::TenantReviewStatus))
-                            ->icon(BadgeRenderer::icon(BadgeDomain::TenantReviewStatus))
-                            ->iconColor(BadgeRenderer::iconColor(BadgeDomain::TenantReviewStatus))
+                            ->formatStateUsing(BadgeRenderer::label(BadgeDomain::EnvironmentReviewStatus))
+                            ->color(BadgeRenderer::color(BadgeDomain::EnvironmentReviewStatus))
+                            ->icon(BadgeRenderer::icon(BadgeDomain::EnvironmentReviewStatus))
+                            ->iconColor(BadgeRenderer::iconColor(BadgeDomain::EnvironmentReviewStatus))
                             ->placeholder('—'),
                         TextEntry::make('operationRun.id')
                             ->label('Operation')
@@ -306,7 +306,7 @@ public static function table(Table $table): Table
                     ->dateTime()
                     ->sortable()
                     ->placeholder('—'),
-                Tables\Columns\TextColumn::make('tenantReview.id')
+                Tables\Columns\TextColumn::make('environmentReview.id')
                     ->label('Review')
                     ->formatStateUsing(fn (?int $state): string => $state ? '#'.$state : '—')
                     ->toggleable(isToggledHiddenByDefault: true),
@@ -429,7 +429,7 @@ public static function getEloquentQuery(): Builder
         }
 
         return parent::getEloquentQuery()
-            ->with(['tenant', 'operationRun', 'evidenceSnapshot', 'tenantReview'])
+            ->with(['tenant', 'operationRun', 'evidenceSnapshot', 'environmentReview'])
             ->where('managed_environment_id', (int) $tenant->getKey());
     }
 
@@ -575,7 +575,7 @@ public static function executeGeneration(array $data): void
             return;
         }
 
-        OperationUxPresenter::queuedToast('tenant.review_pack.generate')->send();
+        OperationUxPresenter::queuedToast('environment.review_pack.generate')->send();
     }
 
     /**
diff --git a/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ListTenantReviews.php b/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ListTenantReviews.php
deleted file mode 100644
index 4db3d139..00000000
--- a/apps/platform/app/Filament/Resources/TenantReviewResource/Pages/ListTenantReviews.php
+++ /dev/null
@@ -1,20 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Filament\Resources\TenantReviewResource\Pages;
-
-use App\Filament\Resources\TenantReviewResource;
-use Filament\Resources\Pages\ListRecords;
-
-class ListTenantReviews extends ListRecords
-{
-    protected static string $resource = TenantReviewResource::class;
-
-    protected function getHeaderActions(): array
-    {
-        return [
-            TenantReviewResource::makeCreateReviewAction(),
-        ];
-    }
-}
diff --git a/apps/platform/app/Filament/System/Pages/Directory/ViewTenant.php b/apps/platform/app/Filament/System/Pages/Directory/ViewTenant.php
index 11d6b8f2..fec9a452 100644
--- a/apps/platform/app/Filament/System/Pages/Directory/ViewTenant.php
+++ b/apps/platform/app/Filament/System/Pages/Directory/ViewTenant.php
@@ -9,7 +9,7 @@
 use App\Models\PlatformUser;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Support\Auth\PlatformCapabilities;
 use App\Support\CustomerHealth\WorkspaceHealthSummaryQuery;
 use App\Support\OperationCatalog;
@@ -69,11 +69,11 @@ public function providerConnections(): Collection
     }
 
     /**
-     * @return Collection<int, TenantPermission>
+     * @return Collection<int, ManagedEnvironmentPermission>
      */
-    public function tenantPermissions(): Collection
+    public function managedEnvironmentPermissions(): Collection
     {
-        return TenantPermission::query()
+        return ManagedEnvironmentPermission::query()
             ->where('managed_environment_id', (int) $this->tenant->getKey())
             ->orderBy('permission_key')
             ->limit(20)
diff --git a/apps/platform/app/Filament/Widgets/Dashboard/DashboardKpis.php b/apps/platform/app/Filament/Widgets/Dashboard/DashboardKpis.php
index 6cae2688..0c105d34 100644
--- a/apps/platform/app/Filament/Widgets/Dashboard/DashboardKpis.php
+++ b/apps/platform/app/Filament/Widgets/Dashboard/DashboardKpis.php
@@ -6,7 +6,7 @@
 
 use App\Models\ManagedEnvironment;
 use App\Support\OpsUx\ActiveRuns;
-use App\Support\TenantDashboard\TenantDashboardSummaryBuilder;
+use App\Support\EnvironmentDashboard\EnvironmentDashboardSummaryBuilder;
 use Filament\Facades\Filament;
 use Filament\Widgets\StatsOverviewWidget;
 use Filament\Widgets\StatsOverviewWidget\Stat;
@@ -32,7 +32,7 @@ protected function getStats(): array
             return [];
         }
 
-        $summary = app(TenantDashboardSummaryBuilder::class)->build($tenant, auth()->user());
+        $summary = app(EnvironmentDashboardSummaryBuilder::class)->build($tenant, auth()->user());
         
         $stats = [];
         
diff --git a/apps/platform/app/Filament/Widgets/Dashboard/TenantDashboardContextChips.php b/apps/platform/app/Filament/Widgets/Dashboard/EnvironmentDashboardContextChips.php
similarity index 76%
rename from apps/platform/app/Filament/Widgets/Dashboard/TenantDashboardContextChips.php
rename to apps/platform/app/Filament/Widgets/Dashboard/EnvironmentDashboardContextChips.php
index d06bcea8..c025ab95 100644
--- a/apps/platform/app/Filament/Widgets/Dashboard/TenantDashboardContextChips.php
+++ b/apps/platform/app/Filament/Widgets/Dashboard/EnvironmentDashboardContextChips.php
@@ -5,17 +5,17 @@
 namespace App\Filament\Widgets\Dashboard;
 
 use App\Models\ManagedEnvironment;
-use App\Support\TenantDashboard\TenantDashboardSummaryBuilder;
+use App\Support\EnvironmentDashboard\EnvironmentDashboardSummaryBuilder;
 use Filament\Facades\Filament;
 use Filament\Widgets\Widget;
 
-class TenantDashboardContextChips extends Widget
+class EnvironmentDashboardContextChips extends Widget
 {
     protected static bool $isLazy = false;
 
     protected int|string|array $columnSpan = 'full';
 
-    protected string $view = 'filament.widgets.dashboard.tenant-dashboard-context-chips';
+    protected string $view = 'filament.widgets.dashboard.environment-dashboard-context-chips';
 
     /**
      * @return array<string, mixed>
@@ -37,11 +37,11 @@ protected function getViewData(): array
             ];
         }
 
-        $summary = app(TenantDashboardSummaryBuilder::class)->build($tenant, auth()->user());
+        $summary = app(EnvironmentDashboardSummaryBuilder::class)->build($tenant, auth()->user());
 
         return [
             'context' => $summary->context,
             'pollingInterval' => $summary->pollingInterval,
         ];
     }
-}
\ No newline at end of file
+}
diff --git a/apps/platform/app/Filament/Widgets/Dashboard/TenantDashboardOverview.php b/apps/platform/app/Filament/Widgets/Dashboard/EnvironmentDashboardOverview.php
similarity index 85%
rename from apps/platform/app/Filament/Widgets/Dashboard/TenantDashboardOverview.php
rename to apps/platform/app/Filament/Widgets/Dashboard/EnvironmentDashboardOverview.php
index a01a3b79..77bb9149 100644
--- a/apps/platform/app/Filament/Widgets/Dashboard/TenantDashboardOverview.php
+++ b/apps/platform/app/Filament/Widgets/Dashboard/EnvironmentDashboardOverview.php
@@ -5,17 +5,17 @@
 namespace App\Filament\Widgets\Dashboard;
 
 use App\Models\ManagedEnvironment;
-use App\Support\TenantDashboard\TenantDashboardSummaryBuilder;
+use App\Support\EnvironmentDashboard\EnvironmentDashboardSummaryBuilder;
 use Filament\Facades\Filament;
 use Filament\Widgets\Widget;
 
-class TenantDashboardOverview extends Widget
+class EnvironmentDashboardOverview extends Widget
 {
     protected static bool $isLazy = false;
 
     protected int|string|array $columnSpan = 'full';
 
-    protected string $view = 'filament.widgets.dashboard.tenant-dashboard-overview';
+    protected string $view = 'filament.widgets.dashboard.environment-dashboard-overview';
 
     /**
      * @return array<string, mixed>
@@ -49,8 +49,8 @@ protected function getViewData(): array
             ];
         }
 
-        return app(TenantDashboardSummaryBuilder::class)
+        return app(EnvironmentDashboardSummaryBuilder::class)
             ->build($tenant)
             ->toArray();
     }
-}
\ No newline at end of file
+}
diff --git a/apps/platform/app/Filament/Widgets/Tenant/AdminRolesSummaryWidget.php b/apps/platform/app/Filament/Widgets/ManagedEnvironment/AdminRolesSummaryWidget.php
similarity index 97%
rename from apps/platform/app/Filament/Widgets/Tenant/AdminRolesSummaryWidget.php
rename to apps/platform/app/Filament/Widgets/ManagedEnvironment/AdminRolesSummaryWidget.php
index d3e073c8..b62b3655 100644
--- a/apps/platform/app/Filament/Widgets/Tenant/AdminRolesSummaryWidget.php
+++ b/apps/platform/app/Filament/Widgets/ManagedEnvironment/AdminRolesSummaryWidget.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace App\Filament\Widgets\Tenant;
+namespace App\Filament\Widgets\ManagedEnvironment;
 
 use App\Filament\Resources\StoredReportResource;
 use App\Jobs\ScanEntraAdminRolesJob;
@@ -22,7 +22,7 @@ class AdminRolesSummaryWidget extends Widget
 {
     protected static bool $isLazy = false;
 
-    protected string $view = 'filament.widgets.tenant.admin-roles-summary';
+    protected string $view = 'filament.widgets.managed-environment.admin-roles-summary';
 
     public ?ManagedEnvironment $record = null;
 
diff --git a/apps/platform/app/Filament/Widgets/Tenant/BaselineCompareCoverageBanner.php b/apps/platform/app/Filament/Widgets/ManagedEnvironment/BaselineCompareCoverageBanner.php
similarity index 93%
rename from apps/platform/app/Filament/Widgets/Tenant/BaselineCompareCoverageBanner.php
rename to apps/platform/app/Filament/Widgets/ManagedEnvironment/BaselineCompareCoverageBanner.php
index 7ca8733f..1c777a82 100644
--- a/apps/platform/app/Filament/Widgets/Tenant/BaselineCompareCoverageBanner.php
+++ b/apps/platform/app/Filament/Widgets/ManagedEnvironment/BaselineCompareCoverageBanner.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace App\Filament\Widgets\Tenant;
+namespace App\Filament\Widgets\ManagedEnvironment;
 
 use App\Filament\Pages\BaselineCompareLanding;
 use App\Models\ManagedEnvironment;
@@ -16,7 +16,7 @@ class BaselineCompareCoverageBanner extends Widget
 {
     protected static bool $isLazy = false;
 
-    protected string $view = 'filament.widgets.tenant.baseline-compare-coverage-banner';
+    protected string $view = 'filament.widgets.managed-environment.baseline-compare-coverage-banner';
 
     /**
      * @return array<string, mixed>
diff --git a/apps/platform/app/Filament/Widgets/Tenant/FindingExceptionStatsOverview.php b/apps/platform/app/Filament/Widgets/ManagedEnvironment/FindingExceptionStatsOverview.php
similarity index 95%
rename from apps/platform/app/Filament/Widgets/Tenant/FindingExceptionStatsOverview.php
rename to apps/platform/app/Filament/Widgets/ManagedEnvironment/FindingExceptionStatsOverview.php
index 0793e910..358291b5 100644
--- a/apps/platform/app/Filament/Widgets/Tenant/FindingExceptionStatsOverview.php
+++ b/apps/platform/app/Filament/Widgets/ManagedEnvironment/FindingExceptionStatsOverview.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace App\Filament\Widgets\Tenant;
+namespace App\Filament\Widgets\ManagedEnvironment;
 
 use App\Filament\Resources\FindingExceptionResource;
 use Filament\Widgets\StatsOverviewWidget as BaseWidget;
diff --git a/apps/platform/app/Filament/Widgets/Tenant/FindingStatsOverview.php b/apps/platform/app/Filament/Widgets/ManagedEnvironment/FindingStatsOverview.php
similarity index 95%
rename from apps/platform/app/Filament/Widgets/Tenant/FindingStatsOverview.php
rename to apps/platform/app/Filament/Widgets/ManagedEnvironment/FindingStatsOverview.php
index 62411b25..3fc13d6f 100644
--- a/apps/platform/app/Filament/Widgets/Tenant/FindingStatsOverview.php
+++ b/apps/platform/app/Filament/Widgets/ManagedEnvironment/FindingStatsOverview.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace App\Filament\Widgets\Tenant;
+namespace App\Filament\Widgets\ManagedEnvironment;
 
 use App\Filament\Resources\FindingResource;
 use Filament\Widgets\StatsOverviewWidget as BaseWidget;
diff --git a/apps/platform/app/Filament/Widgets/Tenant/TenantArchivedBanner.php b/apps/platform/app/Filament/Widgets/ManagedEnvironment/ManagedEnvironmentArchivedBanner.php
similarity index 74%
rename from apps/platform/app/Filament/Widgets/Tenant/TenantArchivedBanner.php
rename to apps/platform/app/Filament/Widgets/ManagedEnvironment/ManagedEnvironmentArchivedBanner.php
index 99e39eb4..a033a05d 100644
--- a/apps/platform/app/Filament/Widgets/Tenant/TenantArchivedBanner.php
+++ b/apps/platform/app/Filament/Widgets/ManagedEnvironment/ManagedEnvironmentArchivedBanner.php
@@ -2,18 +2,18 @@
 
 declare(strict_types=1);
 
-namespace App\Filament\Widgets\Tenant;
+namespace App\Filament\Widgets\ManagedEnvironment;
 
 use App\Models\ManagedEnvironment;
 use App\Support\Tenants\TenantLifecyclePresentation;
 use Filament\Facades\Filament;
 use Filament\Widgets\Widget;
 
-class TenantArchivedBanner extends Widget
+class ManagedEnvironmentArchivedBanner extends Widget
 {
     protected static bool $isLazy = false;
 
-    protected string $view = 'filament.widgets.tenant.tenant-archived-banner';
+    protected string $view = 'filament.widgets.managed-environment.managed-environment-archived-banner';
 
     /**
      * @return array<string, mixed>
diff --git a/apps/platform/app/Filament/Widgets/Tenant/TenantReviewPackCard.php b/apps/platform/app/Filament/Widgets/ManagedEnvironment/ManagedEnvironmentReviewPackCard.php
similarity index 95%
rename from apps/platform/app/Filament/Widgets/Tenant/TenantReviewPackCard.php
rename to apps/platform/app/Filament/Widgets/ManagedEnvironment/ManagedEnvironmentReviewPackCard.php
index 14a0231b..b7705d89 100644
--- a/apps/platform/app/Filament/Widgets/Tenant/TenantReviewPackCard.php
+++ b/apps/platform/app/Filament/Widgets/ManagedEnvironment/ManagedEnvironmentReviewPackCard.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace App\Filament\Widgets\Tenant;
+namespace App\Filament\Widgets\ManagedEnvironment;
 
 use App\Exceptions\Entitlements\WorkspaceEntitlementBlockedException;
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
@@ -23,13 +23,13 @@
 use Filament\Notifications\Notification;
 use Filament\Widgets\Widget;
 
-class TenantReviewPackCard extends Widget
+class ManagedEnvironmentReviewPackCard extends Widget
 {
     private const string ACTIVE_POLLING_INTERVAL = '10s';
 
     protected static bool $isLazy = false;
 
-    protected string $view = 'filament.widgets.tenant.tenant-review-pack-card';
+    protected string $view = 'filament.widgets.managed-environment.managed-environment-review-pack-card';
 
     public ?ManagedEnvironment $record = null;
 
@@ -176,7 +176,7 @@ protected function getViewData(): array
             : null;
 
         $latestPack = ReviewPack::query()
-            ->with(['tenantReview', 'operationRun'])
+            ->with(['environmentReview', 'operationRun'])
             ->where('managed_environment_id', (int) $tenant->getKey())
             ->orderByDesc('created_at')
             ->orderByDesc('id')
@@ -210,8 +210,8 @@ protected function getViewData(): array
         }
 
         $reviewUrl = null;
-        if ($latestPack->tenantReview && $canView) {
-            $reviewUrl = \App\Filament\Resources\TenantReviewResource::tenantScopedUrl('view', ['record' => $latestPack->tenantReview], $tenant);
+        if ($latestPack->environmentReview && $canView) {
+            $reviewUrl = \App\Filament\Resources\EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $latestPack->environmentReview], $tenant);
         }
 
         $failedReason = null;
diff --git a/apps/platform/app/Filament/Widgets/Tenant/TenantTriageArrivalContinuity.php b/apps/platform/app/Filament/Widgets/ManagedEnvironment/ManagedEnvironmentTriageArrivalContinuity.php
similarity index 84%
rename from apps/platform/app/Filament/Widgets/Tenant/TenantTriageArrivalContinuity.php
rename to apps/platform/app/Filament/Widgets/ManagedEnvironment/ManagedEnvironmentTriageArrivalContinuity.php
index 8f2da846..4398f9e9 100644
--- a/apps/platform/app/Filament/Widgets/Tenant/TenantTriageArrivalContinuity.php
+++ b/apps/platform/app/Filament/Widgets/ManagedEnvironment/ManagedEnvironmentTriageArrivalContinuity.php
@@ -2,12 +2,12 @@
 
 declare(strict_types=1);
 
-namespace App\Filament\Widgets\Tenant;
+namespace App\Filament\Widgets\ManagedEnvironment;
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Models\User;
-use App\Services\PortfolioTriage\TenantTriageReviewService;
+use App\Services\PortfolioTriage\ManagedEnvironmentTriageReviewService;
 use App\Support\Auth\Capabilities;
 use App\Support\BackupHealth\TenantBackupHealthResolver;
 use App\Support\Badges\BadgeDomain;
@@ -15,7 +15,7 @@
 use App\Support\PortfolioTriage\PortfolioArrivalContext;
 use App\Support\PortfolioTriage\PortfolioArrivalContextResolver;
 use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
-use App\Support\PortfolioTriage\TenantTriageReviewStateResolver;
+use App\Support\PortfolioTriage\ManagedEnvironmentTriageReviewStateResolver;
 use App\Support\Rbac\UiEnforcement;
 use App\Support\RestoreSafety\RestoreSafetyResolver;
 use Filament\Actions\Action;
@@ -27,7 +27,7 @@
 use Filament\Schemas\Contracts\HasSchemas;
 use Filament\Widgets\Widget;
 
-class TenantTriageArrivalContinuity extends Widget implements HasActions, HasSchemas
+class ManagedEnvironmentTriageArrivalContinuity extends Widget implements HasActions, HasSchemas
 {
     use InteractsWithActions;
     use InteractsWithSchemas;
@@ -59,7 +59,7 @@ class TenantTriageArrivalContinuity extends Widget implements HasActions, HasSch
 
     protected int|string|array $columnSpan = 'full';
 
-    protected string $view = 'filament.widgets.tenant.triage-arrival-continuity';
+    protected string $view = 'filament.widgets.managed-environment.triage-arrival-continuity';
 
     public function mount(): void
     {
@@ -100,14 +100,14 @@ public function markReviewedAction(): Action
                 ->color('success')
                 ->requiresConfirmation()
                 ->modalHeading('Mark reviewed')
-                ->modalDescription($this->reviewModalDescription(TenantTriageReview::STATE_REVIEWED))
+                ->modalDescription($this->reviewModalDescription(ManagedEnvironmentTriageReview::STATE_REVIEWED))
                 ->visible(fn (): bool => $this->canShowReviewActions())
-                ->action(function (TenantTriageReviewService $service): void {
-                    $this->handleReviewMutation(TenantTriageReview::STATE_REVIEWED, $service);
+                ->action(function (ManagedEnvironmentTriageReviewService $service): void {
+                    $this->handleReviewMutation(ManagedEnvironmentTriageReview::STATE_REVIEWED, $service);
                 }),
         )
             ->preserveVisibility()
-            ->requireCapability(Capabilities::TENANT_TRIAGE_REVIEW_MANAGE)
+            ->requireCapability(Capabilities::MANAGED_ENVIRONMENT_TRIAGE_REVIEW_MANAGE)
             ->apply();
     }
 
@@ -120,14 +120,14 @@ public function markFollowUpNeededAction(): Action
                 ->color('warning')
                 ->requiresConfirmation()
                 ->modalHeading('Mark follow-up needed')
-                ->modalDescription($this->reviewModalDescription(TenantTriageReview::STATE_FOLLOW_UP_NEEDED))
+                ->modalDescription($this->reviewModalDescription(ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED))
                 ->visible(fn (): bool => $this->canShowReviewActions())
-                ->action(function (TenantTriageReviewService $service): void {
-                    $this->handleReviewMutation(TenantTriageReview::STATE_FOLLOW_UP_NEEDED, $service);
+                ->action(function (ManagedEnvironmentTriageReviewService $service): void {
+                    $this->handleReviewMutation(ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED, $service);
                 }),
         )
             ->preserveVisibility()
-            ->requireCapability(Capabilities::TENANT_TRIAGE_REVIEW_MANAGE)
+            ->requireCapability(Capabilities::MANAGED_ENVIRONMENT_TRIAGE_REVIEW_MANAGE)
             ->apply();
     }
 
@@ -170,10 +170,10 @@ private function reviewModalDescription(string $targetManualState): \Closure
             }
 
             $currentLabel = BadgeRenderer::spec(
-                BadgeDomain::TenantTriageReviewState,
-                (string) ($reviewState['derived_state'] ?? TenantTriageReview::DERIVED_STATE_NOT_REVIEWED),
+                BadgeDomain::ManagedEnvironmentTriageReviewState,
+                (string) ($reviewState['derived_state'] ?? ManagedEnvironmentTriageReview::DERIVED_STATE_NOT_REVIEWED),
             )->label;
-            $targetLabel = BadgeRenderer::spec(BadgeDomain::TenantTriageReviewState, $targetManualState)->label;
+            $targetLabel = BadgeRenderer::spec(BadgeDomain::ManagedEnvironmentTriageReviewState, $targetManualState)->label;
 
             return implode("\n\n", [
                 'Concern family: '.$this->concernFamilyLabel($context->concernFamily),
@@ -184,7 +184,7 @@ private function reviewModalDescription(string $targetManualState): \Closure
         };
     }
 
-    private function handleReviewMutation(string $targetManualState, TenantTriageReviewService $service): void
+    private function handleReviewMutation(string $targetManualState, ManagedEnvironmentTriageReviewService $service): void
     {
         $tenant = Filament::getTenant();
 
@@ -219,14 +219,14 @@ private function handleReviewMutation(string $targetManualState, TenantTriageRev
         $actor = auth()->user();
 
         $review = match ($targetManualState) {
-            TenantTriageReview::STATE_REVIEWED => $service->markReviewed(
+            ManagedEnvironmentTriageReview::STATE_REVIEWED => $service->markReviewed(
                 tenant: $tenant,
                 concernFamily: $context->concernFamily,
                 backupHealth: $concernTruth['backupHealth'],
                 recoveryEvidence: $concernTruth['recoveryEvidence'],
                 actor: $actor instanceof User ? $actor : null,
             ),
-            TenantTriageReview::STATE_FOLLOW_UP_NEEDED => $service->markFollowUpNeeded(
+            ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED => $service->markFollowUpNeeded(
                 tenant: $tenant,
                 concernFamily: $context->concernFamily,
                 backupHealth: $concernTruth['backupHealth'],
@@ -236,7 +236,7 @@ private function handleReviewMutation(string $targetManualState, TenantTriageRev
             default => null,
         };
 
-        if (! $review instanceof TenantTriageReview) {
+        if (! $review instanceof ManagedEnvironmentTriageReview) {
             return;
         }
 
@@ -247,7 +247,7 @@ private function handleReviewMutation(string $targetManualState, TenantTriageRev
             ->body(sprintf(
                 '%s is now %s for %s.',
                 $tenant->name,
-                BadgeRenderer::spec(BadgeDomain::TenantTriageReviewState, $review->current_state)->label,
+                BadgeRenderer::spec(BadgeDomain::ManagedEnvironmentTriageReviewState, $review->current_state)->label,
                 $this->concernFamilyLabel($context->concernFamily),
             ))
             ->success()
@@ -268,7 +268,7 @@ private function currentReviewStateFor(ManagedEnvironment $tenant, string $conce
 
         $concernTruth = $this->concernTruthFor($tenant);
 
-        $reviewState = app(TenantTriageReviewStateResolver::class)->resolveMany(
+        $reviewState = app(ManagedEnvironmentTriageReviewStateResolver::class)->resolveMany(
             workspaceId: (int) $tenant->workspace_id,
             tenantIds: [$tenantId],
             backupHealthByTenant: [$tenantId => $concernTruth['backupHealth']],
diff --git a/apps/platform/app/Filament/Widgets/Tenant/TenantVerificationReport.php b/apps/platform/app/Filament/Widgets/ManagedEnvironment/ManagedEnvironmentVerificationReport.php
similarity index 94%
rename from apps/platform/app/Filament/Widgets/Tenant/TenantVerificationReport.php
rename to apps/platform/app/Filament/Widgets/ManagedEnvironment/ManagedEnvironmentVerificationReport.php
index 7a62fa39..e1a51593 100644
--- a/apps/platform/app/Filament/Widgets/Tenant/TenantVerificationReport.php
+++ b/apps/platform/app/Filament/Widgets/ManagedEnvironment/ManagedEnvironmentVerificationReport.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-namespace App\Filament\Widgets\Tenant;
+namespace App\Filament\Widgets\ManagedEnvironment;
 
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Filament\Support\VerificationReportChangeIndicator;
 use App\Filament\Support\VerificationReportViewer;
 use App\Models\OperationRun;
@@ -24,11 +24,11 @@
 use Filament\Notifications\Notification;
 use Filament\Widgets\Widget;
 
-class TenantVerificationReport extends Widget
+class ManagedEnvironmentVerificationReport extends Widget
 {
     protected static bool $isLazy = false;
 
-    protected string $view = 'filament.widgets.tenant.tenant-verification-report';
+    protected string $view = 'filament.widgets.managed-environment.managed-environment-verification-report';
 
     public ?ManagedEnvironment $record = null;
 
@@ -203,7 +203,7 @@ protected function getViewData(): array
             'startTooltip' => $isTenantMember && $canOperate && ! $canStart ? UiTooltips::insufficientPermission() : null,
             'lifecycleNotice' => $lifecycleNotice,
             'rerunHint' => $run instanceof OperationRun && $canStart
-                ? ViewTenant::verificationHeaderActionHint()
+                ? ViewManagedEnvironment::verificationHeaderActionHint()
                 : null,
         ];
     }
diff --git a/apps/platform/app/Filament/Widgets/Tenant/RecentOperationsSummary.php b/apps/platform/app/Filament/Widgets/ManagedEnvironment/RecentOperationsSummary.php
similarity index 93%
rename from apps/platform/app/Filament/Widgets/Tenant/RecentOperationsSummary.php
rename to apps/platform/app/Filament/Widgets/ManagedEnvironment/RecentOperationsSummary.php
index a85259d7..f56b0d14 100644
--- a/apps/platform/app/Filament/Widgets/Tenant/RecentOperationsSummary.php
+++ b/apps/platform/app/Filament/Widgets/ManagedEnvironment/RecentOperationsSummary.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace App\Filament\Widgets\Tenant;
+namespace App\Filament\Widgets\ManagedEnvironment;
 
 use App\Models\OperationRun;
 use App\Models\ManagedEnvironment;
@@ -15,7 +15,7 @@ class RecentOperationsSummary extends Widget
 {
     protected static bool $isLazy = false;
 
-    protected string $view = 'filament.widgets.tenant.recent-operations-summary';
+    protected string $view = 'filament.widgets.managed-environment.recent-operations-summary';
 
     public ?ManagedEnvironment $record = null;
 
diff --git a/apps/platform/app/Http/Controllers/AdminConsentCallbackController.php b/apps/platform/app/Http/Controllers/AdminConsentCallbackController.php
index 07e94015..06c4d2f8 100644
--- a/apps/platform/app/Http/Controllers/AdminConsentCallbackController.php
+++ b/apps/platform/app/Http/Controllers/AdminConsentCallbackController.php
@@ -4,7 +4,7 @@
 
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Services\Intune\AuditLogger;
 use App\Support\Providers\ProviderConnectionType;
 use App\Support\Providers\ProviderConsentStatus;
@@ -23,8 +23,8 @@ public function __invoke(
         Request $request,
         AuditLogger $auditLogger,
     ): View {
-        $expectedState = $request->session()->pull('tenant_onboard_state');
-        $workspaceId = $request->session()->pull('tenant_onboard_workspace_id');
+        $expectedState = $request->session()->pull('environment_onboard_state');
+        $workspaceId = $request->session()->pull('environment_onboard_workspace_id');
         $tenantKey = $request->string('tenant')->toString();
         $state = $request->string('state')->toString();
         $tenantIdentifier = $tenantKey ?: $this->parseState($state);
@@ -219,10 +219,10 @@ private function verificationStateLabel(ProviderConnection $connection): string
 
     private function invalidateResumableOnboardingVerificationState(ManagedEnvironment $tenant, ProviderConnection $connection): void
     {
-        TenantOnboardingSession::query()
+        ManagedEnvironmentOnboardingSession::query()
             ->where('managed_environment_id', (int) $tenant->getKey())
             ->resumable()
-            ->each(function (TenantOnboardingSession $draft) use ($connection): void {
+            ->each(function (ManagedEnvironmentOnboardingSession $draft) use ($connection): void {
                 $state = is_array($draft->state) ? $draft->state : [];
                 $providerConnectionId = $state['provider_connection_id'] ?? null;
                 $providerConnectionId = is_numeric($providerConnectionId) ? (int) $providerConnectionId : null;
diff --git a/apps/platform/app/Http/Controllers/ClearTenantContextController.php b/apps/platform/app/Http/Controllers/ClearEnvironmentContextController.php
similarity index 93%
rename from apps/platform/app/Http/Controllers/ClearTenantContextController.php
rename to apps/platform/app/Http/Controllers/ClearEnvironmentContextController.php
index 79c9484c..1175ddb7 100644
--- a/apps/platform/app/Http/Controllers/ClearTenantContextController.php
+++ b/apps/platform/app/Http/Controllers/ClearEnvironmentContextController.php
@@ -11,7 +11,7 @@
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Http\Request;
 
-final class ClearTenantContextController
+final class ClearEnvironmentContextController
 {
     public function __invoke(Request $request): RedirectResponse
     {
@@ -38,13 +38,13 @@ public function __invoke(Request $request): RedirectResponse
             $workspace = $workspaceContext->currentWorkspace($request);
 
             if ($workspace !== null) {
-                return redirect()->route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]);
+                return redirect()->route('admin.workspace.managed-environments.index', ['workspace' => $workspace]);
             }
 
             return redirect()->route('admin.home');
         }
 
-        if ($previousPath === '' || $previousPath === '/admin/clear-tenant-context') {
+        if ($previousPath === '' || $previousPath === '/admin/clear-environment-context') {
             return redirect()->to(OperationRunLinks::index());
         }
 
diff --git a/apps/platform/app/Http/Controllers/TenantOnboardingController.php b/apps/platform/app/Http/Controllers/ManagedEnvironmentOnboardingController.php
similarity index 95%
rename from apps/platform/app/Http/Controllers/TenantOnboardingController.php
rename to apps/platform/app/Http/Controllers/ManagedEnvironmentOnboardingController.php
index 8cca10c4..315ae710 100644
--- a/apps/platform/app/Http/Controllers/TenantOnboardingController.php
+++ b/apps/platform/app/Http/Controllers/ManagedEnvironmentOnboardingController.php
@@ -16,7 +16,7 @@
 use Illuminate\Support\Str;
 use Symfony\Component\HttpFoundation\Response as ResponseAlias;
 
-class TenantOnboardingController extends Controller
+class ManagedEnvironmentOnboardingController extends Controller
 {
     public function __invoke(
         Request $request,
@@ -27,12 +27,12 @@ public function __invoke(
         abort_if($tenantIdentifier === '', ResponseAlias::HTTP_NOT_FOUND);
 
         $state = Str::uuid()->toString();
-        $request->session()->put('tenant_onboard_state', $state);
+        $request->session()->put('environment_onboard_state', $state);
 
         $workspaceId = app(WorkspaceContext::class)->currentWorkspaceId($request);
 
         if ($workspaceId !== null) {
-            $request->session()->put('tenant_onboard_workspace_id', (int) $workspaceId);
+            $request->session()->put('environment_onboard_workspace_id', (int) $workspaceId);
         }
 
         $tenant = $this->resolveTenant($tenantIdentifier, is_numeric($workspaceId) ? (int) $workspaceId : null);
diff --git a/apps/platform/app/Http/Controllers/OpenFindingExceptionsQueueController.php b/apps/platform/app/Http/Controllers/OpenFindingExceptionsQueueController.php
index 185007a6..5f3d9b9b 100644
--- a/apps/platform/app/Http/Controllers/OpenFindingExceptionsQueueController.php
+++ b/apps/platform/app/Http/Controllers/OpenFindingExceptionsQueueController.php
@@ -16,7 +16,7 @@
 
 final class OpenFindingExceptionsQueueController extends Controller
 {
-    public function __invoke(Request $request, ManagedEnvironment $tenant): RedirectResponse
+    public function __invoke(Request $request, ManagedEnvironment $environment): RedirectResponse
     {
         $user = auth()->user();
 
@@ -24,13 +24,13 @@ public function __invoke(Request $request, ManagedEnvironment $tenant): Redirect
             abort(403);
         }
 
-        $workspace = Workspace::query()->whereKey($tenant->workspace_id)->first();
+        $workspace = Workspace::query()->whereKey($environment->workspace_id)->first();
 
         if (! $workspace instanceof Workspace) {
             abort(404);
         }
 
-        if (! $user->canAccessTenant($tenant)) {
+        if (! $user->canAccessTenant($environment)) {
             abort(404);
         }
 
@@ -49,12 +49,12 @@ public function __invoke(Request $request, ManagedEnvironment $tenant): Redirect
 
         $workspaceContext->setCurrentWorkspace($workspace, $user, $request);
 
-        if (! $workspaceContext->rememberTenantContext($tenant, $request)) {
+        if (! $workspaceContext->rememberTenantContext($environment, $request)) {
             abort(404);
         }
 
         return redirect()->to(FindingExceptionsQueue::getUrl([
-            'tenant' => (string) $tenant->external_id,
+            'tenant' => (string) $environment->external_id,
         ], panel: 'admin'));
     }
 }
diff --git a/apps/platform/app/Http/Controllers/ReviewPackDownloadController.php b/apps/platform/app/Http/Controllers/ReviewPackDownloadController.php
index acf7e8e4..4c9738f2 100644
--- a/apps/platform/app/Http/Controllers/ReviewPackDownloadController.php
+++ b/apps/platform/app/Http/Controllers/ReviewPackDownloadController.php
@@ -55,8 +55,8 @@ public function __invoke(Request $request, ReviewPack $reviewPack): StreamedResp
             context: [
                 'metadata' => [
                     'review_pack_id' => (int) $reviewPack->getKey(),
-                    'tenant_review_id' => $reviewPack->tenant_review_id !== null
-                        ? (int) $reviewPack->tenant_review_id
+                    'environment_review_id' => $reviewPack->environment_review_id !== null
+                        ? (int) $reviewPack->environment_review_id
                         : null,
                     'source_surface' => (string) $request->query('source_surface', 'review_pack'),
                     'review_id' => $request->query('review_id'),
diff --git a/apps/platform/app/Http/Controllers/SelectTenantController.php b/apps/platform/app/Http/Controllers/SelectEnvironmentController.php
similarity index 98%
rename from apps/platform/app/Http/Controllers/SelectTenantController.php
rename to apps/platform/app/Http/Controllers/SelectEnvironmentController.php
index ff9ff7f9..be83360a 100644
--- a/apps/platform/app/Http/Controllers/SelectTenantController.php
+++ b/apps/platform/app/Http/Controllers/SelectEnvironmentController.php
@@ -16,7 +16,7 @@
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Schema;
 
-final class SelectTenantController
+final class SelectEnvironmentController
 {
     public function __invoke(Request $request): RedirectResponse
     {
diff --git a/apps/platform/app/Http/Middleware/EnsureWorkspaceSelected.php b/apps/platform/app/Http/Middleware/EnsureWorkspaceSelected.php
index 8904cba7..1ffa7756 100644
--- a/apps/platform/app/Http/Middleware/EnsureWorkspaceSelected.php
+++ b/apps/platform/app/Http/Middleware/EnsureWorkspaceSelected.php
@@ -204,7 +204,7 @@ private function isLivewireUpdatePath(string $path): bool
 
     private function isChooserFirstPath(string $path): bool
     {
-        return in_array($path, ['/admin', '/admin/choose-tenant'], true);
+        return in_array($path, ['/admin', '/admin/choose-environment'], true);
     }
 
     private function requestHasExplicitTenantContext(Request $request): bool
diff --git a/apps/platform/app/Jobs/BulkTenantSyncJob.php b/apps/platform/app/Jobs/BulkTenantSyncJob.php
index 1f202975..871dce26 100644
--- a/apps/platform/app/Jobs/BulkTenantSyncJob.php
+++ b/apps/platform/app/Jobs/BulkTenantSyncJob.php
@@ -69,9 +69,9 @@ public function handle(OperationRunService $runs): void
         $chunkSize = max(1, $chunkSize);
 
         foreach (array_chunk($ids, $chunkSize) as $chunk) {
-            foreach ($chunk as $targetTenantId) {
+            foreach ($chunk as $targetEnvironmentId) {
                 dispatch(new TenantSyncWorkerJob(
-                    tenantId: $targetTenantId,
+                    tenantId: $targetEnvironmentId,
                     userId: $this->userId,
                     operationRun: $this->operationRun,
                     context: $this->context,
diff --git a/apps/platform/app/Jobs/CaptureBaselineSnapshotJob.php b/apps/platform/app/Jobs/CaptureBaselineSnapshotJob.php
index c3ec4d7c..2378224a 100644
--- a/apps/platform/app/Jobs/CaptureBaselineSnapshotJob.php
+++ b/apps/platform/app/Jobs/CaptureBaselineSnapshotJob.php
@@ -100,7 +100,7 @@ public function handle(
 
         $context = is_array($this->operationRun->context) ? $this->operationRun->context : [];
         $profileId = (int) ($context['baseline_profile_id'] ?? 0);
-        $sourceTenantId = (int) ($context['source_tenant_id'] ?? 0);
+        $sourceEnvironmentId = (int) ($context['source_environment_id'] ?? 0);
 
         $profile = BaselineProfile::query()->find($profileId);
 
@@ -108,10 +108,10 @@ public function handle(
             throw new RuntimeException("BaselineProfile #{$profileId} not found.");
         }
 
-        $sourceTenant = ManagedEnvironment::query()->find($sourceTenantId);
+        $sourceTenant = ManagedEnvironment::query()->find($sourceEnvironmentId);
 
         if (! $sourceTenant instanceof ManagedEnvironment) {
-            throw new RuntimeException("Source ManagedEnvironment #{$sourceTenantId} not found.");
+            throw new RuntimeException("Source ManagedEnvironment #{$sourceEnvironmentId} not found.");
         }
 
         $initiator = $this->operationRun->user_id
diff --git a/apps/platform/app/Jobs/ComposeTenantReviewJob.php b/apps/platform/app/Jobs/ComposeEnvironmentReviewJob.php
similarity index 73%
rename from apps/platform/app/Jobs/ComposeTenantReviewJob.php
rename to apps/platform/app/Jobs/ComposeEnvironmentReviewJob.php
index ac8d9726..3c418efe 100644
--- a/apps/platform/app/Jobs/ComposeTenantReviewJob.php
+++ b/apps/platform/app/Jobs/ComposeEnvironmentReviewJob.php
@@ -6,17 +6,17 @@
 
 use App\Jobs\Concerns\BridgesFailedOperationRun;
 use App\Models\OperationRun;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Services\OperationRunService;
-use App\Services\TenantReviews\TenantReviewService;
+use App\Services\EnvironmentReviews\EnvironmentReviewService;
 use App\Support\OperationRunOutcome;
 use App\Support\OperationRunStatus;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewStatus;
 use Illuminate\Contracts\Queue\ShouldQueue;
 use Illuminate\Foundation\Queue\Queueable;
 use Throwable;
 
-class ComposeTenantReviewJob implements ShouldQueue
+class ComposeEnvironmentReviewJob implements ShouldQueue
 {
     use BridgesFailedOperationRun;
     use Queueable;
@@ -26,21 +26,21 @@ class ComposeTenantReviewJob implements ShouldQueue
     public bool $failOnTimeout = true;
 
     public function __construct(
-        public int $tenantReviewId,
+        public int $environmentReviewId,
         public int $operationRunId,
     ) {}
 
-    public function handle(TenantReviewService $service, OperationRunService $operationRuns): void
+    public function handle(EnvironmentReviewService $service, OperationRunService $operationRuns): void
     {
-        $review = TenantReview::query()->with(['tenant', 'evidenceSnapshot.items'])->find($this->tenantReviewId);
+        $review = EnvironmentReview::query()->with(['tenant', 'evidenceSnapshot.items'])->find($this->environmentReviewId);
         $operationRun = OperationRun::query()->find($this->operationRunId);
 
-        if (! $review instanceof TenantReview || ! $operationRun instanceof OperationRun || ! $review->tenant) {
+        if (! $review instanceof EnvironmentReview || ! $operationRun instanceof OperationRun || ! $review->tenant) {
             return;
         }
 
         $operationRuns->updateRun($operationRun, OperationRunStatus::Running->value, OperationRunOutcome::Pending->value);
-        $review->update(['status' => TenantReviewStatus::Draft->value]);
+        $review->update(['status' => EnvironmentReviewStatus::Draft->value]);
 
         try {
             $review = $service->compose($review);
@@ -61,7 +61,7 @@ public function handle(TenantReviewService $service, OperationRunService $operat
             );
         } catch (Throwable $throwable) {
             $review->update([
-                'status' => TenantReviewStatus::Failed->value,
+                'status' => EnvironmentReviewStatus::Failed->value,
                 'summary' => array_merge(is_array($review->summary) ? $review->summary : [], [
                     'error' => $throwable->getMessage(),
                 ]),
@@ -73,7 +73,7 @@ public function handle(TenantReviewService $service, OperationRunService $operat
                 outcome: OperationRunOutcome::Failed->value,
                 failures: [
                     [
-                        'code' => 'tenant_review_compose.failed',
+                        'code' => 'environment_review_compose.failed',
                         'message' => $throwable->getMessage(),
                     ],
                 ],
diff --git a/apps/platform/app/Jobs/GenerateReviewPackJob.php b/apps/platform/app/Jobs/GenerateReviewPackJob.php
index 7c6d8a4b..fe920fb4 100644
--- a/apps/platform/app/Jobs/GenerateReviewPackJob.php
+++ b/apps/platform/app/Jobs/GenerateReviewPackJob.php
@@ -9,7 +9,7 @@
 use App\Models\OperationRun;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Services\Intune\SecretClassificationService;
 use App\Services\OperationRunService;
 use App\Services\ReviewPackService;
@@ -39,7 +39,7 @@ public function __construct(
 
     public function handle(OperationRunService $operationRunService): void
     {
-        $reviewPack = ReviewPack::query()->with(['tenant', 'evidenceSnapshot.items', 'tenantReview.sections'])->find($this->reviewPackId);
+        $reviewPack = ReviewPack::query()->with(['tenant', 'evidenceSnapshot.items', 'environmentReview.sections'])->find($this->reviewPackId);
         $operationRun = OperationRun::query()->find($this->operationRunId);
 
         if (! $reviewPack instanceof ReviewPack || ! $operationRun instanceof OperationRun) {
@@ -82,9 +82,9 @@ public function handle(OperationRunService $operationRunService): void
 
     private function executeGeneration(ReviewPack $reviewPack, OperationRun $operationRun, ManagedEnvironment $tenant, EvidenceSnapshot $snapshot, OperationRunService $operationRunService): void
     {
-        $review = $reviewPack->tenantReview;
+        $review = $reviewPack->environmentReview;
 
-        if ($review instanceof TenantReview) {
+        if ($review instanceof EnvironmentReview) {
             $this->executeReviewDerivedGeneration($reviewPack, $review, $operationRun, $tenant, $snapshot, $operationRunService);
 
             return;
@@ -216,7 +216,7 @@ private function executeGeneration(ReviewPack $reviewPack, OperationRun $operati
 
     private function executeReviewDerivedGeneration(
         ReviewPack $reviewPack,
-        TenantReview $review,
+        EnvironmentReview $review,
         OperationRun $operationRun,
         ManagedEnvironment $tenant,
         EvidenceSnapshot $snapshot,
@@ -280,7 +280,7 @@ private function executeReviewDerivedGeneration(
         $fingerprint = app(ReviewPackService::class)->computeFingerprintForReview($review, $options);
         $reviewSummary = is_array($review->summary) ? $review->summary : [];
         $summary = [
-            'tenant_review_id' => (int) $review->getKey(),
+            'environment_review_id' => (int) $review->getKey(),
             'review_status' => (string) $review->status,
             'review_completeness_state' => (string) $review->completeness_state,
             'section_count' => $review->sections->count(),
@@ -636,7 +636,7 @@ private function assembleZip(string $tempFile, array $fileMap, ?callable $afterW
      */
     private function buildReviewDerivedFileMap(
         ReviewPack $reviewPack,
-        TenantReview $review,
+        EnvironmentReview $review,
         ManagedEnvironment $tenant,
         EvidenceSnapshot $snapshot,
         bool $includePii,
@@ -662,7 +662,7 @@ private function buildReviewDerivedFileMap(
                 'tenant_name' => $includePii ? $tenant->name : '[REDACTED]',
                 'generated_at' => $generatedAt->toIso8601String(),
                 'delivery_bundle' => $deliveryMetadata,
-                'tenant_review' => [
+                'environment_review' => [
                     'id' => (int) $review->getKey(),
                     'status' => (string) $review->status,
                     'completeness_state' => (string) $review->completeness_state,
@@ -686,7 +686,7 @@ private function buildReviewDerivedFileMap(
             ], JSON_PRETTY_PRINT | JSON_THROW_ON_ERROR),
             'summary.json' => json_encode($this->redactReportPayload(array_merge(
                 [
-                    'tenant_review_id' => (int) $review->getKey(),
+                    'environment_review_id' => (int) $review->getKey(),
                     'review_status' => (string) $review->status,
                     'review_completeness_state' => (string) $review->completeness_state,
                 ],
@@ -738,7 +738,7 @@ private function buildReviewDerivedFileMap(
     /**
      * @return array<string, mixed>
      */
-    private function deliveryBundleSummary(TenantReview $review): array
+    private function deliveryBundleSummary(EnvironmentReview $review): array
     {
         return [
             'contract' => ReviewPackService::REVIEW_DERIVED_DELIVERY_CONTRACT,
@@ -753,7 +753,7 @@ private function deliveryBundleSummary(TenantReview $review): array
      */
     private function deliveryBundleMetadata(
         ReviewPack $reviewPack,
-        TenantReview $review,
+        EnvironmentReview $review,
         EvidenceSnapshot $snapshot,
         \Carbon\CarbonInterface $generatedAt,
     ): array {
@@ -805,7 +805,7 @@ private function deliveryBundleMetadata(
      * @param  array<string, mixed>  $reviewSummary
      */
     private function buildExecutiveEntrypoint(
-        TenantReview $review,
+        EnvironmentReview $review,
         ManagedEnvironment $tenant,
         EvidenceSnapshot $snapshot,
         array $reviewSummary,
diff --git a/apps/platform/app/Jobs/Operations/CrossTenantPromotionExecutionJob.php b/apps/platform/app/Jobs/Operations/CrossEnvironmentPromotionExecutionJob.php
similarity index 89%
rename from apps/platform/app/Jobs/Operations/CrossTenantPromotionExecutionJob.php
rename to apps/platform/app/Jobs/Operations/CrossEnvironmentPromotionExecutionJob.php
index 0ef3507f..2109b146 100644
--- a/apps/platform/app/Jobs/Operations/CrossTenantPromotionExecutionJob.php
+++ b/apps/platform/app/Jobs/Operations/CrossEnvironmentPromotionExecutionJob.php
@@ -28,7 +28,7 @@
 use RuntimeException;
 use Throwable;
 
-final class CrossTenantPromotionExecutionJob implements ShouldQueue
+final class CrossEnvironmentPromotionExecutionJob implements ShouldQueue
 {
     use Dispatchable;
     use InteractsWithQueue;
@@ -73,16 +73,16 @@ public function handle(
             return;
         }
 
-        $tenant = $this->operationRun->tenant;
+        $targetEnvironment = $this->operationRun->tenant;
 
-        if (! $tenant instanceof ManagedEnvironment) {
-            throw new RuntimeException('Promotion execution target tenant is missing.');
+        if (! $targetEnvironment instanceof ManagedEnvironment) {
+            throw new RuntimeException('Promotion execution target environment is missing.');
         }
 
         $context = is_array($this->operationRun->context) ? $this->operationRun->context : [];
         $targetScope = is_array($context['target_scope'] ?? null) ? $context['target_scope'] : [];
 
-        $lock = $limiter->acquireSlot((int) $tenant->getKey(), $targetScope);
+        $lock = $limiter->acquireSlot((int) $targetEnvironment->getKey(), $targetScope);
 
         if (! $lock) {
             $this->release(max(1, (int) config('tenantpilot.bulk_operations.poll_interval_seconds', 3)));
@@ -114,7 +114,7 @@ public function handle(
             $summary['total'] = count($items);
 
             [$backupSet, $selectedItemIds, $preRestoreSummary, $preRestoreFailures] = $this->buildRestoreInputs(
-                tenant: $tenant,
+                targetEnvironment: $targetEnvironment,
                 operationRun: $this->operationRun,
                 items: $items,
             );
@@ -126,7 +126,7 @@ public function handle(
 
             if ($selectedItemIds !== []) {
                 $restoreRun = RestoreRun::withoutEvents(fn (): RestoreRun => $restoreService->execute(
-                    tenant: $tenant,
+                    tenant: $targetEnvironment,
                     backupSet: $backupSet,
                     selectedItemIds: $selectedItemIds,
                     dryRun: false,
@@ -160,10 +160,10 @@ public function handle(
                 failures: $failures,
             );
 
-            $auditLogger->logCrossTenantPromotionExecutionCompleted(
+            $auditLogger->logCrossEnvironmentPromotionExecutionCompleted(
                 operationRun: $updated,
-                sourceTenantId: is_numeric($context['source_tenant_id'] ?? null) ? (int) $context['source_tenant_id'] : null,
-                targetTenant: $tenant,
+                sourceEnvironmentId: is_numeric($context['source_environment_id'] ?? null) ? (int) $context['source_environment_id'] : null,
+                targetEnvironment: $targetEnvironment,
                 summaryCounts: $summary,
                 restoreRun: $restoreRun,
             );
@@ -183,7 +183,7 @@ public function getOperationRun(): ?OperationRun
      * @param  list<array<string, mixed>>  $items
      * @return array{0: ?BackupSet, 1: list<int>, 2: array<string, int>, 3: list<array{code: string, message: string}>}
      */
-    private function buildRestoreInputs(ManagedEnvironment $tenant, OperationRun $operationRun, array $items): array
+    private function buildRestoreInputs(ManagedEnvironment $targetEnvironment, OperationRun $operationRun, array $items): array
     {
         $summary = [
             'processed' => 0,
@@ -195,14 +195,14 @@ private function buildRestoreInputs(ManagedEnvironment $tenant, OperationRun $op
         ];
         $failures = [];
         $backupSet = BackupSet::query()->create([
-            'managed_environment_id' => (int) $tenant->getKey(),
-            'name' => 'Cross-tenant promotion • Operation #'.$operationRun->getKey(),
+            'managed_environment_id' => (int) $targetEnvironment->getKey(),
+            'name' => 'Cross-environment promotion • Operation #'.$operationRun->getKey(),
             'created_by' => $operationRun->user?->email,
             'status' => 'completed',
             'item_count' => 0,
             'completed_at' => CarbonImmutable::now(),
             'metadata' => [
-                'source' => 'cross_tenant_promotion',
+                'source' => 'cross_environment_promotion',
                 'operation_run_id' => (int) $operationRun->getKey(),
             ],
         ]);
@@ -219,13 +219,13 @@ private function buildRestoreInputs(ManagedEnvironment $tenant, OperationRun $op
             }
 
             $versionId = data_get($item, 'source.policy_version_id');
-            $sourceTenantId = data_get($item, 'source.managed_environment_id');
+            $sourceEnvironmentId = data_get($item, 'source.managed_environment_id');
 
-            $version = is_numeric($versionId) && is_numeric($sourceTenantId)
+            $version = is_numeric($versionId) && is_numeric($sourceEnvironmentId)
                 ? PolicyVersion::query()
                     ->with('policy')
                     ->whereKey((int) $versionId)
-                    ->where('managed_environment_id', (int) $sourceTenantId)
+                    ->where('managed_environment_id', (int) $sourceEnvironmentId)
                     ->first()
                 : null;
 
@@ -248,13 +248,13 @@ private function buildRestoreInputs(ManagedEnvironment $tenant, OperationRun $op
                 : (is_string($sourceExternalId) && trim($sourceExternalId) !== '' ? trim($sourceExternalId) : (string) $sourcePolicy->external_id);
 
             $targetPolicy = Policy::query()
-                ->where('managed_environment_id', (int) $tenant->getKey())
+                ->where('managed_environment_id', (int) $targetEnvironment->getKey())
                 ->where('policy_type', (string) $sourcePolicy->policy_type)
                 ->where('external_id', $policyIdentifier)
                 ->first();
 
             $backupItem = BackupItem::query()->create([
-                'managed_environment_id' => (int) $tenant->getKey(),
+                'managed_environment_id' => (int) $targetEnvironment->getKey(),
                 'backup_set_id' => (int) $backupSet->getKey(),
                 'policy_id' => $targetPolicy?->getKey(),
                 'policy_identifier' => $policyIdentifier,
@@ -263,10 +263,10 @@ private function buildRestoreInputs(ManagedEnvironment $tenant, OperationRun $op
                 'captured_at' => $version->captured_at ?? CarbonImmutable::now(),
                 'payload' => is_array($version->snapshot) ? $version->snapshot : [],
                 'metadata' => [
-                    'source' => 'cross_tenant_promotion',
+                    'source' => 'cross_environment_promotion',
                     'display_name' => (string) $sourcePolicy->display_name,
                     'operation_run_id' => (int) $operationRun->getKey(),
-                    'source_tenant_id' => (int) $sourcePolicy->managed_environment_id,
+                    'source_environment_id' => (int) $sourcePolicy->managed_environment_id,
                     'source_policy_id' => (int) $sourcePolicy->getKey(),
                     'source_policy_version_id' => (int) $version->getKey(),
                     'source_subject_key' => (string) ($item['subject_key'] ?? ''),
diff --git a/apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php b/apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php
index c0056a37..3c692f77 100644
--- a/apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php
+++ b/apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php
@@ -10,7 +10,7 @@
 use App\Models\User;
 use App\Services\Audit\WorkspaceAuditLogger;
 use App\Services\Intune\AuditLogger as TenantAuditLogger;
-use App\Services\Intune\TenantPermissionService;
+use App\Services\Intune\ManagedEnvironmentPermissionService;
 use App\Services\OperationRunService;
 use App\Services\Providers\Contracts\HealthResult;
 use App\Services\Providers\MicrosoftProviderHealthCheck;
@@ -24,7 +24,7 @@
 use App\Support\Providers\ProviderNextStepsRegistry;
 use App\Support\Providers\ProviderReasonCodes;
 use App\Support\Providers\TargetScope\ProviderConnectionTargetScopeNormalizer;
-use App\Support\Verification\TenantPermissionCheckClusters;
+use App\Support\Verification\ManagedEnvironmentPermissionCheckClusters;
 use App\Support\Verification\VerificationReportWriter;
 use Illuminate\Bus\Queueable;
 use Illuminate\Contracts\Queue\ShouldQueue;
@@ -99,7 +99,7 @@ public function handle(
 
         $this->updateRunTargetScope($this->operationRun, $connection, $entraTenantName);
 
-        $permissionService = app(TenantPermissionService::class);
+        $permissionService = app(ManagedEnvironmentPermissionService::class);
 
         $graphOptions = null;
 
@@ -178,7 +178,7 @@ public function handle(
             ];
         }
 
-        $permissionChecks = TenantPermissionCheckClusters::buildChecks($tenant, $permissionRows, $inventory);
+        $permissionChecks = ManagedEnvironmentPermissionCheckClusters::buildChecks($tenant, $permissionRows, $inventory);
         $targetScope = app(ProviderConnectionTargetScopeNormalizer::class)
             ->descriptorForConnection($connection)
             ->toArray();
diff --git a/apps/platform/app/Models/TenantReview.php b/apps/platform/app/Models/EnvironmentReview.php
similarity index 85%
rename from apps/platform/app/Models/TenantReview.php
rename to apps/platform/app/Models/EnvironmentReview.php
index 02be9743..7feb0f61 100644
--- a/apps/platform/app/Models/TenantReview.php
+++ b/apps/platform/app/Models/EnvironmentReview.php
@@ -6,15 +6,15 @@
 
 use App\Support\Concerns\DerivesWorkspaceIdFromTenant;
 use App\Support\Governance\Controls\ComplianceEvidenceMappingV1;
-use App\Support\TenantReviewCompletenessState;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewCompletenessState;
+use App\Support\EnvironmentReviewStatus;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Illuminate\Database\Eloquent\Relations\HasMany;
 
-class TenantReview extends Model
+class EnvironmentReview extends Model
 {
     use DerivesWorkspaceIdFromTenant;
     use HasFactory;
@@ -107,11 +107,11 @@ public function supersededReviews(): HasMany
     }
 
     /**
-     * @return HasMany<TenantReviewSection, $this>
+     * @return HasMany<EnvironmentReviewSection, $this>
      */
     public function sections(): HasMany
     {
-        return $this->hasMany(TenantReviewSection::class)->orderBy('sort_order')->orderBy('id');
+        return $this->hasMany(EnvironmentReviewSection::class)->orderBy('sort_order')->orderBy('id');
     }
 
     /**
@@ -146,7 +146,7 @@ public function scopeForWorkspace(Builder $query, int $workspaceId): Builder
      */
     public function scopePublished(Builder $query): Builder
     {
-        return $query->where('status', TenantReviewStatus::Published->value);
+        return $query->where('status', EnvironmentReviewStatus::Published->value);
     }
 
     /**
@@ -156,21 +156,21 @@ public function scopePublished(Builder $query): Builder
     public function scopeMutable(Builder $query): Builder
     {
         return $query->whereIn('status', [
-            TenantReviewStatus::Draft->value,
-            TenantReviewStatus::Ready->value,
-            TenantReviewStatus::Failed->value,
+            EnvironmentReviewStatus::Draft->value,
+            EnvironmentReviewStatus::Ready->value,
+            EnvironmentReviewStatus::Failed->value,
         ]);
     }
 
-    public function statusEnum(): TenantReviewStatus
+    public function statusEnum(): EnvironmentReviewStatus
     {
-        return TenantReviewStatus::from((string) $this->status);
+        return EnvironmentReviewStatus::from((string) $this->status);
     }
 
-    public function completenessEnum(): TenantReviewCompletenessState
+    public function completenessEnum(): EnvironmentReviewCompletenessState
     {
-        return TenantReviewCompletenessState::tryFrom((string) $this->completeness_state)
-            ?? TenantReviewCompletenessState::Missing;
+        return EnvironmentReviewCompletenessState::tryFrom((string) $this->completeness_state)
+            ?? EnvironmentReviewCompletenessState::Missing;
     }
 
     public function isPublished(): bool
@@ -253,12 +253,12 @@ public function controlInterpretationLimitationCounts(): array
             ->all();
     }
 
-    public function controlInterpretationSection(): ?TenantReviewSection
+    public function controlInterpretationSection(): ?EnvironmentReviewSection
     {
         if ($this->relationLoaded('sections')) {
             $section = $this->sections->firstWhere('section_key', ComplianceEvidenceMappingV1::SECTION_KEY);
 
-            return $section instanceof TenantReviewSection ? $section : null;
+            return $section instanceof EnvironmentReviewSection ? $section : null;
         }
 
         return $this->sections()
diff --git a/apps/platform/app/Models/TenantReviewSection.php b/apps/platform/app/Models/EnvironmentReviewSection.php
similarity index 79%
rename from apps/platform/app/Models/TenantReviewSection.php
rename to apps/platform/app/Models/EnvironmentReviewSection.php
index b5704e43..6529004e 100644
--- a/apps/platform/app/Models/TenantReviewSection.php
+++ b/apps/platform/app/Models/EnvironmentReviewSection.php
@@ -4,14 +4,14 @@
 
 namespace App\Models;
 
-use App\Support\TenantReviewCompletenessState;
+use App\Support\EnvironmentReviewCompletenessState;
 use App\Support\Governance\Controls\ComplianceEvidenceMappingV1;
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 
-class TenantReviewSection extends Model
+class EnvironmentReviewSection extends Model
 {
     use HasFactory;
 
@@ -31,11 +31,11 @@ protected function casts(): array
     }
 
     /**
-     * @return BelongsTo<TenantReview, $this>
+     * @return BelongsTo<EnvironmentReview, $this>
      */
-    public function tenantReview(): BelongsTo
+    public function environmentReview(): BelongsTo
     {
-        return $this->belongsTo(TenantReview::class);
+        return $this->belongsTo(EnvironmentReview::class);
     }
 
     /**
@@ -63,10 +63,10 @@ public function scopeRequired(Builder $query): Builder
         return $query->where('required', true);
     }
 
-    public function completenessEnum(): TenantReviewCompletenessState
+    public function completenessEnum(): EnvironmentReviewCompletenessState
     {
-        return TenantReviewCompletenessState::tryFrom((string) $this->completeness_state)
-            ?? TenantReviewCompletenessState::Missing;
+        return EnvironmentReviewCompletenessState::tryFrom((string) $this->completeness_state)
+            ?? EnvironmentReviewCompletenessState::Missing;
     }
 
     public function isControlInterpretation(): bool
diff --git a/apps/platform/app/Models/EvidenceSnapshot.php b/apps/platform/app/Models/EvidenceSnapshot.php
index fe0d9f93..c171e67d 100644
--- a/apps/platform/app/Models/EvidenceSnapshot.php
+++ b/apps/platform/app/Models/EvidenceSnapshot.php
@@ -81,11 +81,11 @@ public function reviewPacks(): HasMany
     }
 
     /**
-     * @return HasMany<TenantReview, $this>
+     * @return HasMany<EnvironmentReview, $this>
      */
-    public function tenantReviews(): HasMany
+    public function environmentReviews(): HasMany
     {
-        return $this->hasMany(TenantReview::class);
+        return $this->hasMany(EnvironmentReview::class);
     }
 
     /**
diff --git a/apps/platform/app/Models/ManagedEnvironment.php b/apps/platform/app/Models/ManagedEnvironment.php
index c4d83ec3..dd4d3454 100644
--- a/apps/platform/app/Models/ManagedEnvironment.php
+++ b/apps/platform/app/Models/ManagedEnvironment.php
@@ -411,9 +411,9 @@ public function evidenceSnapshots(): HasMany
         return $this->hasMany(EvidenceSnapshot::class);
     }
 
-    public function tenantReviews(): HasMany
+    public function environmentReviews(): HasMany
     {
-        return $this->hasMany(TenantReview::class);
+        return $this->hasMany(EnvironmentReview::class);
     }
 
     public function settings(): HasMany
@@ -423,7 +423,7 @@ public function settings(): HasMany
 
     public function permissions(): HasMany
     {
-        return $this->hasMany(TenantPermission::class);
+        return $this->hasMany(ManagedEnvironmentPermission::class);
     }
 
     public function providerConnections(): HasMany
diff --git a/apps/platform/app/Models/TenantOnboardingSession.php b/apps/platform/app/Models/ManagedEnvironmentOnboardingSession.php
similarity index 93%
rename from apps/platform/app/Models/TenantOnboardingSession.php
rename to apps/platform/app/Models/ManagedEnvironmentOnboardingSession.php
index a7c5259d..745f02cd 100644
--- a/apps/platform/app/Models/TenantOnboardingSession.php
+++ b/apps/platform/app/Models/ManagedEnvironmentOnboardingSession.php
@@ -12,12 +12,12 @@
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 
-class TenantOnboardingSession extends Model
+class ManagedEnvironmentOnboardingSession extends Model
 {
-    /** @use HasFactory<\Database\Factories\TenantOnboardingSessionFactory> */
+    /** @use HasFactory<\Database\Factories\ManagedEnvironmentOnboardingSessionFactory> */
     use HasFactory;
 
-    protected $table = 'managed_tenant_onboarding_sessions';
+    protected $table = 'managed_environment_onboarding_sessions';
 
     /**
      * @var array<int, string>
@@ -25,7 +25,7 @@ class TenantOnboardingSession extends Model
     public const STATE_ALLOWED_KEYS = [
         'entra_tenant_id',
         'managed_environment_id',
-        'tenant_name',
+        'environment_name',
         'environment',
         'primary_domain',
         'notes',
@@ -80,11 +80,19 @@ public function workspace(): BelongsTo
     /**
      * @return BelongsTo<ManagedEnvironment, $this>
      */
-    public function tenant(): BelongsTo
+    public function managedEnvironment(): BelongsTo
     {
         return $this->belongsTo(ManagedEnvironment::class, 'managed_environment_id')->withTrashed();
     }
 
+    /**
+     * @return BelongsTo<ManagedEnvironment, $this>
+     */
+    public function tenant(): BelongsTo
+    {
+        return $this->managedEnvironment();
+    }
+
     /**
      * @return BelongsTo<User, $this>
      */
diff --git a/apps/platform/app/Models/TenantPermission.php b/apps/platform/app/Models/ManagedEnvironmentPermission.php
similarity index 92%
rename from apps/platform/app/Models/TenantPermission.php
rename to apps/platform/app/Models/ManagedEnvironmentPermission.php
index 5c1f0238..73c1e80f 100644
--- a/apps/platform/app/Models/TenantPermission.php
+++ b/apps/platform/app/Models/ManagedEnvironmentPermission.php
@@ -7,7 +7,7 @@
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 
-class TenantPermission extends Model
+class ManagedEnvironmentPermission extends Model
 {
     use DerivesWorkspaceIdFromTenant;
     use HasFactory;
diff --git a/apps/platform/app/Models/TenantTriageReview.php b/apps/platform/app/Models/ManagedEnvironmentTriageReview.php
similarity index 98%
rename from apps/platform/app/Models/TenantTriageReview.php
rename to apps/platform/app/Models/ManagedEnvironmentTriageReview.php
index 5321d237..1eeaa063 100644
--- a/apps/platform/app/Models/TenantTriageReview.php
+++ b/apps/platform/app/Models/ManagedEnvironmentTriageReview.php
@@ -10,7 +10,7 @@
 use Illuminate\Database\Eloquent\Model;
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 
-class TenantTriageReview extends Model
+class ManagedEnvironmentTriageReview extends Model
 {
     use HasFactory;
 
diff --git a/apps/platform/app/Models/ReviewPack.php b/apps/platform/app/Models/ReviewPack.php
index 3a573d7e..a5dadc68 100644
--- a/apps/platform/app/Models/ReviewPack.php
+++ b/apps/platform/app/Models/ReviewPack.php
@@ -80,11 +80,11 @@ public function evidenceSnapshot(): BelongsTo
     }
 
     /**
-     * @return BelongsTo<TenantReview, $this>
+     * @return BelongsTo<EnvironmentReview, $this>
      */
-    public function tenantReview(): BelongsTo
+    public function environmentReview(): BelongsTo
     {
-        return $this->belongsTo(TenantReview::class);
+        return $this->belongsTo(EnvironmentReview::class);
     }
 
     /**
diff --git a/apps/platform/app/Policies/TenantReviewPolicy.php b/apps/platform/app/Policies/EnvironmentReviewPolicy.php
similarity index 70%
rename from apps/platform/app/Policies/TenantReviewPolicy.php
rename to apps/platform/app/Policies/EnvironmentReviewPolicy.php
index 8211615d..bd6893e6 100644
--- a/apps/platform/app/Policies/TenantReviewPolicy.php
+++ b/apps/platform/app/Policies/EnvironmentReviewPolicy.php
@@ -5,14 +5,14 @@
 namespace App\Policies;
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Services\Auth\CapabilityResolver;
 use App\Support\Auth\Capabilities;
 use Illuminate\Auth\Access\HandlesAuthorization;
 use Illuminate\Auth\Access\Response;
 
-class TenantReviewPolicy
+class EnvironmentReviewPolicy
 {
     use HandlesAuthorization;
 
@@ -24,10 +24,10 @@ public function viewAny(User $user): bool
             return false;
         }
 
-        return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::TENANT_REVIEW_VIEW);
+        return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::ENVIRONMENT_REVIEW_VIEW);
     }
 
-    public function view(User $user, TenantReview $review): Response|bool
+    public function view(User $user, EnvironmentReview $review): Response|bool
     {
         $tenant = $this->authorizedTenantOrNull($user, $review);
 
@@ -35,7 +35,7 @@ public function view(User $user, TenantReview $review): Response|bool
             return Response::denyAsNotFound();
         }
 
-        return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::TENANT_REVIEW_VIEW)
+        return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::ENVIRONMENT_REVIEW_VIEW)
             ? true
             : Response::deny();
     }
@@ -48,35 +48,35 @@ public function create(User $user): bool
             return false;
         }
 
-        return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::TENANT_REVIEW_MANAGE);
+        return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::ENVIRONMENT_REVIEW_MANAGE);
     }
 
-    public function refresh(User $user, TenantReview $review): Response|bool
+    public function refresh(User $user, EnvironmentReview $review): Response|bool
     {
         return $this->authorizeManageAction($user, $review);
     }
 
-    public function publish(User $user, TenantReview $review): Response|bool
+    public function publish(User $user, EnvironmentReview $review): Response|bool
     {
         return $this->authorizeManageAction($user, $review);
     }
 
-    public function archive(User $user, TenantReview $review): Response|bool
+    public function archive(User $user, EnvironmentReview $review): Response|bool
     {
         return $this->authorizeManageAction($user, $review);
     }
 
-    public function export(User $user, TenantReview $review): Response|bool
+    public function export(User $user, EnvironmentReview $review): Response|bool
     {
         return $this->authorizeManageAction($user, $review);
     }
 
-    public function createNextReview(User $user, TenantReview $review): Response|bool
+    public function createNextReview(User $user, EnvironmentReview $review): Response|bool
     {
         return $this->authorizeManageAction($user, $review);
     }
 
-    private function authorizeManageAction(User $user, TenantReview $review): Response|bool
+    private function authorizeManageAction(User $user, EnvironmentReview $review): Response|bool
     {
         $tenant = $this->authorizedTenantOrNull($user, $review);
 
@@ -84,12 +84,12 @@ private function authorizeManageAction(User $user, TenantReview $review): Respon
             return Response::denyAsNotFound();
         }
 
-        return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::TENANT_REVIEW_MANAGE)
+        return app(CapabilityResolver::class)->can($user, $tenant, Capabilities::ENVIRONMENT_REVIEW_MANAGE)
             ? true
             : Response::deny();
     }
 
-    private function authorizedTenantOrNull(User $user, TenantReview $review): ?ManagedEnvironment
+    private function authorizedTenantOrNull(User $user, EnvironmentReview $review): ?ManagedEnvironment
     {
         $tenant = $review->tenant;
 
diff --git a/apps/platform/app/Policies/TenantOnboardingSessionPolicy.php b/apps/platform/app/Policies/ManagedEnvironmentOnboardingSessionPolicy.php
similarity index 73%
rename from apps/platform/app/Policies/TenantOnboardingSessionPolicy.php
rename to apps/platform/app/Policies/ManagedEnvironmentOnboardingSessionPolicy.php
index 5b01e9fc..a630756b 100644
--- a/apps/platform/app/Policies/TenantOnboardingSessionPolicy.php
+++ b/apps/platform/app/Policies/ManagedEnvironmentOnboardingSessionPolicy.php
@@ -5,7 +5,7 @@
 namespace App\Policies;
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Services\Auth\WorkspaceCapabilityResolver;
@@ -17,7 +17,7 @@
 use Illuminate\Auth\Access\Response;
 use Illuminate\Support\Facades\Gate;
 
-class TenantOnboardingSessionPolicy
+class ManagedEnvironmentOnboardingSessionPolicy
 {
     public function viewAny(User $user): bool|Response
     {
@@ -27,33 +27,33 @@ public function viewAny(User $user): bool|Response
             return Response::denyAsNotFound();
         }
 
-        return $this->authorizeForWorkspace($user, $workspace, Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD);
+        return $this->authorizeForWorkspace($user, $workspace, Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD);
     }
 
-    public function view(User $user, TenantOnboardingSession $tenantOnboardingSession): bool|Response
+    public function view(User $user, ManagedEnvironmentOnboardingSession $environmentOnboardingSession): bool|Response
     {
         return $this->authorizeForDraft(
             user: $user,
-            tenantOnboardingSession: $tenantOnboardingSession,
-            capability: Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD,
+            environmentOnboardingSession: $environmentOnboardingSession,
+            capability: Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD,
         );
     }
 
-    public function update(User $user, TenantOnboardingSession $tenantOnboardingSession): bool|Response
+    public function update(User $user, ManagedEnvironmentOnboardingSession $environmentOnboardingSession): bool|Response
     {
         return $this->authorizeForDraft(
             user: $user,
-            tenantOnboardingSession: $tenantOnboardingSession,
-            capability: Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD,
+            environmentOnboardingSession: $environmentOnboardingSession,
+            capability: Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD,
         );
     }
 
-    public function cancel(User $user, TenantOnboardingSession $tenantOnboardingSession): bool|Response
+    public function cancel(User $user, ManagedEnvironmentOnboardingSession $environmentOnboardingSession): bool|Response
     {
         return $this->authorizeForDraft(
             user: $user,
-            tenantOnboardingSession: $tenantOnboardingSession,
-            capability: Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CANCEL,
+            environmentOnboardingSession: $environmentOnboardingSession,
+            capability: Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CANCEL,
         );
     }
 
@@ -83,7 +83,7 @@ private function currentWorkspace(User $user): ?Workspace
 
     private function authorizeForDraft(
         User $user,
-        TenantOnboardingSession $tenantOnboardingSession,
+        ManagedEnvironmentOnboardingSession $environmentOnboardingSession,
         string $capability,
     ): bool|Response {
         $workspace = $this->currentWorkspace($user);
@@ -92,11 +92,11 @@ private function authorizeForDraft(
             return Response::denyAsNotFound();
         }
 
-        if ((int) $tenantOnboardingSession->workspace_id !== (int) $workspace->getKey()) {
+        if ((int) $environmentOnboardingSession->workspace_id !== (int) $workspace->getKey()) {
             return Response::denyAsNotFound();
         }
 
-        $tenant = $tenantOnboardingSession->tenant;
+        $tenant = $environmentOnboardingSession->managedEnvironment;
 
         if ($tenant instanceof ManagedEnvironment) {
             if ((int) $tenant->workspace_id !== (int) $workspace->getKey()) {
@@ -140,7 +140,7 @@ private function authorizeForWorkspace(User $user, Workspace $workspace, string
     private function forbiddenCapabilityMessage(string $capability): string
     {
         return match ($capability) {
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CANCEL => 'You do not have permission to cancel this onboarding draft.',
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CANCEL => 'You do not have permission to cancel this onboarding draft.',
             default => 'You do not have permission to continue this onboarding draft.',
         };
     }
diff --git a/apps/platform/app/Providers/AuthServiceProvider.php b/apps/platform/app/Providers/AuthServiceProvider.php
index 272b151c..e1fa0ba9 100644
--- a/apps/platform/app/Providers/AuthServiceProvider.php
+++ b/apps/platform/app/Providers/AuthServiceProvider.php
@@ -8,8 +8,8 @@
 use App\Models\PlatformUser;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
-use App\Models\TenantReview;
+use App\Models\ManagedEnvironmentOnboardingSession;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceSetting;
@@ -17,8 +17,8 @@
 use App\Policies\AlertDestinationPolicy;
 use App\Policies\AlertRulePolicy;
 use App\Policies\ProviderConnectionPolicy;
-use App\Policies\TenantOnboardingSessionPolicy;
-use App\Policies\TenantReviewPolicy;
+use App\Policies\ManagedEnvironmentOnboardingSessionPolicy;
+use App\Policies\EnvironmentReviewPolicy;
 use App\Policies\WorkspaceSettingPolicy;
 use App\Services\Auth\CapabilityResolver;
 use App\Services\Auth\WorkspaceCapabilityResolver;
@@ -31,8 +31,8 @@ class AuthServiceProvider extends ServiceProvider
 {
     protected $policies = [
         ProviderConnection::class => ProviderConnectionPolicy::class,
-        TenantOnboardingSession::class => TenantOnboardingSessionPolicy::class,
-        TenantReview::class => TenantReviewPolicy::class,
+        ManagedEnvironmentOnboardingSession::class => ManagedEnvironmentOnboardingSessionPolicy::class,
+        EnvironmentReview::class => EnvironmentReviewPolicy::class,
         WorkspaceSetting::class => WorkspaceSettingPolicy::class,
         AlertDestination::class => AlertDestinationPolicy::class,
         AlertDelivery::class => AlertDeliveryPolicy::class,
diff --git a/apps/platform/app/Providers/Filament/AdminPanelProvider.php b/apps/platform/app/Providers/Filament/AdminPanelProvider.php
index 1c5ffce5..60b491f7 100644
--- a/apps/platform/app/Providers/Filament/AdminPanelProvider.php
+++ b/apps/platform/app/Providers/Filament/AdminPanelProvider.php
@@ -4,9 +4,9 @@
 
 use App\Filament\Pages\Auth\Login;
 use App\Filament\Pages\BaselineCompareLanding;
-use App\Filament\Pages\ChooseTenant;
+use App\Filament\Pages\ChooseEnvironment;
 use App\Filament\Pages\ChooseWorkspace;
-use App\Filament\Pages\CrossTenantComparePage;
+use App\Filament\Pages\CrossEnvironmentComparePage;
 use App\Filament\Pages\Findings\FindingsHygieneReport;
 use App\Filament\Pages\Findings\FindingsIntakeQueue;
 use App\Filament\Pages\Governance\DecisionRegister;
@@ -18,7 +18,7 @@
 use App\Filament\Pages\Reviews\ReviewRegister;
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
 use App\Filament\Pages\Settings\WorkspaceSettings;
-use App\Filament\Pages\TenantRequiredPermissions;
+use App\Filament\Pages\EnvironmentRequiredPermissions;
 use App\Filament\Pages\WorkspaceOverview;
 use App\Filament\Resources\AlertDeliveryResource;
 use App\Filament\Resources\AlertDestinationResource;
@@ -28,7 +28,7 @@
 use App\Filament\Resources\InventoryItemResource;
 use App\Filament\Resources\PolicyResource;
 use App\Filament\Resources\ProviderConnectionResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Filament\Resources\Workspaces\WorkspaceResource;
 use App\Models\User;
 use App\Models\Workspace;
@@ -75,7 +75,7 @@ public function panel(Panel $panel): Panel
             ->font(null, provider: LocalFontProvider::class, preload: [])
             ->authenticatedRoutes(function (Panel $panel): void {
                 ChooseWorkspace::registerRoutes($panel);
-                ChooseTenant::registerRoutes($panel);
+                ChooseEnvironment::registerRoutes($panel);
                 NoAccess::registerRoutes($panel);
             })
             ->colors([
@@ -166,7 +166,7 @@ public function panel(Panel $panel): Panel
             )
             ->renderHook(
                 PanelsRenderHook::PAGE_START,
-                fn (): string => request()->routeIs('admin.workspace.managed-tenants.index', 'admin.onboarding', 'admin.onboarding.draft', 'filament.admin.pages.choose-tenant')
+                fn (): string => request()->routeIs('admin.workspace.managed-environments.index', 'admin.onboarding', 'admin.onboarding.draft', 'filament.admin.pages.choose-environment')
                     ? ''
                     : ((bool) config('tenantpilot.bulk_operations.progress_widget_enabled', true)
                         ? view('livewire.bulk-operation-progress-wrapper')->render()
@@ -182,16 +182,16 @@ public function panel(Panel $panel): Panel
                 WorkspaceResource::class,
                 BaselineProfileResource::class,
                 BaselineSnapshotResource::class,
-                TenantReviewResource::class,
+                EnvironmentReviewResource::class,
             ])
             ->discoverClusters(in: app_path('Filament/Clusters'), for: 'App\\Filament\\Clusters')
             ->discoverResources(in: app_path('Filament/Resources'), for: 'App\\Filament\\Resources')
             ->pages([
                 BaselineCompareLanding::class,
                 InventoryCoverage::class,
-                TenantRequiredPermissions::class,
+                EnvironmentRequiredPermissions::class,
                 WorkspaceSettings::class,
-                CrossTenantComparePage::class,
+                CrossEnvironmentComparePage::class,
                 GovernanceInbox::class,
                 DecisionRegister::class,
                 FindingsHygieneReport::class,
diff --git a/apps/platform/app/Services/Audit/WorkspaceAuditLogger.php b/apps/platform/app/Services/Audit/WorkspaceAuditLogger.php
index 2d58c9d9..10b33996 100644
--- a/apps/platform/app/Services/Audit/WorkspaceAuditLogger.php
+++ b/apps/platform/app/Services/Audit/WorkspaceAuditLogger.php
@@ -143,10 +143,10 @@ public function logSupportDiagnosticsOpened(
     /**
      * @param  array<string, mixed>  $preflight
      */
-    public function logCrossTenantPromotionPreflightGenerated(
+    public function logCrossEnvironmentPromotionPreflightGenerated(
         Workspace $workspace,
-        ManagedEnvironment $sourceTenant,
-        ManagedEnvironment $targetTenant,
+        ManagedEnvironment $sourceEnvironment,
+        ManagedEnvironment $targetEnvironment,
         array $preflight,
         User|PlatformUser|null $actor = null,
     ): \App\Models\AuditLog {
@@ -154,12 +154,12 @@ public function logCrossTenantPromotionPreflightGenerated(
 
         return $this->log(
             workspace: $workspace,
-            action: AuditActionId::CrossTenantPromotionPreflightGenerated,
+            action: AuditActionId::CrossEnvironmentPromotionPreflightGenerated,
             context: [
-                'source_tenant_id' => (int) $sourceTenant->getKey(),
-                'source_tenant_name' => (string) $sourceTenant->name,
-                'target_tenant_id' => (int) $targetTenant->getKey(),
-                'target_tenant_name' => (string) $targetTenant->name,
+                'source_environment_id' => (int) $sourceEnvironment->getKey(),
+                'source_environment_name' => (string) $sourceEnvironment->name,
+                'target_environment_id' => (int) $targetEnvironment->getKey(),
+                'target_environment_name' => (string) $targetEnvironment->name,
                 'ready_count' => (int) ($summary['ready'] ?? 0),
                 'blocked_count' => (int) ($summary['blocked'] ?? 0),
                 'manual_mapping_required_count' => (int) ($summary['manual_mapping_required'] ?? 0),
@@ -170,20 +170,20 @@ public function logCrossTenantPromotionPreflightGenerated(
             ],
             actor: $actor,
             status: 'success',
-            resourceType: 'cross_tenant_promotion_preflight',
-            resourceId: sprintf('%s:%s', $sourceTenant->getKey(), $targetTenant->getKey()),
-            targetLabel: $sourceTenant->name.' -> '.$targetTenant->name,
-            summary: 'Cross-tenant promotion preflight generated for '.$sourceTenant->name.' -> '.$targetTenant->name,
+            resourceType: 'cross_environment_promotion_preflight',
+            resourceId: sprintf('%s:%s', $sourceEnvironment->getKey(), $targetEnvironment->getKey()),
+            targetLabel: $sourceEnvironment->name.' -> '.$targetEnvironment->name,
+            summary: 'Cross-environment promotion preflight generated for '.$sourceEnvironment->name.' -> '.$targetEnvironment->name,
         );
     }
 
     /**
      * @param  array<string, mixed>  $plan
      */
-    public function logCrossTenantPromotionExecutionQueued(
+    public function logCrossEnvironmentPromotionExecutionQueued(
         Workspace $workspace,
-        ManagedEnvironment $sourceTenant,
-        ManagedEnvironment $targetTenant,
+        ManagedEnvironment $sourceEnvironment,
+        ManagedEnvironment $targetEnvironment,
         OperationRun $operationRun,
         array $plan,
         User|PlatformUser|null $actor = null,
@@ -192,12 +192,12 @@ public function logCrossTenantPromotionExecutionQueued(
 
         return $this->log(
             workspace: $workspace,
-            action: AuditActionId::CrossTenantPromotionExecutionQueued,
+            action: AuditActionId::CrossEnvironmentPromotionExecutionQueued,
             context: [
-                'source_tenant_id' => (int) $sourceTenant->getKey(),
-                'source_tenant_name' => (string) $sourceTenant->name,
-                'target_tenant_id' => (int) $targetTenant->getKey(),
-                'target_tenant_name' => (string) $targetTenant->name,
+                'source_environment_id' => (int) $sourceEnvironment->getKey(),
+                'source_environment_name' => (string) $sourceEnvironment->name,
+                'target_environment_id' => (int) $targetEnvironment->getKey(),
+                'target_environment_name' => (string) $targetEnvironment->name,
                 'selection' => is_array($plan['selection'] ?? null) ? $plan['selection'] : [],
                 'ready_count' => (int) ($summary['ready'] ?? 0),
                 'excluded_count' => (int) ($summary['excluded'] ?? 0),
@@ -208,36 +208,36 @@ public function logCrossTenantPromotionExecutionQueued(
             status: 'queued',
             resourceType: 'operation_run',
             resourceId: (string) $operationRun->getKey(),
-            targetLabel: $sourceTenant->name.' -> '.$targetTenant->name,
-            summary: 'Cross-tenant promotion execution queued for '.$sourceTenant->name.' -> '.$targetTenant->name,
+            targetLabel: $sourceEnvironment->name.' -> '.$targetEnvironment->name,
+            summary: 'Cross-environment promotion execution queued for '.$sourceEnvironment->name.' -> '.$targetEnvironment->name,
             operationRunId: (int) $operationRun->getKey(),
-            tenant: $targetTenant,
+            tenant: $targetEnvironment,
         );
     }
 
     /**
      * @param  array<string, int>  $summaryCounts
      */
-    public function logCrossTenantPromotionExecutionCompleted(
+    public function logCrossEnvironmentPromotionExecutionCompleted(
         OperationRun $operationRun,
-        ?int $sourceTenantId,
-        ManagedEnvironment $targetTenant,
+        ?int $sourceEnvironmentId,
+        ManagedEnvironment $targetEnvironment,
         array $summaryCounts,
         ?RestoreRun $restoreRun = null,
     ): \App\Models\AuditLog {
         $context = is_array($operationRun->context) ? $operationRun->context : [];
-        $sourceTenantName = is_string($context['source_tenant_name'] ?? null)
-            ? (string) $context['source_tenant_name']
+        $sourceEnvironmentName = is_string($context['source_environment_name'] ?? null)
+            ? (string) $context['source_environment_name']
             : null;
 
         return $this->log(
-            workspace: $targetTenant->workspace,
-            action: AuditActionId::CrossTenantPromotionExecutionCompleted,
+            workspace: $targetEnvironment->workspace,
+            action: AuditActionId::CrossEnvironmentPromotionExecutionCompleted,
             context: [
-                'source_tenant_id' => $sourceTenantId,
-                'source_tenant_name' => $sourceTenantName,
-                'target_tenant_id' => (int) $targetTenant->getKey(),
-                'target_tenant_name' => (string) $targetTenant->name,
+                'source_environment_id' => $sourceEnvironmentId,
+                'source_environment_name' => $sourceEnvironmentName,
+                'target_environment_id' => (int) $targetEnvironment->getKey(),
+                'target_environment_name' => (string) $targetEnvironment->name,
                 'summary_counts' => $summaryCounts,
                 'restore_run_id' => $restoreRun?->getKey(),
                 'operation_outcome' => (string) $operationRun->outcome,
@@ -249,10 +249,10 @@ public function logCrossTenantPromotionExecutionCompleted(
             },
             resourceType: 'operation_run',
             resourceId: (string) $operationRun->getKey(),
-            targetLabel: ($sourceTenantName !== null ? $sourceTenantName.' -> ' : '').$targetTenant->name,
-            summary: 'Cross-tenant promotion execution completed for '.(($sourceTenantName !== null ? $sourceTenantName.' -> ' : '')).$targetTenant->name,
+            targetLabel: ($sourceEnvironmentName !== null ? $sourceEnvironmentName.' -> ' : '').$targetEnvironment->name,
+            summary: 'Cross-environment promotion execution completed for '.(($sourceEnvironmentName !== null ? $sourceEnvironmentName.' -> ' : '')).$targetEnvironment->name,
             operationRunId: (int) $operationRun->getKey(),
-            tenant: $targetTenant,
+            tenant: $targetEnvironment,
         );
     }
 
diff --git a/apps/platform/app/Services/Auth/TenantDiagnosticsService.php b/apps/platform/app/Services/Auth/ManagedEnvironmentDiagnosticsService.php
similarity index 98%
rename from apps/platform/app/Services/Auth/TenantDiagnosticsService.php
rename to apps/platform/app/Services/Auth/ManagedEnvironmentDiagnosticsService.php
index 1343b2c0..8cc18cd9 100644
--- a/apps/platform/app/Services/Auth/TenantDiagnosticsService.php
+++ b/apps/platform/app/Services/Auth/ManagedEnvironmentDiagnosticsService.php
@@ -11,7 +11,7 @@
 use App\Support\Audit\AuditActionId;
 use Illuminate\Support\Facades\DB;
 
-class TenantDiagnosticsService
+class ManagedEnvironmentDiagnosticsService
 {
     public function __construct(public AuditLogger $auditLogger) {}
 
diff --git a/apps/platform/app/Services/Auth/TenantMembershipManager.php b/apps/platform/app/Services/Auth/ManagedEnvironmentMembershipManager.php
similarity index 99%
rename from apps/platform/app/Services/Auth/TenantMembershipManager.php
rename to apps/platform/app/Services/Auth/ManagedEnvironmentMembershipManager.php
index 0043cb77..b540e3b4 100644
--- a/apps/platform/app/Services/Auth/TenantMembershipManager.php
+++ b/apps/platform/app/Services/Auth/ManagedEnvironmentMembershipManager.php
@@ -13,7 +13,7 @@
 use DomainException;
 use Illuminate\Support\Facades\DB;
 
-class TenantMembershipManager
+class ManagedEnvironmentMembershipManager
 {
     private const string SCOPE_PLACEHOLDER_ROLE = 'readonly';
 
diff --git a/apps/platform/app/Services/Auth/RoleCapabilityMap.php b/apps/platform/app/Services/Auth/RoleCapabilityMap.php
index b48e8925..7019297e 100644
--- a/apps/platform/app/Services/Auth/RoleCapabilityMap.php
+++ b/apps/platform/app/Services/Auth/RoleCapabilityMap.php
@@ -55,9 +55,9 @@ class RoleCapabilityMap
 
             Capabilities::REVIEW_PACK_VIEW,
             Capabilities::REVIEW_PACK_MANAGE,
-            Capabilities::TENANT_REVIEW_VIEW,
-            Capabilities::TENANT_REVIEW_MANAGE,
-            Capabilities::TENANT_TRIAGE_REVIEW_MANAGE,
+            Capabilities::ENVIRONMENT_REVIEW_VIEW,
+            Capabilities::ENVIRONMENT_REVIEW_MANAGE,
+            Capabilities::MANAGED_ENVIRONMENT_TRIAGE_REVIEW_MANAGE,
             Capabilities::EVIDENCE_VIEW,
             Capabilities::EVIDENCE_MANAGE,
         ],
@@ -99,9 +99,9 @@ class RoleCapabilityMap
 
             Capabilities::REVIEW_PACK_VIEW,
             Capabilities::REVIEW_PACK_MANAGE,
-            Capabilities::TENANT_REVIEW_VIEW,
-            Capabilities::TENANT_REVIEW_MANAGE,
-            Capabilities::TENANT_TRIAGE_REVIEW_MANAGE,
+            Capabilities::ENVIRONMENT_REVIEW_VIEW,
+            Capabilities::ENVIRONMENT_REVIEW_MANAGE,
+            Capabilities::MANAGED_ENVIRONMENT_TRIAGE_REVIEW_MANAGE,
             Capabilities::EVIDENCE_VIEW,
             Capabilities::EVIDENCE_MANAGE,
         ],
@@ -131,8 +131,8 @@ class RoleCapabilityMap
             Capabilities::PERMISSION_POSTURE_VIEW,
 
             Capabilities::REVIEW_PACK_VIEW,
-            Capabilities::TENANT_REVIEW_VIEW,
-            Capabilities::TENANT_TRIAGE_REVIEW_MANAGE,
+            Capabilities::ENVIRONMENT_REVIEW_VIEW,
+            Capabilities::MANAGED_ENVIRONMENT_TRIAGE_REVIEW_MANAGE,
             Capabilities::EVIDENCE_VIEW,
         ],
 
@@ -153,7 +153,7 @@ class RoleCapabilityMap
             Capabilities::PERMISSION_POSTURE_VIEW,
 
             Capabilities::REVIEW_PACK_VIEW,
-            Capabilities::TENANT_REVIEW_VIEW,
+            Capabilities::ENVIRONMENT_REVIEW_VIEW,
             Capabilities::EVIDENCE_VIEW,
         ],
     ];
diff --git a/apps/platform/app/Services/Auth/WorkspaceRoleCapabilityMap.php b/apps/platform/app/Services/Auth/WorkspaceRoleCapabilityMap.php
index 99f0acba..8735bdd2 100644
--- a/apps/platform/app/Services/Auth/WorkspaceRoleCapabilityMap.php
+++ b/apps/platform/app/Services/Auth/WorkspaceRoleCapabilityMap.php
@@ -23,17 +23,17 @@ class WorkspaceRoleCapabilityMap
             Capabilities::WORKSPACE_ARCHIVE,
             Capabilities::WORKSPACE_MEMBERSHIP_VIEW,
             Capabilities::WORKSPACE_MEMBERSHIP_MANAGE,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_IDENTIFY,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CANCEL,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_VIEW,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE_DEDICATED,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_VERIFICATION_START,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_POLICY_SYNC,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_BACKUP_BOOTSTRAP,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_ACTIVATE,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_IDENTIFY,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CANCEL,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_VIEW,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE_DEDICATED,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_VERIFICATION_START,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_POLICY_SYNC,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_BACKUP_BOOTSTRAP,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_ACTIVATE,
             Capabilities::WORKSPACE_SETTINGS_VIEW,
             Capabilities::WORKSPACE_SETTINGS_MANAGE,
             Capabilities::ALERTS_VIEW,
@@ -48,15 +48,15 @@ class WorkspaceRoleCapabilityMap
             Capabilities::WORKSPACE_VIEW,
             Capabilities::WORKSPACE_MEMBERSHIP_VIEW,
             Capabilities::WORKSPACE_MEMBERSHIP_MANAGE,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_IDENTIFY,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CANCEL,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_VIEW,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_VERIFICATION_START,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_POLICY_SYNC,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_BACKUP_BOOTSTRAP,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_IDENTIFY,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CANCEL,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_VIEW,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_VERIFICATION_START,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_POLICY_SYNC,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_BACKUP_BOOTSTRAP,
             Capabilities::WORKSPACE_SETTINGS_VIEW,
             Capabilities::WORKSPACE_SETTINGS_MANAGE,
             Capabilities::ALERTS_VIEW,
@@ -70,11 +70,11 @@ class WorkspaceRoleCapabilityMap
         WorkspaceRole::Operator->value => [
             Capabilities::WORKSPACE_VIEW,
             Capabilities::WORKSPACE_MEMBERSHIP_VIEW,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_VIEW,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_VERIFICATION_START,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_POLICY_SYNC,
-            Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_BACKUP_BOOTSTRAP,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_VIEW,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_VERIFICATION_START,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_POLICY_SYNC,
+            Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_BACKUP_BOOTSTRAP,
             Capabilities::WORKSPACE_SETTINGS_VIEW,
             Capabilities::ALERTS_VIEW,
             Capabilities::WORKSPACE_BASELINES_VIEW,
diff --git a/apps/platform/app/Services/Baselines/BaselineCaptureService.php b/apps/platform/app/Services/Baselines/BaselineCaptureService.php
index a0d1cfe9..31bb14e1 100644
--- a/apps/platform/app/Services/Baselines/BaselineCaptureService.php
+++ b/apps/platform/app/Services/Baselines/BaselineCaptureService.php
@@ -91,7 +91,7 @@ public function startCapture(
                 ],
             ],
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $sourceTenant->getKey(),
+            'source_environment_id' => (int) $sourceTenant->getKey(),
             'effective_scope' => $effectiveScope->toEffectiveScopeContext($this->capabilityGuard, 'capture'),
             'capture_mode' => $captureMode->value,
             'baseline_capture' => [
diff --git a/apps/platform/app/Services/Baselines/BaselineEvidenceCaptureResumeService.php b/apps/platform/app/Services/Baselines/BaselineEvidenceCaptureResumeService.php
index a3eb45b2..6877f53e 100644
--- a/apps/platform/app/Services/Baselines/BaselineEvidenceCaptureResumeService.php
+++ b/apps/platform/app/Services/Baselines/BaselineEvidenceCaptureResumeService.php
@@ -94,7 +94,7 @@ public function resume(OperationRun $priorRun, User $initiator): array
 
         $newContext = [];
 
-        foreach (['target_scope', 'baseline_profile_id', 'baseline_snapshot_id', 'source_tenant_id', 'effective_scope', 'capture_mode'] as $key) {
+        foreach (['target_scope', 'baseline_profile_id', 'baseline_snapshot_id', 'source_environment_id', 'effective_scope', 'capture_mode'] as $key) {
             if (array_key_exists($key, $context)) {
                 $newContext[$key] = $context[$key];
             }
diff --git a/apps/platform/app/Services/TenantReviews/TenantReviewComposer.php b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewComposer.php
similarity index 95%
rename from apps/platform/app/Services/TenantReviews/TenantReviewComposer.php
rename to apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewComposer.php
index 22bffc57..79d680f9 100644
--- a/apps/platform/app/Services/TenantReviews/TenantReviewComposer.php
+++ b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewComposer.php
@@ -2,18 +2,18 @@
 
 declare(strict_types=1);
 
-namespace App\Services\TenantReviews;
+namespace App\Services\EnvironmentReviews;
 
 use App\Models\EvidenceSnapshot;
-use App\Models\TenantReview;
-use App\Support\TenantReviewStatus;
+use App\Models\EnvironmentReview;
+use App\Support\EnvironmentReviewStatus;
 
-final class TenantReviewComposer
+final class EnvironmentReviewComposer
 {
     public function __construct(
-        private readonly TenantReviewFingerprint $fingerprint,
-        private readonly TenantReviewSectionFactory $sectionFactory,
-        private readonly TenantReviewReadinessGate $readinessGate,
+        private readonly EnvironmentReviewFingerprint $fingerprint,
+        private readonly EnvironmentReviewSectionFactory $sectionFactory,
+        private readonly EnvironmentReviewReadinessGate $readinessGate,
     ) {}
 
     /**
@@ -25,7 +25,7 @@ public function __construct(
      *     sections: list<array<string, mixed>>
      * }
      */
-    public function compose(EvidenceSnapshot $snapshot, ?TenantReview $review = null): array
+    public function compose(EvidenceSnapshot $snapshot, ?EnvironmentReview $review = null): array
     {
         $tenant = $snapshot->tenant;
 
@@ -49,8 +49,8 @@ public function compose(EvidenceSnapshot $snapshot, ?TenantReview $review = null
         $operationsSection = collect($sections)
             ->firstWhere('section_key', 'operations_health');
 
-        if ($review instanceof TenantReview && $review->isPublished()) {
-            $status = TenantReviewStatus::Published;
+        if ($review instanceof EnvironmentReview && $review->isPublished()) {
+            $status = EnvironmentReviewStatus::Published;
         }
 
         return [
diff --git a/apps/platform/app/Services/TenantReviews/TenantReviewFingerprint.php b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewFingerprint.php
similarity index 94%
rename from apps/platform/app/Services/TenantReviews/TenantReviewFingerprint.php
rename to apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewFingerprint.php
index d3e43e4e..83bcb066 100644
--- a/apps/platform/app/Services/TenantReviews/TenantReviewFingerprint.php
+++ b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewFingerprint.php
@@ -2,13 +2,13 @@
 
 declare(strict_types=1);
 
-namespace App\Services\TenantReviews;
+namespace App\Services\EnvironmentReviews;
 
 use App\Models\EvidenceSnapshot;
 use App\Models\ManagedEnvironment;
 use Illuminate\Support\Arr;
 
-final class TenantReviewFingerprint
+final class EnvironmentReviewFingerprint
 {
     public function forSnapshot(ManagedEnvironment $tenant, EvidenceSnapshot $snapshot): string
     {
diff --git a/apps/platform/app/Services/TenantReviews/TenantReviewLifecycleService.php b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewLifecycleService.php
similarity index 78%
rename from apps/platform/app/Services/TenantReviews/TenantReviewLifecycleService.php
rename to apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewLifecycleService.php
index 14f8663f..f7ca3e42 100644
--- a/apps/platform/app/Services/TenantReviews/TenantReviewLifecycleService.php
+++ b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewLifecycleService.php
@@ -2,31 +2,31 @@
 
 declare(strict_types=1);
 
-namespace App\Services\TenantReviews;
+namespace App\Services\EnvironmentReviews;
 
 use App\Models\EvidenceSnapshot;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Services\Audit\WorkspaceAuditLogger;
 use App\Support\Audit\AuditActionId;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Ui\DerivedState\DerivedStateFamily;
 use App\Support\Ui\DerivedState\RequestScopedDerivedStateStore;
 use Illuminate\Support\Facades\DB;
 use InvalidArgumentException;
 
-final class TenantReviewLifecycleService
+final class EnvironmentReviewLifecycleService
 {
     public function __construct(
-        private readonly TenantReviewReadinessGate $readinessGate,
-        private readonly TenantReviewService $reviewService,
+        private readonly EnvironmentReviewReadinessGate $readinessGate,
+        private readonly EnvironmentReviewService $reviewService,
         private readonly WorkspaceAuditLogger $auditLogger,
         private readonly RequestScopedDerivedStateStore $derivedStateStore,
     ) {}
 
-    public function publish(TenantReview $review, User $user, string $reason): TenantReview
+    public function publish(EnvironmentReview $review, User $user, string $reason): EnvironmentReview
     {
         $review->loadMissing(['tenant', 'sections', 'currentExportReviewPack']);
         $tenant = $review->tenant;
@@ -44,7 +44,7 @@ public function publish(TenantReview $review, User $user, string $reason): Tenan
         }
 
         $review->forceFill([
-            'status' => TenantReviewStatus::Published->value,
+            'status' => EnvironmentReviewStatus::Published->value,
             'published_at' => now(),
             'published_by_user_id' => (int) $user->getKey(),
             'summary' => array_merge(is_array($review->summary) ? $review->summary : [], [
@@ -54,17 +54,17 @@ public function publish(TenantReview $review, User $user, string $reason): Tenan
 
         $this->auditLogger->log(
             workspace: $tenant->workspace,
-            action: AuditActionId::TenantReviewPublished,
+            action: AuditActionId::EnvironmentReviewPublished,
             context: [
                 'metadata' => [
                     'review_id' => (int) $review->getKey(),
                     'before_status' => $beforeStatus,
-                    'after_status' => TenantReviewStatus::Published->value,
+                    'after_status' => EnvironmentReviewStatus::Published->value,
                     'reason' => $reason,
                 ],
             ],
             actor: $user,
-            resourceType: 'tenant_review',
+            resourceType: 'environment_review',
             resourceId: (string) $review->getKey(),
             targetLabel: sprintf('ManagedEnvironment review #%d', (int) $review->getKey()),
             tenant: $tenant,
@@ -75,7 +75,7 @@ public function publish(TenantReview $review, User $user, string $reason): Tenan
         return $review->refresh()->load(['tenant', 'sections', 'currentExportReviewPack']);
     }
 
-    public function archive(TenantReview $review, User $user, string $reason): TenantReview
+    public function archive(EnvironmentReview $review, User $user, string $reason): EnvironmentReview
     {
         $review->loadMissing('tenant');
         $tenant = $review->tenant;
@@ -92,23 +92,23 @@ public function archive(TenantReview $review, User $user, string $reason): Tenan
         }
 
         $review->forceFill([
-            'status' => TenantReviewStatus::Archived->value,
+            'status' => EnvironmentReviewStatus::Archived->value,
             'archived_at' => now(),
         ])->save();
 
         $this->auditLogger->log(
             workspace: $tenant->workspace,
-            action: AuditActionId::TenantReviewArchived,
+            action: AuditActionId::EnvironmentReviewArchived,
             context: [
                 'metadata' => [
                     'review_id' => (int) $review->getKey(),
                     'before_status' => $beforeStatus,
-                    'after_status' => TenantReviewStatus::Archived->value,
+                    'after_status' => EnvironmentReviewStatus::Archived->value,
                     'reason' => $reason,
                 ],
             ],
             actor: $user,
-            resourceType: 'tenant_review',
+            resourceType: 'environment_review',
             resourceId: (string) $review->getKey(),
             targetLabel: sprintf('ManagedEnvironment review #%d', (int) $review->getKey()),
             tenant: $tenant,
@@ -119,7 +119,7 @@ public function archive(TenantReview $review, User $user, string $reason): Tenan
         return $review->refresh()->load(['tenant', 'sections', 'currentExportReviewPack']);
     }
 
-    public function createNextReview(TenantReview $review, User $user, ?EvidenceSnapshot $snapshot = null): TenantReview
+    public function createNextReview(EnvironmentReview $review, User $user, ?EvidenceSnapshot $snapshot = null): EnvironmentReview
     {
         $review->loadMissing(['tenant', 'evidenceSnapshot']);
         $tenant = $review->tenant;
@@ -138,29 +138,29 @@ public function createNextReview(TenantReview $review, User $user, ?EvidenceSnap
             throw new InvalidArgumentException('An eligible evidence snapshot is required to create the next review.');
         }
 
-        $nextReview = DB::transaction(function () use ($review, $user, $snapshot, $tenant): TenantReview {
+        $nextReview = DB::transaction(function () use ($review, $user, $snapshot, $tenant): EnvironmentReview {
             $nextReview = $this->reviewService->create($tenant, $snapshot, $user);
 
             if ((int) $nextReview->getKey() !== (int) $review->getKey()) {
                 $review->forceFill([
-                    'status' => TenantReviewStatus::Superseded->value,
+                    'status' => EnvironmentReviewStatus::Superseded->value,
                     'superseded_by_review_id' => (int) $nextReview->getKey(),
                 ])->save();
             }
 
             $this->auditLogger->log(
                 workspace: $tenant->workspace,
-                action: AuditActionId::TenantReviewSuccessorCreated,
+                action: AuditActionId::EnvironmentReviewSuccessorCreated,
                 context: [
                     'metadata' => [
                         'review_id' => (int) $review->getKey(),
                         'next_review_id' => (int) $nextReview->getKey(),
-                        'before_status' => TenantReviewStatus::Published->value,
-                        'after_status' => TenantReviewStatus::Superseded->value,
+                        'before_status' => EnvironmentReviewStatus::Published->value,
+                        'after_status' => EnvironmentReviewStatus::Superseded->value,
                     ],
                 ],
                 actor: $user,
-                resourceType: 'tenant_review',
+                resourceType: 'environment_review',
                 resourceId: (string) $nextReview->getKey(),
                 targetLabel: sprintf('ManagedEnvironment review #%d', (int) $nextReview->getKey()),
                 tenant: $tenant,
@@ -194,9 +194,9 @@ private function validatedReason(mixed $reason, string $field): string
         return $resolved;
     }
 
-    private function invalidateArtifactTruthCache(TenantReview $review): void
+    private function invalidateArtifactTruthCache(EnvironmentReview $review): void
     {
-        $this->derivedStateStore->invalidateModel(DerivedStateFamily::ArtifactTruth, $review, 'tenant_review');
+        $this->derivedStateStore->invalidateModel(DerivedStateFamily::ArtifactTruth, $review, 'environment_review');
 
         $review->loadMissing('currentExportReviewPack');
 
diff --git a/apps/platform/app/Services/TenantReviews/TenantReviewReadinessGate.php b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewReadinessGate.php
similarity index 55%
rename from apps/platform/app/Services/TenantReviews/TenantReviewReadinessGate.php
rename to apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewReadinessGate.php
index 49392232..70080c99 100644
--- a/apps/platform/app/Services/TenantReviews/TenantReviewReadinessGate.php
+++ b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewReadinessGate.php
@@ -2,14 +2,14 @@
 
 declare(strict_types=1);
 
-namespace App\Services\TenantReviews;
+namespace App\Services\EnvironmentReviews;
 
-use App\Models\TenantReview;
-use App\Support\TenantReviewCompletenessState;
-use App\Support\TenantReviewStatus;
+use App\Models\EnvironmentReview;
+use App\Support\EnvironmentReviewCompletenessState;
+use App\Support\EnvironmentReviewStatus;
 use Illuminate\Support\Collection;
 
-final class TenantReviewReadinessGate
+final class EnvironmentReviewReadinessGate
 {
     /**
      * @param  iterable<array<string, mixed>>  $sections
@@ -21,18 +21,18 @@ public function blockersForSections(iterable $sections): array
 
         foreach ($sections as $section) {
             $required = (bool) ($section['required'] ?? false);
-            $state = (string) ($section['completeness_state'] ?? TenantReviewCompletenessState::Missing->value);
+            $state = (string) ($section['completeness_state'] ?? EnvironmentReviewCompletenessState::Missing->value);
             $title = (string) ($section['title'] ?? 'Review section');
 
             if (! $required) {
                 continue;
             }
 
-            if ($state === TenantReviewCompletenessState::Missing->value) {
+            if ($state === EnvironmentReviewCompletenessState::Missing->value) {
                 $blockers[] = sprintf('%s is missing.', $title);
             }
 
-            if ($state === TenantReviewCompletenessState::Stale->value) {
+            if ($state === EnvironmentReviewCompletenessState::Stale->value) {
                 $blockers[] = sprintf('%s is stale and must be refreshed before publication.', $title);
             }
         }
@@ -43,45 +43,45 @@ public function blockersForSections(iterable $sections): array
     /**
      * @param  iterable<array<string, mixed>>  $sections
      */
-    public function completenessForSections(iterable $sections): TenantReviewCompletenessState
+    public function completenessForSections(iterable $sections): EnvironmentReviewCompletenessState
     {
         $states = collect($sections)
-            ->map(static fn (array $section): string => (string) ($section['completeness_state'] ?? TenantReviewCompletenessState::Missing->value))
+            ->map(static fn (array $section): string => (string) ($section['completeness_state'] ?? EnvironmentReviewCompletenessState::Missing->value))
             ->values();
 
         if ($states->isEmpty()) {
-            return TenantReviewCompletenessState::Missing;
+            return EnvironmentReviewCompletenessState::Missing;
         }
 
-        if ($states->contains(TenantReviewCompletenessState::Missing->value)) {
-            return TenantReviewCompletenessState::Missing;
+        if ($states->contains(EnvironmentReviewCompletenessState::Missing->value)) {
+            return EnvironmentReviewCompletenessState::Missing;
         }
 
-        if ($states->contains(TenantReviewCompletenessState::Stale->value)) {
-            return TenantReviewCompletenessState::Stale;
+        if ($states->contains(EnvironmentReviewCompletenessState::Stale->value)) {
+            return EnvironmentReviewCompletenessState::Stale;
         }
 
-        if ($states->contains(TenantReviewCompletenessState::Partial->value)) {
-            return TenantReviewCompletenessState::Partial;
+        if ($states->contains(EnvironmentReviewCompletenessState::Partial->value)) {
+            return EnvironmentReviewCompletenessState::Partial;
         }
 
-        return TenantReviewCompletenessState::Complete;
+        return EnvironmentReviewCompletenessState::Complete;
     }
 
     /**
      * @param  iterable<array<string, mixed>>  $sections
      */
-    public function statusForSections(iterable $sections): TenantReviewStatus
+    public function statusForSections(iterable $sections): EnvironmentReviewStatus
     {
         return $this->blockersForSections($sections) === []
-            ? TenantReviewStatus::Ready
-            : TenantReviewStatus::Draft;
+            ? EnvironmentReviewStatus::Ready
+            : EnvironmentReviewStatus::Draft;
     }
 
     /**
      * @return list<string>
      */
-    public function blockersForReview(TenantReview $review): array
+    public function blockersForReview(EnvironmentReview $review): array
     {
         $sections = $review->relationLoaded('sections')
             ? $review->sections
@@ -96,7 +96,7 @@ public function blockersForReview(TenantReview $review): array
         })->all());
     }
 
-    public function canPublish(TenantReview $review): bool
+    public function canPublish(EnvironmentReview $review): bool
     {
         if (! $review->isMutable()) {
             return false;
@@ -105,11 +105,11 @@ public function canPublish(TenantReview $review): bool
         return $this->blockersForReview($review) === [];
     }
 
-    public function canExport(TenantReview $review): bool
+    public function canExport(EnvironmentReview $review): bool
     {
         if (! in_array($review->statusEnum(), [
-            TenantReviewStatus::Ready,
-            TenantReviewStatus::Published,
+            EnvironmentReviewStatus::Ready,
+            EnvironmentReviewStatus::Published,
         ], true)) {
             return false;
         }
@@ -124,14 +124,14 @@ public function canExport(TenantReview $review): bool
     public function sectionStateCounts(iterable $sections): array
     {
         $counts = collect($sections)
-            ->groupBy(static fn (array $section): string => (string) ($section['completeness_state'] ?? TenantReviewCompletenessState::Missing->value))
+            ->groupBy(static fn (array $section): string => (string) ($section['completeness_state'] ?? EnvironmentReviewCompletenessState::Missing->value))
             ->map(static fn (Collection $group): int => $group->count());
 
         return [
-            'complete' => (int) ($counts[TenantReviewCompletenessState::Complete->value] ?? 0),
-            'partial' => (int) ($counts[TenantReviewCompletenessState::Partial->value] ?? 0),
-            'missing' => (int) ($counts[TenantReviewCompletenessState::Missing->value] ?? 0),
-            'stale' => (int) ($counts[TenantReviewCompletenessState::Stale->value] ?? 0),
+            'complete' => (int) ($counts[EnvironmentReviewCompletenessState::Complete->value] ?? 0),
+            'partial' => (int) ($counts[EnvironmentReviewCompletenessState::Partial->value] ?? 0),
+            'missing' => (int) ($counts[EnvironmentReviewCompletenessState::Missing->value] ?? 0),
+            'stale' => (int) ($counts[EnvironmentReviewCompletenessState::Stale->value] ?? 0),
         ];
     }
 }
diff --git a/apps/platform/app/Services/TenantReviews/TenantReviewRegisterService.php b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewRegisterService.php
similarity index 82%
rename from apps/platform/app/Services/TenantReviews/TenantReviewRegisterService.php
rename to apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewRegisterService.php
index 04686e9e..7c738b77 100644
--- a/apps/platform/app/Services/TenantReviews/TenantReviewRegisterService.php
+++ b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewRegisterService.php
@@ -2,10 +2,10 @@
 
 declare(strict_types=1);
 
-namespace App\Services\TenantReviews;
+namespace App\Services\EnvironmentReviews;
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -15,7 +15,7 @@
 use Illuminate\Database\Eloquent\Builder;
 use Illuminate\Support\Facades\DB;
 
-final class TenantReviewRegisterService
+final class EnvironmentReviewRegisterService
 {
     public function __construct(
         private readonly CapabilityResolver $capabilityResolver,
@@ -44,7 +44,7 @@ public function authorizedTenants(User $user, Workspace $workspace): array
         $this->capabilityResolver->primeMemberships($user, $tenants->modelKeys());
 
         return $tenants
-            ->filter(fn (ManagedEnvironment $tenant): bool => $this->capabilityResolver->can($user, $tenant, Capabilities::TENANT_REVIEW_VIEW))
+            ->filter(fn (ManagedEnvironment $tenant): bool => $this->capabilityResolver->can($user, $tenant, Capabilities::ENVIRONMENT_REVIEW_VIEW))
             ->keyBy(static fn (ManagedEnvironment $tenant): int => (int) $tenant->getKey())
             ->all();
     }
@@ -53,7 +53,7 @@ public function query(User $user, Workspace $workspace): Builder
     {
         $tenantIds = array_keys($this->authorizedTenants($user, $workspace));
 
-        return TenantReview::query()
+        return EnvironmentReview::query()
             ->with(['tenant', 'evidenceSnapshot', 'currentExportReviewPack'])
             ->forWorkspace((int) $workspace->getKey())
             ->whereIn('managed_environment_id', $tenantIds === [] ? [-1] : $tenantIds)
@@ -65,12 +65,12 @@ public function latestPublishedQuery(User $user, Workspace $workspace): Builder
     {
         $tenantIds = array_keys($this->authorizedTenants($user, $workspace));
 
-        $rankedReviews = TenantReview::query()
+        $rankedReviews = EnvironmentReview::query()
             ->select([
-                'tenant_reviews.id',
-                'tenant_reviews.managed_environment_id',
-                'tenant_reviews.published_at',
-                'tenant_reviews.generated_at',
+                'environment_reviews.id',
+                'environment_reviews.managed_environment_id',
+                'environment_reviews.published_at',
+                'environment_reviews.generated_at',
             ])
             ->selectRaw('ROW_NUMBER() OVER (PARTITION BY managed_environment_id ORDER BY published_at DESC, generated_at DESC, id DESC) as rn')
             ->forWorkspace((int) $workspace->getKey())
@@ -78,14 +78,14 @@ public function latestPublishedQuery(User $user, Workspace $workspace): Builder
             ->published();
 
         $latestPublishedIds = DB::query()
-            ->fromSub($rankedReviews, 'ranked_tenant_reviews')
+            ->fromSub($rankedReviews, 'ranked_environment_reviews')
             ->where('rn', 1)
             ->select('id');
 
-        return TenantReview::query()
+        return EnvironmentReview::query()
             ->with(['tenant', 'evidenceSnapshot', 'currentExportReviewPack'])
             ->forWorkspace((int) $workspace->getKey())
-            ->whereIn('tenant_reviews.id', $latestPublishedIds)
+            ->whereIn('environment_reviews.id', $latestPublishedIds)
             ->orderByDesc('published_at')
             ->orderByDesc('generated_at')
             ->orderByDesc('id');
@@ -98,9 +98,9 @@ public function customerWorkspaceTenantQuery(User $user, Workspace $workspace):
         return ManagedEnvironment::query()
             ->where('workspace_id', (int) $workspace->getKey())
             ->whereIn('id', $tenantIds === [] ? [-1] : $tenantIds)
-            ->whereHas('tenantReviews', fn ($query) => $query->published())
+            ->whereHas('environmentReviews', fn ($query) => $query->published())
             ->with([
-                'tenantReviews' => fn ($query) => $query
+                'environmentReviews' => fn ($query) => $query
                     ->with(['tenant', 'evidenceSnapshot', 'currentExportReviewPack'])
                     ->published()
                     ->orderByDesc('published_at')
diff --git a/apps/platform/app/Services/TenantReviews/TenantReviewSectionFactory.php b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewSectionFactory.php
similarity index 94%
rename from apps/platform/app/Services/TenantReviews/TenantReviewSectionFactory.php
rename to apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewSectionFactory.php
index 302a61c8..f60fc3c2 100644
--- a/apps/platform/app/Services/TenantReviews/TenantReviewSectionFactory.php
+++ b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewSectionFactory.php
@@ -2,17 +2,17 @@
 
 declare(strict_types=1);
 
-namespace App\Services\TenantReviews;
+namespace App\Services\EnvironmentReviews;
 
 use App\Models\EvidenceSnapshot;
 use App\Models\EvidenceSnapshotItem;
 use App\Support\Findings\FindingOutcomeSemantics;
 use App\Support\Governance\Controls\ComplianceEvidenceMappingV1;
-use App\Support\TenantReviewCompletenessState;
+use App\Support\EnvironmentReviewCompletenessState;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Collection;
 
-final class TenantReviewSectionFactory
+final class EnvironmentReviewSectionFactory
 {
     public function __construct(
         private readonly FindingOutcomeSemantics $findingOutcomeSemantics,
@@ -333,10 +333,10 @@ private function summary(?EvidenceSnapshotItem $item): array
         return is_array($item?->summary_payload) ? $item->summary_payload : [];
     }
 
-    private function state(?EvidenceSnapshotItem $item): TenantReviewCompletenessState
+    private function state(?EvidenceSnapshotItem $item): EnvironmentReviewCompletenessState
     {
-        return TenantReviewCompletenessState::tryFrom((string) $item?->state)
-            ?? TenantReviewCompletenessState::Missing;
+        return EnvironmentReviewCompletenessState::tryFrom((string) $item?->state)
+            ?? EnvironmentReviewCompletenessState::Missing;
     }
 
     private function sourceFingerprint(?EvidenceSnapshotItem $item): ?string
@@ -361,23 +361,23 @@ private function canonicalControlsFromEntries(array $entries): array
     }
 
     /**
-     * @param  array<int, TenantReviewCompletenessState>  $states
+     * @param  array<int, EnvironmentReviewCompletenessState>  $states
      */
-    private function maxState(array $states): TenantReviewCompletenessState
+    private function maxState(array $states): EnvironmentReviewCompletenessState
     {
-        if (in_array(TenantReviewCompletenessState::Missing, $states, true)) {
-            return TenantReviewCompletenessState::Missing;
+        if (in_array(EnvironmentReviewCompletenessState::Missing, $states, true)) {
+            return EnvironmentReviewCompletenessState::Missing;
         }
 
-        if (in_array(TenantReviewCompletenessState::Stale, $states, true)) {
-            return TenantReviewCompletenessState::Stale;
+        if (in_array(EnvironmentReviewCompletenessState::Stale, $states, true)) {
+            return EnvironmentReviewCompletenessState::Stale;
         }
 
-        if (in_array(TenantReviewCompletenessState::Partial, $states, true)) {
-            return TenantReviewCompletenessState::Partial;
+        if (in_array(EnvironmentReviewCompletenessState::Partial, $states, true)) {
+            return EnvironmentReviewCompletenessState::Partial;
         }
 
-        return TenantReviewCompletenessState::Complete;
+        return EnvironmentReviewCompletenessState::Complete;
     }
 
     /**
diff --git a/apps/platform/app/Services/TenantReviews/TenantReviewService.php b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewService.php
similarity index 87%
rename from apps/platform/app/Services/TenantReviews/TenantReviewService.php
rename to apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewService.php
index f90450c1..b5bf8eff 100644
--- a/apps/platform/app/Services/TenantReviews/TenantReviewService.php
+++ b/apps/platform/app/Services/EnvironmentReviews/EnvironmentReviewService.php
@@ -2,43 +2,43 @@
 
 declare(strict_types=1);
 
-namespace App\Services\TenantReviews;
+namespace App\Services\EnvironmentReviews;
 
-use App\Jobs\ComposeTenantReviewJob;
+use App\Jobs\ComposeEnvironmentReviewJob;
 use App\Models\EvidenceSnapshot;
 use App\Models\OperationRun;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Services\Audit\WorkspaceAuditLogger;
 use App\Services\OperationRunService;
 use App\Support\Audit\AuditActionId;
 use App\Support\OperationRunType;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewStatus;
 use Illuminate\Support\Facades\DB;
 use InvalidArgumentException;
 
-final class TenantReviewService
+final class EnvironmentReviewService
 {
     public function __construct(
         private readonly OperationRunService $operationRuns,
         private readonly WorkspaceAuditLogger $auditLogger,
-        private readonly TenantReviewComposer $composer,
-        private readonly TenantReviewFingerprint $fingerprint,
+        private readonly EnvironmentReviewComposer $composer,
+        private readonly EnvironmentReviewFingerprint $fingerprint,
     ) {}
 
-    public function create(ManagedEnvironment $tenant, EvidenceSnapshot $snapshot, User $user): TenantReview
+    public function create(ManagedEnvironment $tenant, EvidenceSnapshot $snapshot, User $user): EnvironmentReview
     {
         return $this->queueComposition(
             tenant: $tenant,
             snapshot: $snapshot,
             user: $user,
             existingReview: null,
-            auditAction: AuditActionId::TenantReviewCreated,
+            auditAction: AuditActionId::EnvironmentReviewCreated,
         );
     }
 
-    public function refresh(TenantReview $review, User $user, ?EvidenceSnapshot $snapshot = null): TenantReview
+    public function refresh(EnvironmentReview $review, User $user, ?EvidenceSnapshot $snapshot = null): EnvironmentReview
     {
         $tenant = $review->tenant;
 
@@ -53,11 +53,11 @@ public function refresh(TenantReview $review, User $user, ?EvidenceSnapshot $sna
             snapshot: $snapshot,
             user: $user,
             existingReview: $review,
-            auditAction: AuditActionId::TenantReviewRefreshed,
+            auditAction: AuditActionId::EnvironmentReviewRefreshed,
         );
     }
 
-    public function compose(TenantReview $review): TenantReview
+    public function compose(EnvironmentReview $review): EnvironmentReview
     {
         $review->loadMissing(['tenant', 'evidenceSnapshot.items']);
 
@@ -121,7 +121,7 @@ public function activeCompositionRun(ManagedEnvironment $tenant, ?EvidenceSnapsh
 
         return $this->operationRuns->findCanonicalRunWithIdentity(
             tenant: $tenant,
-            type: OperationRunType::TenantReviewCompose->value,
+            type: OperationRunType::EnvironmentReviewCompose->value,
             identityInputs: [
                 'managed_environment_id' => (int) $tenant->getKey(),
                 'snapshot_id' => (int) $snapshot->getKey(),
@@ -134,9 +134,9 @@ private function queueComposition(
         ManagedEnvironment $tenant,
         ?EvidenceSnapshot $snapshot,
         User $user,
-        ?TenantReview $existingReview,
+        ?EnvironmentReview $existingReview,
         AuditActionId $auditAction,
-    ): TenantReview {
+    ): EnvironmentReview {
         if (! $snapshot instanceof EvidenceSnapshot) {
             throw new InvalidArgumentException('An eligible evidence snapshot is required.');
         }
@@ -148,17 +148,17 @@ private function queueComposition(
         $fingerprint = $this->fingerprint->forSnapshot($tenant, $snapshot);
         $review = $existingReview;
 
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             $existing = $this->findExistingMutableReview($tenant, $fingerprint);
 
-            if ($existing instanceof TenantReview) {
+            if ($existing instanceof EnvironmentReview) {
                 return $existing->load(['tenant', 'evidenceSnapshot', 'sections', 'operationRun', 'initiator', 'publisher']);
             }
         }
 
         $operationRun = $this->operationRuns->ensureRunWithIdentity(
             tenant: $tenant,
-            type: OperationRunType::TenantReviewCompose->value,
+            type: OperationRunType::EnvironmentReviewCompose->value,
             identityInputs: [
                 'managed_environment_id' => (int) $tenant->getKey(),
                 'snapshot_id' => (int) $snapshot->getKey(),
@@ -177,14 +177,14 @@ private function queueComposition(
             initiator: $user,
         );
 
-        $review ??= TenantReview::query()->create([
+        $review ??= EnvironmentReview::query()->create([
             'managed_environment_id' => (int) $tenant->getKey(),
             'workspace_id' => (int) $tenant->workspace_id,
             'evidence_snapshot_id' => (int) $snapshot->getKey(),
             'operation_run_id' => (int) $operationRun->getKey(),
             'initiated_by_user_id' => (int) $user->getKey(),
             'fingerprint' => $fingerprint,
-            'status' => TenantReviewStatus::Draft->value,
+            'status' => EnvironmentReviewStatus::Draft->value,
             'completeness_state' => (string) $snapshot->completeness_state,
             'summary' => [
                 'evidence_basis' => [
@@ -199,12 +199,12 @@ private function queueComposition(
             ],
         ]);
 
-        if ($existingReview instanceof TenantReview) {
+        if ($existingReview instanceof EnvironmentReview) {
             $existingReview->forceFill([
                 'evidence_snapshot_id' => (int) $snapshot->getKey(),
                 'operation_run_id' => (int) $operationRun->getKey(),
                 'fingerprint' => $fingerprint,
-                'status' => TenantReviewStatus::Draft->value,
+                'status' => EnvironmentReviewStatus::Draft->value,
             ])->save();
 
             $review = $existingReview->refresh();
@@ -212,8 +212,8 @@ private function queueComposition(
 
         if ($operationRun->wasRecentlyCreated) {
             $this->operationRuns->dispatchOrFail($operationRun, function () use ($review, $operationRun): void {
-                ComposeTenantReviewJob::dispatch(
-                    tenantReviewId: (int) $review->getKey(),
+                ComposeEnvironmentReviewJob::dispatch(
+                    environmentReviewId: (int) $review->getKey(),
                     operationRunId: (int) $operationRun->getKey(),
                 );
             });
@@ -231,7 +231,7 @@ private function queueComposition(
                 ],
             ],
             actor: $user,
-            resourceType: 'tenant_review',
+            resourceType: 'environment_review',
             resourceId: (string) $review->getKey(),
             targetLabel: sprintf('ManagedEnvironment review #%d', (int) $review->getKey()),
             operationRunId: (int) $operationRun->getKey(),
@@ -241,9 +241,9 @@ private function queueComposition(
         return $review->load(['tenant', 'evidenceSnapshot', 'sections', 'operationRun', 'initiator', 'publisher']);
     }
 
-    private function findExistingMutableReview(ManagedEnvironment $tenant, string $fingerprint): ?TenantReview
+    private function findExistingMutableReview(ManagedEnvironment $tenant, string $fingerprint): ?EnvironmentReview
     {
-        return TenantReview::query()
+        return EnvironmentReview::query()
             ->forTenant((int) $tenant->getKey())
             ->mutable()
             ->where('fingerprint', $fingerprint)
diff --git a/apps/platform/app/Services/Intune/TenantPermissionService.php b/apps/platform/app/Services/Intune/ManagedEnvironmentPermissionService.php
similarity index 96%
rename from apps/platform/app/Services/Intune/TenantPermissionService.php
rename to apps/platform/app/Services/Intune/ManagedEnvironmentPermissionService.php
index 21fd67b6..07a00693 100644
--- a/apps/platform/app/Services/Intune/TenantPermissionService.php
+++ b/apps/platform/app/Services/Intune/ManagedEnvironmentPermissionService.php
@@ -3,13 +3,13 @@
 namespace App\Services\Intune;
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Services\Graph\GraphClientInterface;
 use App\Services\Providers\MicrosoftGraphOptionsResolver;
 use DateTimeInterface;
 use Illuminate\Support\Carbon;
 
-class TenantPermissionService
+class ManagedEnvironmentPermissionService
 {
     public function __construct(
         private readonly GraphClientInterface $graphClient,
@@ -32,11 +32,11 @@ public function getRequiredPermissions(): array
      */
     public function getGrantedPermissions(ManagedEnvironment $tenant): array
     {
-        return TenantPermission::query()
+        return ManagedEnvironmentPermission::query()
             ->where('managed_environment_id', $tenant->id)
             ->get()
             ->keyBy('permission_key')
-            ->map(fn (TenantPermission $permission) => [
+            ->map(fn (ManagedEnvironmentPermission $permission) => [
                 'status' => $permission->status,
                 'details' => $permission->details,
                 'last_checked_at' => $permission->last_checked_at,
@@ -46,7 +46,7 @@ public function getGrantedPermissions(ManagedEnvironment $tenant): array
 
     /**
      * @param  array<string, array{status:string,details?:array<string,mixed>|null}|string>|null  $grantedStatuses
-     * @param  bool  $persist  Persist comparison results to tenant_permissions
+     * @param  bool  $persist  Persist comparison results to managed_environment_permissions
      * @param  bool  $liveCheck  If true, fetch actual permissions from Graph API
      * @param  bool  $useConfiguredStub  Include configured stub permissions when no live check is used
      * @param  array{tenant?:string|null,client_id?:string|null,client_secret?:string|null,client_request_id?:string|null}|null  $graphOptions
@@ -165,7 +165,7 @@ public function compare(
             if (! $shouldPersistErrorSnapshot) {
                 $canPersist = false;
             } else {
-                $hasStoredStatuses = TenantPermission::query()
+                $hasStoredStatuses = ManagedEnvironmentPermission::query()
                     ->where('managed_environment_id', $tenant->id)
                     ->exists();
 
@@ -189,7 +189,7 @@ public function compare(
                 : ($granted[$key]['details'] ?? null);
 
             if ($canPersist) {
-                TenantPermission::updateOrCreate(
+                ManagedEnvironmentPermission::updateOrCreate(
                     [
                         'managed_environment_id' => $tenant->id,
                         'permission_key' => $key,
@@ -433,7 +433,7 @@ private function fetchLivePermissions(ManagedEnvironment $tenant, ?array $graphO
 
     private function lastRefreshedAtIso(ManagedEnvironment $tenant): ?string
     {
-        $lastCheckedAt = TenantPermission::query()
+        $lastCheckedAt = ManagedEnvironmentPermission::query()
             ->where('managed_environment_id', (int) $tenant->getKey())
             ->max('last_checked_at');
 
diff --git a/apps/platform/app/Services/Intune/TenantRequiredPermissionsViewModelBuilder.php b/apps/platform/app/Services/Intune/ManagedEnvironmentRequiredPermissionsViewModelBuilder.php
similarity index 93%
rename from apps/platform/app/Services/Intune/TenantRequiredPermissionsViewModelBuilder.php
rename to apps/platform/app/Services/Intune/ManagedEnvironmentRequiredPermissionsViewModelBuilder.php
index 879e478a..26ed7916 100644
--- a/apps/platform/app/Services/Intune/TenantRequiredPermissionsViewModelBuilder.php
+++ b/apps/platform/app/Services/Intune/ManagedEnvironmentRequiredPermissionsViewModelBuilder.php
@@ -6,15 +6,15 @@
 use App\Support\Providers\Capabilities\ProviderCapabilityDefinition;
 use App\Support\Providers\Capabilities\ProviderCapabilityRegistry;
 use App\Support\Providers\Capabilities\ProviderCapabilityStatus;
-use App\Support\Verification\TenantPermissionCheckClusters;
+use App\Support\Verification\ManagedEnvironmentPermissionCheckClusters;
 use App\Support\Verification\VerificationReportOverall;
 use Carbon\CarbonInterface;
 use Illuminate\Support\Carbon;
 
-class TenantRequiredPermissionsViewModelBuilder
+class ManagedEnvironmentRequiredPermissionsViewModelBuilder
 {
     /**
-     * @phpstan-type TenantPermissionRow array{key:string,type:'application'|'delegated',description:?string,features:array<int,string>,status:'granted'|'missing'|'error',details:array<string,mixed>|null}
+     * @phpstan-type ManagedEnvironmentPermissionRow array{key:string,type:'application'|'delegated',description:?string,features:array<int,string>,status:'granted'|'missing'|'error',details:array<string,mixed>|null}
      * @phpstan-type FeatureImpact array{feature:string,missing:int,required_application:int,required_delegated:int,blocked:bool}
      * @phpstan-type CapabilityGroup array{provider_capability_key:string,label:string,status:string,provider_requirement_keys:array<int,string>,missing_requirement_keys:array<int,string>,evidence_counts:array{requirements:int,missing:int,errors:int},message:string}
      * @phpstan-type FilterState array{status:'missing'|'present'|'all',type:'application'|'delegated'|'all',features:array<int,string>,search:string}
@@ -28,12 +28,12 @@ class TenantRequiredPermissionsViewModelBuilder
      *     primary_capability_group: CapabilityGroup|null,
      *     freshness: array{last_refreshed_at:?string,is_stale:bool}
      *   },
-     *   permissions: array<int, TenantPermissionRow>,
+     *   permissions: array<int, ManagedEnvironmentPermissionRow>,
      *   filters: FilterState,
      *   copy: array{application:string,delegated:string}
      * }
      */
-    public function __construct(private readonly TenantPermissionService $permissionService) {}
+    public function __construct(private readonly ManagedEnvironmentPermissionService $permissionService) {}
 
     /**
      * @param  array<string, mixed>  $filters
@@ -48,7 +48,7 @@ public function build(ManagedEnvironment $tenant, array $filters = []): array
             useConfiguredStub: false,
         );
 
-        /** @var array<int, TenantPermissionRow> $allPermissions */
+        /** @var array<int, ManagedEnvironmentPermissionRow> $allPermissions */
         $allPermissions = collect($comparison['permissions'] ?? [])
             ->filter(fn (mixed $row): bool => is_array($row))
             ->map(fn (array $row): array => self::normalizePermissionRow($row))
@@ -87,7 +87,7 @@ public function build(ManagedEnvironment $tenant, array $filters = []): array
     }
 
     /**
-     * @param  array<int, TenantPermissionRow>  $permissions
+     * @param  array<int, ManagedEnvironmentPermissionRow>  $permissions
      * @param  array{last_refreshed_at:?string,is_stale:bool}  $freshness
      * @return array<int, CapabilityGroup>
      */
@@ -127,7 +127,7 @@ public static function primaryCapabilityGroup(array $groups): ?array
     }
 
     /**
-     * @param  array<int, TenantPermissionRow>  $permissions
+     * @param  array<int, ManagedEnvironmentPermissionRow>  $permissions
      * @return CapabilityGroup
      */
     private static function deriveCapabilityGroup(
@@ -138,7 +138,7 @@ private static function deriveCapabilityGroup(
         $rowsByRequirement = [];
 
         foreach ($definition->providerRequirementKeys as $requirementKey) {
-            $rowsByRequirement[$requirementKey] = TenantPermissionCheckClusters::rowsForRequirementKey($permissions, $requirementKey);
+            $rowsByRequirement[$requirementKey] = ManagedEnvironmentPermissionCheckClusters::rowsForRequirementKey($permissions, $requirementKey);
         }
 
         $rows = array_values(array_merge(...array_values($rowsByRequirement ?: [[]])));
@@ -193,7 +193,7 @@ private static function deriveCapabilityGroup(
     }
 
     /**
-     * @param  array<int, TenantPermissionRow>  $permissions
+     * @param  array<int, ManagedEnvironmentPermissionRow>  $permissions
      */
     public static function deriveOverallStatus(array $permissions, bool $hasStaleFreshness = false): string
     {
@@ -243,7 +243,7 @@ public static function deriveFreshness(?CarbonInterface $lastRefreshedAt, ?Carbo
     }
 
     /**
-     * @param  array<int, TenantPermissionRow>  $permissions
+     * @param  array<int, ManagedEnvironmentPermissionRow>  $permissions
      * @return array{missing_application:int,missing_delegated:int,present:int,error:int}
      */
     public static function deriveCounts(array $permissions): array
@@ -281,7 +281,7 @@ public static function deriveCounts(array $permissions): array
     }
 
     /**
-     * @param  array<int, TenantPermissionRow>  $permissions
+     * @param  array<int, ManagedEnvironmentPermissionRow>  $permissions
      * @return array<int, FeatureImpact>
      */
     public static function deriveFeatureImpacts(array $permissions): array
@@ -345,7 +345,7 @@ public static function deriveFeatureImpacts(array $permissions): array
      * - Respects Feature filter only
      * - Ignores Search
      *
-     * @param  array<int, TenantPermissionRow>  $permissions
+     * @param  array<int, ManagedEnvironmentPermissionRow>  $permissions
      * @param  'application'|'delegated'  $type
      * @param  array<int, string>  $featureFilter
      */
@@ -383,8 +383,8 @@ public static function deriveCopyPayload(array $permissions, string $type, array
     }
 
     /**
-     * @param  array<int, TenantPermissionRow>  $permissions
-     * @return array<int, TenantPermissionRow>
+     * @param  array<int, ManagedEnvironmentPermissionRow>  $permissions
+     * @return array<int, ManagedEnvironmentPermissionRow>
      */
     public static function applyFilterState(array $permissions, array $state): array
     {
@@ -489,7 +489,7 @@ public static function normalizeFilterState(array $filters): array
 
     /**
      * @param  array<string, mixed>  $row
-     * @return TenantPermissionRow
+     * @return ManagedEnvironmentPermissionRow
      */
     private static function normalizePermissionRow(array $row): array
     {
diff --git a/apps/platform/app/Services/Onboarding/OnboardingDraftMutationService.php b/apps/platform/app/Services/Onboarding/OnboardingDraftMutationService.php
index 24d403ed..d05bc456 100644
--- a/apps/platform/app/Services/Onboarding/OnboardingDraftMutationService.php
+++ b/apps/platform/app/Services/Onboarding/OnboardingDraftMutationService.php
@@ -6,7 +6,7 @@
 
 use App\Exceptions\Onboarding\OnboardingDraftConflictException;
 use App\Exceptions\Onboarding\OnboardingDraftImmutableException;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use Illuminate\Support\Facades\DB;
@@ -19,25 +19,25 @@ public function __construct(
     ) {}
 
     /**
-     * @param  callable(TenantOnboardingSession):void  $mutator
+     * @param  callable(ManagedEnvironmentOnboardingSession):void  $mutator
      */
     public function createOrResume(
         Workspace $workspace,
         User $actor,
         string $entraTenantId,
         callable $mutator,
-        ?TenantOnboardingSession $preferredDraft = null,
+        ?ManagedEnvironmentOnboardingSession $preferredDraft = null,
         ?int $expectedVersion = null,
         bool $incrementVersion = true,
         ?bool &$wasCreated = null,
-    ): TenantOnboardingSession {
-        return DB::transaction(function () use ($workspace, $actor, $entraTenantId, $mutator, $preferredDraft, $expectedVersion, $incrementVersion, &$wasCreated): TenantOnboardingSession {
+    ): ManagedEnvironmentOnboardingSession {
+        return DB::transaction(function () use ($workspace, $actor, $entraTenantId, $mutator, $preferredDraft, $expectedVersion, $incrementVersion, &$wasCreated): ManagedEnvironmentOnboardingSession {
             $draft = $this->resolveDraftForIdentity($workspace, $entraTenantId, $preferredDraft);
-            $isNew = ! $draft instanceof TenantOnboardingSession;
+            $isNew = ! $draft instanceof ManagedEnvironmentOnboardingSession;
             $wasCreated = $isNew;
 
             if ($isNew) {
-                $draft = new TenantOnboardingSession;
+                $draft = new ManagedEnvironmentOnboardingSession;
                 $draft->workspace_id = (int) $workspace->getKey();
                 $draft->entra_tenant_id = $entraTenantId;
                 $draft->started_by_user_id = (int) $actor->getKey();
@@ -61,18 +61,18 @@ public function createOrResume(
     }
 
     /**
-     * @param  callable(TenantOnboardingSession):void  $mutator
+     * @param  callable(ManagedEnvironmentOnboardingSession):void  $mutator
      */
     public function mutate(
-        TenantOnboardingSession $draft,
+        ManagedEnvironmentOnboardingSession $draft,
         User $actor,
         callable $mutator,
         ?int $expectedVersion = null,
         bool $incrementVersion = true,
         bool $allowTerminal = false,
-    ): TenantOnboardingSession {
-        return DB::transaction(function () use ($draft, $actor, $mutator, $expectedVersion, $incrementVersion, $allowTerminal): TenantOnboardingSession {
-            $lockedDraft = TenantOnboardingSession::query()
+    ): ManagedEnvironmentOnboardingSession {
+        return DB::transaction(function () use ($draft, $actor, $mutator, $expectedVersion, $incrementVersion, $allowTerminal): ManagedEnvironmentOnboardingSession {
+            $lockedDraft = ManagedEnvironmentOnboardingSession::query()
                 ->whereKey($draft->getKey())
                 ->lockForUpdate()
                 ->firstOrFail();
@@ -101,19 +101,19 @@ public function mutate(
         });
     }
 
-    public function lockForTrustedMutation(TenantOnboardingSession|int|string $draft, Workspace $workspace): TenantOnboardingSession
+    public function lockForTrustedMutation(ManagedEnvironmentOnboardingSession|int|string $draft, Workspace $workspace): ManagedEnvironmentOnboardingSession
     {
-        $draftId = $draft instanceof TenantOnboardingSession
+        $draftId = $draft instanceof ManagedEnvironmentOnboardingSession
             ? (int) $draft->getKey()
             : (int) $draft;
 
-        $lockedDraft = TenantOnboardingSession::query()
+        $lockedDraft = ManagedEnvironmentOnboardingSession::query()
             ->whereKey($draftId)
             ->where('workspace_id', (int) $workspace->getKey())
             ->lockForUpdate()
             ->first();
 
-        if (! $lockedDraft instanceof TenantOnboardingSession) {
+        if (! $lockedDraft instanceof ManagedEnvironmentOnboardingSession) {
             throw new NotFoundHttpException;
         }
 
@@ -123,16 +123,16 @@ public function lockForTrustedMutation(TenantOnboardingSession|int|string $draft
     private function resolveDraftForIdentity(
         Workspace $workspace,
         string $entraTenantId,
-        ?TenantOnboardingSession $preferredDraft = null,
-    ): ?TenantOnboardingSession {
-        if ($preferredDraft instanceof TenantOnboardingSession) {
-            $lockedPreferredDraft = TenantOnboardingSession::query()
+        ?ManagedEnvironmentOnboardingSession $preferredDraft = null,
+    ): ?ManagedEnvironmentOnboardingSession {
+        if ($preferredDraft instanceof ManagedEnvironmentOnboardingSession) {
+            $lockedPreferredDraft = ManagedEnvironmentOnboardingSession::query()
                 ->whereKey($preferredDraft->getKey())
                 ->where('workspace_id', (int) $workspace->getKey())
                 ->lockForUpdate()
                 ->first();
 
-            if ($lockedPreferredDraft instanceof TenantOnboardingSession && $lockedPreferredDraft->entra_tenant_id === $entraTenantId) {
+            if ($lockedPreferredDraft instanceof ManagedEnvironmentOnboardingSession && $lockedPreferredDraft->entra_tenant_id === $entraTenantId) {
                 if ($lockedPreferredDraft->lifecycleState()->isTerminal()) {
                     throw new OnboardingDraftImmutableException(
                         draftId: (int) $lockedPreferredDraft->getKey(),
@@ -144,7 +144,7 @@ private function resolveDraftForIdentity(
             }
         }
 
-        return TenantOnboardingSession::query()
+        return ManagedEnvironmentOnboardingSession::query()
             ->where('workspace_id', (int) $workspace->getKey())
             ->where('entra_tenant_id', $entraTenantId)
             ->resumable()
@@ -153,7 +153,7 @@ private function resolveDraftForIdentity(
             ->first();
     }
 
-    private function assertExpectedVersion(TenantOnboardingSession $draft, int $expectedVersion): void
+    private function assertExpectedVersion(ManagedEnvironmentOnboardingSession $draft, int $expectedVersion): void
     {
         $actualVersion = max(1, (int) ($draft->version ?? 1));
 
@@ -168,7 +168,7 @@ private function assertExpectedVersion(TenantOnboardingSession $draft, int $expe
         );
     }
 
-    private function persistDraft(TenantOnboardingSession $draft, bool $incrementVersion): void
+    private function persistDraft(ManagedEnvironmentOnboardingSession $draft, bool $incrementVersion): void
     {
         $currentVersion = max(0, (int) ($draft->version ?? 0));
 
diff --git a/apps/platform/app/Services/Onboarding/OnboardingDraftResolver.php b/apps/platform/app/Services/Onboarding/OnboardingDraftResolver.php
index de213530..73fd5893 100644
--- a/apps/platform/app/Services/Onboarding/OnboardingDraftResolver.php
+++ b/apps/platform/app/Services/Onboarding/OnboardingDraftResolver.php
@@ -4,7 +4,7 @@
 
 namespace App\Services\Onboarding;
 
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Services\Audit\WorkspaceAuditLogger;
@@ -25,18 +25,18 @@ public function __construct(
      * @throws AuthorizationException
      * @throws NotFoundHttpException
      */
-    public function resolve(TenantOnboardingSession|int|string $draft, User $user, Workspace $workspace): TenantOnboardingSession
+    public function resolve(ManagedEnvironmentOnboardingSession|int|string $draft, User $user, Workspace $workspace): ManagedEnvironmentOnboardingSession
     {
-        $draftId = $draft instanceof TenantOnboardingSession
+        $draftId = $draft instanceof ManagedEnvironmentOnboardingSession
             ? (int) $draft->getKey()
             : (int) $draft;
 
-        $resolvedDraft = TenantOnboardingSession::query()
-            ->with(['tenant', 'startedByUser', 'updatedByUser'])
+        $resolvedDraft = ManagedEnvironmentOnboardingSession::query()
+            ->with(['managedEnvironment', 'startedByUser', 'updatedByUser'])
             ->whereKey($draftId)
             ->first();
 
-        if (! $resolvedDraft instanceof TenantOnboardingSession) {
+        if (! $resolvedDraft instanceof ManagedEnvironmentOnboardingSession) {
             throw new NotFoundHttpException;
         }
 
@@ -48,7 +48,7 @@ public function resolve(TenantOnboardingSession|int|string $draft, User $user, W
 
         $resolvedDraft = $this->lifecycleService
             ->syncPersistedLifecycle($resolvedDraft)
-            ->loadMissing(['tenant', 'startedByUser', 'updatedByUser']);
+            ->loadMissing(['managedEnvironment', 'startedByUser', 'updatedByUser']);
 
         $normalizedTenant = $this->lifecycleService->syncLinkedTenantAfterCancellation($resolvedDraft);
 
@@ -65,7 +65,7 @@ public function resolve(TenantOnboardingSession|int|string $draft, User $user, W
                 ],
             );
 
-            $resolvedDraft->setRelation('tenant', $normalizedTenant);
+            $resolvedDraft->setRelation('managedEnvironment', $normalizedTenant);
         }
 
         return $resolvedDraft;
@@ -75,18 +75,18 @@ public function resolve(TenantOnboardingSession|int|string $draft, User $user, W
      * @throws AuthorizationException
      * @throws NotFoundHttpException
      */
-    public function resolveForTrustedAction(TenantOnboardingSession|int|string $draft, User $user, Workspace $workspace): TenantOnboardingSession
+    public function resolveForTrustedAction(ManagedEnvironmentOnboardingSession|int|string $draft, User $user, Workspace $workspace): ManagedEnvironmentOnboardingSession
     {
         return $this->resolve($draft, $user, $workspace);
     }
 
     /**
-     * @return Collection<int, TenantOnboardingSession>
+     * @return Collection<int, ManagedEnvironmentOnboardingSession>
      */
     public function resumableDraftsFor(User $user, Workspace $workspace): Collection
     {
-        $drafts = TenantOnboardingSession::query()
-            ->with(['tenant', 'startedByUser', 'updatedByUser'])
+        $drafts = ManagedEnvironmentOnboardingSession::query()
+            ->with(['managedEnvironment', 'startedByUser', 'updatedByUser'])
             ->where('workspace_id', (int) $workspace->getKey())
             ->resumable()
             ->orderByDesc('updated_at')
@@ -103,7 +103,7 @@ public function resumableDraftsFor(User $user, Workspace $workspace): Collection
 
             $resolvedDraft = $this->lifecycleService
                 ->syncPersistedLifecycle($draft)
-                ->loadMissing(['tenant', 'startedByUser', 'updatedByUser']);
+                ->loadMissing(['managedEnvironment', 'startedByUser', 'updatedByUser']);
 
             if (! $this->lifecycleService->canResumeDraft($resolvedDraft)) {
                 continue;
diff --git a/apps/platform/app/Services/Onboarding/OnboardingDraftStageResolver.php b/apps/platform/app/Services/Onboarding/OnboardingDraftStageResolver.php
index ba6b3947..eb1185de 100644
--- a/apps/platform/app/Services/Onboarding/OnboardingDraftStageResolver.php
+++ b/apps/platform/app/Services/Onboarding/OnboardingDraftStageResolver.php
@@ -4,7 +4,7 @@
 
 namespace App\Services\Onboarding;
 
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Support\Onboarding\OnboardingCheckpoint;
 use App\Support\Onboarding\OnboardingDraftStage;
 use App\Support\Onboarding\OnboardingLifecycleState;
@@ -15,9 +15,9 @@ public function __construct(
         private readonly OnboardingLifecycleService $lifecycleService,
     ) {}
 
-    public function resolve(?TenantOnboardingSession $draft): OnboardingDraftStage
+    public function resolve(?ManagedEnvironmentOnboardingSession $draft): OnboardingDraftStage
     {
-        if (! $draft instanceof TenantOnboardingSession) {
+        if (! $draft instanceof ManagedEnvironmentOnboardingSession) {
             return OnboardingDraftStage::Identify;
         }
 
diff --git a/apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php b/apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php
index cfe78815..a34271ee 100644
--- a/apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php
+++ b/apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php
@@ -8,7 +8,7 @@
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Services\Tenants\TenantOperabilityService;
 use App\Support\Onboarding\OnboardingCheckpoint;
 use App\Support\Onboarding\OnboardingLifecycleState;
@@ -26,11 +26,11 @@ public function __construct(
         private readonly ProductTelemetryRecorder $productTelemetryRecorder,
     ) {}
 
-    public function syncPersistedLifecycle(TenantOnboardingSession $draft, bool $incrementVersion = false): TenantOnboardingSession
+    public function syncPersistedLifecycle(ManagedEnvironmentOnboardingSession $draft, bool $incrementVersion = false): ManagedEnvironmentOnboardingSession
     {
-        $freshDraft = TenantOnboardingSession::query()->whereKey($draft->getKey())->first();
+        $freshDraft = ManagedEnvironmentOnboardingSession::query()->whereKey($draft->getKey())->first();
 
-        if (! $freshDraft instanceof TenantOnboardingSession) {
+        if (! $freshDraft instanceof ManagedEnvironmentOnboardingSession) {
             return $draft;
         }
 
@@ -44,7 +44,7 @@ public function syncPersistedLifecycle(TenantOnboardingSession $draft, bool $inc
         return $freshDraft->refresh();
     }
 
-    public function applySnapshot(TenantOnboardingSession $draft, bool $incrementVersion = false): bool
+    public function applySnapshot(ManagedEnvironmentOnboardingSession $draft, bool $incrementVersion = false): bool
     {
         $snapshot = $this->snapshot($draft);
         $lifecycleState = $draft->lifecycle_state instanceof OnboardingLifecycleState
@@ -98,7 +98,7 @@ public function applySnapshot(TenantOnboardingSession $draft, bool $incrementVer
         return $changed;
     }
 
-    public function recordCompletedCheckpointTelemetryIfNeeded(TenantOnboardingSession $draft): void
+    public function recordCompletedCheckpointTelemetryIfNeeded(ManagedEnvironmentOnboardingSession $draft): void
     {
         if (! $draft->wasChanged('last_completed_checkpoint')) {
             return;
@@ -127,7 +127,7 @@ public function recordCompletedCheckpointTelemetryIfNeeded(TenantOnboardingSessi
             workspaceId: $workspaceId,
             tenantId: $tenantId,
             userId: $userId,
-            subjectType: 'tenant_onboarding_session',
+            subjectType: 'managed_environment_onboarding_session',
             subjectId: (int) $draft->getKey(),
             metadata: [
                 'checkpoint_key' => $checkpoint->value,
@@ -147,7 +147,7 @@ public function recordCompletedCheckpointTelemetryIfNeeded(TenantOnboardingSessi
      *     blocking_reason_code: string|null
      * }
      */
-    public function snapshot(TenantOnboardingSession $draft): array
+    public function snapshot(ManagedEnvironmentOnboardingSession $draft): array
     {
         $selectedProviderConnectionId = $this->selectedProviderConnectionId($draft);
         $verificationRun = $this->verificationRun($draft);
@@ -334,7 +334,7 @@ public function snapshot(TenantOnboardingSession $draft): array
         ];
     }
 
-    public function verificationRun(TenantOnboardingSession $draft): ?OperationRun
+    public function verificationRun(ManagedEnvironmentOnboardingSession $draft): ?OperationRun
     {
         $state = is_array($draft->state) ? $draft->state : [];
         $runId = $this->normalizeInteger($state['verification_operation_run_id'] ?? $state['verification_run_id'] ?? null);
@@ -355,7 +355,7 @@ public function verificationRun(TenantOnboardingSession $draft): ?OperationRun
     }
 
     public function verificationStatus(
-        TenantOnboardingSession $draft,
+        ManagedEnvironmentOnboardingSession $draft,
         ?int $selectedProviderConnectionId = null,
         ?OperationRun $run = null,
     ): string {
@@ -386,7 +386,7 @@ public function verificationStatus(
     }
 
     public function verificationCanProceed(
-        TenantOnboardingSession $draft,
+        ManagedEnvironmentOnboardingSession $draft,
         ?int $selectedProviderConnectionId = null,
         ?OperationRun $run = null,
     ): bool {
@@ -408,7 +408,7 @@ public function verificationCanProceed(
         return in_array($this->verificationStatus($draft, $selectedProviderConnectionId, $run), ['ready', 'needs_attention'], true);
     }
 
-    public function verificationIsBlocked(TenantOnboardingSession $draft, ?int $selectedProviderConnectionId = null): bool
+    public function verificationIsBlocked(ManagedEnvironmentOnboardingSession $draft, ?int $selectedProviderConnectionId = null): bool
     {
         return $this->verificationStatus($draft, $selectedProviderConnectionId) === 'blocked';
     }
@@ -425,32 +425,32 @@ public function verificationIsBlocked(TenantOnboardingSession $draft, ?int $sele
      *     is_completed: bool
      * }>
      */
-    public function bootstrapRunSummaries(TenantOnboardingSession $draft, ?int $selectedProviderConnectionId = null): array
+    public function bootstrapRunSummaries(ManagedEnvironmentOnboardingSession $draft, ?int $selectedProviderConnectionId = null): array
     {
         $selectedProviderConnectionId ??= $this->selectedProviderConnectionId($draft);
 
         return $this->bootstrapState($draft, $selectedProviderConnectionId)['summaries'];
     }
 
-    public function isReadyForActivation(TenantOnboardingSession $draft): bool
+    public function isReadyForActivation(ManagedEnvironmentOnboardingSession $draft): bool
     {
         return $this->snapshot($draft)['lifecycle_state'] === OnboardingLifecycleState::ReadyForActivation;
     }
 
-    public function hasActiveCheckpoint(TenantOnboardingSession $draft): bool
+    public function hasActiveCheckpoint(ManagedEnvironmentOnboardingSession $draft): bool
     {
         $snapshot = $this->snapshot($draft);
 
         return in_array($snapshot['lifecycle_state'], [OnboardingLifecycleState::Verifying, OnboardingLifecycleState::Bootstrapping], true);
     }
 
-    public function canResumeDraft(TenantOnboardingSession $draft): bool
+    public function canResumeDraft(ManagedEnvironmentOnboardingSession $draft): bool
     {
         if (! $draft->isWorkflowResumable()) {
             return false;
         }
 
-        $tenant = $draft->tenant;
+        $tenant = $draft->managedEnvironment;
 
         if (! $tenant instanceof ManagedEnvironment) {
             return true;
@@ -459,9 +459,9 @@ public function canResumeDraft(TenantOnboardingSession $draft): bool
         return $this->tenantOperabilityService->canResumeOnboarding($tenant);
     }
 
-    public function syncLinkedTenantAfterCancellation(TenantOnboardingSession $draft): ?ManagedEnvironment
+    public function syncLinkedTenantAfterCancellation(ManagedEnvironmentOnboardingSession $draft): ?ManagedEnvironment
     {
-        $tenant = $draft->tenant;
+        $tenant = $draft->managedEnvironment;
 
         if (! $tenant instanceof ManagedEnvironment) {
             return null;
@@ -471,7 +471,7 @@ public function syncLinkedTenantAfterCancellation(TenantOnboardingSession $draft
             return null;
         }
 
-        $hasOtherResumableDrafts = TenantOnboardingSession::query()
+        $hasOtherResumableDrafts = ManagedEnvironmentOnboardingSession::query()
             ->where('workspace_id', (int) $draft->workspace_id)
             ->where('managed_environment_id', (int) $tenant->getKey())
             ->whereKeyNot((int) $draft->getKey())
@@ -487,7 +487,7 @@ public function syncLinkedTenantAfterCancellation(TenantOnboardingSession $draft
         return $tenant->fresh();
     }
 
-    private function hasTenantIdentity(TenantOnboardingSession $draft): bool
+    private function hasTenantIdentity(ManagedEnvironmentOnboardingSession $draft): bool
     {
         if ($draft->managed_environment_id !== null) {
             return true;
@@ -499,7 +499,7 @@ private function hasTenantIdentity(TenantOnboardingSession $draft): bool
         return is_string($entraTenantId) && trim($entraTenantId) !== '';
     }
 
-    private function selectedProviderConnectionId(TenantOnboardingSession $draft): ?int
+    private function selectedProviderConnectionId(ManagedEnvironmentOnboardingSession $draft): ?int
     {
         $state = is_array($draft->state) ? $draft->state : [];
 
@@ -518,7 +518,7 @@ private function selectedProviderConnectionId(TenantOnboardingSession $draft): ?
         return $exists ? $providerConnectionId : null;
     }
 
-    private function connectionRecentlyUpdated(TenantOnboardingSession $draft): bool
+    private function connectionRecentlyUpdated(ManagedEnvironmentOnboardingSession $draft): bool
     {
         $state = is_array($draft->state) ? $draft->state : [];
 
@@ -639,7 +639,7 @@ private function runReasonCodes(OperationRun $run): array
      *     }>
      * }
      */
-    private function bootstrapState(TenantOnboardingSession $draft, ?int $selectedProviderConnectionId): array
+    private function bootstrapState(ManagedEnvironmentOnboardingSession $draft, ?int $selectedProviderConnectionId): array
     {
         $selectedTypes = $this->bootstrapOperationTypes($draft);
         $runMap = $this->bootstrapRunMap($draft, $selectedTypes);
@@ -717,7 +717,7 @@ private function bootstrapState(TenantOnboardingSession $draft, ?int $selectedPr
     /**
      * @return array<int, string>
      */
-    private function bootstrapOperationTypes(TenantOnboardingSession $draft): array
+    private function bootstrapOperationTypes(ManagedEnvironmentOnboardingSession $draft): array
     {
         $state = is_array($draft->state) ? $draft->state : [];
         $types = $state['bootstrap_operation_types'] ?? [];
@@ -736,7 +736,7 @@ private function bootstrapOperationTypes(TenantOnboardingSession $draft): array
      * @param  array<int, string>  $selectedTypes
      * @return array<string, int>
      */
-    private function bootstrapRunMap(TenantOnboardingSession $draft, array $selectedTypes): array
+    private function bootstrapRunMap(ManagedEnvironmentOnboardingSession $draft, array $selectedTypes): array
     {
         $state = is_array($draft->state) ? $draft->state : [];
         $runs = $state['bootstrap_operation_runs'] ?? null;
diff --git a/apps/platform/app/Services/Operations/QueuedExecutionLegitimacyGate.php b/apps/platform/app/Services/Operations/QueuedExecutionLegitimacyGate.php
index c5fa3834..0037639d 100644
--- a/apps/platform/app/Services/Operations/QueuedExecutionLegitimacyGate.php
+++ b/apps/platform/app/Services/Operations/QueuedExecutionLegitimacyGate.php
@@ -342,7 +342,7 @@ private function laneForContext(QueuedExecutionContext $context): TenantInteract
         $runContext = is_array($context->run->context) ? $context->run->context : [];
         $wizardFlow = data_get($runContext, 'wizard.flow');
 
-        if (is_string($wizardFlow) && trim($wizardFlow) === 'managed_tenant_onboarding') {
+        if (is_string($wizardFlow) && trim($wizardFlow) === 'managed_environment_onboarding') {
             return TenantInteractionLane::OnboardingWorkflow;
         }
 
diff --git a/apps/platform/app/Services/PermissionPosture/PermissionPostureFindingGenerator.php b/apps/platform/app/Services/PermissionPosture/PermissionPostureFindingGenerator.php
index 9020568b..b0af6dc4 100644
--- a/apps/platform/app/Services/PermissionPosture/PermissionPostureFindingGenerator.php
+++ b/apps/platform/app/Services/PermissionPosture/PermissionPostureFindingGenerator.php
@@ -17,7 +17,7 @@
 
 /**
  * Generates, auto-resolves, and re-opens permission posture findings
- * based on the output of TenantPermissionService::compare().
+ * based on the output of ManagedEnvironmentPermissionService::compare().
  */
 final class PermissionPostureFindingGenerator implements FindingGeneratorContract
 {
diff --git a/apps/platform/app/Services/PortfolioCompare/CrossTenantPromotionExecutionService.php b/apps/platform/app/Services/PortfolioCompare/CrossEnvironmentPromotionExecutionService.php
similarity index 74%
rename from apps/platform/app/Services/PortfolioCompare/CrossTenantPromotionExecutionService.php
rename to apps/platform/app/Services/PortfolioCompare/CrossEnvironmentPromotionExecutionService.php
index 470b5ae3..85fc1398 100644
--- a/apps/platform/app/Services/PortfolioCompare/CrossTenantPromotionExecutionService.php
+++ b/apps/platform/app/Services/PortfolioCompare/CrossEnvironmentPromotionExecutionService.php
@@ -4,7 +4,7 @@
 
 namespace App\Services\PortfolioCompare;
 
-use App\Jobs\Operations\CrossTenantPromotionExecutionJob;
+use App\Jobs\Operations\CrossEnvironmentPromotionExecutionJob;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\User;
@@ -17,14 +17,14 @@
 use App\Support\OperationalControls\OperationalControlBlockedException;
 use App\Support\OperationalControls\OperationalControlEvaluator;
 use App\Support\OperationRunStatus;
-use App\Support\PortfolioCompare\CrossTenantCompareSelection;
-use App\Support\PortfolioCompare\CrossTenantPromotionExecutionPlanner;
+use App\Support\PortfolioCompare\CrossEnvironmentCompareSelection;
+use App\Support\PortfolioCompare\CrossEnvironmentPromotionExecutionPlanner;
 use Carbon\CarbonImmutable;
 
-final class CrossTenantPromotionExecutionService
+final class CrossEnvironmentPromotionExecutionService
 {
     public function __construct(
-        private readonly CrossTenantPromotionExecutionPlanner $planner,
+        private readonly CrossEnvironmentPromotionExecutionPlanner $planner,
         private readonly OperationRunService $operationRuns,
         private readonly WorkspaceAuditLogger $auditLogger,
         private readonly OperationalControlEvaluator $operationalControls,
@@ -35,12 +35,12 @@ public function __construct(
      * @param  array<string, mixed>  $preflight
      */
     public function start(
-        CrossTenantCompareSelection $selection,
+        CrossEnvironmentCompareSelection $selection,
         array $preview,
         array $preflight,
         User $actor,
     ): ProviderOperationStartResult {
-        $workspace = $selection->targetTenant->workspace;
+        $workspace = $selection->targetEnvironment->workspace;
 
         if (! $workspace instanceof Workspace) {
             throw new \RuntimeException('Promotion execution requires a workspace context.');
@@ -60,8 +60,8 @@ public function start(
                         'reason_text' => $decision->reasonText,
                         'expires_at' => $decision->expiresAt?->toIso8601String(),
                         'actor_id' => (int) $actor->getKey(),
-                        'source_tenant_id' => (int) $selection->sourceTenant->getKey(),
-                        'target_tenant_id' => (int) $selection->targetTenant->getKey(),
+                        'source_environment_id' => (int) $selection->sourceEnvironment->getKey(),
+                        'target_environment_id' => (int) $selection->targetEnvironment->getKey(),
                         'requested_scope' => 'promotion.execute',
                     ], static fn (mixed $value): bool => $value !== null && $value !== ''),
                 ],
@@ -71,14 +71,14 @@ public function start(
                 resourceId: $decision->sourceActivationId !== null ? (string) $decision->sourceActivationId : null,
                 targetLabel: 'Promotion execution',
                 summary: 'Promotion execution blocked by operational control',
-                tenant: $selection->targetTenant,
+                tenant: $selection->targetEnvironment,
             );
 
             throw OperationalControlBlockedException::forDecision($decision, 'Promotion execution');
         }
 
         $plan = $this->planner->build($preview, $preflight);
-        $providerConnection = $this->defaultProviderConnection((int) $selection->targetTenant->getKey());
+        $providerConnection = $this->defaultProviderConnection((int) $selection->targetEnvironment->getKey());
         $now = CarbonImmutable::now();
 
         $identity = array_replace($plan['identity'], [
@@ -87,20 +87,20 @@ public function start(
 
         $context = [
             'operation_type' => 'promotion.execute',
-            'source_tenant_id' => (int) $selection->sourceTenant->getKey(),
-            'source_tenant_name' => (string) $selection->sourceTenant->name,
-            'target_tenant_id' => (int) $selection->targetTenant->getKey(),
-            'target_tenant_name' => (string) $selection->targetTenant->name,
+            'source_environment_id' => (int) $selection->sourceEnvironment->getKey(),
+            'source_environment_name' => (string) $selection->sourceEnvironment->name,
+            'target_environment_id' => (int) $selection->targetEnvironment->getKey(),
+            'target_environment_name' => (string) $selection->targetEnvironment->name,
             'provider_connection_id' => $providerConnection instanceof ProviderConnection ? (int) $providerConnection->getKey() : null,
             'required_capability' => Capabilities::TENANT_MANAGE,
             'workspace_required_capability' => Capabilities::WORKSPACE_BASELINES_MANAGE,
             'target_scope' => [
                 'workspace_id' => (int) $workspace->getKey(),
-                'managed_environment_id' => (int) $selection->targetTenant->getKey(),
+                'managed_environment_id' => (int) $selection->targetEnvironment->getKey(),
                 'provider_connection_id' => $providerConnection instanceof ProviderConnection ? (int) $providerConnection->getKey() : null,
                 'entra_tenant_id' => $providerConnection instanceof ProviderConnection
                     ? (string) $providerConnection->entra_tenant_id
-                    : (string) ($selection->targetTenant->managed_environment_id ?? $selection->targetTenant->external_id ?? $selection->targetTenant->getKey()),
+                    : (string) ($selection->targetEnvironment->managed_environment_id ?? $selection->targetEnvironment->external_id ?? $selection->targetEnvironment->getKey()),
             ],
             'promotion_execution' => [
                 'queued_at' => $now->toIso8601String(),
@@ -111,7 +111,7 @@ public function start(
         ];
 
         $run = $this->operationRuns->ensureRunWithIdentity(
-            tenant: $selection->targetTenant,
+            tenant: $selection->targetEnvironment,
             type: 'promotion.execute',
             identityInputs: $identity,
             context: $context,
@@ -134,13 +134,13 @@ public function start(
 
         $this->operationRuns->dispatchOrFail(
             $run,
-            fn (OperationRun $operationRun): mixed => CrossTenantPromotionExecutionJob::dispatch($operationRun),
+            fn (OperationRun $operationRun): mixed => CrossEnvironmentPromotionExecutionJob::dispatch($operationRun),
         );
 
-        $this->auditLogger->logCrossTenantPromotionExecutionQueued(
+        $this->auditLogger->logCrossEnvironmentPromotionExecutionQueued(
             workspace: $workspace,
-            sourceTenant: $selection->sourceTenant,
-            targetTenant: $selection->targetTenant,
+            sourceEnvironment: $selection->sourceEnvironment,
+            targetEnvironment: $selection->targetEnvironment,
             operationRun: $run->fresh() ?? $run,
             plan: $plan,
             actor: $actor,
@@ -149,10 +149,10 @@ public function start(
         return ProviderOperationStartResult::started($run->fresh() ?? $run, true);
     }
 
-    private function defaultProviderConnection(int $tenantId): ?ProviderConnection
+    private function defaultProviderConnection(int $environmentId): ?ProviderConnection
     {
         return ProviderConnection::query()
-            ->where('managed_environment_id', $tenantId)
+            ->where('managed_environment_id', $environmentId)
             ->where('provider', 'microsoft')
             ->where('is_default', true)
             ->orderBy('id')
diff --git a/apps/platform/app/Services/PortfolioTriage/TenantTriageReviewService.php b/apps/platform/app/Services/PortfolioTriage/ManagedEnvironmentTriageReviewService.php
similarity index 79%
rename from apps/platform/app/Services/PortfolioTriage/TenantTriageReviewService.php
rename to apps/platform/app/Services/PortfolioTriage/ManagedEnvironmentTriageReviewService.php
index 091c37f7..7cb5a5ad 100644
--- a/apps/platform/app/Services/PortfolioTriage/TenantTriageReviewService.php
+++ b/apps/platform/app/Services/PortfolioTriage/ManagedEnvironmentTriageReviewService.php
@@ -5,19 +5,19 @@
 namespace App\Services\PortfolioTriage;
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Models\User;
 use App\Services\Audit\WorkspaceAuditLogger;
 use App\Support\Audit\AuditActionId;
 use App\Support\BackupHealth\TenantBackupHealthAssessment;
-use App\Support\PortfolioTriage\TenantTriageReviewFingerprint;
+use App\Support\PortfolioTriage\ManagedEnvironmentTriageReviewFingerprint;
 use Illuminate\Support\Facades\DB;
 use InvalidArgumentException;
 
-final readonly class TenantTriageReviewService
+final readonly class ManagedEnvironmentTriageReviewService
 {
     public function __construct(
-        private TenantTriageReviewFingerprint $fingerprints,
+        private ManagedEnvironmentTriageReviewFingerprint $fingerprints,
         private WorkspaceAuditLogger $auditLogger,
     ) {}
 
@@ -30,11 +30,11 @@ public function markReviewed(
         ?TenantBackupHealthAssessment $backupHealth = null,
         ?array $recoveryEvidence = null,
         ?User $actor = null,
-    ): TenantTriageReview {
+    ): ManagedEnvironmentTriageReview {
         return $this->store(
             tenant: $tenant,
             concernFamily: $concernFamily,
-            manualState: TenantTriageReview::STATE_REVIEWED,
+            manualState: ManagedEnvironmentTriageReview::STATE_REVIEWED,
             backupHealth: $backupHealth,
             recoveryEvidence: $recoveryEvidence,
             actor: $actor,
@@ -50,11 +50,11 @@ public function markFollowUpNeeded(
         ?TenantBackupHealthAssessment $backupHealth = null,
         ?array $recoveryEvidence = null,
         ?User $actor = null,
-    ): TenantTriageReview {
+    ): ManagedEnvironmentTriageReview {
         return $this->store(
             tenant: $tenant,
             concernFamily: $concernFamily,
-            manualState: TenantTriageReview::STATE_FOLLOW_UP_NEEDED,
+            manualState: ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED,
             backupHealth: $backupHealth,
             recoveryEvidence: $recoveryEvidence,
             actor: $actor,
@@ -71,8 +71,8 @@ private function store(
         ?TenantBackupHealthAssessment $backupHealth,
         ?array $recoveryEvidence,
         ?User $actor,
-    ): TenantTriageReview {
-        if (! in_array($manualState, TenantTriageReview::MANUAL_STATES, true)) {
+    ): ManagedEnvironmentTriageReview {
+        if (! in_array($manualState, ManagedEnvironmentTriageReview::MANUAL_STATES, true)) {
             throw new InvalidArgumentException('Unsupported triage review state.');
         }
 
@@ -89,7 +89,7 @@ private function store(
         $workspaceId = (int) $tenant->workspace_id;
         $now = now();
 
-        /** @var TenantTriageReview $review */
+        /** @var ManagedEnvironmentTriageReview $review */
         $review = DB::transaction(function () use (
             $tenant,
             $workspaceId,
@@ -97,8 +97,8 @@ private function store(
             $currentConcern,
             $actor,
             $now,
-        ): TenantTriageReview {
-            TenantTriageReview::query()
+        ): ManagedEnvironmentTriageReview {
+            ManagedEnvironmentTriageReview::query()
                 ->forWorkspace($workspaceId)
                 ->forTenant((int) $tenant->getKey())
                 ->where('concern_family', $currentConcern['concern_family'])
@@ -108,7 +108,7 @@ private function store(
                     'updated_at' => $now,
                 ]);
 
-            return TenantTriageReview::query()->create([
+            return ManagedEnvironmentTriageReview::query()->create([
                 'workspace_id' => $workspaceId,
                 'managed_environment_id' => (int) $tenant->getKey(),
                 'concern_family' => $currentConcern['concern_family'],
@@ -126,9 +126,9 @@ private function store(
 
         $this->auditLogger->log(
             workspace: $tenant->workspace,
-            action: $manualState === TenantTriageReview::STATE_REVIEWED
-                ? AuditActionId::TenantTriageReviewMarkedReviewed
-                : AuditActionId::TenantTriageReviewMarkedFollowUpNeeded,
+            action: $manualState === ManagedEnvironmentTriageReview::STATE_REVIEWED
+                ? AuditActionId::ManagedEnvironmentTriageReviewMarkedReviewed
+                : AuditActionId::ManagedEnvironmentTriageReviewMarkedFollowUpNeeded,
             context: [
                 'metadata' => [
                     'concern_family' => $currentConcern['concern_family'],
@@ -138,7 +138,7 @@ private function store(
                 ],
             ],
             actor: $actor,
-            resourceType: 'tenant_triage_review',
+            resourceType: 'managed_environment_triage_review',
             resourceId: (string) $review->getKey(),
             targetLabel: $tenant->name,
             tenant: $tenant,
@@ -156,7 +156,7 @@ private function summaryFor(string $concernFamily, string $manualState): string
             default => 'Portfolio concern',
         };
 
-        $state = $manualState === TenantTriageReview::STATE_REVIEWED
+        $state = $manualState === ManagedEnvironmentTriageReview::STATE_REVIEWED
             ? 'reviewed'
             : 'follow-up needed';
 
diff --git a/apps/platform/app/Services/ReviewPackService.php b/apps/platform/app/Services/ReviewPackService.php
index 05119abb..e323839c 100644
--- a/apps/platform/app/Services/ReviewPackService.php
+++ b/apps/platform/app/Services/ReviewPackService.php
@@ -11,7 +11,7 @@
 use App\Models\OperationRun;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Services\Audit\WorkspaceAuditLogger;
 use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
@@ -136,7 +136,7 @@ public function generate(ManagedEnvironment $tenant, User $user, array $options
      *
      * @param  array<string, mixed>  $options
      */
-    public function generateFromReview(TenantReview $review, User $user, array $options = []): ReviewPack
+    public function generateFromReview(EnvironmentReview $review, User $user, array $options = []): ReviewPack
     {
         $review->loadMissing(['tenant', 'evidenceSnapshot', 'sections']);
 
@@ -155,7 +155,7 @@ public function generateFromReview(TenantReview $review, User $user, array $opti
 
         if ($existing instanceof ReviewPack) {
             $this->logReviewExport($review, $user, $existing, 'reused');
-            $this->recordReviewPackRequestTelemetry($existing, $user, 'tenant_review');
+            $this->recordReviewPackRequestTelemetry($existing, $user, 'environment_review');
 
             return $existing;
         }
@@ -164,7 +164,7 @@ public function generateFromReview(TenantReview $review, User $user, array $opti
             tenant: $tenant,
             type: OperationRunType::ReviewPackGenerate->value,
             inputs: [
-                'tenant_review_id' => (int) $review->getKey(),
+                'environment_review_id' => (int) $review->getKey(),
                 'include_pii' => $options['include_pii'],
                 'include_operations' => $options['include_operations'],
                 'evidence_snapshot_id' => (int) $snapshot->getKey(),
@@ -177,7 +177,7 @@ public function generateFromReview(TenantReview $review, User $user, array $opti
 
             if ($queuedPack instanceof ReviewPack) {
                 $this->logReviewExport($review, $user, $queuedPack, 'reused_active_run');
-                $this->recordReviewPackRequestTelemetry($queuedPack, $user, 'tenant_review');
+                $this->recordReviewPackRequestTelemetry($queuedPack, $user, 'environment_review');
 
                 return $queuedPack;
             }
@@ -186,14 +186,14 @@ public function generateFromReview(TenantReview $review, User $user, array $opti
         $reviewPack = ReviewPack::create([
             'managed_environment_id' => (int) $tenant->getKey(),
             'workspace_id' => (int) $tenant->workspace_id,
-            'tenant_review_id' => (int) $review->getKey(),
+            'environment_review_id' => (int) $review->getKey(),
             'operation_run_id' => (int) $operationRun->getKey(),
             'evidence_snapshot_id' => (int) $snapshot->getKey(),
             'initiated_by_user_id' => (int) $user->getKey(),
             'status' => ReviewPackStatus::Queued->value,
             'options' => $options,
             'summary' => [
-                'tenant_review_id' => (int) $review->getKey(),
+                'environment_review_id' => (int) $review->getKey(),
                 'review_status' => (string) $review->status,
                 'review_completeness_state' => (string) $review->completeness_state,
                 'section_count' => $review->sections->count(),
@@ -226,7 +226,7 @@ public function generateFromReview(TenantReview $review, User $user, array $opti
         });
 
         $this->logReviewExport($review, $user, $reviewPack, 'queued');
-        $this->recordReviewPackRequestTelemetry($reviewPack, $user, 'tenant_review');
+        $this->recordReviewPackRequestTelemetry($reviewPack, $user, 'environment_review');
 
         return $reviewPack;
     }
@@ -308,10 +308,10 @@ public function findExistingPack(ManagedEnvironment $tenant, string $fingerprint
             ->first();
     }
 
-    public function findExistingPackForReview(TenantReview $review, string $fingerprint): ?ReviewPack
+    public function findExistingPackForReview(EnvironmentReview $review, string $fingerprint): ?ReviewPack
     {
         return ReviewPack::query()
-            ->where('tenant_review_id', (int) $review->getKey())
+            ->where('environment_review_id', (int) $review->getKey())
             ->ready()
             ->where('fingerprint', $fingerprint)
             ->where('expires_at', '>', now())
@@ -330,12 +330,12 @@ public function checkActiveRun(ManagedEnvironment $tenant): bool
             ->exists();
     }
 
-    public function checkActiveRunForReview(TenantReview $review): bool
+    public function checkActiveRunForReview(EnvironmentReview $review): bool
     {
         return OperationRun::query()
             ->where('managed_environment_id', (int) $review->managed_environment_id)
             ->where('type', OperationRunType::ReviewPackGenerate->value)
-            ->whereJsonContains('context->tenant_review_id', (int) $review->getKey())
+            ->whereJsonContains('context->environment_review_id', (int) $review->getKey())
             ->active()
             ->exists();
     }
@@ -376,10 +376,10 @@ private function computeFingerprintForSnapshot(EvidenceSnapshot $snapshot, array
         return hash('sha256', json_encode($data, JSON_THROW_ON_ERROR));
     }
 
-    public function computeFingerprintForReview(TenantReview $review, array $options): string
+    public function computeFingerprintForReview(EnvironmentReview $review, array $options): string
     {
         $data = [
-            'tenant_review_id' => (int) $review->getKey(),
+            'environment_review_id' => (int) $review->getKey(),
             'review_fingerprint' => (string) $review->fingerprint,
             'review_status' => (string) $review->status,
             'delivery_contract' => self::REVIEW_DERIVED_DELIVERY_CONTRACT,
@@ -414,7 +414,7 @@ private function findPackForRun(ManagedEnvironment $tenant, OperationRun $operat
             ->first();
     }
 
-    private function logReviewExport(TenantReview $review, User $user, ReviewPack $reviewPack, string $mode): void
+    private function logReviewExport(EnvironmentReview $review, User $user, ReviewPack $reviewPack, string $mode): void
     {
         $tenant = $review->tenant;
 
@@ -424,7 +424,7 @@ private function logReviewExport(TenantReview $review, User $user, ReviewPack $r
 
         $this->auditLogger->log(
             workspace: $tenant->workspace,
-            action: AuditActionId::TenantReviewExported,
+            action: AuditActionId::EnvironmentReviewExported,
             context: [
                 'metadata' => [
                     'review_id' => (int) $review->getKey(),
@@ -434,7 +434,7 @@ private function logReviewExport(TenantReview $review, User $user, ReviewPack $r
                 ],
             ],
             actor: $user,
-            resourceType: 'tenant_review',
+            resourceType: 'environment_review',
             resourceId: (string) $review->getKey(),
             targetLabel: sprintf('ManagedEnvironment review #%d', (int) $review->getKey()),
             operationRunId: $reviewPack->operation_run_id,
diff --git a/apps/platform/app/Services/SystemConsole/OperationRunTriageService.php b/apps/platform/app/Services/SystemConsole/OperationRunTriageService.php
index 97fac7d4..84f6184d 100644
--- a/apps/platform/app/Services/SystemConsole/OperationRunTriageService.php
+++ b/apps/platform/app/Services/SystemConsole/OperationRunTriageService.php
@@ -19,8 +19,8 @@ final class OperationRunTriageService
         'directory.groups.sync',
         'rbac.health_check',
         'entra.admin_roles.scan',
-        'tenant.review_pack.generate',
-        'tenant.review.compose',
+        'environment.review_pack.generate',
+        'environment.review.compose',
     ];
 
     private const CANCELABLE_TYPES = [
@@ -29,8 +29,8 @@ final class OperationRunTriageService
         'directory.groups.sync',
         'rbac.health_check',
         'entra.admin_roles.scan',
-        'tenant.review_pack.generate',
-        'tenant.review.compose',
+        'environment.review_pack.generate',
+        'environment.review.compose',
     ];
 
     public function __construct(
diff --git a/apps/platform/app/Services/Tenants/TenantActionPolicySurface.php b/apps/platform/app/Services/Tenants/TenantActionPolicySurface.php
index ee7e1acb..d7623c02 100644
--- a/apps/platform/app/Services/Tenants/TenantActionPolicySurface.php
+++ b/apps/platform/app/Services/Tenants/TenantActionPolicySurface.php
@@ -5,7 +5,7 @@
 namespace App\Services\Tenants;
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Services\Onboarding\OnboardingLifecycleService;
 use App\Support\Audit\AuditActionId;
@@ -38,7 +38,7 @@ public function buildContext(ManagedEnvironment $tenant, TenantActionSurface $su
         $workspaceId = request() !== null
             ? $this->workspaceContext->currentWorkspaceId(request())
             : null;
-        $resumeOutcome = $draft instanceof TenantOnboardingSession
+        $resumeOutcome = $draft instanceof ManagedEnvironmentOnboardingSession
             ? $this->tenantOperabilityService->outcomeFor(
                 tenant: $tenant,
                 question: TenantOperabilityQuestion::ResumeOnboardingEligibility,
@@ -58,7 +58,7 @@ public function buildContext(ManagedEnvironment $tenant, TenantActionSurface $su
             lane: $lane,
             relatedOnboardingDraft: $draft,
             relatedOnboardingIsResumable: $resumeOutcome?->allowed ?? false,
-            hasRelatedOnboardingDraft: $draft instanceof TenantOnboardingSession,
+            hasRelatedOnboardingDraft: $draft instanceof ManagedEnvironmentOnboardingSession,
             isArchived: $lifecycle->canRestore(),
         );
     }
@@ -130,7 +130,7 @@ public function onboardingEntryDescriptor(int $resumableDraftCount): TenantActio
         };
     }
 
-    public function relatedOnboardingDraft(ManagedEnvironment $tenant, ?User $user = null): ?TenantOnboardingSession
+    public function relatedOnboardingDraft(ManagedEnvironment $tenant, ?User $user = null): ?ManagedEnvironmentOnboardingSession
     {
         $user ??= auth()->user();
 
@@ -138,12 +138,12 @@ public function relatedOnboardingDraft(ManagedEnvironment $tenant, ?User $user =
             return null;
         }
 
-        return TenantOnboardingSession::query()
+        return ManagedEnvironmentOnboardingSession::query()
             ->where('workspace_id', (int) $tenant->workspace_id)
             ->where('managed_environment_id', (int) $tenant->getKey())
             ->orderByDesc('updated_at')
             ->get()
-            ->first(fn (TenantOnboardingSession $draft): bool => Gate::forUser($user)->allows('view', $draft));
+            ->first(fn (ManagedEnvironmentOnboardingSession $draft): bool => Gate::forUser($user)->allows('view', $draft));
     }
 
     private function viewAction(): TenantActionDescriptor
@@ -267,7 +267,7 @@ private function relatedOnboardingActionForContext(
     ): ?TenantActionDescriptor {
         $draft = $context->relatedOnboardingDraft;
 
-        if (! $draft instanceof TenantOnboardingSession) {
+        if (! $draft instanceof ManagedEnvironmentOnboardingSession) {
             return null;
         }
 
diff --git a/apps/platform/app/Services/Tenants/TenantOperabilityService.php b/apps/platform/app/Services/Tenants/TenantOperabilityService.php
index be72ac51..560a9557 100644
--- a/apps/platform/app/Services/Tenants/TenantOperabilityService.php
+++ b/apps/platform/app/Services/Tenants/TenantOperabilityService.php
@@ -5,7 +5,7 @@
 namespace App\Services\Tenants;
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Services\Auth\CapabilityResolver;
 use App\Support\ReasonTranslation\ReasonResolutionEnvelope;
@@ -186,7 +186,7 @@ public function outcomeFor(
         ?User $actor = null,
         ?int $workspaceId = null,
         TenantInteractionLane $lane = TenantInteractionLane::AdministrativeManagement,
-        ?TenantOnboardingSession $onboardingDraft = null,
+        ?ManagedEnvironmentOnboardingSession $onboardingDraft = null,
         ?string $requiredCapability = null,
         ?ManagedEnvironment $selectedTenant = null,
         ?string $linkedRecordType = null,
@@ -478,7 +478,7 @@ private function resumeOnboardingOutcome(TenantOperabilityContext $context, Tena
             );
         }
 
-        if ($context->onboardingDraft instanceof TenantOnboardingSession && ! $context->onboardingDraft->isWorkflowResumable()) {
+        if ($context->onboardingDraft instanceof ManagedEnvironmentOnboardingSession && ! $context->onboardingDraft->isWorkflowResumable()) {
             return TenantOperabilityOutcome::deny(
                 question: TenantOperabilityQuestion::ResumeOnboardingEligibility,
                 lifecycle: $lifecycle,
diff --git a/apps/platform/app/Support/Audit/AuditActionId.php b/apps/platform/app/Support/Audit/AuditActionId.php
index e44c0f5a..6d57c49b 100644
--- a/apps/platform/app/Support/Audit/AuditActionId.php
+++ b/apps/platform/app/Support/Audit/AuditActionId.php
@@ -34,19 +34,19 @@ enum AuditActionId: string
     case PolicyProviderMissingDetected = 'policy.provider_missing_detected';
     case PolicyProviderMissingCleared = 'policy.provider_missing_cleared';
 
-    // Managed tenant onboarding wizard.
-    case ManagedTenantOnboardingStart = 'managed_tenant_onboarding.start';
-    case ManagedTenantOnboardingResume = 'managed_tenant_onboarding.resume';
-    case ManagedTenantOnboardingDraftSelected = 'managed_tenant_onboarding.draft_selected';
-    case ManagedTenantOnboardingDraftUpdated = 'managed_tenant_onboarding.draft_updated';
-    case ManagedTenantOnboardingProviderConnectionChanged = 'managed_tenant_onboarding.provider_connection_changed';
-    case ManagedTenantOnboardingVerificationStart = 'managed_tenant_onboarding.verification_start';
-    case ManagedTenantOnboardingVerificationPersisted = 'managed_tenant_onboarding.verification_persisted';
-    case ManagedTenantOnboardingBootstrapStarted = 'managed_tenant_onboarding.bootstrap_started';
-    case ManagedTenantOnboardingCancelled = 'managed_tenant_onboarding.cancelled';
-    case ManagedTenantOnboardingDeleted = 'managed_tenant_onboarding.deleted';
-    case ManagedTenantOnboardingActivationOverrideUsed = 'managed_tenant_onboarding.activation_override_used';
-    case ManagedTenantOnboardingActivation = 'managed_tenant_onboarding.activation';
+    // Managed environment onboarding wizard.
+    case ManagedEnvironmentOnboardingStart = 'managed_environment_onboarding.start';
+    case ManagedEnvironmentOnboardingResume = 'managed_environment_onboarding.resume';
+    case ManagedEnvironmentOnboardingDraftSelected = 'managed_environment_onboarding.draft_selected';
+    case ManagedEnvironmentOnboardingDraftUpdated = 'managed_environment_onboarding.draft_updated';
+    case ManagedEnvironmentOnboardingProviderConnectionChanged = 'managed_environment_onboarding.provider_connection_changed';
+    case ManagedEnvironmentOnboardingVerificationStart = 'managed_environment_onboarding.verification_start';
+    case ManagedEnvironmentOnboardingVerificationPersisted = 'managed_environment_onboarding.verification_persisted';
+    case ManagedEnvironmentOnboardingBootstrapStarted = 'managed_environment_onboarding.bootstrap_started';
+    case ManagedEnvironmentOnboardingCancelled = 'managed_environment_onboarding.cancelled';
+    case ManagedEnvironmentOnboardingDeleted = 'managed_environment_onboarding.deleted';
+    case ManagedEnvironmentOnboardingActivationOverrideUsed = 'managed_environment_onboarding.activation_override_used';
+    case ManagedEnvironmentOnboardingActivation = 'managed_environment_onboarding.activation';
     case VerificationCompleted = 'verification.completed';
     case VerificationCheckAcknowledged = 'verification.check_acknowledged';
 
@@ -79,9 +79,9 @@ enum AuditActionId: string
     case BaselineCompareStarted = 'baseline_compare.started';
     case BaselineCompareCompleted = 'baseline_compare.completed';
     case BaselineCompareFailed = 'baseline_compare.failed';
-    case CrossTenantPromotionPreflightGenerated = 'cross_tenant_promotion_preflight.generated';
-    case CrossTenantPromotionExecutionQueued = 'cross_tenant_promotion_execution.queued';
-    case CrossTenantPromotionExecutionCompleted = 'cross_tenant_promotion_execution.completed';
+    case CrossEnvironmentPromotionPreflightGenerated = 'cross_environment_promotion_preflight.generated';
+    case CrossEnvironmentPromotionExecutionQueued = 'cross_environment_promotion_execution.queued';
+    case CrossEnvironmentPromotionExecutionCompleted = 'cross_environment_promotion_execution.completed';
     case BaselineAssignmentCreated = 'baseline_assignment.created';
     case BaselineAssignmentUpdated = 'baseline_assignment.updated';
     case BaselineAssignmentDeleted = 'baseline_assignment.deleted';
@@ -104,17 +104,17 @@ enum AuditActionId: string
     case EvidenceSnapshotRefreshed = 'evidence_snapshot.refreshed';
     case EvidenceSnapshotExpired = 'evidence_snapshot.expired';
     case EvidenceSnapshotOpened = 'evidence_snapshot.opened';
-    case TenantReviewCreated = 'tenant_review.created';
-    case TenantReviewRefreshed = 'tenant_review.refreshed';
-    case TenantReviewPublished = 'tenant_review.published';
-    case TenantReviewArchived = 'tenant_review.archived';
-    case TenantReviewOpened = 'tenant_review.opened';
-    case TenantReviewExported = 'tenant_review.exported';
-    case TenantReviewSuccessorCreated = 'tenant_review.successor_created';
+    case EnvironmentReviewCreated = 'environment_review.created';
+    case EnvironmentReviewRefreshed = 'environment_review.refreshed';
+    case EnvironmentReviewPublished = 'environment_review.published';
+    case EnvironmentReviewArchived = 'environment_review.archived';
+    case EnvironmentReviewOpened = 'environment_review.opened';
+    case EnvironmentReviewExported = 'environment_review.exported';
+    case EnvironmentReviewSuccessorCreated = 'environment_review.successor_created';
     case CustomerReviewWorkspaceOpened = 'customer_review_workspace.opened';
     case ReviewPackDownloaded = 'review_pack.downloaded';
-    case TenantTriageReviewMarkedReviewed = 'tenant_triage_review.marked_reviewed';
-    case TenantTriageReviewMarkedFollowUpNeeded = 'tenant_triage_review.marked_follow_up_needed';
+    case ManagedEnvironmentTriageReviewMarkedReviewed = 'managed_environment_triage_review.marked_reviewed';
+    case ManagedEnvironmentTriageReviewMarkedFollowUpNeeded = 'managed_environment_triage_review.marked_follow_up_needed';
 
     case SupportDiagnosticsOpened = 'support_diagnostics.opened';
     case SupportRequestCreated = 'support_request.created';
@@ -209,18 +209,18 @@ private static function labels(): array
             self::ManagedEnvironmentAccessScopeRemove->value => 'ManagedEnvironment access scope removal',
             self::PolicyProviderMissingDetected->value => 'Policy provider missing detected',
             self::PolicyProviderMissingCleared->value => 'Policy provider missing cleared',
-            self::ManagedTenantOnboardingStart->value => 'Managed tenant onboarding start',
-            self::ManagedTenantOnboardingResume->value => 'Managed tenant onboarding resume',
-            self::ManagedTenantOnboardingDraftSelected->value => 'Managed tenant onboarding draft selected',
-            self::ManagedTenantOnboardingDraftUpdated->value => 'Managed tenant onboarding draft updated',
-            self::ManagedTenantOnboardingProviderConnectionChanged->value => 'Managed tenant onboarding provider connection changed',
-            self::ManagedTenantOnboardingVerificationStart->value => 'Managed tenant onboarding verification start',
-            self::ManagedTenantOnboardingVerificationPersisted->value => 'Managed tenant onboarding verification persisted',
-            self::ManagedTenantOnboardingBootstrapStarted->value => 'Managed tenant onboarding bootstrap started',
-            self::ManagedTenantOnboardingCancelled->value => 'Managed tenant onboarding cancelled',
-            self::ManagedTenantOnboardingDeleted->value => 'Managed tenant onboarding deleted',
-            self::ManagedTenantOnboardingActivationOverrideUsed->value => 'Managed tenant onboarding activation override used',
-            self::ManagedTenantOnboardingActivation->value => 'Managed tenant onboarding activation',
+            self::ManagedEnvironmentOnboardingStart->value => 'Managed environment onboarding start',
+            self::ManagedEnvironmentOnboardingResume->value => 'Managed environment onboarding resume',
+            self::ManagedEnvironmentOnboardingDraftSelected->value => 'Managed environment onboarding draft selected',
+            self::ManagedEnvironmentOnboardingDraftUpdated->value => 'Managed environment onboarding draft updated',
+            self::ManagedEnvironmentOnboardingProviderConnectionChanged->value => 'Managed environment onboarding provider connection changed',
+            self::ManagedEnvironmentOnboardingVerificationStart->value => 'Managed environment onboarding verification start',
+            self::ManagedEnvironmentOnboardingVerificationPersisted->value => 'Managed environment onboarding verification persisted',
+            self::ManagedEnvironmentOnboardingBootstrapStarted->value => 'Managed environment onboarding bootstrap started',
+            self::ManagedEnvironmentOnboardingCancelled->value => 'Managed environment onboarding cancelled',
+            self::ManagedEnvironmentOnboardingDeleted->value => 'Managed environment onboarding deleted',
+            self::ManagedEnvironmentOnboardingActivationOverrideUsed->value => 'Managed environment onboarding activation override used',
+            self::ManagedEnvironmentOnboardingActivation->value => 'Managed environment onboarding activation',
             self::VerificationCompleted->value => 'Verification completed',
             self::VerificationCheckAcknowledged->value => 'Verification check acknowledged',
             self::AlertDestinationCreated->value => 'Alert destination created',
@@ -249,9 +249,9 @@ private static function labels(): array
             self::BaselineCompareStarted->value => 'Baseline compare started',
             self::BaselineCompareCompleted->value => 'Baseline compare completed',
             self::BaselineCompareFailed->value => 'Baseline compare failed',
-            self::CrossTenantPromotionPreflightGenerated->value => 'Cross-tenant promotion preflight generated',
-            self::CrossTenantPromotionExecutionQueued->value => 'Cross-tenant promotion execution queued',
-            self::CrossTenantPromotionExecutionCompleted->value => 'Cross-tenant promotion execution completed',
+            self::CrossEnvironmentPromotionPreflightGenerated->value => 'Cross-environment promotion preflight generated',
+            self::CrossEnvironmentPromotionExecutionQueued->value => 'Cross-environment promotion execution queued',
+            self::CrossEnvironmentPromotionExecutionCompleted->value => 'Cross-environment promotion execution completed',
             self::BaselineAssignmentCreated->value => 'Baseline assignment created',
             self::BaselineAssignmentUpdated->value => 'Baseline assignment updated',
             self::BaselineAssignmentDeleted->value => 'Baseline assignment deleted',
@@ -274,17 +274,17 @@ private static function labels(): array
             self::EvidenceSnapshotRefreshed->value => 'Evidence snapshot refreshed',
             self::EvidenceSnapshotExpired->value => 'Evidence snapshot expired',
             self::EvidenceSnapshotOpened->value => 'Evidence snapshot opened',
-            self::TenantReviewCreated->value => 'ManagedEnvironment review created',
-            self::TenantReviewRefreshed->value => 'ManagedEnvironment review refreshed',
-            self::TenantReviewPublished->value => 'ManagedEnvironment review published',
-            self::TenantReviewArchived->value => 'ManagedEnvironment review archived',
-            self::TenantReviewOpened->value => 'ManagedEnvironment review opened',
-            self::TenantReviewExported->value => 'ManagedEnvironment review exported',
-            self::TenantReviewSuccessorCreated->value => 'ManagedEnvironment review next cycle created',
+            self::EnvironmentReviewCreated->value => 'ManagedEnvironment review created',
+            self::EnvironmentReviewRefreshed->value => 'ManagedEnvironment review refreshed',
+            self::EnvironmentReviewPublished->value => 'ManagedEnvironment review published',
+            self::EnvironmentReviewArchived->value => 'ManagedEnvironment review archived',
+            self::EnvironmentReviewOpened->value => 'ManagedEnvironment review opened',
+            self::EnvironmentReviewExported->value => 'ManagedEnvironment review exported',
+            self::EnvironmentReviewSuccessorCreated->value => 'ManagedEnvironment review next cycle created',
             self::CustomerReviewWorkspaceOpened->value => 'Customer review workspace opened',
             self::ReviewPackDownloaded->value => 'Review pack downloaded',
-            self::TenantTriageReviewMarkedReviewed->value => 'Triage review marked reviewed',
-            self::TenantTriageReviewMarkedFollowUpNeeded->value => 'Triage review marked follow-up needed',
+            self::ManagedEnvironmentTriageReviewMarkedReviewed->value => 'Triage review marked reviewed',
+            self::ManagedEnvironmentTriageReviewMarkedFollowUpNeeded->value => 'Triage review marked follow-up needed',
             self::SupportDiagnosticsOpened->value => 'Support diagnostics opened',
             self::SupportRequestCreated->value => 'Support request created',
             self::SupportRequestExternalTicketCreated->value => 'Support request external ticket created',
@@ -362,9 +362,9 @@ private static function summaries(): array
             self::BaselineProfileUpdated->value => 'Baseline profile updated',
             self::BaselineProfileArchived->value => 'Baseline profile archived',
             self::BaselineProfileScopeBackfilled->value => 'Baseline profile scope backfilled',
-            self::CrossTenantPromotionPreflightGenerated->value => 'Cross-tenant promotion preflight generated',
-            self::CrossTenantPromotionExecutionQueued->value => 'Cross-tenant promotion execution queued',
-            self::CrossTenantPromotionExecutionCompleted->value => 'Cross-tenant promotion execution completed',
+            self::CrossEnvironmentPromotionPreflightGenerated->value => 'Cross-environment promotion preflight generated',
+            self::CrossEnvironmentPromotionExecutionQueued->value => 'Cross-environment promotion execution queued',
+            self::CrossEnvironmentPromotionExecutionCompleted->value => 'Cross-environment promotion execution completed',
             self::AlertDestinationCreated->value => 'Alert destination created',
             self::AlertDestinationUpdated->value => 'Alert destination updated',
             self::AlertDestinationDeleted->value => 'Alert destination deleted',
@@ -388,13 +388,13 @@ private static function summaries(): array
             self::EvidenceSnapshotRefreshed->value => 'Evidence snapshot refreshed',
             self::EvidenceSnapshotExpired->value => 'Evidence snapshot expired',
             self::EvidenceSnapshotOpened->value => 'Evidence snapshot opened',
-            self::TenantReviewCreated->value => 'ManagedEnvironment review created',
-            self::TenantReviewRefreshed->value => 'ManagedEnvironment review refreshed',
-            self::TenantReviewPublished->value => 'ManagedEnvironment review published',
-            self::TenantReviewArchived->value => 'ManagedEnvironment review archived',
-            self::TenantReviewOpened->value => 'ManagedEnvironment review opened',
-            self::TenantReviewExported->value => 'ManagedEnvironment review exported',
-            self::TenantReviewSuccessorCreated->value => 'ManagedEnvironment review next cycle created',
+            self::EnvironmentReviewCreated->value => 'ManagedEnvironment review created',
+            self::EnvironmentReviewRefreshed->value => 'ManagedEnvironment review refreshed',
+            self::EnvironmentReviewPublished->value => 'ManagedEnvironment review published',
+            self::EnvironmentReviewArchived->value => 'ManagedEnvironment review archived',
+            self::EnvironmentReviewOpened->value => 'ManagedEnvironment review opened',
+            self::EnvironmentReviewExported->value => 'ManagedEnvironment review exported',
+            self::EnvironmentReviewSuccessorCreated->value => 'ManagedEnvironment review next cycle created',
             self::CustomerReviewWorkspaceOpened->value => 'Customer review workspace opened',
             self::ReviewPackDownloaded->value => 'Review pack downloaded',
             self::SupportDiagnosticsOpened->value => 'Support diagnostics opened',
diff --git a/apps/platform/app/Support/Auth/Capabilities.php b/apps/platform/app/Support/Auth/Capabilities.php
index 1eb49347..8623eabf 100644
--- a/apps/platform/app/Support/Auth/Capabilities.php
+++ b/apps/platform/app/Support/Auth/Capabilities.php
@@ -27,28 +27,28 @@ class Capabilities
 
     public const WORKSPACE_MEMBERSHIP_MANAGE = 'workspace_membership.manage';
 
-    // Managed tenant onboarding
-    public const WORKSPACE_MANAGED_TENANT_ONBOARD = 'workspace_managed_tenant.onboard';
+    // Managed environment onboarding
+    public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD = 'workspace_managed_environment.onboard';
 
-    public const WORKSPACE_MANAGED_TENANT_ONBOARD_IDENTIFY = 'workspace_managed_tenant.onboard.identify';
+    public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_IDENTIFY = 'workspace_managed_environment.onboard.identify';
 
-    public const WORKSPACE_MANAGED_TENANT_ONBOARD_CANCEL = 'workspace_managed_tenant.onboard.cancel';
+    public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CANCEL = 'workspace_managed_environment.onboard.cancel';
 
-    public const WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_VIEW = 'workspace_managed_tenant.onboard.connection.view';
+    public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_VIEW = 'workspace_managed_environment.onboard.connection.view';
 
-    public const WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE = 'workspace_managed_tenant.onboard.connection.manage';
+    public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE = 'workspace_managed_environment.onboard.connection.manage';
 
-    public const WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE_DEDICATED = 'workspace_managed_tenant.onboard.connection.manage_dedicated';
+    public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE_DEDICATED = 'workspace_managed_environment.onboard.connection.manage_dedicated';
 
-    public const WORKSPACE_MANAGED_TENANT_ONBOARD_VERIFICATION_START = 'workspace_managed_tenant.onboard.verification.start';
+    public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_VERIFICATION_START = 'workspace_managed_environment.onboard.verification.start';
 
-    public const WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC = 'workspace_managed_tenant.onboard.bootstrap.inventory_sync';
+    public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC = 'workspace_managed_environment.onboard.bootstrap.inventory_sync';
 
-    public const WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_POLICY_SYNC = 'workspace_managed_tenant.onboard.bootstrap.policy_sync';
+    public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_POLICY_SYNC = 'workspace_managed_environment.onboard.bootstrap.policy_sync';
 
-    public const WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_BACKUP_BOOTSTRAP = 'workspace_managed_tenant.onboard.bootstrap.backup_bootstrap';
+    public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_BACKUP_BOOTSTRAP = 'workspace_managed_environment.onboard.bootstrap.backup_bootstrap';
 
-    public const WORKSPACE_MANAGED_TENANT_ONBOARD_ACTIVATE = 'workspace_managed_tenant.onboard.activate';
+    public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_ACTIVATE = 'workspace_managed_environment.onboard.activate';
 
     // Workspace settings
     public const WORKSPACE_SETTINGS_VIEW = 'workspace_settings.view';
@@ -146,12 +146,12 @@ class Capabilities
     public const REVIEW_PACK_MANAGE = 'review_pack.manage';
 
     // ManagedEnvironment reviews
-    public const TENANT_REVIEW_VIEW = 'tenant_review.view';
+    public const ENVIRONMENT_REVIEW_VIEW = 'environment_review.view';
 
-    public const TENANT_REVIEW_MANAGE = 'tenant_review.manage';
+    public const ENVIRONMENT_REVIEW_MANAGE = 'environment_review.manage';
 
     // Portfolio triage review progress
-    public const TENANT_TRIAGE_REVIEW_MANAGE = 'tenant_triage_review.manage';
+    public const MANAGED_ENVIRONMENT_TRIAGE_REVIEW_MANAGE = 'managed_environment_triage_review.manage';
 
     // Evidence snapshots
     public const EVIDENCE_VIEW = 'evidence.view';
diff --git a/apps/platform/app/Support/Badges/BadgeCatalog.php b/apps/platform/app/Support/Badges/BadgeCatalog.php
index a21eea57..1ded200b 100644
--- a/apps/platform/app/Support/Badges/BadgeCatalog.php
+++ b/apps/platform/app/Support/Badges/BadgeCatalog.php
@@ -42,7 +42,7 @@ final class BadgeCatalog
         BadgeDomain::TenantStatus->value => Domains\TenantStatusBadge::class,
         BadgeDomain::TenantWorkspacePosture->value => Domains\TenantWorkspacePostureBadge::class,
         BadgeDomain::TenantRbacStatus->value => Domains\TenantRbacStatusBadge::class,
-        BadgeDomain::TenantPermissionStatus->value => Domains\TenantPermissionStatusBadge::class,
+        BadgeDomain::ManagedEnvironmentPermissionStatus->value => Domains\ManagedEnvironmentPermissionStatusBadge::class,
         BadgeDomain::PolicySnapshotMode->value => Domains\PolicySnapshotModeBadge::class,
         BadgeDomain::PolicyRestoreMode->value => Domains\PolicyRestoreModeBadge::class,
         BadgeDomain::PolicyRisk->value => Domains\PolicyRiskBadge::class,
@@ -53,7 +53,7 @@ final class BadgeCatalog
         BadgeDomain::ProviderConsentStatus->value => Domains\ProviderConsentStatusBadge::class,
         BadgeDomain::ProviderVerificationStatus->value => Domains\ProviderVerificationStatusBadge::class,
         BadgeDomain::ProviderCapabilityStatus->value => Domains\ProviderCapabilityStatusBadge::class,
-        BadgeDomain::ManagedTenantOnboardingVerificationStatus->value => Domains\ManagedTenantOnboardingVerificationStatusBadge::class,
+        BadgeDomain::ManagedEnvironmentOnboardingVerificationStatus->value => Domains\ManagedEnvironmentOnboardingVerificationStatusBadge::class,
         BadgeDomain::VerificationCheckStatus->value => Domains\VerificationCheckStatusBadge::class,
         BadgeDomain::VerificationCheckSeverity->value => Domains\VerificationCheckSeverityBadge::class,
         BadgeDomain::VerificationReportOverall->value => Domains\VerificationReportOverallBadge::class,
@@ -66,9 +66,9 @@ final class BadgeCatalog
         BadgeDomain::CommercialLifecycleState->value => Domains\CommercialLifecycleStateBadge::class,
         BadgeDomain::EvidenceSnapshotStatus->value => Domains\EvidenceSnapshotStatusBadge::class,
         BadgeDomain::EvidenceCompleteness->value => Domains\EvidenceCompletenessBadge::class,
-        BadgeDomain::TenantReviewStatus->value => Domains\TenantReviewStatusBadge::class,
-        BadgeDomain::TenantReviewCompleteness->value => Domains\TenantReviewCompletenessStateBadge::class,
-        BadgeDomain::TenantTriageReviewState->value => Domains\TenantTriageReviewStateBadge::class,
+        BadgeDomain::EnvironmentReviewStatus->value => Domains\EnvironmentReviewStatusBadge::class,
+        BadgeDomain::EnvironmentReviewCompleteness->value => Domains\EnvironmentReviewCompletenessStateBadge::class,
+        BadgeDomain::ManagedEnvironmentTriageReviewState->value => Domains\ManagedEnvironmentTriageReviewStateBadge::class,
         BadgeDomain::SystemHealth->value => Domains\SystemHealthBadge::class,
         BadgeDomain::ReferenceResolutionState->value => Domains\ReferenceResolutionStateBadge::class,
         BadgeDomain::DiffRowStatus->value => Domains\DiffRowStatusBadge::class,
@@ -204,7 +204,7 @@ public static function normalizeProviderVerificationStatus(mixed $value): ?strin
         };
     }
 
-    public static function normalizeManagedTenantOnboardingVerificationStatus(mixed $value): ?string
+    public static function normalizeManagedEnvironmentOnboardingVerificationStatus(mixed $value): ?string
     {
         $state = self::normalizeState($value);
 
diff --git a/apps/platform/app/Support/Badges/BadgeDomain.php b/apps/platform/app/Support/Badges/BadgeDomain.php
index c09ce245..c94de4d0 100644
--- a/apps/platform/app/Support/Badges/BadgeDomain.php
+++ b/apps/platform/app/Support/Badges/BadgeDomain.php
@@ -33,7 +33,7 @@ enum BadgeDomain: string
     case TenantStatus = 'tenant_status';
     case TenantWorkspacePosture = 'tenant_workspace_posture';
     case TenantRbacStatus = 'tenant_rbac_status';
-    case TenantPermissionStatus = 'tenant_permission_status';
+    case ManagedEnvironmentPermissionStatus = 'managed_environment_permission_status';
     case PolicySnapshotMode = 'policy_snapshot_mode';
     case PolicyRestoreMode = 'policy_restore_mode';
     case PolicyRisk = 'policy_risk';
@@ -44,7 +44,7 @@ enum BadgeDomain: string
     case ProviderConsentStatus = 'provider_connection.consent_status';
     case ProviderVerificationStatus = 'provider_connection.verification_status';
     case ProviderCapabilityStatus = 'provider_capability_status';
-    case ManagedTenantOnboardingVerificationStatus = 'managed_tenant_onboarding.verification_status';
+    case ManagedEnvironmentOnboardingVerificationStatus = 'managed_environment_onboarding.verification_status';
     case VerificationCheckStatus = 'verification_check_status';
     case VerificationCheckSeverity = 'verification_check_severity';
     case VerificationReportOverall = 'verification_report_overall';
@@ -57,9 +57,9 @@ enum BadgeDomain: string
     case CommercialLifecycleState = 'commercial_lifecycle_state';
     case EvidenceSnapshotStatus = 'evidence_snapshot_status';
     case EvidenceCompleteness = 'evidence_completeness';
-    case TenantReviewStatus = 'tenant_review_status';
-    case TenantReviewCompleteness = 'tenant_review_completeness';
-    case TenantTriageReviewState = 'tenant_triage_review_state';
+    case EnvironmentReviewStatus = 'environment_review_status';
+    case EnvironmentReviewCompleteness = 'environment_review_completeness';
+    case ManagedEnvironmentTriageReviewState = 'managed_environment_triage_review_state';
     case SystemHealth = 'system_health';
     case ReferenceResolutionState = 'reference_resolution_state';
     case DiffRowStatus = 'diff_row_status';
diff --git a/apps/platform/app/Support/Badges/Domains/EnvironmentReviewCompletenessStateBadge.php b/apps/platform/app/Support/Badges/Domains/EnvironmentReviewCompletenessStateBadge.php
new file mode 100644
index 00000000..5f23d8b5
--- /dev/null
+++ b/apps/platform/app/Support/Badges/Domains/EnvironmentReviewCompletenessStateBadge.php
@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Support\Badges\Domains;
+
+use App\Support\Badges\BadgeCatalog;
+use App\Support\Badges\BadgeDomain;
+use App\Support\Badges\BadgeMapper;
+use App\Support\Badges\BadgeSpec;
+use App\Support\Badges\OperatorOutcomeTaxonomy;
+use App\Support\EnvironmentReviewCompletenessState;
+
+final class EnvironmentReviewCompletenessStateBadge implements BadgeMapper
+{
+    public function spec(mixed $value): BadgeSpec
+    {
+        $state = BadgeCatalog::normalizeState($value);
+
+        return match ($state) {
+            EnvironmentReviewCompletenessState::Complete->value => OperatorOutcomeTaxonomy::spec(BadgeDomain::EnvironmentReviewCompleteness, $state, 'heroicon-m-check-circle'),
+            EnvironmentReviewCompletenessState::Partial->value => OperatorOutcomeTaxonomy::spec(BadgeDomain::EnvironmentReviewCompleteness, $state, 'heroicon-m-exclamation-triangle'),
+            EnvironmentReviewCompletenessState::Missing->value => OperatorOutcomeTaxonomy::spec(BadgeDomain::EnvironmentReviewCompleteness, $state, 'heroicon-m-clock'),
+            EnvironmentReviewCompletenessState::Stale->value => OperatorOutcomeTaxonomy::spec(BadgeDomain::EnvironmentReviewCompleteness, $state, 'heroicon-m-arrow-path'),
+            default => BadgeSpec::unknown(),
+        } ?? BadgeSpec::unknown();
+    }
+}
diff --git a/apps/platform/app/Support/Badges/Domains/EnvironmentReviewStatusBadge.php b/apps/platform/app/Support/Badges/Domains/EnvironmentReviewStatusBadge.php
new file mode 100644
index 00000000..6dd46901
--- /dev/null
+++ b/apps/platform/app/Support/Badges/Domains/EnvironmentReviewStatusBadge.php
@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Support\Badges\Domains;
+
+use App\Support\Badges\BadgeCatalog;
+use App\Support\Badges\BadgeMapper;
+use App\Support\Badges\BadgeSpec;
+use App\Support\EnvironmentReviewStatus;
+
+final class EnvironmentReviewStatusBadge implements BadgeMapper
+{
+    public function spec(mixed $value): BadgeSpec
+    {
+        $state = BadgeCatalog::normalizeState($value);
+
+        return match ($state) {
+            EnvironmentReviewStatus::Draft->value => new BadgeSpec('Draft', 'gray', 'heroicon-m-pencil-square'),
+            EnvironmentReviewStatus::Ready->value => new BadgeSpec('Ready', 'info', 'heroicon-m-check-circle'),
+            EnvironmentReviewStatus::Published->value => new BadgeSpec('Published', 'success', 'heroicon-m-check-badge'),
+            EnvironmentReviewStatus::Archived->value => new BadgeSpec('Archived', 'gray', 'heroicon-m-archive-box'),
+            EnvironmentReviewStatus::Superseded->value => new BadgeSpec('Superseded', 'warning', 'heroicon-m-arrow-path'),
+            EnvironmentReviewStatus::Failed->value => new BadgeSpec('Failed', 'danger', 'heroicon-m-x-circle'),
+            default => BadgeSpec::unknown(),
+        };
+    }
+}
diff --git a/apps/platform/app/Support/Badges/Domains/ManagedTenantOnboardingVerificationStatusBadge.php b/apps/platform/app/Support/Badges/Domains/ManagedEnvironmentOnboardingVerificationStatusBadge.php
similarity index 80%
rename from apps/platform/app/Support/Badges/Domains/ManagedTenantOnboardingVerificationStatusBadge.php
rename to apps/platform/app/Support/Badges/Domains/ManagedEnvironmentOnboardingVerificationStatusBadge.php
index b5eb2223..72cf0875 100644
--- a/apps/platform/app/Support/Badges/Domains/ManagedTenantOnboardingVerificationStatusBadge.php
+++ b/apps/platform/app/Support/Badges/Domains/ManagedEnvironmentOnboardingVerificationStatusBadge.php
@@ -6,11 +6,11 @@
 use App\Support\Badges\BadgeMapper;
 use App\Support\Badges\BadgeSpec;
 
-final class ManagedTenantOnboardingVerificationStatusBadge implements BadgeMapper
+final class ManagedEnvironmentOnboardingVerificationStatusBadge implements BadgeMapper
 {
     public function spec(mixed $value): BadgeSpec
     {
-        $state = BadgeCatalog::normalizeManagedTenantOnboardingVerificationStatus($value);
+        $state = BadgeCatalog::normalizeManagedEnvironmentOnboardingVerificationStatus($value);
 
         return match ($state) {
             'not_started' => new BadgeSpec('Not started', 'gray', 'heroicon-m-minus-circle'),
diff --git a/apps/platform/app/Support/Badges/Domains/TenantPermissionStatusBadge.php b/apps/platform/app/Support/Badges/Domains/ManagedEnvironmentPermissionStatusBadge.php
similarity index 89%
rename from apps/platform/app/Support/Badges/Domains/TenantPermissionStatusBadge.php
rename to apps/platform/app/Support/Badges/Domains/ManagedEnvironmentPermissionStatusBadge.php
index 5b069680..c9423eef 100644
--- a/apps/platform/app/Support/Badges/Domains/TenantPermissionStatusBadge.php
+++ b/apps/platform/app/Support/Badges/Domains/ManagedEnvironmentPermissionStatusBadge.php
@@ -6,7 +6,7 @@
 use App\Support\Badges\BadgeMapper;
 use App\Support\Badges\BadgeSpec;
 
-final class TenantPermissionStatusBadge implements BadgeMapper
+final class ManagedEnvironmentPermissionStatusBadge implements BadgeMapper
 {
     public function spec(mixed $value): BadgeSpec
     {
diff --git a/apps/platform/app/Support/Badges/Domains/ManagedEnvironmentTriageReviewStateBadge.php b/apps/platform/app/Support/Badges/Domains/ManagedEnvironmentTriageReviewStateBadge.php
new file mode 100644
index 00000000..6ddf55ed
--- /dev/null
+++ b/apps/platform/app/Support/Badges/Domains/ManagedEnvironmentTriageReviewStateBadge.php
@@ -0,0 +1,26 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Support\Badges\Domains;
+
+use App\Models\ManagedEnvironmentTriageReview;
+use App\Support\Badges\BadgeCatalog;
+use App\Support\Badges\BadgeMapper;
+use App\Support\Badges\BadgeSpec;
+
+final class ManagedEnvironmentTriageReviewStateBadge implements BadgeMapper
+{
+    public function spec(mixed $value): BadgeSpec
+    {
+        $state = BadgeCatalog::normalizeState($value);
+
+        return match ($state) {
+            ManagedEnvironmentTriageReview::DERIVED_STATE_NOT_REVIEWED => new BadgeSpec('Not reviewed', 'gray', 'heroicon-m-eye-slash'),
+            ManagedEnvironmentTriageReview::STATE_REVIEWED => new BadgeSpec('Reviewed', 'success', 'heroicon-m-check-circle'),
+            ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED => new BadgeSpec('Follow-up needed', 'danger', 'heroicon-m-exclamation-triangle'),
+            ManagedEnvironmentTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW => new BadgeSpec('Changed since review', 'warning', 'heroicon-m-arrow-path'),
+            default => BadgeSpec::unknown(),
+        };
+    }
+}
diff --git a/apps/platform/app/Support/Badges/Domains/TenantReviewCompletenessStateBadge.php b/apps/platform/app/Support/Badges/Domains/TenantReviewCompletenessStateBadge.php
deleted file mode 100644
index f6f53439..00000000
--- a/apps/platform/app/Support/Badges/Domains/TenantReviewCompletenessStateBadge.php
+++ /dev/null
@@ -1,28 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Support\Badges\Domains;
-
-use App\Support\Badges\BadgeCatalog;
-use App\Support\Badges\BadgeDomain;
-use App\Support\Badges\BadgeMapper;
-use App\Support\Badges\BadgeSpec;
-use App\Support\Badges\OperatorOutcomeTaxonomy;
-use App\Support\TenantReviewCompletenessState;
-
-final class TenantReviewCompletenessStateBadge implements BadgeMapper
-{
-    public function spec(mixed $value): BadgeSpec
-    {
-        $state = BadgeCatalog::normalizeState($value);
-
-        return match ($state) {
-            TenantReviewCompletenessState::Complete->value => OperatorOutcomeTaxonomy::spec(BadgeDomain::TenantReviewCompleteness, $state, 'heroicon-m-check-circle'),
-            TenantReviewCompletenessState::Partial->value => OperatorOutcomeTaxonomy::spec(BadgeDomain::TenantReviewCompleteness, $state, 'heroicon-m-exclamation-triangle'),
-            TenantReviewCompletenessState::Missing->value => OperatorOutcomeTaxonomy::spec(BadgeDomain::TenantReviewCompleteness, $state, 'heroicon-m-clock'),
-            TenantReviewCompletenessState::Stale->value => OperatorOutcomeTaxonomy::spec(BadgeDomain::TenantReviewCompleteness, $state, 'heroicon-m-arrow-path'),
-            default => BadgeSpec::unknown(),
-        } ?? BadgeSpec::unknown();
-    }
-}
diff --git a/apps/platform/app/Support/Badges/Domains/TenantReviewStatusBadge.php b/apps/platform/app/Support/Badges/Domains/TenantReviewStatusBadge.php
deleted file mode 100644
index 9a43942b..00000000
--- a/apps/platform/app/Support/Badges/Domains/TenantReviewStatusBadge.php
+++ /dev/null
@@ -1,28 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Support\Badges\Domains;
-
-use App\Support\Badges\BadgeCatalog;
-use App\Support\Badges\BadgeMapper;
-use App\Support\Badges\BadgeSpec;
-use App\Support\TenantReviewStatus;
-
-final class TenantReviewStatusBadge implements BadgeMapper
-{
-    public function spec(mixed $value): BadgeSpec
-    {
-        $state = BadgeCatalog::normalizeState($value);
-
-        return match ($state) {
-            TenantReviewStatus::Draft->value => new BadgeSpec('Draft', 'gray', 'heroicon-m-pencil-square'),
-            TenantReviewStatus::Ready->value => new BadgeSpec('Ready', 'info', 'heroicon-m-check-circle'),
-            TenantReviewStatus::Published->value => new BadgeSpec('Published', 'success', 'heroicon-m-check-badge'),
-            TenantReviewStatus::Archived->value => new BadgeSpec('Archived', 'gray', 'heroicon-m-archive-box'),
-            TenantReviewStatus::Superseded->value => new BadgeSpec('Superseded', 'warning', 'heroicon-m-arrow-path'),
-            TenantReviewStatus::Failed->value => new BadgeSpec('Failed', 'danger', 'heroicon-m-x-circle'),
-            default => BadgeSpec::unknown(),
-        };
-    }
-}
diff --git a/apps/platform/app/Support/Badges/Domains/TenantTriageReviewStateBadge.php b/apps/platform/app/Support/Badges/Domains/TenantTriageReviewStateBadge.php
deleted file mode 100644
index 44074753..00000000
--- a/apps/platform/app/Support/Badges/Domains/TenantTriageReviewStateBadge.php
+++ /dev/null
@@ -1,26 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-namespace App\Support\Badges\Domains;
-
-use App\Models\TenantTriageReview;
-use App\Support\Badges\BadgeCatalog;
-use App\Support\Badges\BadgeMapper;
-use App\Support\Badges\BadgeSpec;
-
-final class TenantTriageReviewStateBadge implements BadgeMapper
-{
-    public function spec(mixed $value): BadgeSpec
-    {
-        $state = BadgeCatalog::normalizeState($value);
-
-        return match ($state) {
-            TenantTriageReview::DERIVED_STATE_NOT_REVIEWED => new BadgeSpec('Not reviewed', 'gray', 'heroicon-m-eye-slash'),
-            TenantTriageReview::STATE_REVIEWED => new BadgeSpec('Reviewed', 'success', 'heroicon-m-check-circle'),
-            TenantTriageReview::STATE_FOLLOW_UP_NEEDED => new BadgeSpec('Follow-up needed', 'danger', 'heroicon-m-exclamation-triangle'),
-            TenantTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW => new BadgeSpec('Changed since review', 'warning', 'heroicon-m-arrow-path'),
-            default => BadgeSpec::unknown(),
-        };
-    }
-}
diff --git a/apps/platform/app/Support/Badges/OperatorOutcomeTaxonomy.php b/apps/platform/app/Support/Badges/OperatorOutcomeTaxonomy.php
index 1bbb7e53..86259fa9 100644
--- a/apps/platform/app/Support/Badges/OperatorOutcomeTaxonomy.php
+++ b/apps/platform/app/Support/Badges/OperatorOutcomeTaxonomy.php
@@ -475,7 +475,7 @@ final class OperatorOutcomeTaxonomy
                 'notes' => 'Evidence exists but is old enough that the operator should refresh it before relying on it.',
             ],
         ],
-        'tenant_review_completeness' => [
+        'environment_review_completeness' => [
             'complete' => [
                 'axis' => 'data_coverage',
                 'label' => 'Review inputs ready',
@@ -926,7 +926,7 @@ public static function curatedExamples(): array
             ['name' => 'Operation completed successfully', 'domain' => BadgeDomain::OperationRunOutcome, 'raw_value' => 'succeeded'],
             ['name' => 'Evidence not collected yet', 'domain' => BadgeDomain::EvidenceCompleteness, 'raw_value' => 'missing'],
             ['name' => 'Evidence refresh recommended', 'domain' => BadgeDomain::EvidenceCompleteness, 'raw_value' => 'stale'],
-            ['name' => 'Review input pending', 'domain' => BadgeDomain::TenantReviewCompleteness, 'raw_value' => 'missing'],
+            ['name' => 'Review input pending', 'domain' => BadgeDomain::EnvironmentReviewCompleteness, 'raw_value' => 'missing'],
             ['name' => 'Mixed evidence detail stays diagnostic', 'domain' => BadgeDomain::BaselineSnapshotFidelity, 'raw_value' => 'partial'],
             ['name' => 'Support limited stays diagnostic', 'domain' => BadgeDomain::BaselineSnapshotFidelity, 'raw_value' => 'unsupported'],
             ['name' => 'Coverage gaps need review', 'domain' => BadgeDomain::BaselineSnapshotGapStatus, 'raw_value' => 'gaps_present'],
diff --git a/apps/platform/app/Support/CustomerHealth/WorkspaceHealthSummaryQuery.php b/apps/platform/app/Support/CustomerHealth/WorkspaceHealthSummaryQuery.php
index 6ed3e281..a4de79bf 100644
--- a/apps/platform/app/Support/CustomerHealth/WorkspaceHealthSummaryQuery.php
+++ b/apps/platform/app/Support/CustomerHealth/WorkspaceHealthSummaryQuery.php
@@ -12,7 +12,7 @@
 use App\Models\ProviderConnection;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\Workspace;
 use App\Support\Onboarding\OnboardingLifecycleState;
 use App\Support\OperationRunOutcome;
@@ -78,7 +78,7 @@ public function summaries(SystemConsoleWindow|string|null $window = null, ?Carbo
 
         $tenantsByWorkspace = $activeTenants->groupBy(static fn (ManagedEnvironment $tenant): int => (int) $tenant->workspace_id);
 
-        $latestOnboardingSessions = TenantOnboardingSession::query()
+        $latestOnboardingSessions = ManagedEnvironmentOnboardingSession::query()
             ->whereIn('workspace_id', $workspaceIds)
             ->where(function (Builder $query): void {
                 $this->constrainToActiveTenantTruth($query);
@@ -86,8 +86,8 @@ public function summaries(SystemConsoleWindow|string|null $window = null, ?Carbo
             ->orderByDesc('updated_at')
             ->orderByDesc('id')
             ->get(['id', 'workspace_id', 'managed_environment_id', 'lifecycle_state', 'updated_at', 'created_at'])
-            ->groupBy(static fn (TenantOnboardingSession $session): int => (int) $session->workspace_id)
-            ->map(static fn (Collection $sessions): ?TenantOnboardingSession => $sessions->first());
+            ->groupBy(static fn (ManagedEnvironmentOnboardingSession $session): int => (int) $session->workspace_id)
+            ->map(static fn (Collection $sessions): ?ManagedEnvironmentOnboardingSession => $sessions->first());
 
         $providerConnectionsByWorkspace = ProviderConnection::query()
             ->whereIn('workspace_id', $workspaceIds)
@@ -268,7 +268,7 @@ public function summaries(SystemConsoleWindow|string|null $window = null, ?Carbo
                 $workspaceId = (int) $workspace->getKey();
                 /** @var Collection<int, ManagedEnvironment> $workspaceTenants */
                 $workspaceTenants = $tenantsByWorkspace->get($workspaceId, collect());
-                /** @var TenantOnboardingSession|null $latestOnboardingSession */
+                /** @var ManagedEnvironmentOnboardingSession|null $latestOnboardingSession */
                 $latestOnboardingSession = $latestOnboardingSessions->get($workspaceId);
                 /** @var Collection<int, ProviderConnection> $providerConnections */
                 $providerConnections = $providerConnectionsByWorkspace->get($workspaceId, collect());
@@ -426,7 +426,7 @@ private function resolveWindow(SystemConsoleWindow|string|null $window): SystemC
      */
     private function buildDimensions(
         Collection $tenants,
-        ?TenantOnboardingSession $latestOnboardingSession,
+        ?ManagedEnvironmentOnboardingSession $latestOnboardingSession,
         Collection $providerConnections,
         int $recentRunCount,
         int $recentFailedRunCount,
@@ -473,9 +473,9 @@ private function buildDimensions(
     /**
      * @param  Collection<int, ManagedEnvironment>  $tenants
      */
-    private function onboardingReadinessLevel(Collection $tenants, ?TenantOnboardingSession $latestOnboardingSession): string
+    private function onboardingReadinessLevel(Collection $tenants, ?ManagedEnvironmentOnboardingSession $latestOnboardingSession): string
     {
-        if ($latestOnboardingSession instanceof TenantOnboardingSession) {
+        if ($latestOnboardingSession instanceof ManagedEnvironmentOnboardingSession) {
             return match ($latestOnboardingSession->lifecycleState()) {
                 OnboardingLifecycleState::ReadyForActivation,
                 OnboardingLifecycleState::Completed => 'ok',
diff --git a/apps/platform/app/Support/TenantDashboard/TenantDashboardSummary.php b/apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummary.php
similarity index 95%
rename from apps/platform/app/Support/TenantDashboard/TenantDashboardSummary.php
rename to apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummary.php
index f2734846..0d61e5d7 100644
--- a/apps/platform/app/Support/TenantDashboard/TenantDashboardSummary.php
+++ b/apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummary.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-namespace App\Support\TenantDashboard;
+namespace App\Support\EnvironmentDashboard;
 
-final readonly class TenantDashboardSummary
+final readonly class EnvironmentDashboardSummary
 {
     /**
     * @param  array{workspace:string,tenant:string,provider:?string,providerKey:?string,latestActivity:?string}  $context
diff --git a/apps/platform/app/Support/TenantDashboard/TenantDashboardSummaryBuilder.php b/apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummaryBuilder.php
similarity index 95%
rename from apps/platform/app/Support/TenantDashboard/TenantDashboardSummaryBuilder.php
rename to apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummaryBuilder.php
index 02e13d9f..555aceb7 100644
--- a/apps/platform/app/Support/TenantDashboard/TenantDashboardSummaryBuilder.php
+++ b/apps/platform/app/Support/EnvironmentDashboard/EnvironmentDashboardSummaryBuilder.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace App\Support\TenantDashboard;
+namespace App\Support\EnvironmentDashboard;
 
 use App\Filament\Pages\BaselineCompareLanding;
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
@@ -12,7 +12,7 @@
 use App\Filament\Resources\FindingExceptionResource;
 use App\Filament\Resources\FindingResource;
 use App\Filament\Resources\ReviewPackResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\EvidenceSnapshot;
 use App\Models\Finding;
 use App\Models\FindingException;
@@ -20,9 +20,9 @@
 use App\Models\ProviderConnection;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 use App\Support\Auth\Capabilities;
 use App\Support\Badges\BadgeDomain;
 use App\Support\Badges\BadgeRenderer;
@@ -46,16 +46,16 @@
 use Illuminate\Support\Collection;
 use Illuminate\Support\Str;
 
-final class TenantDashboardSummaryBuilder
+final class EnvironmentDashboardSummaryBuilder
 {
     public function __construct(
         private readonly TenantGovernanceAggregateResolver $tenantGovernanceAggregateResolver,
         private readonly TenantBackupHealthResolver $tenantBackupHealthResolver,
         private readonly RestoreSafetyResolver $restoreSafetyResolver,
-        private readonly TenantRequiredPermissionsViewModelBuilder $tenantRequiredPermissionsViewModelBuilder,
+        private readonly ManagedEnvironmentRequiredPermissionsViewModelBuilder $tenantRequiredPermissionsViewModelBuilder,
     ) {}
 
-    public function build(ManagedEnvironment $tenant, ?User $user = null): TenantDashboardSummary
+    public function build(ManagedEnvironment $tenant, ?User $user = null): EnvironmentDashboardSummary
     {
         $tenant->loadMissing('workspace', 'providerConnections');
 
@@ -70,7 +70,7 @@ public function build(ManagedEnvironment $tenant, ?User $user = null): TenantDas
         if ($request?->attributes->has($cacheKey)) {
             $cached = $request->attributes->get($cacheKey);
 
-            if ($cached instanceof TenantDashboardSummary) {
+            if ($cached instanceof EnvironmentDashboardSummary) {
                 return $cached;
             }
         }
@@ -84,7 +84,7 @@ public function build(ManagedEnvironment $tenant, ?User $user = null): TenantDas
             'status' => 'missing',
         ]);
 
-        $latestReview = $this->latestTenantReview($tenant);
+        $latestReview = $this->latestEnvironmentReview($tenant);
         $latestReviewPack = $this->latestReviewPack($tenant);
         $latestEvidenceSnapshot = $this->latestEvidenceSnapshot($tenant);
         $exceptionStats = $this->exceptionStats($tenant);
@@ -102,7 +102,7 @@ public function build(ManagedEnvironment $tenant, ?User $user = null): TenantDas
             exceptionStats: $exceptionStats,
         );
 
-        $summary = new TenantDashboardSummary(
+        $summary = new EnvironmentDashboardSummary(
             context: [
                 'workspace' => (string) ($tenant->workspace?->name ?? $this->overviewText('context_workspace')),
                 'tenant' => (string) $tenant->name,
@@ -186,7 +186,7 @@ private function providerChipKey(?ProviderConnection $connection): ?string
      */
     private function latestActivityLabel(
         ?ProviderConnection $primaryProviderConnection,
-        ?TenantReview $latestReview,
+        ?EnvironmentReview $latestReview,
         ?ReviewPack $latestReviewPack,
         ?EvidenceSnapshot $latestEvidenceSnapshot,
         array $recentOperations,
@@ -207,7 +207,7 @@ private function latestActivityLabel(
      */
     private function latestActivityTimestamp(
         ?ProviderConnection $primaryProviderConnection,
-        ?TenantReview $latestReview,
+        ?EnvironmentReview $latestReview,
         ?ReviewPack $latestReviewPack,
         ?EvidenceSnapshot $latestEvidenceSnapshot,
         array $recentOperations,
@@ -243,9 +243,9 @@ private function latestActivityTimestamp(
         return $candidates[0];
     }
 
-    private function latestTenantReview(ManagedEnvironment $tenant): ?TenantReview
+    private function latestEnvironmentReview(ManagedEnvironment $tenant): ?EnvironmentReview
     {
-        return TenantReview::query()
+        return EnvironmentReview::query()
             ->with(['tenant', 'evidenceSnapshot', 'currentExportReviewPack'])
             ->where('managed_environment_id', (int) $tenant->getKey())
             ->latest('generated_at')
@@ -256,7 +256,7 @@ private function latestTenantReview(ManagedEnvironment $tenant): ?TenantReview
     private function latestReviewPack(ManagedEnvironment $tenant): ?ReviewPack
     {
         return ReviewPack::query()
-            ->with(['tenant', 'tenantReview'])
+            ->with(['tenant', 'environmentReview'])
             ->where('managed_environment_id', (int) $tenant->getKey())
             ->latest('generated_at')
             ->latest('id')
@@ -599,7 +599,7 @@ private function recommendedActions(
         TenantBackupHealthAssessment $backupHealth,
         array $recoveryEvidence,
         array $requiredPermissions,
-        ?TenantReview $latestReview,
+        ?EnvironmentReview $latestReview,
         ?ReviewPack $latestReviewPack,
         array $exceptionStats,
     ): array {
@@ -714,7 +714,7 @@ private function recommendedActions(
             );
         }
 
-        if ($latestReview instanceof TenantReview && $latestReviewPack?->status !== 'ready') {
+        if ($latestReview instanceof EnvironmentReview && $latestReviewPack?->status !== 'ready') {
             $candidates[] = $this->actionCandidate(
                 priority: 80,
                 key: 'continue_review',
@@ -743,7 +743,7 @@ private function governanceStatus(
         TenantGovernanceAggregate $aggregate,
         TenantBackupHealthAssessment $backupHealth,
         array $requiredPermissions,
-        ?TenantReview $latestReview,
+        ?EnvironmentReview $latestReview,
         ?EvidenceSnapshot $latestEvidenceSnapshot,
     ): array {
         $overview = is_array($requiredPermissions['overview'] ?? null)
@@ -782,7 +782,7 @@ private function governanceStatus(
                 'value' => $this->reviewValue($latestReview),
                 'tone' => $this->reviewTone($latestReview),
                 'description' => $this->reviewDescription($latestReview),
-                ...$this->tenantReviewAction($tenant, $user, $this->reviewSurfaceActionLabel($tenant, $user, $latestReview), $latestReview),
+                ...$this->environmentReviewAction($tenant, $user, $this->reviewSurfaceActionLabel($tenant, $user, $latestReview), $latestReview),
             ],
             [
                 'key' => 'provider_permissions',
@@ -815,7 +815,7 @@ private function readinessCards(
         ?User $user,
         ?ProviderConnection $primaryProviderConnection,
         array $requiredPermissions,
-        ?TenantReview $latestReview,
+        ?EnvironmentReview $latestReview,
         ?ReviewPack $latestReviewPack,
         ?EvidenceSnapshot $latestEvidenceSnapshot,
         array $exceptionStats,
@@ -831,18 +831,18 @@ private function readinessCards(
     /**
      * @return array<string, mixed>
      */
-    private function currentReviewCard(ManagedEnvironment $tenant, ?User $user, ?TenantReview $latestReview): array
+    private function currentReviewCard(ManagedEnvironment $tenant, ?User $user, ?EnvironmentReview $latestReview): array
     {
         $timestamp = $latestReview?->published_at ?? $latestReview?->generated_at ?? $latestReview?->updated_at;
 
         return [
             'key' => 'current_review',
             'title' => $this->overviewText('readiness_current_review_title'),
-            'status' => $latestReview instanceof TenantReview
+            'status' => $latestReview instanceof EnvironmentReview
                 ? $this->reviewValue($latestReview)
                 : $this->overviewText('readiness_current_review_empty_status'),
-            'tone' => $latestReview instanceof TenantReview ? $this->reviewTone($latestReview) : 'gray',
-            'body' => $latestReview instanceof TenantReview
+            'tone' => $latestReview instanceof EnvironmentReview ? $this->reviewTone($latestReview) : 'gray',
+            'body' => $latestReview instanceof EnvironmentReview
                 ? $this->reviewDescription($latestReview)
                 : $this->overviewText('readiness_current_review_empty_description'),
             'progress' => $this->reviewProgress($latestReview),
@@ -852,7 +852,7 @@ private function currentReviewCard(ManagedEnvironment $tenant, ?User $user, ?Ten
                     $this->relativeTime($timestamp),
                 ),
             ),
-            ...$this->tenantReviewAction($tenant, $user, $this->reviewSurfaceActionLabel($tenant, $user, $latestReview), $latestReview),
+            ...$this->environmentReviewAction($tenant, $user, $this->reviewSurfaceActionLabel($tenant, $user, $latestReview), $latestReview),
         ];
     }
 
@@ -1061,8 +1061,8 @@ private function recentOperationIcon(string $operationType): string
     {
         return match (OperationCatalog::canonicalCode($operationType)) {
             'inventory.sync' => 'heroicon-m-arrow-path',
-            'tenant.review_pack.generate' => 'heroicon-m-document-arrow-down',
-            'tenant.review.compose' => 'heroicon-m-document-text',
+            'environment.review_pack.generate' => 'heroicon-m-document-arrow-down',
+            'environment.review.compose' => 'heroicon-m-document-text',
             'tenant.evidence.snapshot.generate' => 'heroicon-m-document-duplicate',
             'baseline.compare' => 'heroicon-m-arrows-right-left',
             'provider.connection.check', 'rbac.health_check' => 'heroicon-m-shield-check',
@@ -1157,16 +1157,16 @@ private function riskExceptionsAction(ManagedEnvironment $tenant, ?User $user, s
     /**
      * @return array{actionLabel:string,actionUrl:?string,actionDisabled:bool,helperText:?string}
      */
-    private function tenantReviewAction(ManagedEnvironment $tenant, ?User $user, string $label, ?TenantReview $review = null): array
+    private function environmentReviewAction(ManagedEnvironment $tenant, ?User $user, string $label, ?EnvironmentReview $review = null): array
     {
-        $canOpen = $this->canOpenTenantCapability($tenant, $user, Capabilities::TENANT_REVIEW_VIEW);
+        $canOpen = $this->canOpenTenantCapability($tenant, $user, Capabilities::ENVIRONMENT_REVIEW_VIEW);
 
         $url = null;
 
         if ($canOpen) {
-            $url = $review instanceof TenantReview
-                ? TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant)
-                : TenantReviewResource::tenantScopedUrl('index', tenant: $tenant);
+            $url = $review instanceof EnvironmentReview
+                ? EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant)
+                : EnvironmentReviewResource::tenantScopedUrl('index', tenant: $tenant);
         }
 
         return $this->actionPayload(
@@ -1179,13 +1179,13 @@ private function tenantReviewAction(ManagedEnvironment $tenant, ?User $user, str
     /**
      * @return array{actionLabel:string,actionUrl:?string,actionDisabled:bool,helperText:?string}
      */
-    private function continueReviewAction(ManagedEnvironment $tenant, ?User $user, TenantReview $review): array
+    private function continueReviewAction(ManagedEnvironment $tenant, ?User $user, EnvironmentReview $review): array
     {
-        $canContinue = $this->canOpenTenantCapability($tenant, $user, Capabilities::TENANT_REVIEW_MANAGE);
+        $canContinue = $this->canOpenTenantCapability($tenant, $user, Capabilities::ENVIRONMENT_REVIEW_MANAGE);
 
         return $this->actionPayload(
             label: $this->overviewText('action_continue_review'),
-            url: $canContinue ? TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant) : null,
+            url: $canContinue ? EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant) : null,
             helperText: $canContinue ? null : $this->overviewText('helper_continue_review_requires_manage'),
         );
     }
@@ -1220,7 +1220,7 @@ private function customerWorkspaceAction(ManagedEnvironment $tenant, ?User $user
         $canOpenWorkspace = $user instanceof User
             && $user->canAccessTenant($tenant)
             && (
-                $user->can(Capabilities::TENANT_REVIEW_VIEW, $tenant)
+                $user->can(Capabilities::ENVIRONMENT_REVIEW_VIEW, $tenant)
                 || $user->can(Capabilities::REVIEW_PACK_VIEW, $tenant)
                 || $user->can(Capabilities::EVIDENCE_VIEW, $tenant)
             );
@@ -1507,13 +1507,13 @@ private function canOpenTenantCapability(ManagedEnvironment $tenant, ?User $user
             && $user->can($capability, $tenant);
     }
 
-    private function reviewSurfaceActionLabel(ManagedEnvironment $tenant, ?User $user, ?TenantReview $review): string
+    private function reviewSurfaceActionLabel(ManagedEnvironment $tenant, ?User $user, ?EnvironmentReview $review): string
     {
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return $this->overviewText('action_open_reviews');
         }
 
-        return $this->canOpenTenantCapability($tenant, $user, Capabilities::TENANT_REVIEW_MANAGE)
+        return $this->canOpenTenantCapability($tenant, $user, Capabilities::ENVIRONMENT_REVIEW_MANAGE)
             ? $this->overviewText('action_continue_review')
             : $this->overviewText('action_open_review');
     }
@@ -1545,27 +1545,27 @@ private function evidenceCoverageDescription(?EvidenceSnapshot $snapshot): strin
         return $this->overviewText('evidence_generated_prefix', ['time' => $snapshot->generated_at?->diffForHumans()]);
     }
 
-    private function reviewValue(?TenantReview $review): string
+    private function reviewValue(?EnvironmentReview $review): string
     {
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return $this->overviewText('status_not_ready');
         }
 
-        return BadgeRenderer::spec(BadgeDomain::TenantReviewStatus, (string) $review->status)->label;
+        return BadgeRenderer::spec(BadgeDomain::EnvironmentReviewStatus, (string) $review->status)->label;
     }
 
-    private function reviewTone(?TenantReview $review): string
+    private function reviewTone(?EnvironmentReview $review): string
     {
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return 'warning';
         }
 
-        return BadgeRenderer::spec(BadgeDomain::TenantReviewStatus, (string) $review->status)->color;
+        return BadgeRenderer::spec(BadgeDomain::EnvironmentReviewStatus, (string) $review->status)->color;
     }
 
-    private function reviewDescription(?TenantReview $review): string
+    private function reviewDescription(?EnvironmentReview $review): string
     {
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return $this->overviewText('review_unavailable_description');
         }
 
@@ -1577,9 +1577,9 @@ private function reviewDescription(?TenantReview $review): string
     /**
      * @return list<array<string, int|string>>
      */
-    private function reviewProgress(?TenantReview $review): array
+    private function reviewProgress(?EnvironmentReview $review): array
     {
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return [];
         }
 
diff --git a/apps/platform/app/Support/TenantReviewCompletenessState.php b/apps/platform/app/Support/EnvironmentReviewCompletenessState.php
similarity index 88%
rename from apps/platform/app/Support/TenantReviewCompletenessState.php
rename to apps/platform/app/Support/EnvironmentReviewCompletenessState.php
index 59ba9972..1626db21 100644
--- a/apps/platform/app/Support/TenantReviewCompletenessState.php
+++ b/apps/platform/app/Support/EnvironmentReviewCompletenessState.php
@@ -4,7 +4,7 @@
 
 namespace App\Support;
 
-enum TenantReviewCompletenessState: string
+enum EnvironmentReviewCompletenessState: string
 {
     case Complete = 'complete';
     case Partial = 'partial';
diff --git a/apps/platform/app/Support/TenantReviewStatus.php b/apps/platform/app/Support/EnvironmentReviewStatus.php
similarity index 95%
rename from apps/platform/app/Support/TenantReviewStatus.php
rename to apps/platform/app/Support/EnvironmentReviewStatus.php
index 28208420..2a91f1e8 100644
--- a/apps/platform/app/Support/TenantReviewStatus.php
+++ b/apps/platform/app/Support/EnvironmentReviewStatus.php
@@ -4,7 +4,7 @@
 
 namespace App\Support;
 
-enum TenantReviewStatus: string
+enum EnvironmentReviewStatus: string
 {
     case Draft = 'draft';
     case Ready = 'ready';
diff --git a/apps/platform/app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php b/apps/platform/app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php
index a566350a..20e8398a 100644
--- a/apps/platform/app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php
+++ b/apps/platform/app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php
@@ -7,7 +7,7 @@
 use App\Models\EvidenceSnapshot;
 use App\Models\EvidenceSnapshotItem;
 use App\Models\Finding;
-use App\Support\TenantReviewCompletenessState;
+use App\Support\EnvironmentReviewCompletenessState;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Str;
@@ -414,11 +414,11 @@ private function snapshotLimitations(EvidenceSnapshot $snapshot, ?EvidenceSnapsh
         $limitations = [];
         $state = (string) ($findingsItem?->state ?? $snapshot->completeness_state);
 
-        if ($state === TenantReviewCompletenessState::Stale->value || (string) $snapshot->status === 'expired' || ($snapshot->expires_at !== null && $snapshot->expires_at->isPast())) {
+        if ($state === EnvironmentReviewCompletenessState::Stale->value || (string) $snapshot->status === 'expired' || ($snapshot->expires_at !== null && $snapshot->expires_at->isPast())) {
             $limitations[] = 'stale_evidence';
         }
 
-        if (in_array($state, [TenantReviewCompletenessState::Partial->value, TenantReviewCompletenessState::Missing->value], true)) {
+        if (in_array($state, [EnvironmentReviewCompletenessState::Partial->value, EnvironmentReviewCompletenessState::Missing->value], true)) {
             $limitations[] = 'partial_mapping';
         }
 
@@ -439,19 +439,19 @@ private function snapshotLimitations(EvidenceSnapshot $snapshot, ?EvidenceSnapsh
     private function sectionCompleteness(?EvidenceSnapshotItem $findingsItem, bool $noMappedControls, array $snapshotLimitations): string
     {
         if (! $findingsItem instanceof EvidenceSnapshotItem) {
-            return TenantReviewCompletenessState::Missing->value;
+            return EnvironmentReviewCompletenessState::Missing->value;
         }
 
         if (in_array('stale_evidence', $snapshotLimitations, true)) {
-            return TenantReviewCompletenessState::Stale->value;
+            return EnvironmentReviewCompletenessState::Stale->value;
         }
 
         if ($noMappedControls || in_array('partial_mapping', $snapshotLimitations, true)) {
-            return TenantReviewCompletenessState::Partial->value;
+            return EnvironmentReviewCompletenessState::Partial->value;
         }
 
-        return TenantReviewCompletenessState::tryFrom((string) $findingsItem->state)?->value
-            ?? TenantReviewCompletenessState::Missing->value;
+        return EnvironmentReviewCompletenessState::tryFrom((string) $findingsItem->state)?->value
+            ?? EnvironmentReviewCompletenessState::Missing->value;
     }
 
     private function proofAccessState(EvidenceSnapshot $snapshot): string
diff --git a/apps/platform/app/Support/GovernanceInbox/GovernanceInboxSectionBuilder.php b/apps/platform/app/Support/GovernanceInbox/GovernanceInboxSectionBuilder.php
index 9df88386..4b8867e7 100644
--- a/apps/platform/app/Support/GovernanceInbox/GovernanceInboxSectionBuilder.php
+++ b/apps/platform/app/Support/GovernanceInbox/GovernanceInboxSectionBuilder.php
@@ -11,22 +11,22 @@
 use App\Filament\Resources\AlertDeliveryResource;
 use App\Filament\Resources\FindingExceptionResource;
 use App\Filament\Resources\FindingResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\AlertDelivery;
 use App\Models\Finding;
 use App\Models\FindingException;
 use App\Models\OperationRun;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Models\User;
 use App\Models\Workspace;
-use App\Services\TenantReviews\TenantReviewRegisterService;
+use App\Services\EnvironmentReviews\EnvironmentReviewRegisterService;
 use App\Support\Auth\Capabilities;
 use App\Support\BackupHealth\TenantBackupHealthResolver;
 use App\Support\Navigation\CanonicalNavigationContext;
 use App\Support\OperationRunLinks;
 use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
-use App\Support\PortfolioTriage\TenantTriageReviewStateResolver;
+use App\Support\PortfolioTriage\ManagedEnvironmentTriageReviewStateResolver;
 use App\Support\RestoreSafety\RestoreSafetyResolver;
 use Illuminate\Support\Str;
 
@@ -49,8 +49,8 @@
     public function __construct(
         private TenantBackupHealthResolver $backupHealthResolver,
         private RestoreSafetyResolver $restoreSafetyResolver,
-        private TenantTriageReviewStateResolver $tenantTriageReviewStateResolver,
-        private TenantReviewRegisterService $tenantReviewRegisterService,
+        private ManagedEnvironmentTriageReviewStateResolver $managedEnvironmentTriageReviewStateResolver,
+        private EnvironmentReviewRegisterService $environmentReviewRegisterService,
     ) {}
 
     /**
@@ -477,13 +477,13 @@ private function reviewFollowUpSection(
             : array_keys($reviewTenants);
         $backupHealthByTenant = $this->backupHealthResolver->assessMany($tenantIds);
         $recoveryEvidenceByTenant = $this->restoreSafetyResolver->dashboardRecoveryEvidenceForTenants($tenantIds, $backupHealthByTenant);
-        $resolved = $this->tenantTriageReviewStateResolver->resolveMany(
+        $resolved = $this->managedEnvironmentTriageReviewStateResolver->resolveMany(
             workspaceId: (int) $workspace->getKey(),
             tenantIds: $tenantIds,
             backupHealthByTenant: $backupHealthByTenant,
             recoveryEvidenceByTenant: $recoveryEvidenceByTenant,
         );
-        $latestPublishedReviews = $this->tenantReviewRegisterService
+        $latestPublishedReviews = $this->environmentReviewRegisterService
             ->latestPublishedQuery($user, $workspace)
             ->get()
             ->keyBy('managed_environment_id')
@@ -509,8 +509,8 @@ private function reviewFollowUpSection(
                 $derivedState = $row['derived_state'] ?? null;
 
                 if (! in_array($derivedState, [
-                    TenantTriageReview::STATE_FOLLOW_UP_NEEDED,
-                    TenantTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW,
+                    ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED,
+                    ManagedEnvironmentTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW,
                 ], true)) {
                     continue;
                 }
@@ -893,11 +893,11 @@ private function reviewEntry(
         mixed $latestPublishedReview,
         ?CanonicalNavigationContext $navigationContext,
     ): array {
-        $state = (string) ($row['derived_state'] ?? TenantTriageReview::DERIVED_STATE_NOT_REVIEWED);
+        $state = (string) ($row['derived_state'] ?? ManagedEnvironmentTriageReview::DERIVED_STATE_NOT_REVIEWED);
         $familyLabel = $family === PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH
             ? 'Backup health'
             : 'Recovery evidence';
-        $headline = $state === TenantTriageReview::STATE_FOLLOW_UP_NEEDED
+        $headline = $state === ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED
             ? $familyLabel.' needs review follow-up'
             : $familyLabel.' changed since review';
         $sublineParts = array_values(array_filter([
@@ -909,19 +909,19 @@ private function reviewEntry(
                 : null,
         ]));
         $destinationUrl = $latestPublishedReview !== null
-            ? TenantReviewResource::tenantScopedUrl('view', ['record' => $latestPublishedReview], $tenant)
+            ? EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $latestPublishedReview], $tenant)
             : CustomerReviewWorkspace::tenantPrefilterUrl($tenant);
 
         return [
             'family_key' => 'review_follow_up',
-            'source_model' => TenantTriageReview::class,
+            'source_model' => ManagedEnvironmentTriageReview::class,
             'source_key' => (string) $tenant->getKey().':'.$family,
             'managed_environment_id' => (int) $tenant->getKey(),
             'tenant_label' => $tenant->name,
             'headline' => $headline,
             'subline' => $sublineParts === [] ? null : implode(' • ', $sublineParts),
-            'urgency_rank' => $state === TenantTriageReview::STATE_FOLLOW_UP_NEEDED ? 0 : 1,
-            'status_label' => $state === TenantTriageReview::STATE_FOLLOW_UP_NEEDED
+            'urgency_rank' => $state === ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED ? 0 : 1,
+            'status_label' => $state === ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED
                 ? 'Follow-up needed'
                 : 'Changed since review',
             'destination_url' => $this->appendQuery($destinationUrl, $navigationContext?->toQuery() ?? []),
diff --git a/apps/platform/app/Support/Livewire/TrustedState/TrustedStatePolicy.php b/apps/platform/app/Support/Livewire/TrustedState/TrustedStatePolicy.php
index f4443a63..9d1b776b 100644
--- a/apps/platform/app/Support/Livewire/TrustedState/TrustedStatePolicy.php
+++ b/apps/platform/app/Support/Livewire/TrustedState/TrustedStatePolicy.php
@@ -8,7 +8,7 @@
 
 final class TrustedStatePolicy
 {
-    public const MANAGED_TENANT_ONBOARDING_WIZARD = 'managed_tenant_onboarding_wizard';
+    public const MANAGED_ENVIRONMENT_ONBOARDING_WIZARD = 'managed_environment_onboarding_wizard';
 
     public const TENANT_REQUIRED_PERMISSIONS = 'tenant_required_permissions';
 
@@ -90,8 +90,8 @@ private function field(
     public function firstSlice(): array
     {
         return [
-            self::MANAGED_TENANT_ONBOARDING_WIZARD => [
-                'component_name' => 'Managed tenant onboarding wizard',
+            self::MANAGED_ENVIRONMENT_ONBOARDING_WIZARD => [
+                'component_name' => 'Managed environment onboarding wizard',
                 'plane' => 'admin_workspace',
                 'route_anchor' => 'onboarding_draft',
                 'authority_sources' => [
@@ -102,21 +102,21 @@ public function firstSlice(): array
                 ],
                 'locked_identities' => [
                     'workspace_id',
-                    'managed_tenant_id',
+                    'managed_environment_id',
                     'onboarding_session_id',
                 ],
                 'locked_identity_fields' => [
                     $this->field(
-                        name: 'managedTenantId',
+                        name: 'managedEnvironmentId',
                         stateClass: TrustedStateClass::LockedIdentity,
                         phpType: '?int',
                         sourceOfTruth: 'persisted_onboarding_draft',
                         usedForProtectedAction: true,
                         revalidationRequired: true,
                         implementationMarkers: [
-                            "#[Locked]\n    public ?int \$managedTenantId = null;",
-                            'public ?int $managedTenantId = null;',
-                            'currentManagedTenantRecord()',
+                            "#[Locked]\n    public ?int \$managedEnvironmentId = null;",
+                            'public ?int $managedEnvironmentId = null;',
+                            'currentManagedEnvironmentRecord()',
                         ],
                         notes: 'Continuity-only tenant identity; protected actions must re-resolve the tenant record before use.',
                     ),
@@ -184,34 +184,34 @@ public function firstSlice(): array
                     $this->field(
                         name: 'onboardingSession',
                         stateClass: TrustedStateClass::ServerDerivedAuthority,
-                        phpType: '?TenantOnboardingSession',
+                        phpType: '?ManagedEnvironmentOnboardingSession',
                         sourceOfTruth: 'persisted_onboarding_draft',
                         usedForProtectedAction: true,
                         revalidationRequired: true,
                         implementationMarkers: [
-                            'public ?TenantOnboardingSession $onboardingSession = null;',
+                            'public ?ManagedEnvironmentOnboardingSession $onboardingSession = null;',
                             'resolveOnboardingDraft(',
                             'currentOnboardingSessionRecord()',
                         ],
                         notes: 'Draft model instances remain convenience state only and are refreshed from canonical persisted draft truth.',
                     ),
                     $this->field(
-                        name: 'managedTenant',
+                        name: 'managedEnvironment',
                         stateClass: TrustedStateClass::ServerDerivedAuthority,
                         phpType: '?ManagedEnvironment',
                         sourceOfTruth: 'explicit_scoped_query',
                         usedForProtectedAction: true,
                         revalidationRequired: true,
                         implementationMarkers: [
-                            'public ?ManagedEnvironment $managedTenant = null;',
-                            'currentManagedTenantRecord()',
+                            'public ?ManagedEnvironment $managedEnvironment = null;',
+                            'currentManagedEnvironmentRecord()',
                         ],
                         notes: 'ManagedEnvironment model instances are display helpers only and must be re-derived from draft or scoped tenant queries.',
                     ),
                 ],
                 'forbidden_public_authority_fields' => [
                     'workspace',
-                    'managedTenant',
+                    'managedEnvironment',
                     'onboardingSession',
                 ],
             ],
diff --git a/apps/platform/app/Support/Livewire/TrustedState/TrustedStateResolver.php b/apps/platform/app/Support/Livewire/TrustedState/TrustedStateResolver.php
index 5869e17c..930d78f2 100644
--- a/apps/platform/app/Support/Livewire/TrustedState/TrustedStateResolver.php
+++ b/apps/platform/app/Support/Livewire/TrustedState/TrustedStateResolver.php
@@ -5,7 +5,7 @@
 namespace App\Support\Livewire\TrustedState;
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Services\Onboarding\OnboardingDraftResolver;
@@ -29,11 +29,11 @@ public function currentWorkspaceForMember(User $user, WorkspaceContext $workspac
     }
 
     public function resolveOnboardingDraft(
-        TenantOnboardingSession|int|string $draft,
+        ManagedEnvironmentOnboardingSession|int|string $draft,
         User $user,
         Workspace $workspace,
         OnboardingDraftResolver $resolver,
-    ): TenantOnboardingSession {
+    ): ManagedEnvironmentOnboardingSession {
         return $resolver->resolveForTrustedAction($draft, $user, $workspace);
     }
 
diff --git a/apps/platform/app/Support/ManagedEnvironmentLinks.php b/apps/platform/app/Support/ManagedEnvironmentLinks.php
index 4c9afc5a..107691b0 100644
--- a/apps/platform/app/Support/ManagedEnvironmentLinks.php
+++ b/apps/platform/app/Support/ManagedEnvironmentLinks.php
@@ -22,7 +22,7 @@ public static function indexUrl(Workspace|ManagedEnvironment|null $scope = null,
             return url('/admin');
         }
 
-        return self::withQuery(route('admin.workspace.managed-tenants.index', [
+        return self::withQuery(route('admin.workspace.managed-environments.index', [
             'workspace' => self::workspaceRouteKey($workspace),
         ]), $query);
     }
@@ -40,7 +40,7 @@ public static function viewUrl(ManagedEnvironment $environment, array $query = [
 
         return self::withQuery(route('admin.workspace.environments.show', [
             'workspace' => self::workspaceRouteKey($workspace),
-            'tenant' => self::environmentRouteKey($environment),
+            'environment' => self::environmentRouteKey($environment),
         ]), $query);
     }
 
@@ -145,7 +145,7 @@ private static function environmentChildUrl(string $routeName, ManagedEnvironmen
 
         return self::withQuery(route($routeName, [
             'workspace' => self::workspaceRouteKey($workspace),
-            'tenant' => self::environmentRouteKey($environment),
+            'environment' => self::environmentRouteKey($environment),
         ]), $query);
     }
 
diff --git a/apps/platform/app/Support/Middleware/DenyNonMemberTenantAccess.php b/apps/platform/app/Support/Middleware/DenyNonMemberTenantAccess.php
index 71347601..c1cd7216 100644
--- a/apps/platform/app/Support/Middleware/DenyNonMemberTenantAccess.php
+++ b/apps/platform/app/Support/Middleware/DenyNonMemberTenantAccess.php
@@ -16,7 +16,7 @@ class DenyNonMemberTenantAccess
      */
     public function handle(Request $request, Closure $next): Response
     {
-        $tenant = $request->route()?->parameter('tenant');
+        $tenant = $request->route()?->parameter('environment') ?? $request->route()?->parameter('tenant');
 
         if (! $tenant instanceof ManagedEnvironment) {
             return $next($request);
diff --git a/apps/platform/app/Support/Middleware/EnsureFilamentTenantSelected.php b/apps/platform/app/Support/Middleware/EnsureFilamentTenantSelected.php
index a05431dc..571b2333 100644
--- a/apps/platform/app/Support/Middleware/EnsureFilamentTenantSelected.php
+++ b/apps/platform/app/Support/Middleware/EnsureFilamentTenantSelected.php
@@ -107,10 +107,10 @@ public function handle(Request $request, Closure $next): Response
             $workspace = $workspaceContext->currentWorkspace($request);
 
             if ($workspace !== null) {
-                return redirect()->route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]);
+                return redirect()->route('admin.workspace.managed-environments.index', ['workspace' => $workspace]);
             }
 
-            return redirect()->route('filament.admin.pages.choose-tenant');
+            return redirect()->route('filament.admin.pages.choose-environment');
         }
 
         if ($resolvedContext->pageCategory === TenantPageCategory::TenantBound && ! $resolvedContext->hasTenant()) {
@@ -139,7 +139,7 @@ public function handle(Request $request, Closure $next): Response
 
         if (
             str_starts_with($path, '/admin/workspaces/')
-            || in_array($path, ['/admin', '/admin/choose-workspace', '/admin/choose-tenant', '/admin/no-access', '/admin/alerts', '/admin/audit-log', '/admin/onboarding', '/admin/settings/workspace', '/admin/findings/my-work', '/admin/findings/intake', '/admin/findings/hygiene'], true)
+            || in_array($path, ['/admin', '/admin/choose-workspace', '/admin/choose-environment', '/admin/no-access', '/admin/alerts', '/admin/audit-log', '/admin/onboarding', '/admin/settings/workspace', '/admin/findings/my-work', '/admin/findings/intake', '/admin/findings/hygiene'], true)
         ) {
             $this->configureNavigationForRequest($panel);
 
diff --git a/apps/platform/app/Support/Navigation/CanonicalNavigationContext.php b/apps/platform/app/Support/Navigation/CanonicalNavigationContext.php
index 0ba51b9c..32ac418f 100644
--- a/apps/platform/app/Support/Navigation/CanonicalNavigationContext.php
+++ b/apps/platform/app/Support/Navigation/CanonicalNavigationContext.php
@@ -5,7 +5,7 @@
 namespace App\Support\Navigation;
 
 use App\Filament\Pages\BaselineCompareMatrix;
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
 use App\Models\BaselineProfile;
 use App\Models\ManagedEnvironment;
 use Filament\Facades\Filament;
@@ -102,7 +102,7 @@ public static function forTenantRegistry(string $backLinkUrl, ?int $tenantId = n
     {
         return new self(
             sourceSurface: 'tenant_registry',
-            canonicalRouteName: ListTenants::getRouteName(Filament::getPanel('admin')),
+            canonicalRouteName: ListManagedEnvironments::getRouteName(Filament::getPanel('admin')),
             tenantId: $tenantId,
             backLinkLabel: __('localization.shell.back_to_environment_registry'),
             backLinkUrl: $backLinkUrl,
diff --git a/apps/platform/app/Support/Onboarding/OnboardingCheckpoint.php b/apps/platform/app/Support/Onboarding/OnboardingCheckpoint.php
index 66b160d4..4e50898f 100644
--- a/apps/platform/app/Support/Onboarding/OnboardingCheckpoint.php
+++ b/apps/platform/app/Support/Onboarding/OnboardingCheckpoint.php
@@ -15,7 +15,7 @@ enum OnboardingCheckpoint: string
     public function label(): string
     {
         return match ($this) {
-            self::Identify => 'Identify managed tenant',
+            self::Identify => 'Identify managed environment',
             self::ConnectProvider => 'Connect provider',
             self::VerifyAccess => 'Verify access',
             self::Bootstrap => 'Bootstrap',
diff --git a/apps/platform/app/Support/Onboarding/OnboardingDraftStage.php b/apps/platform/app/Support/Onboarding/OnboardingDraftStage.php
index 30d74698..89987c27 100644
--- a/apps/platform/app/Support/Onboarding/OnboardingDraftStage.php
+++ b/apps/platform/app/Support/Onboarding/OnboardingDraftStage.php
@@ -17,7 +17,7 @@ enum OnboardingDraftStage: string
     public function label(): string
     {
         return match ($this) {
-            self::Identify => 'Identify managed tenant',
+            self::Identify => 'Identify managed environment',
             self::ConnectProvider => 'Connect provider',
             self::VerifyAccess => 'Verify access',
             self::Bootstrap => 'Bootstrap',
diff --git a/apps/platform/app/Support/OperateHub/OperateHubShell.php b/apps/platform/app/Support/OperateHub/OperateHubShell.php
index 46fc88c1..a98b0e8e 100644
--- a/apps/platform/app/Support/OperateHub/OperateHubShell.php
+++ b/apps/platform/app/Support/OperateHub/OperateHubShell.php
@@ -342,6 +342,10 @@ private function resolveRouteTenantCandidate(?Request $request = null, ?TenantPa
         $route = $request?->route();
         $pageCategory ??= $this->pageCategory($request);
 
+        if ($route?->hasParameter('environment')) {
+            return $this->resolveTenantIdentifier($route->parameter('environment'));
+        }
+
         if ($route?->hasParameter('tenant')) {
             return $this->resolveTenantIdentifier($route->parameter('tenant'));
         }
diff --git a/apps/platform/app/Support/OperationCatalog.php b/apps/platform/app/Support/OperationCatalog.php
index 933f1e09..89cad44a 100644
--- a/apps/platform/app/Support/OperationCatalog.php
+++ b/apps/platform/app/Support/OperationCatalog.php
@@ -275,8 +275,8 @@ private static function canonicalDefinitions(): array
             'baseline.compare' => new CanonicalOperationType('baseline.compare', 'platform_foundation', null, 'Baseline compare', true, 120),
             'permission.posture.check' => new CanonicalOperationType('permission.posture.check', 'platform_foundation', null, 'Permission posture check', false, 30),
             'entra.admin_roles.scan' => new CanonicalOperationType('entra.admin_roles.scan', 'entra', null, 'Entra admin roles scan', false, 60),
-            'tenant.review_pack.generate' => new CanonicalOperationType('tenant.review_pack.generate', 'platform_foundation', 'review_pack', 'Review pack generation', true, 60),
-            'tenant.review.compose' => new CanonicalOperationType('tenant.review.compose', 'platform_foundation', 'tenant_review', 'Review composition', true, 60),
+            'environment.review_pack.generate' => new CanonicalOperationType('environment.review_pack.generate', 'platform_foundation', 'review_pack', 'Review pack generation', true, 60),
+            'environment.review.compose' => new CanonicalOperationType('environment.review.compose', 'platform_foundation', 'environment_review', 'Review composition', true, 60),
             'tenant.evidence.snapshot.generate' => new CanonicalOperationType('tenant.evidence.snapshot.generate', 'platform_foundation', 'evidence_snapshot', 'Evidence snapshot generation', true, 120),
             'rbac.health_check' => new CanonicalOperationType('rbac.health_check', 'intune', null, 'RBAC health check', false, 30),
         ];
@@ -338,8 +338,8 @@ private static function operationAliases(): array
             new OperationTypeAlias('permission.posture.check', 'permission.posture.check', 'canonical', true),
             new OperationTypeAlias('permission_posture_check', 'permission.posture.check', 'legacy_alias', false, 'Historical permission_posture_check values resolve to permission.posture.check.', 'Prefer dotted permission posture naming on new read paths.'),
             new OperationTypeAlias('entra.admin_roles.scan', 'entra.admin_roles.scan', 'canonical', true),
-            new OperationTypeAlias('tenant.review_pack.generate', 'tenant.review_pack.generate', 'canonical', true),
-            new OperationTypeAlias('tenant.review.compose', 'tenant.review.compose', 'canonical', true),
+            new OperationTypeAlias('environment.review_pack.generate', 'environment.review_pack.generate', 'canonical', true),
+            new OperationTypeAlias('environment.review.compose', 'environment.review.compose', 'canonical', true),
             new OperationTypeAlias('tenant.evidence.snapshot.generate', 'tenant.evidence.snapshot.generate', 'canonical', true),
             new OperationTypeAlias('rbac.health_check', 'rbac.health_check', 'canonical', true),
         ];
diff --git a/apps/platform/app/Support/OperationRunLinks.php b/apps/platform/app/Support/OperationRunLinks.php
index 716a6931..ad88f8a7 100644
--- a/apps/platform/app/Support/OperationRunLinks.php
+++ b/apps/platform/app/Support/OperationRunLinks.php
@@ -12,12 +12,12 @@
 use App\Filament\Resources\PolicyResource;
 use App\Filament\Resources\RestoreRunResource;
 use App\Filament\Resources\ReviewPackResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\EvidenceSnapshot;
 use App\Models\OperationRun;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\Workspace;
 use App\Support\Navigation\CanonicalNavigationContext;
 use App\Support\Workspaces\WorkspaceContext;
@@ -232,18 +232,18 @@ public static function related(OperationRun $run, ?ManagedEnvironment $tenant):
             }
         }
 
-        if ($canonicalType === 'tenant.review.compose') {
-            $review = TenantReview::query()
+        if ($canonicalType === 'environment.review.compose') {
+            $review = EnvironmentReview::query()
                 ->where('operation_run_id', (int) $run->getKey())
                 ->latest('id')
                 ->first();
 
-            if ($review instanceof TenantReview) {
-                $links['ManagedEnvironment Review'] = TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant);
+            if ($review instanceof EnvironmentReview) {
+                $links['ManagedEnvironment Review'] = EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant);
             }
         }
 
-        if ($canonicalType === 'tenant.review_pack.generate') {
+        if ($canonicalType === 'environment.review_pack.generate') {
             $pack = ReviewPack::query()
                 ->where('operation_run_id', (int) $run->getKey())
                 ->latest('id')
diff --git a/apps/platform/app/Support/OperationRunType.php b/apps/platform/app/Support/OperationRunType.php
index 6cc87010..05a95638 100644
--- a/apps/platform/app/Support/OperationRunType.php
+++ b/apps/platform/app/Support/OperationRunType.php
@@ -17,8 +17,8 @@ enum OperationRunType: string
     case RestoreExecute = 'restore.execute';
     case PromotionExecute = 'promotion.execute';
     case EntraAdminRolesScan = 'entra.admin_roles.scan';
-    case ReviewPackGenerate = 'tenant.review_pack.generate';
-    case TenantReviewCompose = 'tenant.review.compose';
+    case ReviewPackGenerate = 'environment.review_pack.generate';
+    case EnvironmentReviewCompose = 'environment.review.compose';
     case EvidenceSnapshotGenerate = 'tenant.evidence.snapshot.generate';
     case RbacHealthCheck = 'rbac.health_check';
 
diff --git a/apps/platform/app/Support/OperationalControls/OperationalControlCatalog.php b/apps/platform/app/Support/OperationalControls/OperationalControlCatalog.php
index 693b9985..9de0249b 100644
--- a/apps/platform/app/Support/OperationalControls/OperationalControlCatalog.php
+++ b/apps/platform/app/Support/OperationalControls/OperationalControlCatalog.php
@@ -22,7 +22,7 @@ final class OperationalControlCatalog
             'label' => 'Promotion execution',
             'supported_scopes' => ['global', 'workspace'],
             'operation_types' => ['promotion.execute'],
-            'affected_surfaces' => ['admin.cross_tenant_compare.execute'],
+            'affected_surfaces' => ['admin.cross_environment_compare.execute'],
         ],
         'ai.execution' => [
             'key' => 'ai.execution',
diff --git a/apps/platform/app/Support/Operations/OperationRunCapabilityResolver.php b/apps/platform/app/Support/Operations/OperationRunCapabilityResolver.php
index b8327e09..d0e3d42f 100644
--- a/apps/platform/app/Support/Operations/OperationRunCapabilityResolver.php
+++ b/apps/platform/app/Support/Operations/OperationRunCapabilityResolver.php
@@ -28,7 +28,7 @@ public function requiredCapabilityForType(string $operationType): ?string
             'restore.execute', 'promotion.execute' => Capabilities::TENANT_MANAGE,
             'directory.role_definitions.sync' => Capabilities::TENANT_MANAGE,
             'alerts.evaluate', 'alerts.deliver' => Capabilities::ALERTS_VIEW,
-            'tenant.review.compose' => Capabilities::TENANT_REVIEW_VIEW,
+            'environment.review.compose' => Capabilities::ENVIRONMENT_REVIEW_VIEW,
 
             // Viewing verification reports should be possible for readonly members.
             // Starting verification is separately guarded by the verification service.
@@ -52,7 +52,7 @@ public function requiredExecutionCapabilityForType(string $operationType): ?stri
             'policy.sync', 'tenant.sync' => Capabilities::TENANT_SYNC,
             'policy.delete' => Capabilities::TENANT_MANAGE,
             'assignments.restore', 'restore.execute', 'promotion.execute' => Capabilities::TENANT_MANAGE,
-            'tenant.review.compose' => Capabilities::TENANT_REVIEW_MANAGE,
+            'environment.review.compose' => Capabilities::ENVIRONMENT_REVIEW_MANAGE,
             default => $this->requiredCapabilityForType($operationType),
         };
     }
diff --git a/apps/platform/app/Support/OpsUx/GovernanceRunDiagnosticSummaryBuilder.php b/apps/platform/app/Support/OpsUx/GovernanceRunDiagnosticSummaryBuilder.php
index 5bf34bca..850a943d 100644
--- a/apps/platform/app/Support/OpsUx/GovernanceRunDiagnosticSummaryBuilder.php
+++ b/apps/platform/app/Support/OpsUx/GovernanceRunDiagnosticSummaryBuilder.php
@@ -124,8 +124,8 @@ private function headline(
             'baseline.capture' => $this->baselineCaptureHeadline($artifactTruth, $context, $counts, $operatorExplanation),
             'baseline.compare' => $this->baselineCompareHeadline($artifactTruth, $context, $counts, $operatorExplanation),
             'tenant.evidence.snapshot.generate' => $this->evidenceSnapshotHeadline($artifactTruth, $operatorExplanation),
-            'tenant.review.compose' => $this->reviewComposeHeadline($artifactTruth, $dominantCause, $operatorExplanation),
-            'tenant.review_pack.generate' => $this->reviewPackHeadline($artifactTruth, $dominantCause, $operatorExplanation),
+            'environment.review.compose' => $this->reviewComposeHeadline($artifactTruth, $dominantCause, $operatorExplanation),
+            'environment.review_pack.generate' => $this->reviewPackHeadline($artifactTruth, $dominantCause, $operatorExplanation),
             default => $operatorExplanation?->headline
                 ?? $artifactTruth?->primaryExplanation
                 ?? 'This governance run needs review before it can be relied on.',
@@ -352,7 +352,7 @@ private function nextActionCategory(
 
         if (
             $reasonEnvelope?->actionability === 'prerequisite_missing'
-            || in_array($canonicalType, ['tenant.evidence.snapshot.generate', 'tenant.review.compose', 'tenant.review_pack.generate'], true)
+            || in_array($canonicalType, ['tenant.evidence.snapshot.generate', 'environment.review.compose', 'environment.review_pack.generate'], true)
         ) {
             return 'refresh_prerequisite_data';
         }
@@ -390,8 +390,8 @@ private function affectedScaleCue(
             'baseline.capture' => $this->baselineCaptureScaleCue($context, $counts),
             'baseline.compare' => $this->baselineCompareScaleCue($context, $counts),
             'tenant.evidence.snapshot.generate' => $this->countDescriptorScaleCue($operatorExplanation?->countDescriptors ?? [], ['Missing dimensions', 'Stale dimensions', 'Evidence dimensions']),
-            'tenant.review.compose' => $this->reviewScaleCue($artifactTruth, $operatorExplanation?->countDescriptors ?? []),
-            'tenant.review_pack.generate' => $this->reviewPackScaleCue($artifactTruth, $operatorExplanation?->countDescriptors ?? []),
+            'environment.review.compose' => $this->reviewScaleCue($artifactTruth, $operatorExplanation?->countDescriptors ?? []),
+            'environment.review_pack.generate' => $this->reviewPackScaleCue($artifactTruth, $operatorExplanation?->countDescriptors ?? []),
             default => $this->summaryCountsScaleCue($counts),
         };
     }
@@ -601,8 +601,8 @@ private function rankCauseCandidates(
             'baseline.capture' => $this->baselineCaptureCandidates($candidates, $context),
             'baseline.compare' => $this->baselineCompareCandidates($candidates, $context),
             'tenant.evidence.snapshot.generate' => $this->evidenceSnapshotCandidates($candidates, $artifactTruth, $operatorExplanation),
-            'tenant.review.compose' => $this->reviewComposeCandidates($candidates, $artifactTruth),
-            'tenant.review_pack.generate' => $this->reviewPackCandidates($candidates, $artifactTruth),
+            'environment.review.compose' => $this->reviewComposeCandidates($candidates, $artifactTruth),
+            'environment.review_pack.generate' => $this->reviewPackCandidates($candidates, $artifactTruth),
             default => null,
         };
 
diff --git a/apps/platform/app/Support/OpsUx/OperationRunProgressContract.php b/apps/platform/app/Support/OpsUx/OperationRunProgressContract.php
index ad9b82d5..ba559c8c 100644
--- a/apps/platform/app/Support/OpsUx/OperationRunProgressContract.php
+++ b/apps/platform/app/Support/OpsUx/OperationRunProgressContract.php
@@ -343,7 +343,7 @@ private static function legacyPhasedLabel(OperationRun $run, array $context): ?s
      */
     private static function legacyCompositeLabel(OperationRun $run, array $summaryCounts, array $context): ?string
     {
-        if ((string) $run->type !== 'tenant.review.compose') {
+        if ((string) $run->type !== 'environment.review.compose') {
             return null;
         }
 
diff --git a/apps/platform/app/Support/OpsUx/OperationUxPresenter.php b/apps/platform/app/Support/OpsUx/OperationUxPresenter.php
index 02436e8c..c7c41f84 100644
--- a/apps/platform/app/Support/OpsUx/OperationUxPresenter.php
+++ b/apps/platform/app/Support/OpsUx/OperationUxPresenter.php
@@ -596,7 +596,7 @@ private static function operationRunPrimaryAction(OperationRun $run, object $not
             ];
         }
 
-        if (self::isManagedTenantOnboardingWizardRun($run)) {
+        if (self::isManagedEnvironmentOnboardingWizardRun($run)) {
             return [
                 'label' => OperationRunLinks::openLabel(),
                 'url' => OperationRunLinks::tenantlessView($run),
@@ -619,13 +619,13 @@ private static function operationRunPrimaryAction(OperationRun $run, object $not
         ];
     }
 
-    private static function isManagedTenantOnboardingWizardRun(OperationRun $run): bool
+    private static function isManagedEnvironmentOnboardingWizardRun(OperationRun $run): bool
     {
         $context = is_array($run->context) ? $run->context : [];
         $wizard = $context['wizard'] ?? null;
 
         return is_array($wizard)
-            && ($wizard['flow'] ?? null) === 'managed_tenant_onboarding';
+            && ($wizard['flow'] ?? null) === 'managed_environment_onboarding';
     }
 
     /**
diff --git a/apps/platform/app/Support/PortfolioCompare/CrossTenantComparePreviewBuilder.php b/apps/platform/app/Support/PortfolioCompare/CrossEnvironmentComparePreviewBuilder.php
similarity index 86%
rename from apps/platform/app/Support/PortfolioCompare/CrossTenantComparePreviewBuilder.php
rename to apps/platform/app/Support/PortfolioCompare/CrossEnvironmentComparePreviewBuilder.php
index c0317bc3..ca69b8f3 100644
--- a/apps/platform/app/Support/PortfolioCompare/CrossTenantComparePreviewBuilder.php
+++ b/apps/platform/app/Support/PortfolioCompare/CrossEnvironmentComparePreviewBuilder.php
@@ -13,7 +13,7 @@
 use Illuminate\Support\Collection;
 use Illuminate\Support\Str;
 
-final class CrossTenantComparePreviewBuilder
+final class CrossEnvironmentComparePreviewBuilder
 {
     public function __construct(
         private readonly CurrentStateHashResolver $currentStateHashResolver,
@@ -23,23 +23,23 @@ public function __construct(
      * @return array{
      *     selection: array{
      *         workspaceId: int,
-     *         sourceTenantId: int,
-     *         sourceTenantName: string,
-     *         targetTenantId: int,
-     *         targetTenantName: string,
+     *         sourceEnvironmentId: int,
+     *         sourceEnvironmentName: string,
+     *         targetEnvironmentId: int,
+     *         targetEnvironmentName: string,
      *         policyTypes: list<string>
      *     },
      *     summary: array{match: int, different: int, missing: int, ambiguous: int, blocked: int, total: int},
      *     subjects: list<array<string, mixed>>
      * }
      */
-    public function build(CrossTenantCompareSelection $selection): array
+    public function build(CrossEnvironmentCompareSelection $selection): array
     {
-        $sourceIndex = $this->indexTenantSubjects($selection->sourceTenant, $selection->policyTypes);
-        $targetIndex = $this->indexTenantSubjects($selection->targetTenant, $selection->policyTypes);
+        $sourceIndex = $this->indexEnvironmentSubjects($selection->sourceEnvironment, $selection->policyTypes);
+        $targetIndex = $this->indexEnvironmentSubjects($selection->targetEnvironment, $selection->policyTypes);
 
-        $sourceEvidence = $this->resolvedEvidenceMap($selection->sourceTenant, $sourceIndex['evidence_subjects']);
-        $targetEvidence = $this->resolvedEvidenceMap($selection->targetTenant, $targetIndex['evidence_subjects']);
+        $sourceEvidence = $this->resolvedEvidenceMap($selection->sourceEnvironment, $sourceIndex['evidence_subjects']);
+        $targetEvidence = $this->resolvedEvidenceMap($selection->targetEnvironment, $targetIndex['evidence_subjects']);
 
         $subjects = [];
         $summary = [
@@ -54,8 +54,8 @@ public function build(CrossTenantCompareSelection $selection): array
         foreach ($sourceIndex['preview_subjects'] as $sourceSubject) {
             $previewSubject = $this->buildPreviewSubject(
                 sourceSubject: $sourceSubject,
-                sourceTenant: $selection->sourceTenant,
-                targetTenant: $selection->targetTenant,
+                sourceEnvironment: $selection->sourceEnvironment,
+                targetEnvironment: $selection->targetEnvironment,
                 targetIndex: $targetIndex['subjects'],
                 sourceEvidence: $sourceEvidence,
                 targetEvidence: $targetEvidence,
@@ -88,10 +88,10 @@ public function build(CrossTenantCompareSelection $selection): array
         return [
             'selection' => [
                 'workspaceId' => $selection->workspaceId(),
-                'sourceTenantId' => $selection->sourceTenantId(),
-                'sourceTenantName' => (string) $selection->sourceTenant->name,
-                'targetTenantId' => $selection->targetTenantId(),
-                'targetTenantName' => (string) $selection->targetTenant->name,
+                'sourceEnvironmentId' => $selection->sourceEnvironmentId(),
+                'sourceEnvironmentName' => (string) $selection->sourceEnvironment->name,
+                'targetEnvironmentId' => $selection->targetEnvironmentId(),
+                'targetEnvironmentName' => (string) $selection->targetEnvironment->name,
                 'policyTypes' => $selection->policyTypes,
             ],
             'summary' => $summary,
@@ -100,7 +100,7 @@ public function build(CrossTenantCompareSelection $selection): array
     }
 
     /**
-     * @param  ManagedEnvironment  $tenant
+     * @param  ManagedEnvironment  $environment
      * @param  list<string>  $policyTypes
      * @return array{
      *     preview_subjects: list<array<string, mixed>>,
@@ -108,10 +108,10 @@ public function build(CrossTenantCompareSelection $selection): array
      *     subjects: array<string, array<string, mixed>>
      * }
      */
-    private function indexTenantSubjects(ManagedEnvironment $tenant, array $policyTypes): array
+    private function indexEnvironmentSubjects(ManagedEnvironment $environment, array $policyTypes): array
     {
         $inventoryItems = InventoryItem::query()
-            ->where('managed_environment_id', (int) $tenant->getKey())
+            ->where('managed_environment_id', (int) $environment->getKey())
             ->when(
                 $policyTypes !== [],
                 fn ($query) => $query->whereIn('policy_type', $policyTypes),
@@ -137,7 +137,7 @@ private function indexTenantSubjects(ManagedEnvironment $tenant, array $policyTy
                 is_string($inventoryItem->external_id ?? null) ? (string) $inventoryItem->external_id : null,
             );
 
-            $subjectRecord = $this->inventorySubjectRecord($tenant, $inventoryItem, $policyType, $subjectKey);
+            $subjectRecord = $this->inventorySubjectRecord($environment, $inventoryItem, $policyType, $subjectKey);
 
             if ($subjectKey === null) {
                 $previewSubjects[] = [
@@ -203,8 +203,8 @@ private function indexTenantSubjects(ManagedEnvironment $tenant, array $policyTy
      */
     private function buildPreviewSubject(
         array $sourceSubject,
-        ManagedEnvironment $sourceTenant,
-        ManagedEnvironment $targetTenant,
+        ManagedEnvironment $sourceEnvironment,
+        ManagedEnvironment $targetEnvironment,
         array $targetIndex,
         array $sourceEvidence,
         array $targetEvidence,
@@ -293,9 +293,9 @@ private function buildPreviewSubject(
             'state' => $state,
             'trustLevel' => $trustLevel,
             'reasonCodes' => $reasonCodes,
-            'source' => $this->subjectSidePayload($sourceTenant, $sourceSubject, $sourceEvidenceRecord),
+            'source' => $this->subjectSidePayload($sourceEnvironment, $sourceSubject, $sourceEvidenceRecord),
             'target' => $this->subjectSidePayload(
-                $targetTenant,
+                $targetEnvironment,
                 is_array($targetSubject['representative'] ?? null) ? $targetSubject['representative'] : null,
                 $targetEvidenceRecord,
             ),
@@ -306,20 +306,20 @@ private function buildPreviewSubject(
      * @param  list<array{policy_type: string, subject_external_id: string}>  $subjects
      * @return array<string, ResolvedEvidence|null>
      */
-    private function resolvedEvidenceMap(ManagedEnvironment $tenant, array $subjects): array
+    private function resolvedEvidenceMap(ManagedEnvironment $environment, array $subjects): array
     {
-        return $this->currentStateHashResolver->resolveForSubjects($tenant, $subjects);
+        return $this->currentStateHashResolver->resolveForSubjects($environment, $subjects);
     }
 
     /**
      * @param  array<string, mixed>|null  $subject
      * @return array<string, mixed>
      */
-    private function subjectSidePayload(ManagedEnvironment $tenant, ?array $subject, ?ResolvedEvidence $evidence): array
+    private function subjectSidePayload(ManagedEnvironment $environment, ?array $subject, ?ResolvedEvidence $evidence): array
     {
         return [
-            'tenantId' => (int) $tenant->getKey(),
-            'tenantName' => (string) $tenant->name,
+            'environmentId' => (int) $environment->getKey(),
+            'environmentName' => (string) $environment->name,
             'inventoryItemId' => is_numeric($subject['inventoryItemId'] ?? null) ? (int) $subject['inventoryItemId'] : null,
             'subjectExternalId' => is_string($subject['subjectExternalId'] ?? null) ? (string) $subject['subjectExternalId'] : null,
             'displayName' => is_string($subject['displayName'] ?? null) ? (string) $subject['displayName'] : null,
@@ -339,7 +339,7 @@ private function subjectSidePayload(ManagedEnvironment $tenant, ?array $subject,
      *     lastSeenAt: ?string
      * }
      */
-    private function inventorySubjectRecord(ManagedEnvironment $tenant, InventoryItem $inventoryItem, string $policyType, ?string $subjectKey): array
+    private function inventorySubjectRecord(ManagedEnvironment $environment, InventoryItem $inventoryItem, string $policyType, ?string $subjectKey): array
     {
         $displayName = is_string($inventoryItem->display_name ?? null) ? trim((string) $inventoryItem->display_name) : '';
         $displayName = $displayName !== ''
@@ -347,7 +347,7 @@ private function inventorySubjectRecord(ManagedEnvironment $tenant, InventoryIte
             : ($subjectKey !== null ? Str::headline($subjectKey) : Str::headline($policyType));
 
         return [
-            'tenantId' => (int) $tenant->getKey(),
+            'environmentId' => (int) $environment->getKey(),
             'policyType' => $policyType,
             'displayName' => $displayName,
             'subjectKey' => $subjectKey,
diff --git a/apps/platform/app/Support/PortfolioCompare/CrossTenantCompareSelection.php b/apps/platform/app/Support/PortfolioCompare/CrossEnvironmentCompareSelection.php
similarity index 59%
rename from apps/platform/app/Support/PortfolioCompare/CrossTenantCompareSelection.php
rename to apps/platform/app/Support/PortfolioCompare/CrossEnvironmentCompareSelection.php
index cba26913..bfc76e49 100644
--- a/apps/platform/app/Support/PortfolioCompare/CrossTenantCompareSelection.php
+++ b/apps/platform/app/Support/PortfolioCompare/CrossEnvironmentCompareSelection.php
@@ -7,11 +7,11 @@
 use App\Models\ManagedEnvironment;
 use InvalidArgumentException;
 
-final readonly class CrossTenantCompareSelection
+final readonly class CrossEnvironmentCompareSelection
 {
-    public ManagedEnvironment $sourceTenant;
+    public ManagedEnvironment $sourceEnvironment;
 
-    public ManagedEnvironment $targetTenant;
+    public ManagedEnvironment $targetEnvironment;
 
     /**
      * @var list<string>
@@ -22,19 +22,19 @@
      * @param  list<string>  $policyTypes
      */
     public function __construct(
-        ManagedEnvironment $sourceTenant,
-        ManagedEnvironment $targetTenant,
+        ManagedEnvironment $sourceEnvironment,
+        ManagedEnvironment $targetEnvironment,
         array $policyTypes = [],
     ) {
-        $this->sourceTenant = $sourceTenant;
-        $this->targetTenant = $targetTenant;
+        $this->sourceEnvironment = $sourceEnvironment;
+        $this->targetEnvironment = $targetEnvironment;
 
-        if ((int) $this->sourceTenant->getKey() === (int) $this->targetTenant->getKey()) {
-            throw new InvalidArgumentException('Source and target tenants must differ.');
+        if ((int) $this->sourceEnvironment->getKey() === (int) $this->targetEnvironment->getKey()) {
+            throw new InvalidArgumentException('Source and target environments must differ.');
         }
 
-        if ((int) $this->sourceTenant->workspace_id !== (int) $this->targetTenant->workspace_id) {
-            throw new InvalidArgumentException('Source and target tenants must belong to the same workspace.');
+        if ((int) $this->sourceEnvironment->workspace_id !== (int) $this->targetEnvironment->workspace_id) {
+            throw new InvalidArgumentException('Source and target environments must belong to the same workspace.');
         }
 
         $this->policyTypes = $this->normalizePolicyTypes($policyTypes);
@@ -42,17 +42,17 @@ public function __construct(
 
     public function workspaceId(): int
     {
-        return (int) $this->sourceTenant->workspace_id;
+        return (int) $this->sourceEnvironment->workspace_id;
     }
 
-    public function sourceTenantId(): int
+    public function sourceEnvironmentId(): int
     {
-        return (int) $this->sourceTenant->getKey();
+        return (int) $this->sourceEnvironment->getKey();
     }
 
-    public function targetTenantId(): int
+    public function targetEnvironmentId(): int
     {
-        return (int) $this->targetTenant->getKey();
+        return (int) $this->targetEnvironment->getKey();
     }
 
     public function hasPolicyTypeFilter(): bool
diff --git a/apps/platform/app/Support/PortfolioCompare/CrossTenantPromotionExecutionPlanner.php b/apps/platform/app/Support/PortfolioCompare/CrossEnvironmentPromotionExecutionPlanner.php
similarity index 93%
rename from apps/platform/app/Support/PortfolioCompare/CrossTenantPromotionExecutionPlanner.php
rename to apps/platform/app/Support/PortfolioCompare/CrossEnvironmentPromotionExecutionPlanner.php
index fe8e99f1..f45fedc8 100644
--- a/apps/platform/app/Support/PortfolioCompare/CrossTenantPromotionExecutionPlanner.php
+++ b/apps/platform/app/Support/PortfolioCompare/CrossEnvironmentPromotionExecutionPlanner.php
@@ -7,7 +7,7 @@
 use DomainException;
 use InvalidArgumentException;
 
-final class CrossTenantPromotionExecutionPlanner
+final class CrossEnvironmentPromotionExecutionPlanner
 {
     /**
      * @param  array<string, mixed>  $preview
@@ -71,7 +71,7 @@ public function build(array $preview, array $preflight): array
 
     /**
      * @param  array<string, mixed>  $payload
-     * @return array{sourceTenantId: ?int, targetTenantId: ?int, policyTypes: list<string>}
+     * @return array{sourceEnvironmentId: ?int, targetEnvironmentId: ?int, policyTypes: list<string>}
      */
     private function selection(array $payload): array
     {
@@ -86,8 +86,8 @@ private function selection(array $payload): array
         sort($policyTypes);
 
         return [
-            'sourceTenantId' => is_numeric($selection['sourceTenantId'] ?? null) ? (int) $selection['sourceTenantId'] : null,
-            'targetTenantId' => is_numeric($selection['targetTenantId'] ?? null) ? (int) $selection['targetTenantId'] : null,
+            'sourceEnvironmentId' => is_numeric($selection['sourceEnvironmentId'] ?? null) ? (int) $selection['sourceEnvironmentId'] : null,
+            'targetEnvironmentId' => is_numeric($selection['targetEnvironmentId'] ?? null) ? (int) $selection['targetEnvironmentId'] : null,
             'policyTypes' => $policyTypes,
         ];
     }
@@ -161,14 +161,14 @@ private function executionItem(array $subject): ?array
             'execution_action' => $action,
             'readiness_reason_codes' => $this->stringList(data_get($subject, 'preflight.reasonCodes', [])),
             'source' => [
-                'managed_environment_id' => $this->intValue(data_get($subject, 'source.tenantId')),
+                'managed_environment_id' => $this->intValue(data_get($subject, 'source.environmentId')),
                 'inventory_item_id' => $this->intValue(data_get($subject, 'source.inventoryItemId')),
                 'subject_external_id' => $this->nullableString(data_get($subject, 'source.subjectExternalId')),
                 'policy_version_id' => (int) $policyVersionId,
                 'evidence_hash' => $this->nullableString(data_get($subject, 'source.evidence.hash')),
             ],
             'target' => [
-                'managed_environment_id' => $this->intValue(data_get($subject, 'target.tenantId')),
+                'managed_environment_id' => $this->intValue(data_get($subject, 'target.environmentId')),
                 'inventory_item_id' => $this->intValue(data_get($subject, 'target.inventoryItemId')),
                 'subject_external_id' => $this->nullableString(data_get($subject, 'target.subjectExternalId')),
             ],
@@ -220,8 +220,8 @@ private function sortItems(array $items): array
     private function identity(array $selection, array $items): array
     {
         return [
-            'source_tenant_id' => $selection['sourceTenantId'] ?? null,
-            'target_tenant_id' => $selection['targetTenantId'] ?? null,
+            'source_environment_id' => $selection['sourceEnvironmentId'] ?? null,
+            'target_environment_id' => $selection['targetEnvironmentId'] ?? null,
             'policy_types' => $selection['policyTypes'] ?? [],
             'subjects' => array_map(static fn (array $item): array => [
                 'policy_type' => $item['policy_type'] ?? '',
diff --git a/apps/platform/app/Support/PortfolioCompare/CrossTenantPromotionPreflight.php b/apps/platform/app/Support/PortfolioCompare/CrossEnvironmentPromotionPreflight.php
similarity index 86%
rename from apps/platform/app/Support/PortfolioCompare/CrossTenantPromotionPreflight.php
rename to apps/platform/app/Support/PortfolioCompare/CrossEnvironmentPromotionPreflight.php
index c1c5c466..9586c047 100644
--- a/apps/platform/app/Support/PortfolioCompare/CrossTenantPromotionPreflight.php
+++ b/apps/platform/app/Support/PortfolioCompare/CrossEnvironmentPromotionPreflight.php
@@ -4,7 +4,7 @@
 
 namespace App\Support\PortfolioCompare;
 
-final class CrossTenantPromotionPreflight
+final class CrossEnvironmentPromotionPreflight
 {
     /**
      * @param  array{
@@ -129,14 +129,14 @@ private function decision(string $bucket, array $reasonCodes): array
     private function reasonLabel(string $reasonCode): string
     {
         return match ($reasonCode) {
-            'source_identifier_missing' => 'Source tenant subject is missing a stable compare identifier.',
-            'source_subject_ambiguous' => 'Source tenant subject resolves to multiple candidates and cannot drive promotion safely.',
-            'target_subject_ambiguous' => 'Target tenant has multiple matching subjects and needs manual mapping.',
+            'source_identifier_missing' => 'Source environment subject is missing a stable compare identifier.',
+            'source_subject_ambiguous' => 'Source environment subject resolves to multiple candidates and cannot drive promotion safely.',
+            'target_subject_ambiguous' => 'Target environment has multiple matching subjects and needs manual mapping.',
             'source_evidence_refresh_required' => 'Refresh source evidence before relying on this subject.',
             'target_evidence_refresh_required' => 'Refresh target evidence before relying on this subject.',
-            'target_already_aligned' => 'Target tenant already matches the source for this subject.',
-            'target_subject_requires_update' => 'Target tenant differs from the source but has enough evidence for later promotion planning.',
-            'target_subject_missing' => 'Target tenant does not currently contain this subject and can be planned as a missing target item.',
+            'target_already_aligned' => 'Target environment already matches the source for this subject.',
+            'target_subject_requires_update' => 'Target environment differs from the source but has enough evidence for later promotion planning.',
+            'target_subject_missing' => 'Target environment does not currently contain this subject and can be planned as a missing target item.',
             default => 'This subject needs additional review before promotion planning can continue.',
         };
     }
diff --git a/apps/platform/app/Support/PortfolioTriage/TenantTriageReviewFingerprint.php b/apps/platform/app/Support/PortfolioTriage/ManagedEnvironmentTriageReviewFingerprint.php
similarity index 98%
rename from apps/platform/app/Support/PortfolioTriage/TenantTriageReviewFingerprint.php
rename to apps/platform/app/Support/PortfolioTriage/ManagedEnvironmentTriageReviewFingerprint.php
index c59b535d..cf18f8ed 100644
--- a/apps/platform/app/Support/PortfolioTriage/TenantTriageReviewFingerprint.php
+++ b/apps/platform/app/Support/PortfolioTriage/ManagedEnvironmentTriageReviewFingerprint.php
@@ -8,7 +8,7 @@
 use App\Support\Tenants\TenantRecoveryTriagePresentation;
 use JsonException;
 
-final class TenantTriageReviewFingerprint
+final class ManagedEnvironmentTriageReviewFingerprint
 {
     /**
      * @param  array<string, mixed>|null  $recoveryEvidence
diff --git a/apps/platform/app/Support/PortfolioTriage/TenantTriageReviewStateResolver.php b/apps/platform/app/Support/PortfolioTriage/ManagedEnvironmentTriageReviewStateResolver.php
similarity index 88%
rename from apps/platform/app/Support/PortfolioTriage/TenantTriageReviewStateResolver.php
rename to apps/platform/app/Support/PortfolioTriage/ManagedEnvironmentTriageReviewStateResolver.php
index bb748300..8c7dc27e 100644
--- a/apps/platform/app/Support/PortfolioTriage/TenantTriageReviewStateResolver.php
+++ b/apps/platform/app/Support/PortfolioTriage/ManagedEnvironmentTriageReviewStateResolver.php
@@ -4,13 +4,13 @@
 
 namespace App\Support\PortfolioTriage;
 
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Support\BackupHealth\TenantBackupHealthAssessment;
 
-final readonly class TenantTriageReviewStateResolver
+final readonly class ManagedEnvironmentTriageReviewStateResolver
 {
     public function __construct(
-        private TenantTriageReviewFingerprint $fingerprints,
+        private ManagedEnvironmentTriageReviewFingerprint $fingerprints,
     ) {}
 
     /**
@@ -52,7 +52,7 @@ public function resolveMany(
             ];
         }
 
-        $activeReviews = TenantTriageReview::query()
+        $activeReviews = ManagedEnvironmentTriageReview::query()
             ->with('reviewer:id,name,email')
             ->forWorkspace($workspaceId)
             ->whereIn('managed_environment_id', $tenantIds)
@@ -92,9 +92,9 @@ public function resolveMany(
                 $summaries[$family]['affected_total']++;
 
                 match ($row['derived_state']) {
-                    TenantTriageReview::STATE_REVIEWED => $summaries[$family]['reviewed_count']++,
-                    TenantTriageReview::STATE_FOLLOW_UP_NEEDED => $summaries[$family]['follow_up_needed_count']++,
-                    TenantTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW => $summaries[$family]['changed_since_review_count']++,
+                    ManagedEnvironmentTriageReview::STATE_REVIEWED => $summaries[$family]['reviewed_count']++,
+                    ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED => $summaries[$family]['follow_up_needed_count']++,
+                    ManagedEnvironmentTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW => $summaries[$family]['changed_since_review_count']++,
                     default => $summaries[$family]['not_reviewed_count']++,
                 };
             }
@@ -119,7 +119,7 @@ private function resolveFamily(
         int $tenantId,
         string $concernFamily,
         ?array $currentConcern,
-        ?TenantTriageReview $activeReview,
+        ?ManagedEnvironmentTriageReview $activeReview,
     ): array {
         $reviewerName = null;
 
@@ -147,8 +147,8 @@ private function resolveFamily(
         }
 
         $derivedState = match (true) {
-            ! $activeReview instanceof TenantTriageReview => TenantTriageReview::DERIVED_STATE_NOT_REVIEWED,
-            $activeReview->review_fingerprint !== $currentConcern['fingerprint'] => TenantTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW,
+            ! $activeReview instanceof ManagedEnvironmentTriageReview => ManagedEnvironmentTriageReview::DERIVED_STATE_NOT_REVIEWED,
+            $activeReview->review_fingerprint !== $currentConcern['fingerprint'] => ManagedEnvironmentTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW,
             default => (string) $activeReview->current_state,
         };
 
diff --git a/apps/platform/app/Support/PortfolioTriage/PortfolioArrivalContextResolver.php b/apps/platform/app/Support/PortfolioTriage/PortfolioArrivalContextResolver.php
index f2f92135..5d14d9c1 100644
--- a/apps/platform/app/Support/PortfolioTriage/PortfolioArrivalContextResolver.php
+++ b/apps/platform/app/Support/PortfolioTriage/PortfolioArrivalContextResolver.php
@@ -6,7 +6,7 @@
 
 use App\Filament\Resources\BackupSetResource;
 use App\Filament\Resources\RestoreRunResource;
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\RestoreRun;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
@@ -474,19 +474,19 @@ private function sanitizeRegistryReturnFilters(array $filters): array
     {
         $sanitized = [];
 
-        $backupPostures = TenantResource::sanitizeBackupPostures($filters['backup_posture'] ?? []);
+        $backupPostures = ManagedEnvironmentResource::sanitizeBackupPostures($filters['backup_posture'] ?? []);
 
         if ($backupPostures !== []) {
             $sanitized['backup_posture'] = $backupPostures;
         }
 
-        $recoveryEvidence = TenantResource::sanitizeRecoveryEvidenceStates($filters['recovery_evidence'] ?? []);
+        $recoveryEvidence = ManagedEnvironmentResource::sanitizeRecoveryEvidenceStates($filters['recovery_evidence'] ?? []);
 
         if ($recoveryEvidence !== []) {
             $sanitized['recovery_evidence'] = $recoveryEvidence;
         }
 
-        $triageSort = TenantResource::sanitizeTriageSort($filters['triage_sort'] ?? null);
+        $triageSort = ManagedEnvironmentResource::sanitizeTriageSort($filters['triage_sort'] ?? null);
 
         if ($triageSort !== null) {
             $sanitized['triage_sort'] = $triageSort;
diff --git a/apps/platform/app/Support/Providers/Capabilities/ProviderCapabilityEvaluator.php b/apps/platform/app/Support/Providers/Capabilities/ProviderCapabilityEvaluator.php
index 81d2c0f5..640c0df3 100644
--- a/apps/platform/app/Support/Providers/Capabilities/ProviderCapabilityEvaluator.php
+++ b/apps/platform/app/Support/Providers/Capabilities/ProviderCapabilityEvaluator.php
@@ -6,19 +6,19 @@
 
 use App\Models\ManagedEnvironment;
 use App\Models\ProviderConnection;
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 use App\Support\Links\RequiredPermissionsLinks;
 use App\Support\Providers\ProviderConsentStatus;
 use App\Support\Providers\ProviderReasonCodes;
 use App\Support\Providers\ProviderVerificationStatus;
-use App\Support\Verification\TenantPermissionCheckClusters;
+use App\Support\Verification\ManagedEnvironmentPermissionCheckClusters;
 use InvalidArgumentException;
 
 final class ProviderCapabilityEvaluator
 {
     public function __construct(
         private readonly ProviderCapabilityRegistry $registry,
-        private readonly TenantRequiredPermissionsViewModelBuilder $requiredPermissionsViewModelBuilder,
+        private readonly ManagedEnvironmentRequiredPermissionsViewModelBuilder $requiredPermissionsViewModelBuilder,
     ) {}
 
     /**
@@ -267,7 +267,7 @@ private function evaluatePermissionRequirements(
                 continue;
             }
 
-            $requirementRows[$requirementKey] = TenantPermissionCheckClusters::rowsForRequirementKey($permissions, $requirementKey);
+            $requirementRows[$requirementKey] = ManagedEnvironmentPermissionCheckClusters::rowsForRequirementKey($permissions, $requirementKey);
         }
 
         $allRows = array_values(array_merge(...array_values($requirementRows ?: [[]])));
diff --git a/apps/platform/app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php b/apps/platform/app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php
index 2bf117e4..52b13762 100644
--- a/apps/platform/app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php
+++ b/apps/platform/app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php
@@ -7,7 +7,7 @@
 use App\Filament\Resources\FindingResource;
 use App\Filament\Resources\ProviderConnectionResource;
 use App\Filament\Resources\ReviewPackResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\AuditLog;
 use App\Models\Finding;
 use App\Models\OperationRun;
@@ -15,7 +15,7 @@
 use App\Models\ReviewPack;
 use App\Models\StoredReport;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Support\Ai\AiDataClassification;
@@ -40,7 +40,7 @@ final class SupportDiagnosticBundleBuilder
         'operation_context',
         'findings',
         'stored_reports',
-        'tenant_review',
+        'environment_review',
         'review_pack',
         'audit_history',
     ];
@@ -64,8 +64,8 @@ public function forTenant(ManagedEnvironment $tenant, ?User $actor = null): arra
         $operationRun = $this->tenantOperationRun($tenant);
         $findings = $this->tenantFindings($tenant);
         $storedReports = $this->tenantStoredReports($tenant);
-        $tenantReview = $this->tenantReview($tenant);
-        $reviewPack = $this->tenantReviewPack($tenant, $tenantReview);
+        $environmentReview = $this->environmentReview($tenant);
+        $reviewPack = $this->environmentReviewPack($tenant, $environmentReview);
         $auditLogs = $this->tenantAuditLogs($tenant);
 
         return $this->bundle(
@@ -82,7 +82,7 @@ public function forTenant(ManagedEnvironment $tenant, ?User $actor = null): arra
                 $this->operationContextSection($operationRun, $tenant),
                 $this->findingsSection($findings, $tenant),
                 $this->storedReportsSection($storedReports),
-                $this->tenantReviewSection($tenantReview, $tenant),
+                $this->environmentReviewSection($environmentReview, $tenant),
                 $this->reviewPackSection($reviewPack, $tenant),
                 $this->auditHistorySection($auditLogs),
             ],
@@ -103,8 +103,8 @@ public function forOperationRun(OperationRun $run, ?User $actor = null): array
             : null;
         $findings = $tenant instanceof ManagedEnvironment ? $this->operationFindings($run, $tenant) : collect();
         $storedReports = $tenant instanceof ManagedEnvironment ? $this->tenantStoredReports($tenant) : collect();
-        $tenantReview = $tenant instanceof ManagedEnvironment ? $this->operationTenantReview($run, $tenant) : null;
-        $reviewPack = $tenant instanceof ManagedEnvironment ? $this->operationReviewPack($run, $tenant, $tenantReview) : null;
+        $environmentReview = $tenant instanceof ManagedEnvironment ? $this->operationEnvironmentReview($run, $tenant) : null;
+        $reviewPack = $tenant instanceof ManagedEnvironment ? $this->operationReviewPack($run, $tenant, $environmentReview) : null;
         $auditLogs = $this->operationAuditLogs($run);
         $runSummary = $this->runSummaryBuilder->build($run);
         $runSummaryArray = $runSummary?->toArray();
@@ -127,7 +127,7 @@ public function forOperationRun(OperationRun $run, ?User $actor = null): array
                 $this->operationContextSection($run, $tenant, $runSummaryArray),
                 $this->findingsSection($findings, $tenant),
                 $this->storedReportsSection($storedReports),
-                $this->tenantReviewSection($tenantReview, $tenant),
+                $this->environmentReviewSection($environmentReview, $tenant),
                 $this->reviewPackSection($reviewPack, $tenant),
                 $this->auditHistorySection($auditLogs),
             ],
@@ -375,9 +375,9 @@ private function tenantStoredReports(ManagedEnvironment $tenant): Collection
             ->get();
     }
 
-    private function tenantReview(ManagedEnvironment $tenant): ?TenantReview
+    private function environmentReview(ManagedEnvironment $tenant): ?EnvironmentReview
     {
-        return TenantReview::query()
+        return EnvironmentReview::query()
             ->where('managed_environment_id', (int) $tenant->getKey())
             ->where('workspace_id', (int) $tenant->workspace_id)
             ->orderByDesc('generated_at')
@@ -385,9 +385,9 @@ private function tenantReview(ManagedEnvironment $tenant): ?TenantReview
             ->first();
     }
 
-    private function operationTenantReview(OperationRun $run, ManagedEnvironment $tenant): ?TenantReview
+    private function operationEnvironmentReview(OperationRun $run, ManagedEnvironment $tenant): ?EnvironmentReview
     {
-        $review = TenantReview::query()
+        $review = EnvironmentReview::query()
             ->where('managed_environment_id', (int) $tenant->getKey())
             ->where('workspace_id', (int) $tenant->workspace_id)
             ->where('operation_run_id', (int) $run->getKey())
@@ -395,14 +395,14 @@ private function operationTenantReview(OperationRun $run, ManagedEnvironment $te
             ->orderByDesc('id')
             ->first();
 
-        return $review instanceof TenantReview ? $review : $this->tenantReview($tenant);
+        return $review instanceof EnvironmentReview ? $review : $this->environmentReview($tenant);
     }
 
-    private function tenantReviewPack(ManagedEnvironment $tenant, ?TenantReview $tenantReview): ?ReviewPack
+    private function environmentReviewPack(ManagedEnvironment $tenant, ?EnvironmentReview $environmentReview): ?ReviewPack
     {
-        if ($tenantReview instanceof TenantReview && is_numeric($tenantReview->current_export_review_pack_id)) {
+        if ($environmentReview instanceof EnvironmentReview && is_numeric($environmentReview->current_export_review_pack_id)) {
             $pack = ReviewPack::query()
-                ->whereKey((int) $tenantReview->current_export_review_pack_id)
+                ->whereKey((int) $environmentReview->current_export_review_pack_id)
                 ->where('managed_environment_id', (int) $tenant->getKey())
                 ->where('workspace_id', (int) $tenant->workspace_id)
                 ->first();
@@ -420,7 +420,7 @@ private function tenantReviewPack(ManagedEnvironment $tenant, ?TenantReview $ten
             ->first();
     }
 
-    private function operationReviewPack(OperationRun $run, ManagedEnvironment $tenant, ?TenantReview $tenantReview): ?ReviewPack
+    private function operationReviewPack(OperationRun $run, ManagedEnvironment $tenant, ?EnvironmentReview $environmentReview): ?ReviewPack
     {
         $pack = ReviewPack::query()
             ->where('managed_environment_id', (int) $tenant->getKey())
@@ -430,7 +430,7 @@ private function operationReviewPack(OperationRun $run, ManagedEnvironment $tena
             ->orderByDesc('id')
             ->first();
 
-        return $pack instanceof ReviewPack ? $pack : $this->tenantReviewPack($tenant, $tenantReview);
+        return $pack instanceof ReviewPack ? $pack : $this->environmentReviewPack($tenant, $environmentReview);
     }
 
     /**
@@ -714,34 +714,34 @@ private function storedReportsSection(Collection $reports): array
         );
     }
 
-    private function tenantReviewSection(?TenantReview $review, ?ManagedEnvironment $tenant): array
+    private function environmentReviewSection(?EnvironmentReview $review, ?ManagedEnvironment $tenant): array
     {
-        if (! $review instanceof TenantReview) {
+        if (! $review instanceof EnvironmentReview) {
             return $this->section(
-                key: 'tenant_review',
+                key: 'environment_review',
                 label: 'ManagedEnvironment review',
                 availability: 'missing',
-                summary: 'No tenant review was found for this support context.',
+                summary: 'No environment review was found for this support context.',
                 references: [
-                    $this->missingReference('tenant_review', 'ManagedEnvironment review not yet observed', 'Open environment review'),
+                    $this->missingReference('environment_review', 'ManagedEnvironment review not yet observed', 'Open environment review'),
                 ],
             );
         }
 
         return $this->section(
-            key: 'tenant_review',
+            key: 'environment_review',
             label: 'ManagedEnvironment review',
             availability: 'available',
-            summary: sprintf('Latest tenant review is %s with %s completeness.', (string) $review->status, (string) $review->completeness_state),
+            summary: sprintf('Latest environment review is %s with %s completeness.', (string) $review->status, (string) $review->completeness_state),
             freshnessNote: $this->freshnessNote($review->generated_at, 'Generated'),
             references: [
                 $this->modelReference(
-                    type: 'tenant_review',
+                    type: 'environment_review',
                     record: $review,
                     label: 'ManagedEnvironment review #'.$review->getKey(),
                     actionLabel: 'Open environment review',
                     url: $tenant instanceof ManagedEnvironment
-                        ? TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant)
+                        ? EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant)
                         : null,
                     freshnessAt: $review->generated_at,
                 ),
diff --git a/apps/platform/app/Support/Tenants/TenantActionContext.php b/apps/platform/app/Support/Tenants/TenantActionContext.php
index 823dfa3f..d8594b67 100644
--- a/apps/platform/app/Support/Tenants/TenantActionContext.php
+++ b/apps/platform/app/Support/Tenants/TenantActionContext.php
@@ -5,7 +5,7 @@
 namespace App\Support\Tenants;
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 
 final readonly class TenantActionContext
@@ -17,7 +17,7 @@ public function __construct(
         public ?User $actor,
         public ?int $workspaceId,
         public TenantInteractionLane $lane,
-        public ?TenantOnboardingSession $relatedOnboardingDraft,
+        public ?ManagedEnvironmentOnboardingSession $relatedOnboardingDraft,
         public bool $relatedOnboardingIsResumable,
         public bool $hasRelatedOnboardingDraft,
         public bool $isArchived,
diff --git a/apps/platform/app/Support/Tenants/TenantOperabilityContext.php b/apps/platform/app/Support/Tenants/TenantOperabilityContext.php
index 18e1a7b7..7316e299 100644
--- a/apps/platform/app/Support/Tenants/TenantOperabilityContext.php
+++ b/apps/platform/app/Support/Tenants/TenantOperabilityContext.php
@@ -5,7 +5,7 @@
 namespace App\Support\Tenants;
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 
 final readonly class TenantOperabilityContext
@@ -18,7 +18,7 @@ public function __construct(
         public ?TenantPageCategory $pageCategory = null,
         public ?string $linkedRecordType = null,
         public ?int $linkedRecordId = null,
-        public ?TenantOnboardingSession $onboardingDraft = null,
+        public ?ManagedEnvironmentOnboardingSession $onboardingDraft = null,
         public ?string $requiredCapability = null,
         public ?ManagedEnvironment $selectedTenant = null,
     ) {}
@@ -29,7 +29,7 @@ public static function forTenant(
         ?int $workspaceId = null,
         TenantInteractionLane $lane = TenantInteractionLane::AdministrativeManagement,
         ?TenantPageCategory $pageCategory = null,
-        ?TenantOnboardingSession $onboardingDraft = null,
+        ?ManagedEnvironmentOnboardingSession $onboardingDraft = null,
         ?string $requiredCapability = null,
         ?ManagedEnvironment $selectedTenant = null,
         ?string $linkedRecordType = null,
diff --git a/apps/platform/app/Support/Ui/ActionSurface/ActionSurfaceExemptions.php b/apps/platform/app/Support/Ui/ActionSurface/ActionSurfaceExemptions.php
index 2355be35..023706cf 100644
--- a/apps/platform/app/Support/Ui/ActionSurface/ActionSurfaceExemptions.php
+++ b/apps/platform/app/Support/Ui/ActionSurface/ActionSurfaceExemptions.php
@@ -5,7 +5,7 @@
 namespace App\Support\Ui\ActionSurface;
 
 use App\Filament\Pages\BreakGlassRecovery;
-use App\Filament\Pages\ChooseTenant;
+use App\Filament\Pages\ChooseEnvironment;
 use App\Filament\Pages\ChooseWorkspace;
 use App\Filament\Pages\BaselineCompareLanding;
 use App\Filament\Pages\BaselineCompareMatrix;
@@ -16,11 +16,11 @@
 use App\Filament\Pages\Monitoring\Operations;
 use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
 use App\Filament\Pages\Reviews\ReviewRegister;
-use App\Filament\Pages\TenantDashboard;
-use App\Filament\Pages\TenantDiagnostics;
+use App\Filament\Pages\EnvironmentDashboard;
+use App\Filament\Pages\EnvironmentDiagnostics;
 use App\Filament\Pages\Tenancy\RegisterTenant;
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
-use App\Filament\Pages\Workspaces\ManagedTenantsLanding;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentsLanding;
 use App\Filament\Resources\AlertDeliveryResource\Pages\ListAlertDeliveries;
 use App\Filament\Resources\AlertDestinationResource\Pages\ViewAlertDestination;
 use App\Filament\Resources\BackupSetResource\Pages\ViewBackupSet;
@@ -32,9 +32,9 @@
 use App\Filament\Resources\PolicyVersionResource\Pages\ViewPolicyVersion;
 use App\Filament\Resources\ProviderConnectionResource\Pages\ViewProviderConnection;
 use App\Filament\Resources\ReviewPackResource\Pages\ViewReviewPack;
-use App\Filament\Resources\TenantResource\Pages\EditTenant;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
-use App\Filament\Resources\TenantReviewResource\Pages\ViewTenantReview;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\EditManagedEnvironment;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
+use App\Filament\Resources\EnvironmentReviewResource\Pages\ViewEnvironmentReview;
 use App\Filament\Resources\Workspaces\Pages\ViewWorkspace;
 use App\Filament\System\Pages\Dashboard as SystemDashboard;
 use App\Filament\System\Pages\Directory\ViewTenant as SystemDirectoryViewTenant;
@@ -60,12 +60,12 @@ public static function baseline(): self
             // Baseline allowlist for legacy surfaces. Keep shrinking this list.
             // Declared system table pages are discovered directly; deferred system tooling stays out of scope by not opting in.
             'App\\Filament\\Pages\\Auth\\Login' => 'Auth entry page is out-of-scope for action-surface retrofits in spec 082.',
-            'App\\Filament\\Pages\\ChooseTenant' => 'ManagedEnvironment chooser has no contract-style table action surface.',
+            'App\\Filament\\Pages\\ChooseEnvironment' => 'ManagedEnvironment chooser has no contract-style table action surface.',
             'App\\Filament\\Pages\\ChooseWorkspace' => 'Workspace chooser has no contract-style table action surface.',
             'App\\Filament\\Pages\\Tenancy\\RegisterTenant' => 'ManagedEnvironment onboarding route is covered by onboarding/RBAC specs.',
-            'App\\Filament\\Pages\\TenantDashboard' => 'Dashboard retrofit deferred; widget and summary surfaces are excluded from this contract.',
-            'App\\Filament\\Pages\\Workspaces\\ManagedTenantOnboardingWizard' => 'Onboarding wizard has dedicated conformance tests in spec 172 (OnboardingVerificationTest, OnboardingVerificationClustersTest, OnboardingVerificationV1_5UxTest) and remains exempt from blanket discovery.',
-            'App\\Filament\\Pages\\Workspaces\\ManagedTenantsLanding' => 'Managed-tenant landing retrofit deferred to workspace feature track.',
+            'App\\Filament\\Pages\\EnvironmentDashboard' => 'Dashboard retrofit deferred; widget and summary surfaces are excluded from this contract.',
+            'App\\Filament\\Pages\\Workspaces\\ManagedEnvironmentOnboardingWizard' => 'Onboarding wizard has dedicated conformance tests in spec 172 (OnboardingVerificationTest, OnboardingVerificationClustersTest, OnboardingVerificationV1_5UxTest) and remains exempt from blanket discovery.',
+            'App\\Filament\\Pages\\Workspaces\\ManagedEnvironmentsLanding' => 'Managed-tenant landing retrofit deferred to workspace feature track.',
         ], TenantOwnedModelFamilies::actionSurfaceBaselineExemptions()));
     }
 
@@ -156,8 +156,8 @@ public static function spec192RecordPageInventory(): array
                 'allowsPrimaryNavigation' => false,
                 'browserSmokeRequired' => true,
             ],
-            ViewTenantReview::class => [
-                'surfaceKey' => 'tenant_review_view',
+            ViewEnvironmentReview::class => [
+                'surfaceKey' => 'environment_review_view',
                 'classification' => 'remediation_required',
                 'canonicalNoun' => 'ManagedEnvironment review',
                 'panelScope' => 'tenant',
@@ -172,7 +172,7 @@ public static function spec192RecordPageInventory(): array
                 'allowsPrimaryNavigation' => false,
                 'browserSmokeRequired' => true,
             ],
-            EditTenant::class => [
+            EditManagedEnvironment::class => [
                 'surfaceKey' => 'tenant_edit',
                 'classification' => 'remediation_required',
                 'canonicalNoun' => 'ManagedEnvironment',
@@ -188,7 +188,7 @@ public static function spec192RecordPageInventory(): array
                 'allowsPrimaryNavigation' => false,
                 'browserSmokeRequired' => true,
             ],
-            ViewTenant::class => [
+            ViewManagedEnvironment::class => [
                 'surfaceKey' => 'tenant_view',
                 'classification' => 'workflow_heavy_special_type',
                 'canonicalNoun' => 'ManagedEnvironment',
@@ -494,7 +494,7 @@ public static function spec193MonitoringSurfaceInventory(): array
                 'exceptionReason' => null,
                 'browserSmokeRequired' => true,
             ],
-            TenantDiagnostics::class => [
+            EnvironmentDiagnostics::class => [
                 'surfaceKey' => 'tenant_diagnostics',
                 'classification' => 'special_type_acceptable',
                 'canonicalNoun' => 'ManagedEnvironment diagnostics',
@@ -818,10 +818,10 @@ public static function spec195ResidualSurfaceInventory(): array
                 'mustRemainBaselineExempt' => true,
                 'mustNotRemainBaselineExempt' => false,
             ],
-            ChooseTenant::class => [
-                'surfaceKey' => 'choose_tenant',
+            ChooseEnvironment::class => [
+                'surfaceKey' => 'choose_environment',
                 'surfaceName' => 'Choose ManagedEnvironment',
-                'pageClass' => ChooseTenant::class,
+                'pageClass' => ChooseEnvironment::class,
                 'panelPlane' => 'tenant',
                 'surfaceKind' => 'selector',
                 'discoveryState' => 'primary_discovered_baseline_exempt',
@@ -870,10 +870,10 @@ public static function spec195ResidualSurfaceInventory(): array
                 'mustRemainBaselineExempt' => true,
                 'mustNotRemainBaselineExempt' => false,
             ],
-            ManagedTenantOnboardingWizard::class => [
-                'surfaceKey' => 'managed_tenant_onboarding_wizard',
+            ManagedEnvironmentOnboardingWizard::class => [
+                'surfaceKey' => 'managed_environment_onboarding_wizard',
                 'surfaceName' => 'Managed ManagedEnvironment Onboarding Wizard',
-                'pageClass' => ManagedTenantOnboardingWizard::class,
+                'pageClass' => ManagedEnvironmentOnboardingWizard::class,
                 'panelPlane' => 'admin',
                 'surfaceKind' => 'wizard',
                 'discoveryState' => 'primary_discovered_baseline_exempt',
@@ -896,10 +896,10 @@ public static function spec195ResidualSurfaceInventory(): array
                 'mustRemainBaselineExempt' => true,
                 'mustNotRemainBaselineExempt' => false,
             ],
-            ManagedTenantsLanding::class => [
-                'surfaceKey' => 'managed_tenants_landing',
+            ManagedEnvironmentsLanding::class => [
+                'surfaceKey' => 'managed_environments_landing',
                 'surfaceName' => 'Managed Tenants Landing',
-                'pageClass' => ManagedTenantsLanding::class,
+                'pageClass' => ManagedEnvironmentsLanding::class,
                 'panelPlane' => 'admin',
                 'surfaceKind' => 'landing',
                 'discoveryState' => 'primary_discovered_baseline_exempt',
@@ -909,12 +909,12 @@ public static function spec195ResidualSurfaceInventory(): array
                 'evidence' => [
                     [
                         'kind' => 'feature_livewire_test',
-                        'reference' => 'tests/Feature/Workspaces/Spec195ManagedTenantsLandingTest.php',
+                        'reference' => 'tests/Feature/Workspaces/Spec195ManagedEnvironmentsLandingTest.php',
                         'proves' => 'The landing stays membership-scoped, preserves selector routing, and rejects outsider tenant openings.',
                     ],
                     [
                         'kind' => 'feature_livewire_test',
-                        'reference' => 'tests/Feature/Filament/ManagedTenantsLandingLifecycleTest.php',
+                        'reference' => 'tests/Feature/Filament/ManagedEnvironmentsLandingLifecycleTest.php',
                         'proves' => 'The landing intentionally exposes broader administrative discoverability than the tenant chooser.',
                     ],
                 ],
@@ -922,10 +922,10 @@ public static function spec195ResidualSurfaceInventory(): array
                 'mustRemainBaselineExempt' => true,
                 'mustNotRemainBaselineExempt' => false,
             ],
-            TenantDashboard::class => [
+            EnvironmentDashboard::class => [
                 'surfaceKey' => 'tenant_dashboard',
                 'surfaceName' => 'ManagedEnvironment Dashboard',
-                'pageClass' => TenantDashboard::class,
+                'pageClass' => EnvironmentDashboard::class,
                 'panelPlane' => 'tenant',
                 'surfaceKind' => 'dashboard_shell',
                 'discoveryState' => 'primary_discovered_baseline_exempt',
diff --git a/apps/platform/app/Support/Ui/ActionSurface/ActionSurfaceValidator.php b/apps/platform/app/Support/Ui/ActionSurface/ActionSurfaceValidator.php
index 24b029ca..ae655c2a 100644
--- a/apps/platform/app/Support/Ui/ActionSurface/ActionSurfaceValidator.php
+++ b/apps/platform/app/Support/Ui/ActionSurface/ActionSurfaceValidator.php
@@ -1098,9 +1098,9 @@ private static function qualifiesAsSpec195BaselineResidualCandidate(string $clas
     {
         if (in_array($className, [
             'App\\Filament\\Pages\\BreakGlassRecovery',
-            'App\\Filament\\Pages\\ChooseTenant',
+            'App\\Filament\\Pages\\ChooseEnvironment',
             'App\\Filament\\Pages\\ChooseWorkspace',
-            'App\\Filament\\Pages\\TenantDashboard',
+            'App\\Filament\\Pages\\EnvironmentDashboard',
         ], true)) {
             return true;
         }
diff --git a/apps/platform/app/Support/Ui/GovernanceActions/GovernanceActionCatalog.php b/apps/platform/app/Support/Ui/GovernanceActions/GovernanceActionCatalog.php
index 4098b481..77e89721 100644
--- a/apps/platform/app/Support/Ui/GovernanceActions/GovernanceActionCatalog.php
+++ b/apps/platform/app/Support/Ui/GovernanceActions/GovernanceActionCatalog.php
@@ -42,10 +42,10 @@ public static function families(): array
                 'familyKey' => 'review_lifecycle',
                 'canonicalObject' => 'review',
                 'panels' => ['tenant'],
-                'surfaceKeys' => ['view_tenant_review'],
+                'surfaceKeys' => ['view_environment_review'],
                 'defaultActionOrder' => ['refresh_review', 'publish_review', 'archive_review'],
                 'supportsDocumentedDeviation' => true,
-                'defaultMutationScopeSource' => 'tenant review lifecycle',
+                'defaultMutationScopeSource' => 'environment review lifecycle',
             ],
             'evidence_lifecycle' => [
                 'familyKey' => 'evidence_lifecycle',
@@ -156,11 +156,11 @@ public static function rules(): array
                 dangerPolicy: 'none',
                 canonicalLabel: 'Refresh review',
                 modalHeading: 'Refresh review',
-                modalDescription: 'Refresh this tenant review from the latest eligible evidence basis. TenantPilot queues a recomputation for this review and keeps existing publication history untouched.',
+                modalDescription: 'Refresh this environment review from the latest eligible evidence basis. TenantPilot queues a recomputation for this review and keeps existing publication history untouched.',
                 successTitle: 'Refresh review queued',
                 auditVerb: 'refresh review',
-                serviceOwner: 'TenantReviewService',
-                surfaceKeys: ['view_tenant_review'],
+                serviceOwner: 'EnvironmentReviewService',
+                surfaceKeys: ['view_environment_review'],
             ),
             'publish_review' => new GovernanceActionRule(
                 actionKey: 'publish_review',
@@ -170,11 +170,11 @@ public static function rules(): array
                 dangerPolicy: 'none',
                 canonicalLabel: 'Publish review',
                 modalHeading: 'Publish review',
-                modalDescription: 'Publish this tenant review as the current governed review outcome for this tenant. TenantPilot records the publication decision only.',
+                modalDescription: 'Publish this environment review as the current governed review outcome for this tenant. TenantPilot records the publication decision only.',
                 successTitle: 'Review published',
                 auditVerb: 'publish review',
-                serviceOwner: 'TenantReviewLifecycleService',
-                surfaceKeys: ['view_tenant_review'],
+                serviceOwner: 'EnvironmentReviewLifecycleService',
+                surfaceKeys: ['view_environment_review'],
             ),
             'archive_review' => new GovernanceActionRule(
                 actionKey: 'archive_review',
@@ -184,11 +184,11 @@ public static function rules(): array
                 dangerPolicy: 'required',
                 canonicalLabel: 'Archive review',
                 modalHeading: 'Archive review',
-                modalDescription: 'Archive this tenant review so it stays historical only. TenantPilot preserves the evidence history but removes the review from active lifecycle work.',
+                modalDescription: 'Archive this environment review so it stays historical only. TenantPilot preserves the evidence history but removes the review from active lifecycle work.',
                 successTitle: 'Review archived',
                 auditVerb: 'archive review',
-                serviceOwner: 'TenantReviewLifecycleService',
-                surfaceKeys: ['view_tenant_review'],
+                serviceOwner: 'EnvironmentReviewLifecycleService',
+                surfaceKeys: ['view_environment_review'],
             ),
             'refresh_evidence' => new GovernanceActionRule(
                 actionKey: 'refresh_evidence',
@@ -313,7 +313,7 @@ public static function rules(): array
                 modalDescription: 'Archive this environment. TenantPilot keeps it available for inspection and audit history but removes it from active management flows.',
                 successTitle: 'Environment archived',
                 auditVerb: 'archive environment',
-                serviceOwner: 'TenantResource',
+                serviceOwner: 'ManagedEnvironmentResource',
                 surfaceKeys: ['tenant_index_row', 'view_tenant', 'edit_tenant'],
             ),
             'restore_tenant' => new GovernanceActionRule(
@@ -327,7 +327,7 @@ public static function rules(): array
                 modalDescription: 'Restore this environment so it becomes available again in normal management flows.',
                 successTitle: 'Environment restored',
                 auditVerb: 'restore environment',
-                serviceOwner: 'TenantResource',
+                serviceOwner: 'ManagedEnvironmentResource',
                 surfaceKeys: ['tenant_index_row', 'view_tenant', 'edit_tenant'],
             ),
         ];
@@ -438,35 +438,35 @@ public static function surfaceBindings(): array
                 'auditChannel' => 'workspace_audit',
             ],
             [
-                'surfaceKey' => 'view_tenant_review',
-                'pageClass' => 'App\\Filament\\Resources\\TenantReviewResource\\Pages\\ViewTenantReview',
+                'surfaceKey' => 'view_environment_review',
+                'pageClass' => 'App\\Filament\\Resources\\EnvironmentReviewResource\\Pages\\ViewEnvironmentReview',
                 'actionName' => 'refresh_review',
                 'familyKey' => 'review_lifecycle',
                 'statePredicate' => 'review is mutable',
                 'primaryOrSecondary' => 'primary',
-                'capabilityKey' => 'tenant_review.manage',
+                'capabilityKey' => 'environment_review.manage',
                 'uiFieldKey' => null,
                 'auditChannel' => 'workspace_audit',
             ],
             [
-                'surfaceKey' => 'view_tenant_review',
-                'pageClass' => 'App\\Filament\\Resources\\TenantReviewResource\\Pages\\ViewTenantReview',
+                'surfaceKey' => 'view_environment_review',
+                'pageClass' => 'App\\Filament\\Resources\\EnvironmentReviewResource\\Pages\\ViewEnvironmentReview',
                 'actionName' => 'publish_review',
                 'familyKey' => 'review_lifecycle',
                 'statePredicate' => 'review is mutable and ready to publish',
                 'primaryOrSecondary' => 'primary',
-                'capabilityKey' => 'tenant_review.manage',
+                'capabilityKey' => 'environment_review.manage',
                 'uiFieldKey' => 'publish_reason',
                 'auditChannel' => 'workspace_audit',
             ],
             [
-                'surfaceKey' => 'view_tenant_review',
-                'pageClass' => 'App\\Filament\\Resources\\TenantReviewResource\\Pages\\ViewTenantReview',
+                'surfaceKey' => 'view_environment_review',
+                'pageClass' => 'App\\Filament\\Resources\\EnvironmentReviewResource\\Pages\\ViewEnvironmentReview',
                 'actionName' => 'archive_review',
                 'familyKey' => 'review_lifecycle',
                 'statePredicate' => 'review is not terminal',
                 'primaryOrSecondary' => 'secondary',
-                'capabilityKey' => 'tenant_review.manage',
+                'capabilityKey' => 'environment_review.manage',
                 'uiFieldKey' => 'archive_reason',
                 'auditChannel' => 'workspace_audit',
             ],
@@ -538,7 +538,7 @@ public static function surfaceBindings(): array
             ],
             [
                 'surfaceKey' => 'view_tenant',
-                'pageClass' => 'App\\Filament\\Resources\\TenantResource\\Pages\\ViewTenant',
+                'pageClass' => 'App\\Filament\\Resources\\ManagedEnvironmentResource\\Pages\\ViewManagedEnvironment',
                 'actionName' => 'archive',
                 'familyKey' => 'tenant_lifecycle',
                 'statePredicate' => 'tenant is active',
@@ -549,7 +549,7 @@ public static function surfaceBindings(): array
             ],
             [
                 'surfaceKey' => 'view_tenant',
-                'pageClass' => 'App\\Filament\\Resources\\TenantResource\\Pages\\ViewTenant',
+                'pageClass' => 'App\\Filament\\Resources\\ManagedEnvironmentResource\\Pages\\ViewManagedEnvironment',
                 'actionName' => 'restore',
                 'familyKey' => 'tenant_lifecycle',
                 'statePredicate' => 'tenant is archived',
@@ -560,7 +560,7 @@ public static function surfaceBindings(): array
             ],
             [
                 'surfaceKey' => 'edit_tenant',
-                'pageClass' => 'App\\Filament\\Resources\\TenantResource\\Pages\\EditTenant',
+                'pageClass' => 'App\\Filament\\Resources\\ManagedEnvironmentResource\\Pages\\EditManagedEnvironment',
                 'actionName' => 'archive',
                 'familyKey' => 'tenant_lifecycle',
                 'statePredicate' => 'tenant is active',
@@ -571,7 +571,7 @@ public static function surfaceBindings(): array
             ],
             [
                 'surfaceKey' => 'edit_tenant',
-                'pageClass' => 'App\\Filament\\Resources\\TenantResource\\Pages\\EditTenant',
+                'pageClass' => 'App\\Filament\\Resources\\ManagedEnvironmentResource\\Pages\\EditManagedEnvironment',
                 'actionName' => 'restore',
                 'familyKey' => 'tenant_lifecycle',
                 'statePredicate' => 'tenant is archived',
diff --git a/apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php b/apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php
index c7a2fb8f..80eb16d5 100644
--- a/apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php
+++ b/apps/platform/app/Support/Ui/GovernanceArtifactTruth/ArtifactTruthPresenter.php
@@ -7,14 +7,14 @@
 use App\Filament\Resources\BaselineSnapshotResource;
 use App\Filament\Resources\EvidenceSnapshotResource;
 use App\Filament\Resources\ReviewPackResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\BaselineSnapshot;
 use App\Models\EvidenceSnapshot;
 use App\Models\FindingExceptionDecision;
 use App\Models\OperationRun;
 use App\Models\ReviewPack;
 use App\Models\StoredReport;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Services\Baselines\BaselineSnapshotTruthResolver;
 use App\Services\Baselines\SnapshotRendering\FidelityState;
 use App\Support\Badges\BadgeCatalog;
@@ -28,8 +28,8 @@
 use App\Support\ReasonTranslation\ReasonPresenter;
 use App\Support\ReasonTranslation\ReasonResolutionEnvelope;
 use App\Support\ReviewPackStatus;
-use App\Support\TenantReviewCompletenessState;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewCompletenessState;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Ui\DerivedState\DerivedStateFamily;
 use App\Support\Ui\DerivedState\DerivedStateKey;
 use App\Support\Ui\DerivedState\RequestScopedDerivedStateStore;
@@ -54,7 +54,7 @@ public function for(mixed $record): ?ArtifactTruthEnvelope
         return match (true) {
             $record instanceof BaselineSnapshot => $this->forBaselineSnapshot($record),
             $record instanceof EvidenceSnapshot => $this->forEvidenceSnapshot($record),
-            $record instanceof TenantReview => $this->forTenantReview($record),
+            $record instanceof EnvironmentReview => $this->forEnvironmentReview($record),
             $record instanceof ReviewPack => $this->forReviewPack($record),
             $record instanceof StoredReport => $this->forStoredReport($record),
             $record instanceof FindingExceptionDecision => $this->forFindingExceptionDecision($record),
@@ -68,7 +68,7 @@ public function forFresh(mixed $record): ?ArtifactTruthEnvelope
         return match (true) {
             $record instanceof BaselineSnapshot => $this->forBaselineSnapshotFresh($record),
             $record instanceof EvidenceSnapshot => $this->forEvidenceSnapshotFresh($record),
-            $record instanceof TenantReview => $this->forTenantReviewFresh($record),
+            $record instanceof EnvironmentReview => $this->forEnvironmentReviewFresh($record),
             $record instanceof ReviewPack => $this->forReviewPackFresh($record),
             $record instanceof StoredReport => $this->forStoredReportFresh($record),
             $record instanceof FindingExceptionDecision => $this->forFindingExceptionDecisionFresh($record),
@@ -469,26 +469,26 @@ private function buildEvidenceSnapshotEnvelope(EvidenceSnapshot $snapshot): Arti
         );
     }
 
-    public function forTenantReview(TenantReview $review): ArtifactTruthEnvelope
+    public function forEnvironmentReview(EnvironmentReview $review): ArtifactTruthEnvelope
     {
         return $this->resolveEnvelope(
             record: $review,
-            variant: 'tenant_review',
-            resolver: fn (): ArtifactTruthEnvelope => $this->buildTenantReviewEnvelope($review),
+            variant: 'environment_review',
+            resolver: fn (): ArtifactTruthEnvelope => $this->buildEnvironmentReviewEnvelope($review),
         );
     }
 
-    public function forTenantReviewFresh(TenantReview $review): ArtifactTruthEnvelope
+    public function forEnvironmentReviewFresh(EnvironmentReview $review): ArtifactTruthEnvelope
     {
         return $this->resolveEnvelope(
             record: $review,
-            variant: 'tenant_review',
-            resolver: fn (): ArtifactTruthEnvelope => $this->buildTenantReviewEnvelope($review),
+            variant: 'environment_review',
+            resolver: fn (): ArtifactTruthEnvelope => $this->buildEnvironmentReviewEnvelope($review),
             fresh: true,
         );
     }
 
-    private function buildTenantReviewEnvelope(TenantReview $review): ArtifactTruthEnvelope
+    private function buildEnvironmentReviewEnvelope(EnvironmentReview $review): ArtifactTruthEnvelope
     {
         $review->loadMissing(['tenant', 'currentExportReviewPack', 'evidenceSnapshot']);
 
@@ -501,23 +501,23 @@ private function buildTenantReviewEnvelope(TenantReview $review): ArtifactTruthE
         $sourceEvidence = $this->evidenceTrustBurden($review->evidenceSnapshot);
 
         $artifactExistence = match ($status) {
-            TenantReviewStatus::Archived, TenantReviewStatus::Superseded => 'historical_only',
-            TenantReviewStatus::Failed => 'created_but_not_usable',
+            EnvironmentReviewStatus::Archived, EnvironmentReviewStatus::Superseded => 'historical_only',
+            EnvironmentReviewStatus::Failed => 'created_but_not_usable',
             default => 'created',
         };
 
         $contentState = match (true) {
-            $completeness === TenantReviewCompletenessState::Missing->value => 'missing_input',
-            $completeness === TenantReviewCompletenessState::Partial->value || $sourceEvidence['isPartial'] => 'partial',
+            $completeness === EnvironmentReviewCompletenessState::Missing->value => 'missing_input',
+            $completeness === EnvironmentReviewCompletenessState::Partial->value || $sourceEvidence['isPartial'] => 'partial',
             $sourceEvidence['isMissing'] => 'missing_input',
-            $completeness === TenantReviewCompletenessState::Complete->value => 'trusted',
-            $completeness === TenantReviewCompletenessState::Stale->value => 'trusted',
+            $completeness === EnvironmentReviewCompletenessState::Complete->value => 'trusted',
+            $completeness === EnvironmentReviewCompletenessState::Stale->value => 'trusted',
             default => 'partial',
         };
 
         $freshnessState = match (true) {
             $artifactExistence === 'historical_only' => 'stale',
-            $completeness === TenantReviewCompletenessState::Stale->value || $staleSections > 0 || $sourceEvidence['isStale'] => 'stale',
+            $completeness === EnvironmentReviewCompletenessState::Stale->value || $staleSections > 0 || $sourceEvidence['isStale'] => 'stale',
             default => 'current',
         };
 
@@ -526,8 +526,8 @@ private function buildTenantReviewEnvelope(TenantReview $review): ArtifactTruthE
             $publishBlockers !== [] => 'blocked',
             $contentState === 'missing_input' => 'blocked',
             $freshnessState === 'stale' || $contentState === 'partial' => 'internal_only',
-            $status === TenantReviewStatus::Published => 'publishable',
-            $status === TenantReviewStatus::Ready => 'publishable',
+            $status === EnvironmentReviewStatus::Published => 'publishable',
+            $status === EnvironmentReviewStatus::Ready => 'publishable',
             default => 'internal_only',
         };
 
@@ -541,7 +541,7 @@ private function buildTenantReviewEnvelope(TenantReview $review): ArtifactTruthE
 
         $reasonCode = match (true) {
             $publishBlockers !== [] => 'review_publish_blocked',
-            $status === TenantReviewStatus::Failed => 'review_generation_failed',
+            $status === EnvironmentReviewStatus::Failed => 'review_generation_failed',
             $contentState === 'missing_input' => 'review_missing_sections',
             $freshnessState === 'stale' => 'review_stale_sections',
             default => null,
@@ -600,7 +600,7 @@ private function buildTenantReviewEnvelope(TenantReview $review): ArtifactTruthE
 
         if ($publishBlockers !== [] && $review->tenant !== null) {
             $nextActionUrl = $this->panelSafeTenantArtifactUrl(
-                fn (): string => TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $review->tenant)
+                fn (): string => EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $review->tenant)
             );
         } elseif (($freshnessState === 'stale' || $contentState === 'partial') && $review->tenant !== null && $review->evidenceSnapshot !== null) {
             $nextActionUrl = $this->panelSafeTenantArtifactUrl(
@@ -609,8 +609,8 @@ private function buildTenantReviewEnvelope(TenantReview $review): ArtifactTruthE
         }
 
         return $this->makeEnvelope(
-            artifactFamily: 'tenant_review',
-            artifactKey: 'tenant_review:'.$review->getKey(),
+            artifactFamily: 'environment_review',
+            artifactKey: 'environment_review:'.$review->getKey(),
             workspaceId: (int) $review->workspace_id,
             tenantId: $review->managed_environment_id !== null ? (int) $review->managed_environment_id : null,
             executionOutcome: null,
@@ -642,7 +642,7 @@ private function buildTenantReviewEnvelope(TenantReview $review): ArtifactTruthE
             relatedRunId: $review->operation_run_id !== null ? (int) $review->operation_run_id : null,
             relatedArtifactUrl: $review->tenant !== null
                 ? $this->panelSafeTenantArtifactUrl(
-                    fn (): string => TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $review->tenant)
+                    fn (): string => EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $review->tenant)
                 )
                 : null,
             includePublicationDimension: true,
@@ -692,17 +692,17 @@ public function forReviewPackFresh(ReviewPack $pack): ArtifactTruthEnvelope
 
     private function buildReviewPackEnvelope(ReviewPack $pack): ArtifactTruthEnvelope
     {
-        $pack->loadMissing(['tenant', 'tenantReview', 'evidenceSnapshot']);
+        $pack->loadMissing(['tenant', 'environmentReview', 'evidenceSnapshot']);
 
         $summary = is_array($pack->summary) ? $pack->summary : [];
         $status = (string) $pack->status;
         $evidenceResolution = is_array($summary['evidence_resolution'] ?? null) ? $summary['evidence_resolution'] : [];
-        $sourceReview = $pack->tenantReview;
-        $sourceReviewTruth = $sourceReview instanceof TenantReview
-            ? $this->forTenantReviewFresh($sourceReview)
+        $sourceReview = $pack->environmentReview;
+        $sourceReviewTruth = $sourceReview instanceof EnvironmentReview
+            ? $this->forEnvironmentReviewFresh($sourceReview)
             : null;
-        $sourceBlockers = $sourceReview instanceof TenantReview ? $sourceReview->publishBlockers() : [];
-        $sourceReviewStatus = $sourceReview instanceof TenantReview ? $sourceReview->statusEnum() : null;
+        $sourceBlockers = $sourceReview instanceof EnvironmentReview ? $sourceReview->publishBlockers() : [];
+        $sourceReviewStatus = $sourceReview instanceof EnvironmentReview ? $sourceReview->statusEnum() : null;
         $sourceEvidence = $this->evidenceTrustBurden($pack->evidenceSnapshot);
 
         $artifactExistence = match ($status) {
@@ -734,7 +734,7 @@ private function buildReviewPackEnvelope(ReviewPack $pack): ArtifactTruthEnvelop
             $sourceReviewTruth?->publicationReadiness === 'blocked' => 'blocked',
             $sourceReviewTruth?->publicationReadiness === 'internal_only' => 'internal_only',
             $freshnessState === 'stale' || $contentState === 'partial' => 'internal_only',
-            $sourceReviewStatus === TenantReviewStatus::Draft || $sourceReviewStatus === TenantReviewStatus::Failed => 'internal_only',
+            $sourceReviewStatus === EnvironmentReviewStatus::Draft || $sourceReviewStatus === EnvironmentReviewStatus::Failed => 'internal_only',
             default => $status === ReviewPackStatus::Ready->value ? 'publishable' : 'blocked',
         };
 
@@ -783,9 +783,9 @@ private function buildReviewPackEnvelope(ReviewPack $pack): ArtifactTruthEnvelop
 
         $nextActionUrl = null;
 
-        if ($sourceReview instanceof TenantReview && $pack->tenant !== null) {
+        if ($sourceReview instanceof EnvironmentReview && $pack->tenant !== null) {
             $nextActionUrl = $this->panelSafeTenantArtifactUrl(
-                fn (): string => TenantReviewResource::tenantScopedUrl('view', ['record' => $sourceReview], $pack->tenant)
+                fn (): string => EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $sourceReview], $pack->tenant)
             );
         } elseif (($freshnessState === 'stale' || $contentState === 'partial') && $pack->tenant !== null && $pack->evidenceSnapshot !== null) {
             $nextActionUrl = $this->panelSafeTenantArtifactUrl(
@@ -1099,7 +1099,7 @@ private function buildOperationRunEnvelope(OperationRun $run): ArtifactTruthEnve
             contentState: $contentState,
             freshnessState: 'unknown',
             publicationReadiness: OperationCatalog::governanceArtifactFamily((string) $run->type) === 'review_pack'
-                || OperationCatalog::governanceArtifactFamily((string) $run->type) === 'tenant_review'
+                || OperationCatalog::governanceArtifactFamily((string) $run->type) === 'environment_review'
                 ? 'blocked'
                 : null,
             supportState: 'normal',
@@ -1120,20 +1120,20 @@ private function buildOperationRunEnvelope(OperationRun $run): ArtifactTruthEnve
             relatedRunId: (int) $run->getKey(),
             relatedArtifactUrl: null,
             includePublicationDimension: OperationCatalog::governanceArtifactFamily((string) $run->type) === 'review_pack'
-                || OperationCatalog::governanceArtifactFamily((string) $run->type) === 'tenant_review',
+                || OperationCatalog::governanceArtifactFamily((string) $run->type) === 'environment_review',
             countDescriptors: $this->runCountDescriptors($run),
         );
     }
 
-    private function resolveArtifactForRun(OperationRun $run): BaselineSnapshot|EvidenceSnapshot|TenantReview|ReviewPack|null
+    private function resolveArtifactForRun(OperationRun $run): BaselineSnapshot|EvidenceSnapshot|EnvironmentReview|ReviewPack|null
     {
         return match (OperationCatalog::governanceArtifactFamily((string) $run->type)) {
             'baseline_snapshot' => $run->relatedArtifactId() !== null
                 ? BaselineSnapshot::query()->with('baselineProfile')->find($run->relatedArtifactId())
                 : null,
             'evidence_snapshot' => EvidenceSnapshot::query()->with('tenant')->where('operation_run_id', (int) $run->getKey())->latest('id')->first(),
-            'tenant_review' => TenantReview::query()->with(['tenant', 'currentExportReviewPack'])->where('operation_run_id', (int) $run->getKey())->latest('id')->first(),
-            'review_pack' => ReviewPack::query()->with(['tenant', 'tenantReview'])->where('operation_run_id', (int) $run->getKey())->latest('id')->first(),
+            'environment_review' => EnvironmentReview::query()->with(['tenant', 'currentExportReviewPack'])->where('operation_run_id', (int) $run->getKey())->latest('id')->first(),
+            'review_pack' => ReviewPack::query()->with(['tenant', 'environmentReview'])->where('operation_run_id', (int) $run->getKey())->latest('id')->first(),
             default => null,
         };
     }
@@ -1549,8 +1549,8 @@ private function reviewPackLifecycleState(ReviewPack $pack): string
             return 'historical';
         }
 
-        if ($pack->tenantReview instanceof TenantReview && $pack->tenantReview->current_export_review_pack_id !== null) {
-            return $pack->tenantReview->current_export_review_pack_id === (int) $pack->getKey()
+        if ($pack->environmentReview instanceof EnvironmentReview && $pack->environmentReview->current_export_review_pack_id !== null) {
+            return $pack->environmentReview->current_export_review_pack_id === (int) $pack->getKey()
                 ? 'current'
                 : 'superseded';
         }
diff --git a/apps/platform/app/Support/Ui/GovernanceArtifactTruth/SurfaceCompressionContext.php b/apps/platform/app/Support/Ui/GovernanceArtifactTruth/SurfaceCompressionContext.php
index ea95a475..e3d2befe 100644
--- a/apps/platform/app/Support/Ui/GovernanceArtifactTruth/SurfaceCompressionContext.php
+++ b/apps/platform/app/Support/Ui/GovernanceArtifactTruth/SurfaceCompressionContext.php
@@ -48,9 +48,9 @@ public static function evidenceSnapshot(): self
         return self::fromSurfaceFamily('evidence_snapshot');
     }
 
-    public static function tenantReview(): self
+    public static function environmentReview(): self
     {
-        return self::fromSurfaceFamily('tenant_review');
+        return self::fromSurfaceFamily('environment_review');
     }
 
     public static function reviewPack(): self
@@ -78,7 +78,7 @@ public static function defaultForArtifactFamily(string $artifactFamily): self
         return match ($artifactFamily) {
             'baseline_snapshot' => self::baselineSnapshot(),
             'evidence_snapshot' => self::evidenceSnapshot(),
-            'tenant_review' => self::tenantReview(),
+            'environment_review' => self::environmentReview(),
             'review_pack' => self::reviewPack(),
             'artifact_run' => self::operationRunArtifact(),
             default => throw new InvalidArgumentException(sprintf('No default compression context exists for artifact family [%s].', $artifactFamily)),
@@ -106,8 +106,8 @@ public static function fromSurfaceFamily(string $surfaceFamily): self
                 diagnosticsAllowed: true,
                 canonicalNoun: 'Evidence snapshot',
             ),
-            'tenant_review' => new self(
-                surfaceFamily: 'tenant_review',
+            'environment_review' => new self(
+                surfaceFamily: 'environment_review',
                 decisionRole: 'primary_decision',
                 primaryQuestion: 'Is this review ready for real use or publication?',
                 primaryDimensionPriority: ['publication_readiness', 'data_freshness', 'content_fidelity'],
diff --git a/apps/platform/app/Support/Verification/TenantPermissionCheckClusters.php b/apps/platform/app/Support/Verification/ManagedEnvironmentPermissionCheckClusters.php
similarity index 96%
rename from apps/platform/app/Support/Verification/TenantPermissionCheckClusters.php
rename to apps/platform/app/Support/Verification/ManagedEnvironmentPermissionCheckClusters.php
index 2fd78aa0..56308d8d 100644
--- a/apps/platform/app/Support/Verification/TenantPermissionCheckClusters.php
+++ b/apps/platform/app/Support/Verification/ManagedEnvironmentPermissionCheckClusters.php
@@ -10,10 +10,10 @@
 use App\Support\Providers\ProviderNextStepsRegistry;
 use App\Support\Providers\ProviderReasonCodes;
 
-final class TenantPermissionCheckClusters
+final class ManagedEnvironmentPermissionCheckClusters
 {
     /**
-     * @phpstan-type TenantPermissionRow array{
+     * @phpstan-type ManagedEnvironmentPermissionRow array{
      *   key:string,
      *   type:'application'|'delegated',
      *   description:?string,
@@ -46,7 +46,7 @@ public static function buildChecks(ManagedEnvironment $tenant, array $permission
 
         $inventoryEvidence = self::inventoryEvidence($inventory);
 
-        /** @var array<int, TenantPermissionRow> $rows */
+        /** @var array<int, ManagedEnvironmentPermissionRow> $rows */
         $rows = collect($permissions)
             ->filter(fn (mixed $row): bool => is_array($row))
             ->map(fn (array $row): array => self::normalizePermissionRow($row))
@@ -143,7 +143,7 @@ public static function definitions(): array
 
     /**
      * @param  array{mode:string,prefixes?:array<int,string>,keys?:array<int,string>,type?:string}  $definition
-     * @param  TenantPermissionRow  $row
+     * @param  ManagedEnvironmentPermissionRow  $row
      */
     public static function matchesDefinition(array $definition, array $row): bool
     {
@@ -181,7 +181,7 @@ public static function matchesDefinition(array $definition, array $row): bool
 
     /**
      * @param  array<int, array<string, mixed>>  $permissions
-     * @return array<int, TenantPermissionRow>
+     * @return array<int, ManagedEnvironmentPermissionRow>
      */
     public static function rowsForRequirementKey(array $permissions, string $requirementKey): array
     {
@@ -200,7 +200,7 @@ public static function rowsForRequirementKey(array $permissions, string $require
     }
 
     /**
-     * @param  TenantPermissionRow  $row
+     * @param  ManagedEnvironmentPermissionRow  $row
      * @return array<int, string>
      */
     public static function requirementKeysForPermissionRow(array $row): array
@@ -228,7 +228,7 @@ public static function definitionForKey(string $requirementKey): ?array
     }
 
     /**
-     * @param  array<int, TenantPermissionRow>  $clusterRows
+     * @param  array<int, ManagedEnvironmentPermissionRow>  $clusterRows
      * @return array<string, mixed>
      */
     private static function buildCheck(
@@ -369,9 +369,9 @@ private static function permissionMissingReasonCode(string $key): string
     }
 
     /**
-     * @param  array<int, TenantPermissionRow>  $missingApplication
-     * @param  array<int, TenantPermissionRow>  $missingDelegated
-     * @param  array<int, TenantPermissionRow>  $errored
+     * @param  array<int, ManagedEnvironmentPermissionRow>  $missingApplication
+     * @param  array<int, ManagedEnvironmentPermissionRow>  $missingDelegated
+     * @param  array<int, ManagedEnvironmentPermissionRow>  $errored
      * @return array<int, array{kind:string,value:int|string}>
      */
     private static function evidence(array $missingApplication, array $missingDelegated, array $errored): array
@@ -472,7 +472,7 @@ private static function nextSteps(ManagedEnvironment $tenant, string $reasonCode
 
     /**
      * @param  array<string, mixed>  $row
-     * @return TenantPermissionRow
+     * @return ManagedEnvironmentPermissionRow
      */
     private static function normalizePermissionRow(array $row): array
     {
diff --git a/apps/platform/app/Support/Verification/VerificationAssistViewModelBuilder.php b/apps/platform/app/Support/Verification/VerificationAssistViewModelBuilder.php
index 17bcdebb..3f5725a9 100644
--- a/apps/platform/app/Support/Verification/VerificationAssistViewModelBuilder.php
+++ b/apps/platform/app/Support/Verification/VerificationAssistViewModelBuilder.php
@@ -6,7 +6,7 @@
 
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 use App\Support\Links\RequiredPermissionsLinks;
 use App\Support\Providers\ProviderNextStepsRegistry;
 use App\Support\Providers\ProviderReasonCodes;
@@ -14,7 +14,7 @@
 final class VerificationAssistViewModelBuilder
 {
     public function __construct(
-        private readonly TenantRequiredPermissionsViewModelBuilder $requiredPermissionsViewModelBuilder,
+        private readonly ManagedEnvironmentRequiredPermissionsViewModelBuilder $requiredPermissionsViewModelBuilder,
         private readonly ProviderNextStepsRegistry $providerNextStepsRegistry,
     ) {}
 
diff --git a/apps/platform/app/Support/WorkspaceIsolation/TenantOwnedModelFamilies.php b/apps/platform/app/Support/WorkspaceIsolation/TenantOwnedModelFamilies.php
index 8d910b2b..27dc20c5 100644
--- a/apps/platform/app/Support/WorkspaceIsolation/TenantOwnedModelFamilies.php
+++ b/apps/platform/app/Support/WorkspaceIsolation/TenantOwnedModelFamilies.php
@@ -15,7 +15,7 @@
 use App\Filament\Resources\PolicyVersionResource;
 use App\Filament\Resources\RestoreRunResource;
 use App\Filament\Resources\StoredReportResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\BackupSchedule;
 use App\Models\BackupSet;
 use App\Models\EntraGroup;
@@ -27,7 +27,7 @@
 use App\Models\PolicyVersion;
 use App\Models\RestoreRun;
 use App\Models\StoredReport;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 
 final class TenantOwnedModelFamilies
 {
@@ -146,14 +146,14 @@ public static function firstSlice(): array
                 'action_surface_reason' => 'EntraGroupResource declares its action surface contract directly.',
                 'notes' => 'Directory groups already support tenant-safe global search.',
             ],
-            'TenantReview' => [
-                'table' => 'tenant_reviews',
-                'model' => TenantReview::class,
-                'resource' => TenantReviewResource::class,
+            'EnvironmentReview' => [
+                'table' => 'environment_reviews',
+                'model' => EnvironmentReview::class,
+                'resource' => EnvironmentReviewResource::class,
                 'tenant_relationship' => 'tenant',
                 'search_posture' => 'disabled',
                 'action_surface' => 'declared',
-                'action_surface_reason' => 'TenantReviewResource declares its action surface contract directly.',
+                'action_surface_reason' => 'EnvironmentReviewResource declares its action surface contract directly.',
                 'notes' => 'ManagedEnvironment reviews stay out of global search and are surfaced through tenant detail plus the canonical register.',
             ],
             'StoredReport' => [
@@ -190,8 +190,8 @@ public static function residualRolloutInventory(): array
                 'likely_surface' => 'Entra admin-role reporting and findings reference flows',
                 'why_not_in_first_slice' => 'Read paths remain indirect via reporting and findings surfaces, so direct tenant-owned resource parity is deferred.',
             ],
-            'TenantPermission' => [
-                'table' => 'tenant_permissions',
+            'ManagedEnvironmentPermission' => [
+                'table' => 'managed_environment_permissions',
                 'likely_surface' => 'Permissions and onboarding diagnostics surfaces',
                 'why_not_in_first_slice' => 'Permission posture is enforced through dedicated diagnostics and onboarding flows, not a first-slice primary resource.',
             ],
diff --git a/apps/platform/app/Support/WorkspaceIsolation/TenantOwnedTables.php b/apps/platform/app/Support/WorkspaceIsolation/TenantOwnedTables.php
index 28047a9a..0c14673f 100644
--- a/apps/platform/app/Support/WorkspaceIsolation/TenantOwnedTables.php
+++ b/apps/platform/app/Support/WorkspaceIsolation/TenantOwnedTables.php
@@ -36,7 +36,7 @@ public static function firstSlice(): array
             'inventory_items',
             'entra_groups',
             'stored_reports',
-            'tenant_reviews',
+            'environment_reviews',
         ];
     }
 
@@ -49,7 +49,7 @@ public static function residual(): array
             'backup_items',
             'inventory_links',
             'entra_role_definitions',
-            'tenant_permissions',
+            'managed_environment_permissions',
             'finding_exception_decisions',
             'finding_exception_evidence_references',
         ];
diff --git a/apps/platform/app/Support/Workspaces/WorkspaceOverviewBuilder.php b/apps/platform/app/Support/Workspaces/WorkspaceOverviewBuilder.php
index 29dfaffd..58c2770f 100644
--- a/apps/platform/app/Support/Workspaces/WorkspaceOverviewBuilder.php
+++ b/apps/platform/app/Support/Workspaces/WorkspaceOverviewBuilder.php
@@ -5,7 +5,7 @@
 namespace App\Support\Workspaces;
 
 use App\Filament\Pages\BaselineCompareLanding;
-use App\Filament\Pages\ChooseTenant;
+use App\Filament\Pages\ChooseEnvironment;
 use App\Filament\Pages\Findings\FindingsHygieneReport;
 use App\Filament\Pages\Findings\MyFindingsInbox;
 use App\Filament\Resources\FindingResource;
@@ -14,7 +14,7 @@
 use App\Models\FindingException;
 use App\Models\OperationRun;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Services\Auth\CapabilityResolver;
@@ -36,7 +36,7 @@
 use App\Support\OperationRunLinks;
 use App\Support\OpsUx\OperationUxPresenter;
 use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
-use App\Support\PortfolioTriage\TenantTriageReviewStateResolver;
+use App\Support\PortfolioTriage\ManagedEnvironmentTriageReviewStateResolver;
 use App\Support\Rbac\UiTooltips;
 use App\Support\RestoreSafety\RestoreResultAttention;
 use App\Support\RestoreSafety\RestoreSafetyCopy;
@@ -56,7 +56,7 @@ public function __construct(
         private TenantGovernanceAggregateResolver $tenantGovernanceAggregateResolver,
         private TenantBackupHealthResolver $tenantBackupHealthResolver,
         private RestoreSafetyResolver $restoreSafetyResolver,
-        private TenantTriageReviewStateResolver $tenantTriageReviewStateResolver,
+        private ManagedEnvironmentTriageReviewStateResolver $managedEnvironmentTriageReviewStateResolver,
     ) {}
 
     /**
@@ -135,7 +135,7 @@ public function build(Workspace $workspace, User $user): array
             'title' => $calmness['title'],
             'body' => $calmness['body'],
             'action_label' => $calmness['next_action']['label'] ?? __('localization.shell.choose_environment'),
-            'action_url' => $calmness['next_action']['url'] ?? ChooseTenant::getUrl(panel: 'admin'),
+            'action_url' => $calmness['next_action']['url'] ?? ChooseEnvironment::getUrl(panel: 'admin'),
         ];
 
         $myFindingsSignal = $this->myFindingsSignal($workspaceId, $visibleFindingsTenantIds, $user);
@@ -996,7 +996,7 @@ private function summaryMetrics(
                     : 'No managed environments are available in this workspace yet.',
                 color: $accessibleTenantCount > 0 ? 'primary' : 'warning',
                 destination: $accessibleTenantCount > 0
-                    ? $this->chooseTenantTarget()
+                    ? $this->chooseEnvironmentTarget()
                     : $this->switchWorkspaceTarget(),
             ),
             $this->makeSummaryMetric(
@@ -1007,7 +1007,7 @@ private function summaryMetrics(
                 description: 'Affected visible environments with overdue findings, governance expiry, lapsed governance, or compare posture that needs review.',
                 color: $governanceAttentionTenantCount > 0 ? 'danger' : 'gray',
                 destination: $governanceAttentionTenantCount > 0
-                    ? $this->chooseTenantTarget(__('localization.shell.choose_environment'))
+                    ? $this->chooseEnvironmentTarget(__('localization.shell.choose_environment'))
                     : null,
             ),
             $this->makeSummaryMetric(
@@ -1107,7 +1107,7 @@ private function triageReviewProgress(int $workspaceId, array $tenantContexts):
             $recoveryEvidenceByTenant[$tenantId] = $context['recovery_evidence'] ?? null;
         }
 
-        $resolved = $this->tenantTriageReviewStateResolver->resolveMany(
+        $resolved = $this->managedEnvironmentTriageReviewStateResolver->resolveMany(
             workspaceId: $workspaceId,
             tenantIds: $tenantIds,
             backupHealthByTenant: $backupHealthByTenant,
@@ -1207,10 +1207,10 @@ private function triageReviewProgressFamilies(array $triageReviewSummaries): arr
                 'follow_up_needed_count' => (int) ($summary['follow_up_needed_count'] ?? 0),
                 'changed_since_review_count' => (int) ($summary['changed_since_review_count'] ?? 0),
                 'not_reviewed_count' => (int) ($summary['not_reviewed_count'] ?? 0),
-                'reviewed_destination' => $this->triageReviewBucketDestination($family, TenantTriageReview::STATE_REVIEWED, 'Reviewed'),
-                'follow_up_needed_destination' => $this->triageReviewBucketDestination($family, TenantTriageReview::STATE_FOLLOW_UP_NEEDED, 'Follow-up needed'),
-                'changed_since_review_destination' => $this->triageReviewBucketDestination($family, TenantTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW, 'Changed since review'),
-                'not_reviewed_destination' => $this->triageReviewBucketDestination($family, TenantTriageReview::DERIVED_STATE_NOT_REVIEWED, 'Not reviewed'),
+                'reviewed_destination' => $this->triageReviewBucketDestination($family, ManagedEnvironmentTriageReview::STATE_REVIEWED, 'Reviewed'),
+                'follow_up_needed_destination' => $this->triageReviewBucketDestination($family, ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED, 'Follow-up needed'),
+                'changed_since_review_destination' => $this->triageReviewBucketDestination($family, ManagedEnvironmentTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW, 'Changed since review'),
+                'not_reviewed_destination' => $this->triageReviewBucketDestination($family, ManagedEnvironmentTriageReview::DERIVED_STATE_NOT_REVIEWED, 'Not reviewed'),
             ];
         }
 
@@ -1279,7 +1279,7 @@ private function attentionMetricDestination(array $tenantContexts, User $user, s
                     ],
                     'triage_sort' => TenantRecoveryTriagePresentation::TRIAGE_SORT_WORST_FIRST,
                 ], __('localization.shell.choose_environment')),
-                default => $this->chooseTenantTarget(__('localization.shell.choose_environment')),
+                default => $this->chooseEnvironmentTarget(__('localization.shell.choose_environment')),
             };
         }
 
@@ -1388,7 +1388,7 @@ private function calmnessState(
                 'checked_domains' => $checkedDomains,
                 'title' => 'Nothing urgent in your visible workspace slice',
                 'body' => 'Visible governance, backup health, recovery evidence, compare posture, and activity currently look calm. Backup health and recovery evidence are included in this visible workspace calmness check.',
-                'next_action' => $this->chooseTenantTarget(),
+                'next_action' => $this->chooseEnvironmentTarget(),
             ];
         }
 
@@ -1407,7 +1407,7 @@ private function calmnessState(
             'checked_domains' => $checkedDomains,
             'title' => 'Visible environments still need attention',
             'body' => 'Backup health or recovery evidence still needs follow-up, or governance and activity remain open in this workspace.',
-            'next_action' => $attentionItems[0]['destination'] ?? $this->chooseTenantTarget(),
+            'next_action' => $attentionItems[0]['destination'] ?? $this->chooseEnvironmentTarget(),
         ];
     }
 
@@ -1449,10 +1449,10 @@ private function quickActions(
     ): array {
         $actions = [
             [
-                'key' => 'choose_tenant',
+                'key' => 'choose_environment',
                 'label' => __('localization.shell.choose_environment'),
                 'description' => 'Deliberately enter environment context from this workspace.',
-                'url' => ChooseTenant::getUrl(panel: 'admin'),
+                'url' => ChooseEnvironment::getUrl(panel: 'admin'),
                 'icon' => 'heroicon-o-building-office-2',
                 'color' => 'primary',
                 'visible' => $accessibleTenantCount > 0,
@@ -1528,11 +1528,11 @@ private function tenantRouteKey(ManagedEnvironment $tenant): string
     /**
      * @return array<string, mixed>
      */
-    private function chooseTenantTarget(?string $label = null): array
+    private function chooseEnvironmentTarget(?string $label = null): array
     {
         return $this->destination(
-            kind: 'choose_tenant',
-            url: ChooseTenant::getUrl(panel: 'admin'),
+            kind: 'choose_environment',
+            url: ChooseEnvironment::getUrl(panel: 'admin'),
             label: $label ?? __('localization.shell.choose_environment'),
         );
     }
@@ -1544,7 +1544,7 @@ private function chooseTenantTarget(?string $label = null): array
     private function filteredTenantRegistryTarget(array $filters, ?string $label = null): array
     {
         return $this->destination(
-            kind: 'choose_tenant',
+            kind: 'choose_environment',
             url: ManagedEnvironmentLinks::indexUrl(query: $filters),
             label: $label ?? __('localization.shell.choose_environment'),
             filters: $filters,
@@ -1573,7 +1573,7 @@ private function tenantDashboardTarget(
         ?array $arrivalState = null,
     ): array
     {
-        if (! $this->canAccessTenantDashboard($user, $tenant)) {
+        if (! $this->canAccessEnvironmentDashboard($user, $tenant)) {
             return $this->disabledDestination(
                 kind: 'tenant_dashboard',
                 label: $label,
@@ -1757,7 +1757,7 @@ private function canTenantView(User $user, ManagedEnvironment $tenant): bool
         return $this->capabilityResolver->can($user, $tenant, Capabilities::TENANT_VIEW);
     }
 
-    private function canAccessTenantDashboard(User $user, ManagedEnvironment $tenant): bool
+    private function canAccessEnvironmentDashboard(User $user, ManagedEnvironment $tenant): bool
     {
         return $this->capabilityResolver->isMember($user, $tenant);
     }
diff --git a/apps/platform/config/provider_boundaries.php b/apps/platform/config/provider_boundaries.php
index 6b9f9e04..f7dcdfd6 100644
--- a/apps/platform/config/provider_boundaries.php
+++ b/apps/platform/config/provider_boundaries.php
@@ -99,7 +99,7 @@
             'implementation_paths' => [
                 'app/Support/Providers/Capabilities/ProviderCapabilityRegistry.php',
                 'app/Support/Providers/Capabilities/ProviderCapabilityEvaluator.php',
-                'app/Support/Verification/TenantPermissionCheckClusters.php',
+                'app/Support/Verification/ManagedEnvironmentPermissionCheckClusters.php',
             ],
             'neutral_terms' => [
                 'provider capability',
diff --git a/apps/platform/config/tenantpilot.php b/apps/platform/config/tenantpilot.php
index 3c274449..647eb539 100644
--- a/apps/platform/config/tenantpilot.php
+++ b/apps/platform/config/tenantpilot.php
@@ -97,14 +97,14 @@
                     'scheduled_reconciliation' => true,
                 ],
                 'promotion.execute' => [
-                    'job_class' => \App\Jobs\Operations\CrossTenantPromotionExecutionJob::class,
+                    'job_class' => \App\Jobs\Operations\CrossEnvironmentPromotionExecutionJob::class,
                     'queued_stale_after_seconds' => 300,
                     'running_stale_after_seconds' => 1500,
                     'expected_max_runtime_seconds' => 420,
                     'direct_failed_bridge' => false,
                     'scheduled_reconciliation' => true,
                 ],
-                'tenant.review_pack.generate' => [
+                'environment.review_pack.generate' => [
                     'job_class' => \App\Jobs\GenerateReviewPackJob::class,
                     'queued_stale_after_seconds' => 300,
                     'running_stale_after_seconds' => 900,
@@ -112,8 +112,8 @@
                     'direct_failed_bridge' => false,
                     'scheduled_reconciliation' => true,
                 ],
-                'tenant.review.compose' => [
-                    'job_class' => \App\Jobs\ComposeTenantReviewJob::class,
+                'environment.review.compose' => [
+                    'job_class' => \App\Jobs\ComposeEnvironmentReviewJob::class,
                     'queued_stale_after_seconds' => 300,
                     'running_stale_after_seconds' => 900,
                     'expected_max_runtime_seconds' => 240,
diff --git a/apps/platform/database/factories/TenantReviewFactory.php b/apps/platform/database/factories/EnvironmentReviewFactory.php
similarity index 78%
rename from apps/platform/database/factories/TenantReviewFactory.php
rename to apps/platform/database/factories/EnvironmentReviewFactory.php
index 6412f67d..d181389e 100644
--- a/apps/platform/database/factories/TenantReviewFactory.php
+++ b/apps/platform/database/factories/EnvironmentReviewFactory.php
@@ -6,19 +6,19 @@
 
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Models\Workspace;
-use App\Support\TenantReviewCompletenessState;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewCompletenessState;
+use App\Support\EnvironmentReviewStatus;
 use Illuminate\Database\Eloquent\Factories\Factory;
 
 /**
- * @extends Factory<TenantReview>
+ * @extends Factory<EnvironmentReview>
  */
-class TenantReviewFactory extends Factory
+class EnvironmentReviewFactory extends Factory
 {
-    protected $model = TenantReview::class;
+    protected $model = EnvironmentReview::class;
 
     /**
      * @return array<string, mixed>
@@ -49,8 +49,8 @@ public function definition(): array
             'published_by_user_id' => null,
             'superseded_by_review_id' => null,
             'fingerprint' => fake()->sha256(),
-            'status' => TenantReviewStatus::Draft->value,
-            'completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'status' => EnvironmentReviewStatus::Draft->value,
+            'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
             'summary' => [
                 'publish_blockers' => [],
                 'required_section_count' => 6,
@@ -65,8 +65,8 @@ public function definition(): array
     public function ready(): static
     {
         return $this->state(fn (): array => [
-            'status' => TenantReviewStatus::Ready->value,
-            'completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'status' => EnvironmentReviewStatus::Ready->value,
+            'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
             'summary' => [
                 'publish_blockers' => [],
                 'required_section_count' => 6,
@@ -79,7 +79,7 @@ public function published(?ReviewPack $reviewPack = null): static
     {
         return $this->state(fn (): array => [
             'current_export_review_pack_id' => $reviewPack?->getKey(),
-            'status' => TenantReviewStatus::Published->value,
+            'status' => EnvironmentReviewStatus::Published->value,
             'published_at' => now(),
         ]);
     }
diff --git a/apps/platform/database/factories/TenantReviewSectionFactory.php b/apps/platform/database/factories/EnvironmentReviewSectionFactory.php
similarity index 60%
rename from apps/platform/database/factories/TenantReviewSectionFactory.php
rename to apps/platform/database/factories/EnvironmentReviewSectionFactory.php
index 30f65dd8..279ca8b3 100644
--- a/apps/platform/database/factories/TenantReviewSectionFactory.php
+++ b/apps/platform/database/factories/EnvironmentReviewSectionFactory.php
@@ -4,18 +4,18 @@
 
 namespace Database\Factories;
 
-use App\Models\TenantReview;
-use App\Models\TenantReviewSection;
-use App\Support\TenantReviewCompletenessState;
+use App\Models\EnvironmentReview;
+use App\Models\EnvironmentReviewSection;
+use App\Support\EnvironmentReviewCompletenessState;
 use Illuminate\Database\Eloquent\Factories\Factory;
 use Illuminate\Support\Str;
 
 /**
- * @extends Factory<TenantReviewSection>
+ * @extends Factory<EnvironmentReviewSection>
  */
-class TenantReviewSectionFactory extends Factory
+class EnvironmentReviewSectionFactory extends Factory
 {
-    protected $model = TenantReviewSection::class;
+    protected $model = EnvironmentReviewSection::class;
 
     /**
      * @return array<string, mixed>
@@ -23,14 +23,14 @@ class TenantReviewSectionFactory extends Factory
     public function definition(): array
     {
         return [
-            'tenant_review_id' => TenantReview::factory(),
+            'environment_review_id' => EnvironmentReview::factory(),
             'workspace_id' => function (array $attributes): int {
-                $review = TenantReview::query()->whereKey((int) $attributes['tenant_review_id'])->firstOrFail();
+                $review = EnvironmentReview::query()->whereKey((int) $attributes['environment_review_id'])->firstOrFail();
 
                 return (int) $review->workspace_id;
             },
             'managed_environment_id' => function (array $attributes): int {
-                $review = TenantReview::query()->whereKey((int) $attributes['tenant_review_id'])->firstOrFail();
+                $review = EnvironmentReview::query()->whereKey((int) $attributes['environment_review_id'])->firstOrFail();
 
                 return (int) $review->managed_environment_id;
             },
@@ -38,7 +38,7 @@ public function definition(): array
             'title' => fake()->sentence(3),
             'sort_order' => fake()->numberBetween(0, 50),
             'required' => true,
-            'completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
             'source_snapshot_fingerprint' => fake()->sha256(),
             'summary_payload' => [
                 'summary' => fake()->sentence(),
diff --git a/apps/platform/database/factories/TenantOnboardingSessionFactory.php b/apps/platform/database/factories/ManagedEnvironmentOnboardingSessionFactory.php
similarity index 93%
rename from apps/platform/database/factories/TenantOnboardingSessionFactory.php
rename to apps/platform/database/factories/ManagedEnvironmentOnboardingSessionFactory.php
index a574817d..afdd2959 100644
--- a/apps/platform/database/factories/TenantOnboardingSessionFactory.php
+++ b/apps/platform/database/factories/ManagedEnvironmentOnboardingSessionFactory.php
@@ -5,7 +5,7 @@
 namespace Database\Factories;
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Support\Onboarding\OnboardingCheckpoint;
@@ -13,16 +13,16 @@
 use Illuminate\Database\Eloquent\Factories\Factory;
 
 /**
- * @extends Factory<TenantOnboardingSession>
+ * @extends Factory<ManagedEnvironmentOnboardingSession>
  */
-class TenantOnboardingSessionFactory extends Factory
+class ManagedEnvironmentOnboardingSessionFactory extends Factory
 {
-    protected $model = TenantOnboardingSession::class;
+    protected $model = ManagedEnvironmentOnboardingSession::class;
 
     public function definition(): array
     {
         $entraTenantId = fake()->uuid();
-        $tenantName = fake()->company();
+        $environmentName = fake()->company();
 
         return [
             'workspace_id' => Workspace::factory(),
@@ -31,7 +31,7 @@ public function definition(): array
             'current_step' => 'identify',
             'state' => [
                 'entra_tenant_id' => $entraTenantId,
-                'tenant_name' => $tenantName,
+                'environment_name' => $environmentName,
                 'environment' => 'prod',
             ],
             'started_by_user_id' => User::factory(),
@@ -63,7 +63,7 @@ public function forTenant(ManagedEnvironment $tenant): static
             'state' => array_merge(is_array($attributes['state'] ?? null) ? $attributes['state'] : [], [
                 'managed_environment_id' => (int) $tenant->getKey(),
                 'entra_tenant_id' => (string) $tenant->managed_environment_id,
-                'tenant_name' => (string) $tenant->name,
+                'environment_name' => (string) $tenant->name,
                 'environment' => (string) ($tenant->environment ?? 'prod'),
             ]),
         ]);
diff --git a/apps/platform/database/factories/TenantTriageReviewFactory.php b/apps/platform/database/factories/ManagedEnvironmentTriageReviewFactory.php
similarity index 89%
rename from apps/platform/database/factories/TenantTriageReviewFactory.php
rename to apps/platform/database/factories/ManagedEnvironmentTriageReviewFactory.php
index 483616e7..443c92a7 100644
--- a/apps/platform/database/factories/TenantTriageReviewFactory.php
+++ b/apps/platform/database/factories/ManagedEnvironmentTriageReviewFactory.php
@@ -5,18 +5,18 @@
 namespace Database\Factories;
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
 use Illuminate\Database\Eloquent\Factories\Factory;
 
 /**
- * @extends Factory<TenantTriageReview>
+ * @extends Factory<ManagedEnvironmentTriageReview>
  */
-class TenantTriageReviewFactory extends Factory
+class ManagedEnvironmentTriageReviewFactory extends Factory
 {
-    protected $model = TenantTriageReview::class;
+    protected $model = ManagedEnvironmentTriageReview::class;
 
     /**
      * @return array<string, mixed>
@@ -49,7 +49,7 @@ public function definition(): array
                 return (int) $tenant->workspace_id;
             },
             'concern_family' => PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH,
-            'current_state' => TenantTriageReview::STATE_REVIEWED,
+            'current_state' => ManagedEnvironmentTriageReview::STATE_REVIEWED,
             'reviewed_at' => now()->subMinutes(5),
             'reviewed_by_user_id' => User::factory(),
             'review_fingerprint' => $this->hashSnapshot($snapshot),
@@ -62,14 +62,14 @@ public function definition(): array
     public function reviewed(): static
     {
         return $this->state(fn (): array => [
-            'current_state' => TenantTriageReview::STATE_REVIEWED,
+            'current_state' => ManagedEnvironmentTriageReview::STATE_REVIEWED,
         ]);
     }
 
     public function followUpNeeded(): static
     {
         return $this->state(fn (): array => [
-            'current_state' => TenantTriageReview::STATE_FOLLOW_UP_NEEDED,
+            'current_state' => ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED,
         ]);
     }
 
diff --git a/apps/platform/database/factories/ProductUsageEventFactory.php b/apps/platform/database/factories/ProductUsageEventFactory.php
index fd030d05..964a9abd 100644
--- a/apps/platform/database/factories/ProductUsageEventFactory.php
+++ b/apps/platform/database/factories/ProductUsageEventFactory.php
@@ -46,7 +46,7 @@ public function definition(): array
             'user_id' => User::factory(),
             'event_name' => $eventName,
             'feature_area' => $catalog->featureArea($eventName),
-            'subject_type' => 'tenant_onboarding_session',
+            'subject_type' => 'managed_environment_onboarding_session',
             'subject_id' => (string) fake()->numberBetween(1, 999999),
             'metadata' => [
                 'checkpoint_key' => 'tenant_connected',
diff --git a/apps/platform/database/migrations/2025_12_11_122423_create_tenant_permissions_table.php b/apps/platform/database/migrations/2025_12_11_122423_create_managed_environment_permissions_table.php
similarity index 85%
rename from apps/platform/database/migrations/2025_12_11_122423_create_tenant_permissions_table.php
rename to apps/platform/database/migrations/2025_12_11_122423_create_managed_environment_permissions_table.php
index 5c6dcfb6..d27cfecf 100644
--- a/apps/platform/database/migrations/2025_12_11_122423_create_tenant_permissions_table.php
+++ b/apps/platform/database/migrations/2025_12_11_122423_create_managed_environment_permissions_table.php
@@ -11,7 +11,7 @@
      */
     public function up(): void
     {
-        Schema::create('tenant_permissions', function (Blueprint $table) {
+        Schema::create('managed_environment_permissions', function (Blueprint $table) {
             $table->id();
             $table->foreignId('managed_environment_id')->constrained()->cascadeOnDelete();
             $table->string('permission_key');
@@ -30,6 +30,6 @@ public function up(): void
      */
     public function down(): void
     {
-        Schema::dropIfExists('tenant_permissions');
+        Schema::dropIfExists('managed_environment_permissions');
     }
 };
diff --git a/apps/platform/database/migrations/2025_12_11_192942_add_is_current_to_tenants.php b/apps/platform/database/migrations/2025_12_11_192942_add_is_current_to_tenants.php
index a4d24a84..cb830944 100644
--- a/apps/platform/database/migrations/2025_12_11_192942_add_is_current_to_tenants.php
+++ b/apps/platform/database/migrations/2025_12_11_192942_add_is_current_to_tenants.php
@@ -38,7 +38,7 @@ public function up(): void
                 ->update(['is_current' => true]);
         }
 
-        DB::statement('CREATE UNIQUE INDEX tenants_current_unique ON managed_environments (is_current) WHERE is_current = true AND deleted_at IS NULL');
+        DB::statement('CREATE UNIQUE INDEX managed_environments_current_unique ON managed_environments (is_current) WHERE is_current = true AND deleted_at IS NULL');
     }
 
     /**
@@ -46,7 +46,7 @@ public function up(): void
      */
     public function down(): void
     {
-        DB::statement('DROP INDEX IF EXISTS tenants_current_unique');
+        DB::statement('DROP INDEX IF EXISTS managed_environments_current_unique');
 
         Schema::table('managed_environments', function (Blueprint $table) {
             $table->dropColumn('is_current');
diff --git a/apps/platform/database/migrations/2025_12_12_150000_add_rbac_fields_to_tenants.php b/apps/platform/database/migrations/2025_12_12_150000_add_rbac_fields_to_tenants.php
index 9648d218..f54bc927 100644
--- a/apps/platform/database/migrations/2025_12_12_150000_add_rbac_fields_to_tenants.php
+++ b/apps/platform/database/migrations/2025_12_12_150000_add_rbac_fields_to_tenants.php
@@ -15,14 +15,14 @@ public function up(): void
             $table->string('rbac_scope_mode')->nullable()->after('rbac_role_key');
             $table->string('rbac_scope_id')->nullable()->after('rbac_scope_mode');
 
-            $table->index(['rbac_group_id', 'rbac_role_assignment_id'], 'tenants_rbac_artifacts_idx');
+            $table->index(['rbac_group_id', 'rbac_role_assignment_id'], 'managed_environments_rbac_artifacts_idx');
         });
     }
 
     public function down(): void
     {
         Schema::table('managed_environments', function (Blueprint $table) {
-            $table->dropIndex('tenants_rbac_artifacts_idx');
+            $table->dropIndex('managed_environments_rbac_artifacts_idx');
             $table->dropColumn([
                 'rbac_group_id',
                 'rbac_role_assignment_id',
diff --git a/apps/platform/database/migrations/2026_01_31_230304_add_workspace_id_to_tenants_table.php b/apps/platform/database/migrations/2026_01_31_230304_add_workspace_id_to_tenants_table.php
index 01248412..3bea6ff6 100644
--- a/apps/platform/database/migrations/2026_01_31_230304_add_workspace_id_to_tenants_table.php
+++ b/apps/platform/database/migrations/2026_01_31_230304_add_workspace_id_to_tenants_table.php
@@ -25,8 +25,8 @@ public function up(): void
         if ($driver === 'sqlite') {
             // SQLite table rebuilds can drop/flatten the partial index defined in
             // 2025_12_11_192942_add_is_current_to_tenants.php. Recreate it here.
-            DB::statement('DROP INDEX IF EXISTS tenants_current_unique');
-            DB::statement('CREATE UNIQUE INDEX tenants_current_unique ON managed_environments (is_current) WHERE is_current = 1 AND deleted_at IS NULL');
+            DB::statement('DROP INDEX IF EXISTS managed_environments_current_unique');
+            DB::statement('CREATE UNIQUE INDEX managed_environments_current_unique ON managed_environments (is_current) WHERE is_current = 1 AND deleted_at IS NULL');
         }
     }
 
diff --git a/apps/platform/database/migrations/2026_02_03_090449_create_tenant_onboarding_sessions_table.php b/apps/platform/database/migrations/2026_02_03_090449_create_managed_environment_onboarding_sessions_table.php
similarity index 82%
rename from apps/platform/database/migrations/2026_02_03_090449_create_tenant_onboarding_sessions_table.php
rename to apps/platform/database/migrations/2026_02_03_090449_create_managed_environment_onboarding_sessions_table.php
index 7e9477df..5bfed2ae 100644
--- a/apps/platform/database/migrations/2026_02_03_090449_create_tenant_onboarding_sessions_table.php
+++ b/apps/platform/database/migrations/2026_02_03_090449_create_managed_environment_onboarding_sessions_table.php
@@ -11,11 +11,11 @@
      */
     public function up(): void
     {
-        if (Schema::hasTable('managed_tenant_onboarding_sessions')) {
+        if (Schema::hasTable('managed_environment_onboarding_sessions')) {
             return;
         }
 
-        Schema::create('managed_tenant_onboarding_sessions', function (Blueprint $table) {
+        Schema::create('managed_environment_onboarding_sessions', function (Blueprint $table) {
             $table->id();
             $table->foreignId('workspace_id')->constrained()->cascadeOnDelete();
             $table->foreignId('managed_environment_id')->constrained()->cascadeOnDelete();
@@ -38,6 +38,6 @@ public function up(): void
      */
     public function down(): void
     {
-        Schema::dropIfExists('managed_tenant_onboarding_sessions');
+        Schema::dropIfExists('managed_environment_onboarding_sessions');
     }
 };
diff --git a/apps/platform/database/migrations/2026_02_03_150001_create_managed_tenant_onboarding_sessions_table.php b/apps/platform/database/migrations/2026_02_03_150001_create_managed_environment_onboarding_sessions_table.php
similarity index 81%
rename from apps/platform/database/migrations/2026_02_03_150001_create_managed_tenant_onboarding_sessions_table.php
rename to apps/platform/database/migrations/2026_02_03_150001_create_managed_environment_onboarding_sessions_table.php
index d367be73..54d9b38f 100644
--- a/apps/platform/database/migrations/2026_02_03_150001_create_managed_tenant_onboarding_sessions_table.php
+++ b/apps/platform/database/migrations/2026_02_03_150001_create_managed_environment_onboarding_sessions_table.php
@@ -10,11 +10,11 @@
 {
     public function up(): void
     {
-        if (Schema::hasTable('managed_tenant_onboarding_sessions')) {
+        if (Schema::hasTable('managed_environment_onboarding_sessions')) {
             return;
         }
 
-        Schema::create('managed_tenant_onboarding_sessions', function (Blueprint $table) {
+        Schema::create('managed_environment_onboarding_sessions', function (Blueprint $table) {
             $table->id();
             $table->foreignId('workspace_id')->constrained()->cascadeOnDelete();
             $table->foreignId('managed_environment_id')->constrained()->cascadeOnDelete();
@@ -35,6 +35,6 @@ public function up(): void
 
     public function down(): void
     {
-        Schema::dropIfExists('managed_tenant_onboarding_sessions');
+        Schema::dropIfExists('managed_environment_onboarding_sessions');
     }
 };
diff --git a/apps/platform/database/migrations/2026_02_04_090010_update_tenant_onboarding_sessions_constraints.php b/apps/platform/database/migrations/2026_02_04_090010_update_managed_environment_onboarding_sessions_constraints.php
similarity index 65%
rename from apps/platform/database/migrations/2026_02_04_090010_update_tenant_onboarding_sessions_constraints.php
rename to apps/platform/database/migrations/2026_02_04_090010_update_managed_environment_onboarding_sessions_constraints.php
index 88e90fba..929a5ff1 100644
--- a/apps/platform/database/migrations/2026_02_04_090010_update_tenant_onboarding_sessions_constraints.php
+++ b/apps/platform/database/migrations/2026_02_04_090010_update_managed_environment_onboarding_sessions_constraints.php
@@ -9,7 +9,7 @@
 {
     public function up(): void
     {
-        if (! Schema::hasTable('managed_tenant_onboarding_sessions')) {
+        if (! Schema::hasTable('managed_environment_onboarding_sessions')) {
             return;
         }
 
@@ -18,18 +18,18 @@ public function up(): void
         if ($driver === 'sqlite') {
             Schema::disableForeignKeyConstraints();
 
-            Schema::rename('managed_tenant_onboarding_sessions', 'managed_tenant_onboarding_sessions_old');
+            Schema::rename('managed_environment_onboarding_sessions', 'managed_environment_onboarding_sessions_old');
 
             foreach ([
-                'managed_tenant_onboarding_sessions_workspace_id_tenant_id_unique',
-                'managed_tenant_onboarding_sessions_tenant_id_index',
-                'managed_tenant_onboarding_sessions_workspace_id_managed_environment_id_unique',
-                'managed_tenant_onboarding_sessions_managed_environment_id_index',
+                'managed_environment_onboarding_sessions_workspace_id_environment_id_unique',
+                'managed_environment_onboarding_sessions_environment_id_index',
+                'managed_environment_onboarding_sessions_workspace_id_managed_environment_id_unique',
+                'managed_environment_onboarding_sessions_managed_environment_id_index',
             ] as $indexName) {
                 DB::statement("DROP INDEX IF EXISTS {$indexName}");
             }
 
-            Schema::create('managed_tenant_onboarding_sessions', function (Blueprint $table) {
+            Schema::create('managed_environment_onboarding_sessions', function (Blueprint $table) {
                 $table->id();
                 $table->foreignId('workspace_id')->constrained()->cascadeOnDelete();
                 $table->foreignId('managed_environment_id')->nullable()->constrained()->cascadeOnDelete();
@@ -45,7 +45,7 @@ public function up(): void
                 $table->index('entra_tenant_id');
             });
 
-            DB::table('managed_tenant_onboarding_sessions_old')
+            DB::table('managed_environment_onboarding_sessions_old')
                 ->orderBy('id')
                 ->chunkById(500, function ($rows): void {
                     foreach ($rows as $row) {
@@ -70,7 +70,7 @@ public function up(): void
                             $entraTenantId = sprintf('unknown-%d', (int) $row->id);
                         }
 
-                        DB::table('managed_tenant_onboarding_sessions')->insert([
+                        DB::table('managed_environment_onboarding_sessions')->insert([
                             'id' => $row->id,
                             'workspace_id' => $row->workspace_id,
                             'managed_environment_id' => $row->managed_environment_id,
@@ -86,18 +86,18 @@ public function up(): void
                     }
                 }, 'id');
 
-            Schema::drop('managed_tenant_onboarding_sessions_old');
+            Schema::drop('managed_environment_onboarding_sessions_old');
 
-            DB::statement('CREATE UNIQUE INDEX managed_tenant_onboarding_sessions_active_workspace_entra_unique ON managed_tenant_onboarding_sessions (workspace_id, entra_tenant_id) WHERE completed_at IS NULL');
-            DB::statement('CREATE UNIQUE INDEX managed_tenant_onboarding_sessions_active_tenant_unique ON managed_tenant_onboarding_sessions (managed_environment_id) WHERE completed_at IS NULL AND managed_environment_id IS NOT NULL');
+            DB::statement('CREATE UNIQUE INDEX managed_environment_onboarding_sessions_active_workspace_entra_unique ON managed_environment_onboarding_sessions (workspace_id, entra_tenant_id) WHERE completed_at IS NULL');
+            DB::statement('CREATE UNIQUE INDEX managed_environment_onboarding_sessions_active_environment_unique ON managed_environment_onboarding_sessions (managed_environment_id) WHERE completed_at IS NULL AND managed_environment_id IS NOT NULL');
 
             Schema::enableForeignKeyConstraints();
 
             return;
         }
 
-        if (! Schema::hasColumn('managed_tenant_onboarding_sessions', 'entra_tenant_id')) {
-            Schema::table('managed_tenant_onboarding_sessions', function (Blueprint $table) {
+        if (! Schema::hasColumn('managed_environment_onboarding_sessions', 'entra_tenant_id')) {
+            Schema::table('managed_environment_onboarding_sessions', function (Blueprint $table) {
                 $table->string('entra_tenant_id')->nullable()->after('managed_environment_id');
             });
         }
@@ -105,22 +105,22 @@ public function up(): void
         $this->backfillEntraTenantId($driver);
 
         if ($driver === 'pgsql') {
-            DB::statement('ALTER TABLE managed_tenant_onboarding_sessions ALTER COLUMN managed_environment_id DROP NOT NULL');
-            DB::statement('ALTER TABLE managed_tenant_onboarding_sessions ALTER COLUMN entra_tenant_id SET NOT NULL');
+            DB::statement('ALTER TABLE managed_environment_onboarding_sessions ALTER COLUMN managed_environment_id DROP NOT NULL');
+            DB::statement('ALTER TABLE managed_environment_onboarding_sessions ALTER COLUMN entra_tenant_id SET NOT NULL');
         }
 
-        Schema::table('managed_tenant_onboarding_sessions', function (Blueprint $table) {
+        Schema::table('managed_environment_onboarding_sessions', function (Blueprint $table) {
             $table->dropUnique(['workspace_id', 'managed_environment_id']);
             $table->index('entra_tenant_id');
         });
 
-        DB::statement('CREATE UNIQUE INDEX IF NOT EXISTS managed_tenant_onboarding_sessions_active_workspace_entra_unique ON managed_tenant_onboarding_sessions (workspace_id, entra_tenant_id) WHERE completed_at IS NULL');
-        DB::statement('CREATE UNIQUE INDEX IF NOT EXISTS managed_tenant_onboarding_sessions_active_tenant_unique ON managed_tenant_onboarding_sessions (managed_environment_id) WHERE completed_at IS NULL AND managed_environment_id IS NOT NULL');
+        DB::statement('CREATE UNIQUE INDEX IF NOT EXISTS managed_environment_onboarding_sessions_active_workspace_entra_unique ON managed_environment_onboarding_sessions (workspace_id, entra_tenant_id) WHERE completed_at IS NULL');
+        DB::statement('CREATE UNIQUE INDEX IF NOT EXISTS managed_environment_onboarding_sessions_active_environment_unique ON managed_environment_onboarding_sessions (managed_environment_id) WHERE completed_at IS NULL AND managed_environment_id IS NOT NULL');
     }
 
     public function down(): void
     {
-        if (! Schema::hasTable('managed_tenant_onboarding_sessions')) {
+        if (! Schema::hasTable('managed_environment_onboarding_sessions')) {
             return;
         }
 
@@ -129,19 +129,19 @@ public function down(): void
         if ($driver === 'sqlite') {
             Schema::disableForeignKeyConstraints();
 
-            Schema::rename('managed_tenant_onboarding_sessions', 'managed_tenant_onboarding_sessions_new');
+            Schema::rename('managed_environment_onboarding_sessions', 'managed_environment_onboarding_sessions_new');
 
             foreach ([
-                'managed_tenant_onboarding_sessions_active_workspace_entra_unique',
-                'managed_tenant_onboarding_sessions_active_tenant_unique',
-                'managed_tenant_onboarding_sessions_tenant_id_index',
-                'managed_tenant_onboarding_sessions_managed_environment_id_index',
-                'managed_tenant_onboarding_sessions_entra_tenant_id_index',
+                'managed_environment_onboarding_sessions_active_workspace_entra_unique',
+                'managed_environment_onboarding_sessions_active_environment_unique',
+                'managed_environment_onboarding_sessions_environment_id_index',
+                'managed_environment_onboarding_sessions_managed_environment_id_index',
+                'managed_environment_onboarding_sessions_entra_tenant_id_index',
             ] as $indexName) {
                 DB::statement("DROP INDEX IF EXISTS {$indexName}");
             }
 
-            Schema::create('managed_tenant_onboarding_sessions', function (Blueprint $table) {
+            Schema::create('managed_environment_onboarding_sessions', function (Blueprint $table) {
                 $table->id();
                 $table->foreignId('workspace_id')->constrained()->cascadeOnDelete();
                 $table->foreignId('managed_environment_id')->constrained()->cascadeOnDelete();
@@ -156,12 +156,12 @@ public function down(): void
                 $table->index(['managed_environment_id']);
             });
 
-            DB::table('managed_tenant_onboarding_sessions_new')
+            DB::table('managed_environment_onboarding_sessions_new')
                 ->whereNotNull('managed_environment_id')
                 ->orderBy('id')
                 ->chunkById(500, function ($rows): void {
                     foreach ($rows as $row) {
-                        DB::table('managed_tenant_onboarding_sessions')->insert([
+                        DB::table('managed_environment_onboarding_sessions')->insert([
                             'id' => $row->id,
                             'workspace_id' => $row->workspace_id,
                             'managed_environment_id' => $row->managed_environment_id,
@@ -176,21 +176,21 @@ public function down(): void
                     }
                 }, 'id');
 
-            Schema::drop('managed_tenant_onboarding_sessions_new');
+            Schema::drop('managed_environment_onboarding_sessions_new');
             Schema::enableForeignKeyConstraints();
 
             return;
         }
 
         foreach ([
-            'managed_tenant_onboarding_sessions_active_workspace_entra_unique',
-            'managed_tenant_onboarding_sessions_active_tenant_unique',
+            'managed_environment_onboarding_sessions_active_workspace_entra_unique',
+            'managed_environment_onboarding_sessions_active_environment_unique',
         ] as $indexName) {
             DB::statement("DROP INDEX IF EXISTS {$indexName}");
         }
 
-        if (Schema::hasColumn('managed_tenant_onboarding_sessions', 'entra_tenant_id')) {
-            Schema::table('managed_tenant_onboarding_sessions', function (Blueprint $table) {
+        if (Schema::hasColumn('managed_environment_onboarding_sessions', 'entra_tenant_id')) {
+            Schema::table('managed_environment_onboarding_sessions', function (Blueprint $table) {
                 $table->dropIndex(['entra_tenant_id']);
                 $table->dropColumn('entra_tenant_id');
                 $table->unique(['workspace_id', 'managed_environment_id']);
@@ -202,15 +202,15 @@ private function backfillEntraTenantId(string $driver): void
     {
         if ($driver === 'pgsql') {
             DB::statement(<<<'SQL'
-                UPDATE managed_tenant_onboarding_sessions
-                SET entra_tenant_id = COALESCE(managed_tenant_onboarding_sessions.entra_tenant_id, managed_tenant_onboarding_sessions.state->>'entra_tenant_id', managed_tenant_onboarding_sessions.state->>'managed_environment_id', managed_environments.slug)
+                UPDATE managed_environment_onboarding_sessions
+                SET entra_tenant_id = COALESCE(managed_environment_onboarding_sessions.entra_tenant_id, managed_environment_onboarding_sessions.state->>'entra_tenant_id', managed_environment_onboarding_sessions.state->>'managed_environment_id', managed_environments.slug)
                 FROM managed_environments
-                WHERE managed_tenant_onboarding_sessions.entra_tenant_id IS NULL
-                  AND managed_tenant_onboarding_sessions.managed_environment_id = managed_environments.id
+                WHERE managed_environment_onboarding_sessions.entra_tenant_id IS NULL
+                  AND managed_environment_onboarding_sessions.managed_environment_id = managed_environments.id
             SQL);
 
             DB::statement(<<<'SQL'
-                UPDATE managed_tenant_onboarding_sessions
+                UPDATE managed_environment_onboarding_sessions
                 SET entra_tenant_id = state->>'managed_environment_id'
                 WHERE entra_tenant_id IS NULL
             SQL);
@@ -218,7 +218,7 @@ private function backfillEntraTenantId(string $driver): void
             return;
         }
 
-        DB::table('managed_tenant_onboarding_sessions')
+        DB::table('managed_environment_onboarding_sessions')
             ->whereNull('entra_tenant_id')
             ->orderBy('id')
             ->chunkById(500, function ($rows): void {
@@ -240,7 +240,7 @@ private function backfillEntraTenantId(string $driver): void
                         $entraTenantId = sprintf('unknown-%d', (int) $row->id);
                     }
 
-                    DB::table('managed_tenant_onboarding_sessions')
+                    DB::table('managed_environment_onboarding_sessions')
                         ->where('id', $row->id)
                         ->update(['entra_tenant_id' => $entraTenantId]);
                 }
diff --git a/apps/platform/database/migrations/2026_02_14_220112_add_workspace_id_to_tenant_permissions_table.php b/apps/platform/database/migrations/2026_02_14_220112_add_workspace_id_to_managed_environment_permissions_table.php
similarity index 59%
rename from apps/platform/database/migrations/2026_02_14_220112_add_workspace_id_to_tenant_permissions_table.php
rename to apps/platform/database/migrations/2026_02_14_220112_add_workspace_id_to_managed_environment_permissions_table.php
index 09ade547..f447be93 100644
--- a/apps/platform/database/migrations/2026_02_14_220112_add_workspace_id_to_tenant_permissions_table.php
+++ b/apps/platform/database/migrations/2026_02_14_220112_add_workspace_id_to_managed_environment_permissions_table.php
@@ -8,11 +8,11 @@
 {
     public function up(): void
     {
-        if (! Schema::hasTable('tenant_permissions') || Schema::hasColumn('tenant_permissions', 'workspace_id')) {
+        if (! Schema::hasTable('managed_environment_permissions') || Schema::hasColumn('managed_environment_permissions', 'workspace_id')) {
             return;
         }
 
-        Schema::table('tenant_permissions', function (Blueprint $table): void {
+        Schema::table('managed_environment_permissions', function (Blueprint $table): void {
             $table->unsignedBigInteger('workspace_id')->nullable();
             $table->index('workspace_id');
             $table->index(['workspace_id', 'managed_environment_id']);
@@ -21,11 +21,11 @@ public function up(): void
 
     public function down(): void
     {
-        if (! Schema::hasTable('tenant_permissions') || ! Schema::hasColumn('tenant_permissions', 'workspace_id')) {
+        if (! Schema::hasTable('managed_environment_permissions') || ! Schema::hasColumn('managed_environment_permissions', 'workspace_id')) {
             return;
         }
 
-        Schema::table('tenant_permissions', function (Blueprint $table): void {
+        Schema::table('managed_environment_permissions', function (Blueprint $table): void {
             $table->dropIndex(['workspace_id', 'managed_environment_id']);
             $table->dropIndex(['workspace_id']);
             $table->dropColumn('workspace_id');
diff --git a/apps/platform/database/migrations/2026_02_14_220113_add_tenants_id_workspace_id_unique.php b/apps/platform/database/migrations/2026_02_14_220113_add_tenants_id_workspace_id_unique.php
index 8e59fa4c..6e0d8ff3 100644
--- a/apps/platform/database/migrations/2026_02_14_220113_add_tenants_id_workspace_id_unique.php
+++ b/apps/platform/database/migrations/2026_02_14_220113_add_tenants_id_workspace_id_unique.php
@@ -13,7 +13,7 @@ public function up(): void
         }
 
         Schema::table('managed_environments', function (Blueprint $table): void {
-            $table->unique(['id', 'workspace_id'], 'tenants_id_workspace_id_unique');
+            $table->unique(['id', 'workspace_id'], 'managed_environments_id_workspace_id_unique');
         });
     }
 
@@ -24,7 +24,7 @@ public function down(): void
         }
 
         Schema::table('managed_environments', function (Blueprint $table): void {
-            $table->dropUnique('tenants_id_workspace_id_unique');
+            $table->dropUnique('managed_environments_id_workspace_id_unique');
         });
     }
 };
diff --git a/apps/platform/database/migrations/2026_02_14_220114_enforce_workspace_id_not_null_on_tenant_owned_tables.php b/apps/platform/database/migrations/2026_02_14_220114_enforce_workspace_id_not_null_on_tenant_owned_tables.php
index ca3d35f8..12449cc9 100644
--- a/apps/platform/database/migrations/2026_02_14_220114_enforce_workspace_id_not_null_on_tenant_owned_tables.php
+++ b/apps/platform/database/migrations/2026_02_14_220114_enforce_workspace_id_not_null_on_tenant_owned_tables.php
@@ -23,7 +23,7 @@ private function tenantOwnedTables(): array
             'entra_groups',
             'findings',
             'entra_role_definitions',
-            'tenant_permissions',
+            'managed_environment_permissions',
         ];
     }
 
diff --git a/apps/platform/database/migrations/2026_02_14_220115_add_workspace_isolation_constraints_to_tenant_owned_tables.php b/apps/platform/database/migrations/2026_02_14_220115_add_workspace_isolation_constraints_to_tenant_owned_tables.php
index 448a194d..2454d82e 100644
--- a/apps/platform/database/migrations/2026_02_14_220115_add_workspace_isolation_constraints_to_tenant_owned_tables.php
+++ b/apps/platform/database/migrations/2026_02_14_220115_add_workspace_isolation_constraints_to_tenant_owned_tables.php
@@ -24,7 +24,7 @@ private function tenantOwnedTables(): array
             'entra_groups',
             'findings',
             'entra_role_definitions',
-            'tenant_permissions',
+            'managed_environment_permissions',
         ];
     }
 
@@ -42,7 +42,7 @@ public function up(): void
             }
 
             $workspaceConstraint = sprintf('%s_workspace_fk', $tableName);
-            $tenantWorkspaceConstraint = sprintf('%s_tenant_workspace_fk', $tableName);
+            $tenantWorkspaceConstraint = sprintf('%s_environment_workspace_fk', $tableName);
 
             Schema::table($tableName, function (Blueprint $table) use ($workspaceConstraint, $tenantWorkspaceConstraint): void {
                 $table->foreign('workspace_id', $workspaceConstraint)
@@ -72,7 +72,7 @@ public function down(): void
             }
 
             $workspaceConstraint = sprintf('%s_workspace_fk', $tableName);
-            $tenantWorkspaceConstraint = sprintf('%s_tenant_workspace_fk', $tableName);
+            $tenantWorkspaceConstraint = sprintf('%s_environment_workspace_fk', $tableName);
 
             Schema::table($tableName, function (Blueprint $table) use ($workspaceConstraint, $tenantWorkspaceConstraint): void {
                 $table->dropForeign($tenantWorkspaceConstraint);
diff --git a/apps/platform/database/migrations/2026_02_15_005041_ensure_workspace_id_fks_on_tenant_owned_tables.php b/apps/platform/database/migrations/2026_02_15_005041_ensure_workspace_id_fks_on_tenant_owned_tables.php
index 5b491b3e..549ba9eb 100644
--- a/apps/platform/database/migrations/2026_02_15_005041_ensure_workspace_id_fks_on_tenant_owned_tables.php
+++ b/apps/platform/database/migrations/2026_02_15_005041_ensure_workspace_id_fks_on_tenant_owned_tables.php
@@ -22,7 +22,7 @@ private function tenantOwnedTables(): array
             'entra_groups',
             'findings',
             'entra_role_definitions',
-            'tenant_permissions',
+            'managed_environment_permissions',
         ];
     }
 
diff --git a/apps/platform/database/migrations/2026_02_15_120001_create_tenant_settings_table.php b/apps/platform/database/migrations/2026_02_15_120001_create_tenant_settings_table.php
index 39ae9417..bba8e5de 100644
--- a/apps/platform/database/migrations/2026_02_15_120001_create_tenant_settings_table.php
+++ b/apps/platform/database/migrations/2026_02_15_120001_create_tenant_settings_table.php
@@ -21,7 +21,7 @@ public function up(): void
             $table->unique(['managed_environment_id', 'domain', 'key']);
             $table->index(['workspace_id', 'managed_environment_id']);
 
-            $table->foreign(['managed_environment_id', 'workspace_id'], 'tenant_settings_tenant_workspace_fk')
+            $table->foreign(['managed_environment_id', 'workspace_id'], 'tenant_settings_managed_environment_workspace_fk')
                 ->references(['id', 'workspace_id'])
                 ->on('managed_environments')
                 ->cascadeOnDelete();
diff --git a/apps/platform/database/migrations/2026_03_13_120000_add_cancelled_at_to_managed_environment_onboarding_sessions.php b/apps/platform/database/migrations/2026_03_13_120000_add_cancelled_at_to_managed_environment_onboarding_sessions.php
new file mode 100644
index 00000000..7327b66d
--- /dev/null
+++ b/apps/platform/database/migrations/2026_03_13_120000_add_cancelled_at_to_managed_environment_onboarding_sessions.php
@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    public function up(): void
+    {
+        if (! Schema::hasTable('managed_environment_onboarding_sessions')) {
+            return;
+        }
+
+        if (! Schema::hasColumn('managed_environment_onboarding_sessions', 'cancelled_at')) {
+            Schema::table('managed_environment_onboarding_sessions', function (Blueprint $table): void {
+                $table->timestamp('cancelled_at')->nullable()->after('completed_at');
+            });
+        }
+
+        DB::statement('DROP INDEX IF EXISTS managed_environment_onboarding_sessions_active_workspace_entra_unique');
+        DB::statement('DROP INDEX IF EXISTS managed_environment_onboarding_sessions_active_environment_unique');
+
+        DB::statement('CREATE UNIQUE INDEX managed_environment_onboarding_sessions_active_workspace_entra_unique ON managed_environment_onboarding_sessions (workspace_id, entra_tenant_id) WHERE completed_at IS NULL AND cancelled_at IS NULL');
+        DB::statement('CREATE UNIQUE INDEX managed_environment_onboarding_sessions_active_environment_unique ON managed_environment_onboarding_sessions (managed_environment_id) WHERE completed_at IS NULL AND cancelled_at IS NULL AND managed_environment_id IS NOT NULL');
+    }
+
+    public function down(): void
+    {
+        if (! Schema::hasTable('managed_environment_onboarding_sessions')) {
+            return;
+        }
+
+        DB::statement('DROP INDEX IF EXISTS managed_environment_onboarding_sessions_active_workspace_entra_unique');
+        DB::statement('DROP INDEX IF EXISTS managed_environment_onboarding_sessions_active_environment_unique');
+
+        DB::statement('CREATE UNIQUE INDEX managed_environment_onboarding_sessions_active_workspace_entra_unique ON managed_environment_onboarding_sessions (workspace_id, entra_tenant_id) WHERE completed_at IS NULL');
+        DB::statement('CREATE UNIQUE INDEX managed_environment_onboarding_sessions_active_environment_unique ON managed_environment_onboarding_sessions (managed_environment_id) WHERE completed_at IS NULL AND managed_environment_id IS NOT NULL');
+
+        if (Schema::hasColumn('managed_environment_onboarding_sessions', 'cancelled_at')) {
+            Schema::table('managed_environment_onboarding_sessions', function (Blueprint $table): void {
+                $table->dropColumn('cancelled_at');
+            });
+        }
+    }
+};
diff --git a/apps/platform/database/migrations/2026_03_13_120000_add_cancelled_at_to_managed_tenant_onboarding_sessions.php b/apps/platform/database/migrations/2026_03_13_120000_add_cancelled_at_to_managed_tenant_onboarding_sessions.php
deleted file mode 100644
index 7484c548..00000000
--- a/apps/platform/database/migrations/2026_03_13_120000_add_cancelled_at_to_managed_tenant_onboarding_sessions.php
+++ /dev/null
@@ -1,49 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-use Illuminate\Database\Migrations\Migration;
-use Illuminate\Database\Schema\Blueprint;
-use Illuminate\Support\Facades\DB;
-use Illuminate\Support\Facades\Schema;
-
-return new class extends Migration
-{
-    public function up(): void
-    {
-        if (! Schema::hasTable('managed_tenant_onboarding_sessions')) {
-            return;
-        }
-
-        if (! Schema::hasColumn('managed_tenant_onboarding_sessions', 'cancelled_at')) {
-            Schema::table('managed_tenant_onboarding_sessions', function (Blueprint $table): void {
-                $table->timestamp('cancelled_at')->nullable()->after('completed_at');
-            });
-        }
-
-        DB::statement('DROP INDEX IF EXISTS managed_tenant_onboarding_sessions_active_workspace_entra_unique');
-        DB::statement('DROP INDEX IF EXISTS managed_tenant_onboarding_sessions_active_tenant_unique');
-
-        DB::statement('CREATE UNIQUE INDEX managed_tenant_onboarding_sessions_active_workspace_entra_unique ON managed_tenant_onboarding_sessions (workspace_id, entra_tenant_id) WHERE completed_at IS NULL AND cancelled_at IS NULL');
-        DB::statement('CREATE UNIQUE INDEX managed_tenant_onboarding_sessions_active_tenant_unique ON managed_tenant_onboarding_sessions (managed_environment_id) WHERE completed_at IS NULL AND cancelled_at IS NULL AND managed_environment_id IS NOT NULL');
-    }
-
-    public function down(): void
-    {
-        if (! Schema::hasTable('managed_tenant_onboarding_sessions')) {
-            return;
-        }
-
-        DB::statement('DROP INDEX IF EXISTS managed_tenant_onboarding_sessions_active_workspace_entra_unique');
-        DB::statement('DROP INDEX IF EXISTS managed_tenant_onboarding_sessions_active_tenant_unique');
-
-        DB::statement('CREATE UNIQUE INDEX managed_tenant_onboarding_sessions_active_workspace_entra_unique ON managed_tenant_onboarding_sessions (workspace_id, entra_tenant_id) WHERE completed_at IS NULL');
-        DB::statement('CREATE UNIQUE INDEX managed_tenant_onboarding_sessions_active_tenant_unique ON managed_tenant_onboarding_sessions (managed_environment_id) WHERE completed_at IS NULL AND managed_environment_id IS NOT NULL');
-
-        if (Schema::hasColumn('managed_tenant_onboarding_sessions', 'cancelled_at')) {
-            Schema::table('managed_tenant_onboarding_sessions', function (Blueprint $table): void {
-                $table->dropColumn('cancelled_at');
-            });
-        }
-    }
-};
diff --git a/apps/platform/database/migrations/2026_03_14_000001_add_lifecycle_and_version_to_managed_tenant_onboarding_sessions.php b/apps/platform/database/migrations/2026_03_14_000001_add_lifecycle_and_version_to_managed_environment_onboarding_sessions.php
similarity index 78%
rename from apps/platform/database/migrations/2026_03_14_000001_add_lifecycle_and_version_to_managed_tenant_onboarding_sessions.php
rename to apps/platform/database/migrations/2026_03_14_000001_add_lifecycle_and_version_to_managed_environment_onboarding_sessions.php
index 67e9201b..4e164799 100644
--- a/apps/platform/database/migrations/2026_03_14_000001_add_lifecycle_and_version_to_managed_tenant_onboarding_sessions.php
+++ b/apps/platform/database/migrations/2026_03_14_000001_add_lifecycle_and_version_to_managed_environment_onboarding_sessions.php
@@ -13,19 +13,19 @@
 {
     public function up(): void
     {
-        if (! Schema::hasTable('managed_tenant_onboarding_sessions')) {
+        if (! Schema::hasTable('managed_environment_onboarding_sessions')) {
             return;
         }
 
-        $needsVersion = ! Schema::hasColumn('managed_tenant_onboarding_sessions', 'version');
-        $needsLifecycleState = ! Schema::hasColumn('managed_tenant_onboarding_sessions', 'lifecycle_state');
-        $needsCurrentCheckpoint = ! Schema::hasColumn('managed_tenant_onboarding_sessions', 'current_checkpoint');
-        $needsLastCompletedCheckpoint = ! Schema::hasColumn('managed_tenant_onboarding_sessions', 'last_completed_checkpoint');
-        $needsReasonCode = ! Schema::hasColumn('managed_tenant_onboarding_sessions', 'reason_code');
-        $needsBlockingReasonCode = ! Schema::hasColumn('managed_tenant_onboarding_sessions', 'blocking_reason_code');
+        $needsVersion = ! Schema::hasColumn('managed_environment_onboarding_sessions', 'version');
+        $needsLifecycleState = ! Schema::hasColumn('managed_environment_onboarding_sessions', 'lifecycle_state');
+        $needsCurrentCheckpoint = ! Schema::hasColumn('managed_environment_onboarding_sessions', 'current_checkpoint');
+        $needsLastCompletedCheckpoint = ! Schema::hasColumn('managed_environment_onboarding_sessions', 'last_completed_checkpoint');
+        $needsReasonCode = ! Schema::hasColumn('managed_environment_onboarding_sessions', 'reason_code');
+        $needsBlockingReasonCode = ! Schema::hasColumn('managed_environment_onboarding_sessions', 'blocking_reason_code');
 
         if ($needsVersion || $needsLifecycleState || $needsCurrentCheckpoint || $needsLastCompletedCheckpoint || $needsReasonCode || $needsBlockingReasonCode) {
-            Schema::table('managed_tenant_onboarding_sessions', function (Blueprint $table) use ($needsVersion, $needsLifecycleState, $needsCurrentCheckpoint, $needsLastCompletedCheckpoint, $needsReasonCode, $needsBlockingReasonCode): void {
+            Schema::table('managed_environment_onboarding_sessions', function (Blueprint $table) use ($needsVersion, $needsLifecycleState, $needsCurrentCheckpoint, $needsLastCompletedCheckpoint, $needsReasonCode, $needsBlockingReasonCode): void {
                 if ($needsVersion) {
                     $table->unsignedBigInteger('version')->default(1);
                 }
@@ -52,7 +52,7 @@ public function up(): void
             });
         }
 
-        DB::table('managed_tenant_onboarding_sessions')
+        DB::table('managed_environment_onboarding_sessions')
             ->orderBy('id')
             ->chunkById(500, function ($rows): void {
                 foreach ($rows as $row) {
@@ -63,7 +63,7 @@ public function up(): void
                     $lastCompletedCheckpoint = $this->lastCompletedCheckpoint($currentCheckpoint, $state, $row->completed_at);
                     $lifecycleState = $this->lifecycleState($row->completed_at, $row->cancelled_at, $currentCheckpoint, $state);
 
-                    DB::table('managed_tenant_onboarding_sessions')
+                    DB::table('managed_environment_onboarding_sessions')
                         ->where('id', $row->id)
                         ->update([
                             'version' => max(1, (int) ($row->version ?? 1)),
@@ -76,28 +76,28 @@ public function up(): void
                 }
             }, 'id');
 
-        if (! $this->hasIndex('managed_tenant_onboarding_sessions_lifecycle_state_index')) {
-            Schema::table('managed_tenant_onboarding_sessions', function (Blueprint $table): void {
-                $table->index('lifecycle_state', 'managed_tenant_onboarding_sessions_lifecycle_state_index');
+        if (! $this->hasIndex('managed_environment_onboarding_sessions_lifecycle_state_index')) {
+            Schema::table('managed_environment_onboarding_sessions', function (Blueprint $table): void {
+                $table->index('lifecycle_state', 'managed_environment_onboarding_sessions_lifecycle_state_index');
             });
         }
     }
 
     public function down(): void
     {
-        if (! Schema::hasTable('managed_tenant_onboarding_sessions')) {
+        if (! Schema::hasTable('managed_environment_onboarding_sessions')) {
             return;
         }
 
-        if ($this->hasIndex('managed_tenant_onboarding_sessions_lifecycle_state_index')) {
-            Schema::table('managed_tenant_onboarding_sessions', function (Blueprint $table): void {
-                $table->dropIndex('managed_tenant_onboarding_sessions_lifecycle_state_index');
+        if ($this->hasIndex('managed_environment_onboarding_sessions_lifecycle_state_index')) {
+            Schema::table('managed_environment_onboarding_sessions', function (Blueprint $table): void {
+                $table->dropIndex('managed_environment_onboarding_sessions_lifecycle_state_index');
             });
         }
 
-        Schema::table('managed_tenant_onboarding_sessions', function (Blueprint $table): void {
+        Schema::table('managed_environment_onboarding_sessions', function (Blueprint $table): void {
             foreach (['version', 'lifecycle_state', 'current_checkpoint', 'last_completed_checkpoint', 'reason_code', 'blocking_reason_code'] as $column) {
-                if (Schema::hasColumn('managed_tenant_onboarding_sessions', $column)) {
+                if (Schema::hasColumn('managed_environment_onboarding_sessions', $column)) {
                     $table->dropColumn($column);
                 }
             }
@@ -220,7 +220,7 @@ private function hasIndex(string $indexName): bool
                 ->where('schemaname', 'public')
                 ->where('indexname', $indexName)
                 ->exists(),
-            'sqlite' => collect(DB::select("PRAGMA index_list('managed_tenant_onboarding_sessions')"))
+            'sqlite' => collect(DB::select("PRAGMA index_list('managed_environment_onboarding_sessions')"))
                 ->contains(fn (object $index): bool => ($index->name ?? null) === $indexName),
             default => false,
         };
diff --git a/apps/platform/database/migrations/2026_03_19_000001_create_finding_exceptions_table.php b/apps/platform/database/migrations/2026_03_19_000001_create_finding_exceptions_table.php
index 9445f011..4d02e930 100644
--- a/apps/platform/database/migrations/2026_03_19_000001_create_finding_exceptions_table.php
+++ b/apps/platform/database/migrations/2026_03_19_000001_create_finding_exceptions_table.php
@@ -44,7 +44,7 @@ public function up(): void
             $table->index(['managed_environment_id', 'requested_at'], 'finding_exceptions_requested_at_idx');
 
             $table
-                ->foreign(['managed_environment_id', 'workspace_id'], 'finding_exceptions_tenant_workspace_fk')
+                ->foreign(['managed_environment_id', 'workspace_id'], 'finding_exceptions_managed_environment_workspace_fk')
                 ->references(['id', 'workspace_id'])
                 ->on('managed_environments')
                 ->cascadeOnDelete();
diff --git a/apps/platform/database/migrations/2026_03_19_000002_create_finding_exception_decisions_table.php b/apps/platform/database/migrations/2026_03_19_000002_create_finding_exception_decisions_table.php
index ebfc4792..6188cd4b 100644
--- a/apps/platform/database/migrations/2026_03_19_000002_create_finding_exception_decisions_table.php
+++ b/apps/platform/database/migrations/2026_03_19_000002_create_finding_exception_decisions_table.php
@@ -30,7 +30,7 @@ public function up(): void
             $table->index(['managed_environment_id', 'actor_user_id'], 'finding_exception_decisions_actor_idx');
 
             $table
-                ->foreign(['managed_environment_id', 'workspace_id'], 'finding_exception_decisions_tenant_workspace_fk')
+                ->foreign(['managed_environment_id', 'workspace_id'], 'finding_exception_decisions_managed_environment_workspace_fk')
                 ->references(['id', 'workspace_id'])
                 ->on('managed_environments')
                 ->cascadeOnDelete();
diff --git a/apps/platform/database/migrations/2026_03_19_000003_create_finding_exception_evidence_references_table.php b/apps/platform/database/migrations/2026_03_19_000003_create_finding_exception_evidence_references_table.php
index 86863bb5..459f8c40 100644
--- a/apps/platform/database/migrations/2026_03_19_000003_create_finding_exception_evidence_references_table.php
+++ b/apps/platform/database/migrations/2026_03_19_000003_create_finding_exception_evidence_references_table.php
@@ -29,7 +29,7 @@ public function up(): void
             $table->index(['managed_environment_id', 'source_type'], 'finding_exception_evidence_refs_source_idx');
 
             $table
-                ->foreign(['managed_environment_id', 'workspace_id'], 'finding_exception_evidence_refs_tenant_workspace_fk')
+                ->foreign(['managed_environment_id', 'workspace_id'], 'finding_exception_evidence_refs_environment_workspace_fk')
                 ->references(['id', 'workspace_id'])
                 ->on('managed_environments')
                 ->cascadeOnDelete();
diff --git a/apps/platform/database/migrations/2026_03_20_000000_create_tenant_reviews_table.php b/apps/platform/database/migrations/2026_03_20_000000_create_environment_reviews_table.php
similarity index 84%
rename from apps/platform/database/migrations/2026_03_20_000000_create_tenant_reviews_table.php
rename to apps/platform/database/migrations/2026_03_20_000000_create_environment_reviews_table.php
index 2b18da47..9d93c165 100644
--- a/apps/platform/database/migrations/2026_03_20_000000_create_tenant_reviews_table.php
+++ b/apps/platform/database/migrations/2026_03_20_000000_create_environment_reviews_table.php
@@ -11,7 +11,7 @@
 {
     public function up(): void
     {
-        Schema::create('tenant_reviews', function (Blueprint $table): void {
+        Schema::create('environment_reviews', function (Blueprint $table): void {
             $table->id();
             $table->foreignId('workspace_id')->constrained('workspaces')->cascadeOnDelete();
             $table->foreignId('managed_environment_id')->constrained('managed_environments')->cascadeOnDelete();
@@ -20,7 +20,7 @@ public function up(): void
             $table->foreignId('operation_run_id')->nullable()->constrained('operation_runs')->nullOnDelete();
             $table->foreignId('initiated_by_user_id')->nullable()->constrained('users')->nullOnDelete();
             $table->foreignId('published_by_user_id')->nullable()->constrained('users')->nullOnDelete();
-            $table->foreignId('superseded_by_review_id')->nullable()->constrained('tenant_reviews')->nullOnDelete();
+            $table->foreignId('superseded_by_review_id')->nullable()->constrained('environment_reviews')->nullOnDelete();
             $table->string('fingerprint', 64)->nullable();
             $table->string('status')->default('draft');
             $table->string('completeness_state')->default('missing');
@@ -35,14 +35,14 @@ public function up(): void
         });
 
         DB::statement("
-            CREATE UNIQUE INDEX tenant_reviews_fingerprint_mutable_unique
-            ON tenant_reviews (workspace_id, managed_environment_id, fingerprint)
+            CREATE UNIQUE INDEX environment_reviews_fingerprint_mutable_unique
+            ON environment_reviews (workspace_id, managed_environment_id, fingerprint)
             WHERE fingerprint IS NOT NULL AND status IN ('draft', 'ready', 'failed')
         ");
     }
 
     public function down(): void
     {
-        Schema::dropIfExists('tenant_reviews');
+        Schema::dropIfExists('environment_reviews');
     }
 };
diff --git a/apps/platform/database/migrations/2026_03_20_000100_create_tenant_review_sections_table.php b/apps/platform/database/migrations/2026_03_20_000100_create_environment_review_sections_table.php
similarity index 79%
rename from apps/platform/database/migrations/2026_03_20_000100_create_tenant_review_sections_table.php
rename to apps/platform/database/migrations/2026_03_20_000100_create_environment_review_sections_table.php
index f0830d04..eedf2f8e 100644
--- a/apps/platform/database/migrations/2026_03_20_000100_create_tenant_review_sections_table.php
+++ b/apps/platform/database/migrations/2026_03_20_000100_create_environment_review_sections_table.php
@@ -10,9 +10,9 @@
 {
     public function up(): void
     {
-        Schema::create('tenant_review_sections', function (Blueprint $table): void {
+        Schema::create('environment_review_sections', function (Blueprint $table): void {
             $table->id();
-            $table->foreignId('tenant_review_id')->constrained('tenant_reviews')->cascadeOnDelete();
+            $table->foreignId('environment_review_id')->constrained('environment_reviews')->cascadeOnDelete();
             $table->foreignId('workspace_id')->constrained('workspaces')->cascadeOnDelete();
             $table->foreignId('managed_environment_id')->constrained('managed_environments')->cascadeOnDelete();
             $table->string('section_key');
@@ -26,7 +26,7 @@ public function up(): void
             $table->timestampTz('measured_at')->nullable();
             $table->timestamps();
 
-            $table->unique(['tenant_review_id', 'section_key']);
+            $table->unique(['environment_review_id', 'section_key']);
             $table->index(['workspace_id', 'managed_environment_id', 'section_key']);
             $table->index(['managed_environment_id', 'completeness_state']);
         });
@@ -34,6 +34,6 @@ public function up(): void
 
     public function down(): void
     {
-        Schema::dropIfExists('tenant_review_sections');
+        Schema::dropIfExists('environment_review_sections');
     }
 };
diff --git a/apps/platform/database/migrations/2026_03_20_000200_add_tenant_review_id_to_review_packs_table.php b/apps/platform/database/migrations/2026_03_20_000200_add_environment_review_id_to_review_packs_table.php
similarity index 69%
rename from apps/platform/database/migrations/2026_03_20_000200_add_tenant_review_id_to_review_packs_table.php
rename to apps/platform/database/migrations/2026_03_20_000200_add_environment_review_id_to_review_packs_table.php
index e6757d82..4d06f35b 100644
--- a/apps/platform/database/migrations/2026_03_20_000200_add_tenant_review_id_to_review_packs_table.php
+++ b/apps/platform/database/migrations/2026_03_20_000200_add_environment_review_id_to_review_packs_table.php
@@ -11,20 +11,20 @@
     public function up(): void
     {
         Schema::table('review_packs', function (Blueprint $table): void {
-            $table->foreignId('tenant_review_id')
+            $table->foreignId('environment_review_id')
                 ->nullable()
                 ->after('evidence_snapshot_id')
-                ->constrained('tenant_reviews')
+                ->constrained('environment_reviews')
                 ->nullOnDelete();
 
-            $table->index(['tenant_review_id', 'generated_at']);
+            $table->index(['environment_review_id', 'generated_at']);
         });
     }
 
     public function down(): void
     {
         Schema::table('review_packs', function (Blueprint $table): void {
-            $table->dropConstrainedForeignId('tenant_review_id');
+            $table->dropConstrainedForeignId('environment_review_id');
         });
     }
 };
diff --git a/apps/platform/database/migrations/2026_04_10_000003_create_tenant_triage_reviews_table.php b/apps/platform/database/migrations/2026_04_10_000003_create_managed_environment_triage_reviews_table.php
similarity index 65%
rename from apps/platform/database/migrations/2026_04_10_000003_create_tenant_triage_reviews_table.php
rename to apps/platform/database/migrations/2026_04_10_000003_create_managed_environment_triage_reviews_table.php
index 2b388a4c..85f67b21 100644
--- a/apps/platform/database/migrations/2026_04_10_000003_create_tenant_triage_reviews_table.php
+++ b/apps/platform/database/migrations/2026_04_10_000003_create_managed_environment_triage_reviews_table.php
@@ -11,7 +11,7 @@
 {
     public function up(): void
     {
-        Schema::create('tenant_triage_reviews', function (Blueprint $table): void {
+        Schema::create('managed_environment_triage_reviews', function (Blueprint $table): void {
             $table->id();
             $table->foreignId('workspace_id')->constrained('workspaces')->cascadeOnDelete();
             $table->foreignId('managed_environment_id')->constrained('managed_environments')->cascadeOnDelete();
@@ -27,24 +27,24 @@ public function up(): void
 
             $table->index(
                 ['workspace_id', 'concern_family', 'resolved_at', 'managed_environment_id'],
-                'tenant_triage_reviews_lookup_index',
+                'managed_environment_triage_reviews_lookup_index',
             );
             $table->index(
                 ['managed_environment_id', 'concern_family', 'resolved_at'],
-                'tenant_triage_reviews_tenant_family_index',
+                'managed_environment_triage_reviews_environment_family_index',
             );
         });
 
         DB::statement("
-            CREATE UNIQUE INDEX tenant_triage_reviews_active_unique
-            ON tenant_triage_reviews (workspace_id, managed_environment_id, concern_family)
+            CREATE UNIQUE INDEX managed_environment_triage_reviews_active_unique
+            ON managed_environment_triage_reviews (workspace_id, managed_environment_id, concern_family)
             WHERE resolved_at IS NULL
         ");
 
         if (DB::getDriverName() !== 'sqlite') {
             DB::statement("
-                ALTER TABLE tenant_triage_reviews
-                ADD CONSTRAINT tenant_triage_reviews_current_state_check
+                ALTER TABLE managed_environment_triage_reviews
+                ADD CONSTRAINT managed_environment_triage_reviews_current_state_check
                 CHECK (current_state IN ('reviewed', 'follow_up_needed'))
             ");
         }
@@ -52,12 +52,12 @@ public function up(): void
 
     public function down(): void
     {
-        DB::statement('DROP INDEX IF EXISTS tenant_triage_reviews_active_unique');
+        DB::statement('DROP INDEX IF EXISTS managed_environment_triage_reviews_active_unique');
 
         if (DB::getDriverName() !== 'sqlite') {
-            DB::statement('ALTER TABLE tenant_triage_reviews DROP CONSTRAINT IF EXISTS tenant_triage_reviews_current_state_check');
+            DB::statement('ALTER TABLE managed_environment_triage_reviews DROP CONSTRAINT IF EXISTS managed_environment_triage_reviews_current_state_check');
         }
 
-        Schema::dropIfExists('tenant_triage_reviews');
+        Schema::dropIfExists('managed_environment_triage_reviews');
     }
 };
diff --git a/apps/platform/database/migrations/2026_05_07_000001_add_workspace_removal_fields_to_managed_environments_table.php b/apps/platform/database/migrations/2026_05_07_000001_add_workspace_removal_fields_to_managed_environments_table.php
index 34a3578e..821d7d28 100644
--- a/apps/platform/database/migrations/2026_05_07_000001_add_workspace_removal_fields_to_managed_environments_table.php
+++ b/apps/platform/database/migrations/2026_05_07_000001_add_workspace_removal_fields_to_managed_environments_table.php
@@ -18,8 +18,8 @@ public function up(): void
         });
 
         if (DB::getDriverName() === 'sqlite') {
-            DB::statement('DROP INDEX IF EXISTS tenants_current_unique');
-            DB::statement('CREATE UNIQUE INDEX tenants_current_unique ON managed_environments (is_current) WHERE is_current = 1 AND deleted_at IS NULL');
+            DB::statement('DROP INDEX IF EXISTS managed_environments_current_unique');
+            DB::statement('CREATE UNIQUE INDEX managed_environments_current_unique ON managed_environments (is_current) WHERE is_current = 1 AND deleted_at IS NULL');
         }
     }
 
diff --git a/apps/platform/lang/de/localization.php b/apps/platform/lang/de/localization.php
index 85060857..3d2b5d8b 100644
--- a/apps/platform/lang/de/localization.php
+++ b/apps/platform/lang/de/localization.php
@@ -457,8 +457,8 @@
         'workspace_next_step_review_open' => 'Review öffnen',
         'workspace_next_step_package_review' => 'Paket prüfen',
         'workspace_next_step_control_mapping' => 'Kontrollzuordnung prüfen',
-        'no_tenant_reviews_yet' => 'Noch keine Tenant-Reviews',
-        'create_first_review_description' => 'Erstellen Sie das erste Review aus einem verankerten Evidence-Snapshot, um die wiederkehrende Review-Historie für diesen Tenant zu starten.',
+        'no_environment_reviews_yet' => 'Noch keine Environment-Reviews',
+        'create_first_review_description' => 'Erstellen Sie das erste Review aus einem verankerten Evidence-Snapshot, um die wiederkehrende Review-Historie für diese Managed Environment zu starten.',
         'create_first_review' => 'Erstes Review erstellen',
         'create_review' => 'Review erstellen',
         'evidence_basis' => 'Evidence-Basis',
diff --git a/apps/platform/lang/en/localization.php b/apps/platform/lang/en/localization.php
index 4c668f54..147afaf8 100644
--- a/apps/platform/lang/en/localization.php
+++ b/apps/platform/lang/en/localization.php
@@ -389,7 +389,7 @@
         'governance_package_blocked_description' => 'This account can read the released review but cannot download the current export review pack.',
         'no_entitled_tenants' => 'No entitled tenants match this view',
         'no_released_customer_reviews' => 'No released customer reviews match this view',
-        'no_released_customer_reviews_description' => 'Publish a tenant review before it appears in the customer-safe workspace.',
+        'no_released_customer_reviews_description' => 'Publish an environment review before it appears in the customer-safe workspace.',
         'clear_filters_description' => 'Clear the current filters to return to the full customer review workspace for your entitled tenants.',
         'adjust_filters_description' => 'Adjust filters to return to the full customer review workspace for your entitled tenants.',
         'no_published_review' => 'No published review',
@@ -457,8 +457,8 @@
         'workspace_next_step_review_open' => 'Open review',
         'workspace_next_step_package_review' => 'Review package',
         'workspace_next_step_control_mapping' => 'Review control mapping',
-        'no_tenant_reviews_yet' => 'No tenant reviews yet',
-        'create_first_review_description' => 'Create the first review from an anchored evidence snapshot to start the recurring review history for this tenant.',
+        'no_environment_reviews_yet' => 'No environment reviews yet',
+        'create_first_review_description' => 'Create the first review from an anchored evidence snapshot to start the recurring review history for this managed environment.',
         'create_first_review' => 'Create first review',
         'create_review' => 'Create review',
         'evidence_basis' => 'Evidence basis',
diff --git a/apps/platform/resources/views/filament/forms/components/managed-tenant-onboarding-verification-report.blade.php b/apps/platform/resources/views/filament/forms/components/managed-environment-onboarding-verification-report.blade.php
similarity index 99%
rename from apps/platform/resources/views/filament/forms/components/managed-tenant-onboarding-verification-report.blade.php
rename to apps/platform/resources/views/filament/forms/components/managed-environment-onboarding-verification-report.blade.php
index 4b8c785e..d748282a 100644
--- a/apps/platform/resources/views/filament/forms/components/managed-tenant-onboarding-verification-report.blade.php
+++ b/apps/platform/resources/views/filament/forms/components/managed-environment-onboarding-verification-report.blade.php
@@ -57,7 +57,7 @@
                     </div>
 
                     <div>
-                        Use the workflow action above to start verification for this tenant.
+                        Use the workflow action above to start verification for this environment.
                     </div>
                 </div>
             @elseif ($runState === 'active')
diff --git a/apps/platform/resources/views/filament/infolists/entries/tenant-review-section.blade.php b/apps/platform/resources/views/filament/infolists/entries/environment-review-section.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/infolists/entries/tenant-review-section.blade.php
rename to apps/platform/resources/views/filament/infolists/entries/environment-review-section.blade.php
diff --git a/apps/platform/resources/views/filament/infolists/entries/tenant-review-summary.blade.php b/apps/platform/resources/views/filament/infolists/entries/environment-review-summary.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/infolists/entries/tenant-review-summary.blade.php
rename to apps/platform/resources/views/filament/infolists/entries/environment-review-summary.blade.php
diff --git a/apps/platform/resources/views/filament/pages/choose-tenant.blade.php b/apps/platform/resources/views/filament/pages/choose-environment.blade.php
similarity index 97%
rename from apps/platform/resources/views/filament/pages/choose-tenant.blade.php
rename to apps/platform/resources/views/filament/pages/choose-environment.blade.php
index 48d9b734..0608fdfa 100644
--- a/apps/platform/resources/views/filament/pages/choose-tenant.blade.php
+++ b/apps/platform/resources/views/filament/pages/choose-environment.blade.php
@@ -31,7 +31,7 @@ class="h-7 w-7 text-primary-500 dark:text-primary-400"
                 <div class="mt-6 flex flex-col items-center gap-3">
                     <x-filament::button
                         tag="a"
-                        href="{{ $workspace ? route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]) : route('admin.onboarding') }}"
+                        href="{{ $workspace ? route('admin.workspace.managed-environments.index', ['workspace' => $workspace]) : route('admin.onboarding') }}"
                         icon="heroicon-m-arrow-right"
                         size="lg"
                     >
@@ -82,11 +82,11 @@ class="inline-flex items-center gap-1.5 text-sm text-gray-500 transition-colors
                     <button
                         type="button"
                         wire:key="tenant-{{ $tenant->id }}"
-                        wire:click="selectTenant({{ (int) $tenant->id }})"
+                        wire:click="selectEnvironment({{ (int) $tenant->id }})"
                         class="group relative flex flex-col rounded-xl border border-gray-200 bg-white p-5 text-left shadow-sm transition-all duration-150 hover:border-gray-300 hover:shadow-md focus:outline-none focus:ring-2 focus:ring-primary-500 focus:ring-offset-2 dark:border-white/10 dark:bg-white/5 dark:hover:border-white/20 dark:focus:ring-offset-gray-900"
                     >
                         {{-- Loading overlay --}}
-                        <div wire:loading wire:target="selectTenant({{ (int) $tenant->id }})"
+                        <div wire:loading wire:target="selectEnvironment({{ (int) $tenant->id }})"
                              class="absolute inset-0 z-10 flex items-center justify-center rounded-xl bg-white/80 dark:bg-gray-900/80">
                             <x-filament::loading-indicator class="h-5 w-5 text-primary-500" />
                         </div>
diff --git a/apps/platform/resources/views/filament/pages/cross-tenant-compare.blade.php b/apps/platform/resources/views/filament/pages/cross-environment-compare.blade.php
similarity index 86%
rename from apps/platform/resources/views/filament/pages/cross-tenant-compare.blade.php
rename to apps/platform/resources/views/filament/pages/cross-environment-compare.blade.php
index d0ac2477..10778ea5 100644
--- a/apps/platform/resources/views/filament/pages/cross-tenant-compare.blade.php
+++ b/apps/platform/resources/views/filament/pages/cross-environment-compare.blade.php
@@ -5,14 +5,14 @@
         $previewSummary = is_array($preview['summary'] ?? null) ? $preview['summary'] : [];
         $preflightSummary = is_array($preflight['summary'] ?? null) ? $preflight['summary'] : [];
         $blockedReasonCounts = is_array($preflight['blockedReasonCounts'] ?? null) ? $preflight['blockedReasonCounts'] : [];
-        $sourceTenantName = data_get($preview, 'selection.sourceTenantName');
-        $targetTenantName = data_get($preview, 'selection.targetTenantName');
+        $sourceEnvironmentName = data_get($preview, 'selection.sourceEnvironmentName');
+        $targetEnvironmentName = data_get($preview, 'selection.targetEnvironmentName');
         $selectedPolicyTypes = data_get($preview, 'selection.policyTypes', []);
     @endphp
 
-    <x-filament::section heading="Cross-tenant compare">
+    <x-filament::section heading="Cross-environment compare">
         <x-slot name="description">
-            Compare one authorized source tenant to one authorized target tenant from a canonical workspace surface. Preview stays read only until you explicitly confirm promotion execution.
+            Compare one authorized source environment to one authorized target environment from a canonical workspace surface. Preview stays read only until you explicitly confirm promotion execution.
         </x-slot>
 
         <div class="space-y-4">
@@ -24,7 +24,7 @@
                         <div class="flex-1 rounded-xl border border-dashed border-gray-300 bg-gray-50 px-4 py-3 dark:border-gray-700 dark:bg-gray-900/40">
                             <div class="text-sm font-semibold text-gray-950 dark:text-white">Shareable compare scope</div>
                             <p class="mt-1 text-sm text-gray-600 dark:text-gray-300">
-                                Source tenant, target tenant, and governed-subject filters live on the URL so the same compare preview can be reopened or shared.
+                                Source environment, target environment, and governed-subject filters live on the URL so the same compare preview can be reopened or shared.
                             </p>
                         </div>
 
@@ -51,7 +51,7 @@
 
             @if ($preview === null)
                 <div class="rounded-2xl border border-dashed border-gray-300 bg-gray-50/70 px-5 py-6 text-sm text-gray-600 dark:border-gray-700 dark:bg-gray-900/40 dark:text-gray-300">
-                    Choose a source tenant and a target tenant to build a compare preview. The source and target must be different tenants inside the active workspace.
+                    Choose a source environment and a target environment to build a compare preview. The source and target must be different environments inside the active workspace.
                 </div>
             @endif
         </div>
@@ -60,30 +60,30 @@
     @if ($preview !== null)
         <x-filament::section heading="Compare preview">
             <x-slot name="description">
-                Decision-first summary of governed subjects. Raw payloads stay on the existing tenant and baseline surfaces.
+                Decision-first summary of governed subjects. Raw payloads stay on the existing environment and baseline surfaces.
             </x-slot>
 
-            <div class="space-y-4" data-testid="cross-tenant-compare-preview">
+            <div class="space-y-4" data-testid="cross-environment-compare-preview">
                 <div class="flex flex-col gap-4 xl:flex-row xl:items-start xl:justify-between">
                     <div class="space-y-2">
                         <div class="flex flex-wrap items-center gap-2">
-                            <x-filament::badge color="info" size="sm">Source tenant: {{ $sourceTenantName }}</x-filament::badge>
-                            <x-filament::badge color="gray" size="sm">Target tenant: {{ $targetTenantName }}</x-filament::badge>
+                            <x-filament::badge color="info" size="sm">Source environment: {{ $sourceEnvironmentName }}</x-filament::badge>
+                            <x-filament::badge color="gray" size="sm">Target environment: {{ $targetEnvironmentName }}</x-filament::badge>
                             @foreach ($selectedPolicyTypes as $policyType)
                                 <x-filament::badge color="gray" size="sm">{{ $this->stateLabel($policyType) }}</x-filament::badge>
                             @endforeach
                         </div>
 
                         <div class="flex flex-wrap items-center gap-3 text-sm">
-                            @if (filled($this->sourceTenantUrl()))
-                                <a href="{{ $this->sourceTenantUrl() }}" class="font-medium text-primary-600 hover:text-primary-500 dark:text-primary-400 dark:hover:text-primary-300">
-                                    Open source tenant
+                            @if (filled($this->sourceEnvironmentUrl()))
+                                <a href="{{ $this->sourceEnvironmentUrl() }}" class="font-medium text-primary-600 hover:text-primary-500 dark:text-primary-400 dark:hover:text-primary-300">
+                                    Open source environment
                                 </a>
                             @endif
 
-                            @if (filled($this->targetTenantUrl()))
-                                <a href="{{ $this->targetTenantUrl() }}" class="font-medium text-primary-600 hover:text-primary-500 dark:text-primary-400 dark:hover:text-primary-300">
-                                    Open target tenant
+                            @if (filled($this->targetEnvironmentUrl()))
+                                <a href="{{ $this->targetEnvironmentUrl() }}" class="font-medium text-primary-600 hover:text-primary-500 dark:text-primary-400 dark:hover:text-primary-300">
+                                    Open target environment
                                 </a>
                             @endif
                         </div>
@@ -112,7 +112,7 @@
 
                     <div class="divide-y divide-gray-200 dark:divide-gray-800">
                         @foreach (data_get($preview, 'subjects', []) as $subject)
-                            <div class="grid grid-cols-[minmax(0,1.4fr)_minmax(0,1fr)_minmax(0,0.8fr)] gap-3 px-4 py-4" data-testid="cross-tenant-compare-subject">
+                            <div class="grid grid-cols-[minmax(0,1.4fr)_minmax(0,1fr)_minmax(0,0.8fr)] gap-3 px-4 py-4" data-testid="cross-environment-compare-subject">
                                 <div class="space-y-2">
                                     <div class="text-sm font-semibold text-gray-950 dark:text-white">{{ data_get($subject, 'displayName') }}</div>
                                     <div class="flex flex-wrap items-center gap-2 text-xs text-gray-500 dark:text-gray-400">
@@ -150,7 +150,7 @@
                 Read-only readiness view until you explicitly confirm Execute promotion. Target mutation happens only through the queued operation run.
             </x-slot>
 
-            <div class="space-y-4" data-testid="cross-tenant-preflight">
+            <div class="space-y-4" data-testid="cross-environment-preflight">
                 <div class="grid gap-3 sm:grid-cols-2 xl:grid-cols-4">
                     @foreach (['ready', 'blocked', 'manual_mapping_required', 'total'] as $state)
                         <div class="rounded-2xl border border-gray-200 bg-white px-4 py-3 shadow-sm dark:border-gray-800 dark:bg-gray-900/70">
@@ -205,4 +205,4 @@
     @endif
 
     <x-filament-actions::modals />
-</x-filament-panels::page>
\ No newline at end of file
+</x-filament-panels::page>
diff --git a/apps/platform/resources/views/filament/pages/tenant-diagnostics.blade.php b/apps/platform/resources/views/filament/pages/environment-diagnostics.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/pages/tenant-diagnostics.blade.php
rename to apps/platform/resources/views/filament/pages/environment-diagnostics.blade.php
diff --git a/apps/platform/resources/views/filament/pages/tenant-required-permissions.blade.php b/apps/platform/resources/views/filament/pages/environment-required-permissions.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/pages/tenant-required-permissions.blade.php
rename to apps/platform/resources/views/filament/pages/environment-required-permissions.blade.php
diff --git a/apps/platform/resources/views/filament/pages/reviews/review-register.blade.php b/apps/platform/resources/views/filament/pages/reviews/review-register.blade.php
index 13befd7e..e674fdf0 100644
--- a/apps/platform/resources/views/filament/pages/reviews/review-register.blade.php
+++ b/apps/platform/resources/views/filament/pages/reviews/review-register.blade.php
@@ -6,7 +6,7 @@
             </div>
 
             <div class="text-sm text-gray-600 dark:text-gray-300">
-                Review draft, published, archived, and superseded tenant reviews across the tenants you are entitled to manage.
+                Review draft, published, archived, and superseded environment reviews across the tenants you are entitled to manage.
             </div>
 
             <div class="text-sm text-gray-600 dark:text-gray-300">
diff --git a/apps/platform/resources/views/filament/pages/workspaces/managed-tenant-onboarding-wizard.blade.php b/apps/platform/resources/views/filament/pages/workspaces/managed-environment-onboarding-wizard.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/pages/workspaces/managed-tenant-onboarding-wizard.blade.php
rename to apps/platform/resources/views/filament/pages/workspaces/managed-environment-onboarding-wizard.blade.php
diff --git a/apps/platform/resources/views/filament/pages/workspaces/managed-tenants-landing.blade.php b/apps/platform/resources/views/filament/pages/workspaces/managed-environments-landing.blade.php
similarity index 99%
rename from apps/platform/resources/views/filament/pages/workspaces/managed-tenants-landing.blade.php
rename to apps/platform/resources/views/filament/pages/workspaces/managed-environments-landing.blade.php
index 9e91c094..ffe175a8 100644
--- a/apps/platform/resources/views/filament/pages/workspaces/managed-tenants-landing.blade.php
+++ b/apps/platform/resources/views/filament/pages/workspaces/managed-environments-landing.blade.php
@@ -63,7 +63,7 @@ class="inline-flex items-center gap-1.5 text-sm text-gray-500 transition-colors
                 <x-filament::button
                     color="gray"
                     size="sm"
-                    wire:click="goToChooseTenant"
+                    wire:click="goToChooseEnvironment"
                     icon="heroicon-m-arrow-right"
                     icon-position="after"
                 >
diff --git a/apps/platform/resources/views/filament/partials/context-bar.blade.php b/apps/platform/resources/views/filament/partials/context-bar.blade.php
index c0bc2d43..1336e80f 100644
--- a/apps/platform/resources/views/filament/partials/context-bar.blade.php
+++ b/apps/platform/resources/views/filament/partials/context-bar.blade.php
@@ -1,5 +1,5 @@
 @php
-    use App\Filament\Pages\ChooseTenant;
+    use App\Filament\Pages\ChooseEnvironment;
     use App\Filament\Pages\ChooseWorkspace;
     use App\Models\ManagedEnvironment;
     use App\Models\User;
@@ -27,15 +27,15 @@
     $currentTenantName = $currentTenant instanceof ManagedEnvironment ? $currentTenant->getFilamentName() : null;
 
     $lastTenantId = $workspaceContext->lastTenantId(request());
-    $canClearTenantContext = $currentTenant instanceof ManagedEnvironment || $lastTenantId !== null;
+    $canClearEnvironmentContext = $currentTenant instanceof ManagedEnvironment || $lastTenantId !== null;
 @endphp
 
 @php
     $tenantLabel = $currentTenantName ?? __('localization.shell.no_environment_selected');
     $workspaceLabel = $workspace?->name ?? __('localization.shell.choose_workspace');
     $hasActiveTenant = $currentTenantName !== null;
-    $managedTenantsUrl = $workspace
-        ? route('admin.workspace.managed-tenants.index', ['workspace' => $workspace])
+    $managedEnvironmentsUrl = $workspace
+        ? route('admin.workspace.managed-environments.index', ['workspace' => $workspace])
         : route('admin.onboarding');
     $workspaceUrl = $workspace
         ? route('admin.home')
@@ -135,15 +135,15 @@ class="flex items-center gap-2 rounded-lg px-3 py-2 text-sm text-gray-700 transi
                                     <x-filament::icon icon="heroicon-o-building-office-2" class="h-4 w-4 text-primary-600 dark:text-primary-400" />
                                     <span class="text-sm font-medium text-primary-700 dark:text-primary-300">{{ $currentTenantName }}</span>
                                     <a
-                                        href="{{ ChooseTenant::getUrl(panel: 'admin') }}"
+                                        href="{{ ChooseEnvironment::getUrl(panel: 'admin') }}"
                                         class="ml-auto text-xs font-medium text-primary-600 hover:text-primary-500 dark:text-primary-400 dark:hover:text-primary-300"
                                     >
                                         {{ __('localization.shell.switch_environment') }}
                                     </a>
                                 </div>
 
-                                @if ($canClearTenantContext)
-                                    <form method="POST" action="{{ route('admin.clear-tenant-context') }}">
+                                @if ($canClearEnvironmentContext)
+                                    <form method="POST" action="{{ route('admin.clear-environment-context') }}">
                                         @csrf
 
                                         <button type="submit" class="w-full rounded-lg px-3 py-1.5 text-left text-xs font-medium text-gray-500 transition hover:bg-gray-50 hover:text-gray-700 dark:text-gray-400 dark:hover:bg-white/5 dark:hover:text-gray-200">
@@ -156,7 +156,7 @@ class="ml-auto text-xs font-medium text-primary-600 hover:text-primary-500 dark:
                             @if ($tenants->isEmpty())
                                 <div class="space-y-2 rounded-lg border border-dashed border-gray-300 px-3 py-3 text-center text-xs text-gray-500 dark:border-gray-600 dark:text-gray-400">
                                     <div>{{ __('localization.shell.no_active_environments') }}</div>
-                                    <a href="{{ $managedTenantsUrl }}" class="inline-flex items-center gap-1 text-primary-600 hover:text-primary-500 dark:text-primary-400 dark:hover:text-primary-300">
+                                    <a href="{{ $managedEnvironmentsUrl }}" class="inline-flex items-center gap-1 text-primary-600 hover:text-primary-500 dark:text-primary-400 dark:hover:text-primary-300">
                                         <x-filament::icon icon="heroicon-o-arrow-top-right-on-square" class="h-3.5 w-3.5" />
                                         {{ __('localization.shell.view_managed_environments') }}
                                     </a>
@@ -181,7 +181,7 @@ class="fi-input fi-text-input w-full"
                                             $isActive = $currentTenantId !== null && (int) $tenant->getKey() === $currentTenantId;
                                         @endphp
 
-                                        <form method="POST" action="{{ route('admin.select-tenant') }}">
+                                        <form method="POST" action="{{ route('admin.select-environment') }}">
                                             @csrf
                                             <input type="hidden" name="managed_environment_id" value="{{ (int) $tenant->getKey() }}" />
 
@@ -203,8 +203,8 @@ class="flex w-full items-center gap-2 px-3 py-2 text-left text-sm transition {{
                                     @endforeach
                                 </div>
 
-                                @if ($canClearTenantContext)
-                                    <form method="POST" action="{{ route('admin.clear-tenant-context') }}">
+                                @if ($canClearEnvironmentContext)
+                                    <form method="POST" action="{{ route('admin.clear-environment-context') }}">
                                         @csrf
 
                                         <button type="submit" class="w-full rounded-lg px-3 py-1.5 text-left text-xs font-medium text-gray-500 transition hover:bg-gray-50 hover:text-gray-700 dark:text-gray-400 dark:hover:bg-white/5 dark:hover:text-gray-200">
diff --git a/apps/platform/resources/views/filament/schemas/components/managed-tenant-onboarding-checkpoint-poll.blade.php b/apps/platform/resources/views/filament/schemas/components/managed-environment-onboarding-checkpoint-poll.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/schemas/components/managed-tenant-onboarding-checkpoint-poll.blade.php
rename to apps/platform/resources/views/filament/schemas/components/managed-environment-onboarding-checkpoint-poll.blade.php
diff --git a/apps/platform/resources/views/filament/system/pages/directory/view-tenant.blade.php b/apps/platform/resources/views/filament/system/pages/directory/view-tenant.blade.php
index 54cfd507..65f3d1a2 100644
--- a/apps/platform/resources/views/filament/system/pages/directory/view-tenant.blade.php
+++ b/apps/platform/resources/views/filament/system/pages/directory/view-tenant.blade.php
@@ -3,7 +3,7 @@
     $tenant = $this->tenant;
     $customerHealthDecision = $this->customerHealthDecision();
     $providerConnections = $this->providerConnections();
-    $permissions = $this->tenantPermissions();
+    $permissions = $this->managedEnvironmentPermissions();
     $runs = $this->recentRuns();
     $workspacePostureValue = $tenant->isRemovedFromWorkspace() ? 'removed_from_workspace' : 'active';
 @endphp
@@ -132,9 +132,9 @@
                         <div class="flex items-center justify-between rounded-lg border border-gray-200 px-4 py-3 dark:border-white/10">
                             <span class="font-medium text-gray-950 dark:text-white">{{ $permission->permission_key }}</span>
                             <x-filament::badge
-                                :color="\App\Support\Badges\BadgeRenderer::spec(\App\Support\Badges\BadgeDomain::TenantPermissionStatus, (string) $permission->status)->color"
+                                :color="\App\Support\Badges\BadgeRenderer::spec(\App\Support\Badges\BadgeDomain::ManagedEnvironmentPermissionStatus, (string) $permission->status)->color"
                             >
-                                {{ \App\Support\Badges\BadgeRenderer::spec(\App\Support\Badges\BadgeDomain::TenantPermissionStatus, (string) $permission->status)->label }}
+                                {{ \App\Support\Badges\BadgeRenderer::spec(\App\Support\Badges\BadgeDomain::ManagedEnvironmentPermissionStatus, (string) $permission->status)->label }}
                             </x-filament::badge>
                         </div>
                     @endforeach
diff --git a/apps/platform/resources/views/filament/widgets/dashboard/tenant-dashboard-context-chips.blade.php b/apps/platform/resources/views/filament/widgets/dashboard/environment-dashboard-context-chips.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/widgets/dashboard/tenant-dashboard-context-chips.blade.php
rename to apps/platform/resources/views/filament/widgets/dashboard/environment-dashboard-context-chips.blade.php
diff --git a/apps/platform/resources/views/filament/widgets/dashboard/tenant-dashboard-overview.blade.php b/apps/platform/resources/views/filament/widgets/dashboard/environment-dashboard-overview.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/widgets/dashboard/tenant-dashboard-overview.blade.php
rename to apps/platform/resources/views/filament/widgets/dashboard/environment-dashboard-overview.blade.php
diff --git a/apps/platform/resources/views/filament/widgets/tenant/admin-roles-summary.blade.php b/apps/platform/resources/views/filament/widgets/managed-environment/admin-roles-summary.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/widgets/tenant/admin-roles-summary.blade.php
rename to apps/platform/resources/views/filament/widgets/managed-environment/admin-roles-summary.blade.php
diff --git a/apps/platform/resources/views/filament/widgets/tenant/baseline-compare-coverage-banner.blade.php b/apps/platform/resources/views/filament/widgets/managed-environment/baseline-compare-coverage-banner.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/widgets/tenant/baseline-compare-coverage-banner.blade.php
rename to apps/platform/resources/views/filament/widgets/managed-environment/baseline-compare-coverage-banner.blade.php
diff --git a/apps/platform/resources/views/filament/widgets/tenant/tenant-archived-banner.blade.php b/apps/platform/resources/views/filament/widgets/managed-environment/managed-environment-archived-banner.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/widgets/tenant/tenant-archived-banner.blade.php
rename to apps/platform/resources/views/filament/widgets/managed-environment/managed-environment-archived-banner.blade.php
diff --git a/apps/platform/resources/views/filament/widgets/tenant/tenant-review-pack-card.blade.php b/apps/platform/resources/views/filament/widgets/managed-environment/managed-environment-review-pack-card.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/widgets/tenant/tenant-review-pack-card.blade.php
rename to apps/platform/resources/views/filament/widgets/managed-environment/managed-environment-review-pack-card.blade.php
diff --git a/apps/platform/resources/views/filament/widgets/tenant/tenant-verification-report.blade.php b/apps/platform/resources/views/filament/widgets/managed-environment/managed-environment-verification-report.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/widgets/tenant/tenant-verification-report.blade.php
rename to apps/platform/resources/views/filament/widgets/managed-environment/managed-environment-verification-report.blade.php
diff --git a/apps/platform/resources/views/filament/widgets/tenant/recent-operations-summary.blade.php b/apps/platform/resources/views/filament/widgets/managed-environment/recent-operations-summary.blade.php
similarity index 100%
rename from apps/platform/resources/views/filament/widgets/tenant/recent-operations-summary.blade.php
rename to apps/platform/resources/views/filament/widgets/managed-environment/recent-operations-summary.blade.php
diff --git a/apps/platform/resources/views/filament/widgets/tenant/triage-arrival-continuity.blade.php b/apps/platform/resources/views/filament/widgets/managed-environment/triage-arrival-continuity.blade.php
similarity index 96%
rename from apps/platform/resources/views/filament/widgets/tenant/triage-arrival-continuity.blade.php
rename to apps/platform/resources/views/filament/widgets/managed-environment/triage-arrival-continuity.blade.php
index a95b55c3..e3ac2914 100644
--- a/apps/platform/resources/views/filament/widgets/tenant/triage-arrival-continuity.blade.php
+++ b/apps/platform/resources/views/filament/widgets/managed-environment/triage-arrival-continuity.blade.php
@@ -12,8 +12,8 @@
                 'stale', 'degraded', 'weakened', 'unvalidated' => 'warning',
                 default => 'gray',
             };
-            $reviewStateColor = \App\Support\Badges\BadgeRenderer::color(\App\Support\Badges\BadgeDomain::TenantTriageReviewState)($reviewState['derived_state'] ?? null);
-            $reviewStateLabel = \App\Support\Badges\BadgeRenderer::label(\App\Support\Badges\BadgeDomain::TenantTriageReviewState)($reviewState['derived_state'] ?? null);
+            $reviewStateColor = \App\Support\Badges\BadgeRenderer::color(\App\Support\Badges\BadgeDomain::ManagedEnvironmentTriageReviewState)($reviewState['derived_state'] ?? null);
+            $reviewStateLabel = \App\Support\Badges\BadgeRenderer::label(\App\Support\Badges\BadgeDomain::ManagedEnvironmentTriageReviewState)($reviewState['derived_state'] ?? null);
         @endphp
 
         <x-filament::section>
diff --git a/apps/platform/routes/web.php b/apps/platform/routes/web.php
index 6e42636b..54d4cb3a 100644
--- a/apps/platform/routes/web.php
+++ b/apps/platform/routes/web.php
@@ -3,18 +3,18 @@
 use App\Filament\Pages\WorkspaceOverview;
 use App\Http\Controllers\AdminConsentCallbackController;
 use App\Http\Controllers\Auth\EntraController;
-use App\Http\Controllers\ClearTenantContextController;
+use App\Http\Controllers\ClearEnvironmentContextController;
 use App\Http\Controllers\LocalizationController;
 use App\Http\Controllers\OpenFindingExceptionsQueueController;
 use App\Http\Controllers\RbacDelegatedAuthController;
 use App\Http\Controllers\ReviewPackDownloadController;
-use App\Http\Controllers\SelectTenantController;
+use App\Http\Controllers\SelectEnvironmentController;
 use App\Http\Controllers\SwitchWorkspaceController;
-use App\Http\Controllers\TenantOnboardingController;
+use App\Http\Controllers\ManagedEnvironmentOnboardingController;
 use App\Http\Middleware\SuppressDebugbarForSmokeRequests;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Services\Onboarding\OnboardingDraftResolver;
@@ -39,7 +39,7 @@
 Route::get('/admin/consent/callback', AdminConsentCallbackController::class)
     ->name('admin.consent.callback');
 
-Route::get('/admin/consent/start', TenantOnboardingController::class)
+Route::get('/admin/consent/start', ManagedEnvironmentOnboardingController::class)
     ->name('admin.consent.start');
 
 // Avoid Filament's tenancy root redirect which otherwise sends users into legacy flows.
@@ -322,16 +322,16 @@
     ->name('admin.switch-workspace');
 
 Route::middleware(['web', 'auth', 'ensure-correct-guard:web'])
-    ->get('/admin/finding-exceptions/open-queue/{tenant}', OpenFindingExceptionsQueueController::class)
+    ->get('/admin/finding-exceptions/open-queue/{environment}', OpenFindingExceptionsQueueController::class)
     ->name('admin.finding-exceptions.open-queue');
 
 Route::middleware(['web', 'auth', 'ensure-correct-guard:web', 'ensure-workspace-selected'])
-    ->post('/admin/select-tenant', SelectTenantController::class)
-    ->name('admin.select-tenant');
+    ->post('/admin/select-environment', SelectEnvironmentController::class)
+    ->name('admin.select-environment');
 
 Route::middleware(['web', 'auth', 'ensure-correct-guard:web', 'ensure-workspace-selected'])
-    ->post('/admin/clear-tenant-context', ClearTenantContextController::class)
-    ->name('admin.clear-tenant-context');
+    ->post('/admin/clear-environment-context', ClearEnvironmentContextController::class)
+    ->name('admin.clear-environment-context');
 Route::bind('workspace', function (string $value): Workspace {
     /** @var WorkspaceResolver $resolver */
     $resolver = app(WorkspaceResolver::class);
@@ -343,7 +343,7 @@
     return $workspace;
 });
 
-Route::bind('onboardingDraft', function (string $value): TenantOnboardingSession {
+Route::bind('onboardingDraft', function (string $value): ManagedEnvironmentOnboardingSession {
     $user = auth()->user();
 
     abort_unless($user instanceof \App\Models\User, 403);
@@ -411,7 +411,7 @@
     DispatchServingFilamentEvent::class,
     FilamentAuthenticate::class,
 ])
-    ->get('/admin/onboarding', \App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class)
+    ->get('/admin/onboarding', \App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class)
     ->name('admin.onboarding');
 
 Route::middleware([
@@ -422,7 +422,7 @@
     DispatchServingFilamentEvent::class,
     FilamentAuthenticate::class,
 ])
-    ->get('/admin/onboarding/{onboardingDraft}', \App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class)
+    ->get('/admin/onboarding/{onboardingDraft}', \App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class)
     ->name('admin.onboarding.draft');
 
 Route::middleware([
@@ -495,8 +495,8 @@
     FilamentAuthenticate::class,
     'ensure-workspace-member',
 ])
-    ->get('/admin/workspaces/{workspace}/environments', \App\Filament\Pages\Workspaces\ManagedTenantsLanding::class)
-    ->name('admin.workspace.managed-tenants.index');
+    ->get('/admin/workspaces/{workspace}/environments', \App\Filament\Pages\Workspaces\ManagedEnvironmentsLanding::class)
+    ->name('admin.workspace.managed-environments.index');
 
 Route::middleware([
     'web',
@@ -508,7 +508,7 @@
     'ensure-workspace-member',
     'ensure-filament-tenant-selected',
 ])
-    ->get('/admin/workspaces/{workspace}/environments/{tenant:slug}', \App\Filament\Pages\TenantDashboard::class)
+    ->get('/admin/workspaces/{workspace}/environments/{environment:slug}', \App\Filament\Pages\EnvironmentDashboard::class)
     ->name('admin.workspace.environments.show');
 
 Route::middleware([
@@ -521,7 +521,7 @@
     'ensure-workspace-member',
     'ensure-filament-tenant-selected',
 ])
-    ->get('/admin/workspaces/{workspace}/environments/{tenant:slug}/diagnostics', \App\Filament\Pages\TenantDiagnostics::class)
+    ->get('/admin/workspaces/{workspace}/environments/{environment:slug}/diagnostics', \App\Filament\Pages\EnvironmentDiagnostics::class)
     ->name('admin.workspace.environments.diagnostics');
 
 Route::middleware([
@@ -534,7 +534,7 @@
     'ensure-workspace-member',
     'ensure-filament-tenant-selected',
 ])
-    ->get('/admin/workspaces/{workspace}/environments/{tenant:slug}/access-scopes', \App\Filament\Resources\TenantResource\Pages\ManageTenantMemberships::class)
+    ->get('/admin/workspaces/{workspace}/environments/{environment:slug}/access-scopes', \App\Filament\Resources\ManagedEnvironmentResource\Pages\ManageEnvironmentAccessScopes::class)
     ->name('admin.workspace.environments.access-scopes');
 
 Route::middleware(['signed'])
diff --git a/apps/platform/tests/Browser/Dashboard/TenantDashboardProductizationSmokeTest.php b/apps/platform/tests/Browser/Dashboard/TenantDashboardProductizationSmokeTest.php
index 646b9ba0..232bcd4f 100644
--- a/apps/platform/tests/Browser/Dashboard/TenantDashboardProductizationSmokeTest.php
+++ b/apps/platform/tests/Browser/Dashboard/TenantDashboardProductizationSmokeTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\BackupItem;
 use App\Models\BackupSet;
 use App\Models\Finding;
@@ -64,7 +64,7 @@
         ],
     ]);
 
-    $page = visit(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+    $page = visit(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->waitForText($tenant->name)
         ->waitForText('Backup posture')
         ->assertScript("document.querySelector('[data-testid=\"tenant-dashboard-posture-pill\"]') !== null", true)
diff --git a/apps/platform/tests/Browser/OnboardingDraftRefreshTest.php b/apps/platform/tests/Browser/OnboardingDraftRefreshTest.php
index d5b92f3d..b03447c6 100644
--- a/apps/platform/tests/Browser/OnboardingDraftRefreshTest.php
+++ b/apps/platform/tests/Browser/OnboardingDraftRefreshTest.php
@@ -50,7 +50,7 @@
         'current_step' => 'connection',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'environment' => 'prod',
         ],
     ]);
@@ -138,7 +138,7 @@
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
@@ -248,7 +248,7 @@
         'current_step' => 'bootstrap',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $verificationRun->getKey(),
             'bootstrap_operation_types' => ['inventory_sync'],
diff --git a/apps/platform/tests/Browser/OnboardingDraftVerificationResumeTest.php b/apps/platform/tests/Browser/OnboardingDraftVerificationResumeTest.php
index 665a89b0..45c9e4b2 100644
--- a/apps/platform/tests/Browser/OnboardingDraftVerificationResumeTest.php
+++ b/apps/platform/tests/Browser/OnboardingDraftVerificationResumeTest.php
@@ -5,7 +5,7 @@
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Support\OperationRunOutcome;
@@ -75,7 +75,7 @@
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $selectedConnection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
@@ -174,7 +174,7 @@
         'current_step' => 'complete',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $verificationRun->getKey(),
             'bootstrap_operation_types' => ['inventory_sync'],
@@ -239,7 +239,7 @@
     $missingKey = $permissionKeys[0];
 
     foreach (array_slice($permissionKeys, 1) as $key) {
-        TenantPermission::query()->create([
+        ManagedEnvironmentPermission::query()->create([
             'managed_environment_id' => (int) $tenant->getKey(),
             'workspace_id' => (int) $workspace->getKey(),
             'permission_key' => $key,
@@ -295,7 +295,7 @@
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
@@ -358,7 +358,7 @@
     }
 
     foreach (array_slice($permissionKeys, 1) as $key) {
-        TenantPermission::query()->create([
+        ManagedEnvironmentPermission::query()->create([
             'managed_environment_id' => (int) $tenant->getKey(),
             'workspace_id' => (int) $workspace->getKey(),
             'permission_key' => $key,
@@ -423,7 +423,7 @@
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
diff --git a/apps/platform/tests/Browser/PortfolioCompare/CrossTenantPromotionExecutionSmokeTest.php b/apps/platform/tests/Browser/PortfolioCompare/CrossEnvironmentPromotionExecutionSmokeTest.php
similarity index 79%
rename from apps/platform/tests/Browser/PortfolioCompare/CrossTenantPromotionExecutionSmokeTest.php
rename to apps/platform/tests/Browser/PortfolioCompare/CrossEnvironmentPromotionExecutionSmokeTest.php
index 42cffa16..62c3a10d 100644
--- a/apps/platform/tests/Browser/PortfolioCompare/CrossTenantPromotionExecutionSmokeTest.php
+++ b/apps/platform/tests/Browser/PortfolioCompare/CrossEnvironmentPromotionExecutionSmokeTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\CrossTenantComparePage;
+use App\Filament\Pages\CrossEnvironmentComparePage;
 use App\Models\OperationRun;
 use App\Support\OperationRunLinks;
 use App\Support\Workspaces\WorkspaceContext;
@@ -13,10 +13,10 @@
 pest()->browser()->timeout(15_000);
 
 it('smokes queued promotion execution and the canonical operation viewer', function (): void {
-    $fixture = $this->makeCrossTenantCompareFixture();
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
 
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Browser Promotion Policy',
         snapshot: ['settings' => [['key' => 'browser', 'value' => 1]]],
     );
@@ -26,15 +26,15 @@
     ]);
     session()->put(WorkspaceContext::SESSION_KEY, (int) $fixture['workspace']->getKey());
 
-    $page = visit(CrossTenantComparePage::getUrl(parameters: [
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+    $page = visit(CrossEnvironmentComparePage::getUrl(parameters: [
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ], panel: 'admin'));
 
     $page
         ->assertNoJavaScriptErrors()
-        ->waitForText('Cross-tenant compare')
+        ->waitForText('Cross-environment compare')
         ->assertSee('Compare preview')
         ->click('Generate promotion preflight')
         ->waitForText('Promotion preflight')
diff --git a/apps/platform/tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php b/apps/platform/tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php
index e8af3d4e..fc69b322 100644
--- a/apps/platform/tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php
+++ b/apps/platform/tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php
@@ -2,10 +2,10 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\ManagedEnvironment;
 use App\Models\ReviewPack;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\Storage;
@@ -18,7 +18,7 @@
     Storage::fake('exports');
 });
 
-it('smokes the customer review workspace handoff from tenant review detail', function (): void {
+it('smokes the customer review workspace handoff from environment review detail', function (): void {
     $tenantPublished = ManagedEnvironment::factory()->create(['name' => 'Published ManagedEnvironment']);
     [$user, $tenantPublished] = createUserWithTenant(
         tenant: $tenantPublished,
@@ -39,19 +39,19 @@
         workspaceRole: 'manager',
     );
 
-    $publishedSnapshot = seedTenantReviewEvidence($tenantPublished);
-    $noPublishedSnapshot = seedTenantReviewEvidence($tenantWithoutPublished);
+    $publishedSnapshot = seedEnvironmentReviewEvidence($tenantPublished);
+    $noPublishedSnapshot = seedEnvironmentReviewEvidence($tenantWithoutPublished);
 
-    $publishedReview = composeTenantReviewForTest($tenantPublished, $user, $publishedSnapshot);
+    $publishedReview = composeEnvironmentReviewForTest($tenantPublished, $user, $publishedSnapshot);
     $publishedReview->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
 
-    $internalOnlyReview = composeTenantReviewForTest($tenantWithoutPublished, $user, $noPublishedSnapshot);
+    $internalOnlyReview = composeEnvironmentReviewForTest($tenantWithoutPublished, $user, $noPublishedSnapshot);
     $internalOnlyReview->forceFill([
-        'status' => TenantReviewStatus::Ready->value,
+        'status' => EnvironmentReviewStatus::Ready->value,
         'published_at' => null,
         'published_by_user_id' => null,
     ])->save();
@@ -61,7 +61,7 @@
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenantPublished->getKey(),
         'workspace_id' => (int) $tenantPublished->workspace_id,
-        'tenant_review_id' => (int) $publishedReview->getKey(),
+        'environment_review_id' => (int) $publishedReview->getKey(),
         'evidence_snapshot_id' => (int) $publishedSnapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
         'file_path' => 'review-packs/customer-review-workspace-smoke.zip',
@@ -77,7 +77,7 @@
         ],
     ]);
 
-    visit(TenantReviewResource::tenantScopedUrl('view', ['record' => $publishedReview], $tenantPublished))
+    visit(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $publishedReview], $tenantPublished))
         ->waitForText('Verwandter Kontext')
         ->assertSee('Kunden-Workspace öffnen')
         ->assertNoJavaScriptErrors()
diff --git a/apps/platform/tests/Browser/Spec172DeferredOperatorSurfacesSmokeTest.php b/apps/platform/tests/Browser/Spec172DeferredOperatorSurfacesSmokeTest.php
index 3deff934..8c2f22c4 100644
--- a/apps/platform/tests/Browser/Spec172DeferredOperatorSurfacesSmokeTest.php
+++ b/apps/platform/tests/Browser/Spec172DeferredOperatorSurfacesSmokeTest.php
@@ -2,12 +2,12 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Support\OperationRunLinks;
@@ -56,19 +56,18 @@
 
     $operationsIndexUrl = OperationRunLinks::index($tenant);
 
-    $page = visit(TenantResource::getUrl('view', ['record' => $tenant->getRouteKey()], panel: 'admin'));
+    $page = visit(ManagedEnvironmentResource::getUrl('view', ['record' => $tenant->getRouteKey()], panel: 'admin'));
 
     $page
         ->assertNoJavaScriptErrors()
         ->assertSee((string) $tenant->name)
-        ->assertSee('Recent operations')
-        ->assertSee('Verification report')
+        ->assertSee('Environment governance overview')
+        ->assertSee('Operations requiring attention')
+        ->assertSee('Provider connection check')
         ->assertSee(OperationRunLinks::openCollectionLabel())
-        ->assertSee(OperationRunLinks::collectionScopeDescription())
-        ->assertSee(OperationRunLinks::openLabel())
-        ->assertSee(ViewTenant::verificationHeaderActionLabel())
+        ->assertSee('Review operation')
         ->assertDontSee('Start verification')
-        ->assertScript("Array.from(document.querySelectorAll('a[href=\"{$operationsIndexUrl}\"]')).some((element) => element.textContent?.includes('Open operations'))", true);
+        ->assertScript("Array.from(document.querySelectorAll('a[href*=\"/operations\"]')).some((element) => element.textContent?.includes('Open operations') && element.href.includes('managed_environment_id='))", true);
 
     visit($operationsIndexUrl)
         ->assertNoJavaScriptErrors()
@@ -93,11 +92,11 @@
     ]);
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
-    visit(TenantResource::getUrl('view', ['record' => $tenant->getRouteKey()], panel: 'admin'))
+    visit(ManagedEnvironmentResource::getUrl('view', ['record' => $tenant->getRouteKey()], panel: 'admin'))
         ->assertNoJavaScriptErrors()
-        ->assertSee('Verification report')
-        ->assertSee('No provider verification check has been recorded yet.')
-        ->assertSee('Start verification')
+        ->assertSee('Environment governance overview')
+        ->assertSee('Provider Health')
+        ->assertSee('Provider status unavailable')
         ->assertDontSee(OperationRunLinks::openLabel());
 });
 
@@ -126,7 +125,7 @@
         'consent_status' => 'granted',
     ]);
 
-    TenantOnboardingSession::query()->create([
+    ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -192,7 +191,7 @@
         ],
     ]);
 
-    TenantOnboardingSession::query()->create([
+    ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -292,7 +291,7 @@
         ],
     ]);
 
-    TenantOnboardingSession::query()->create([
+    ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
diff --git a/apps/platform/tests/Browser/Spec174EvidenceFreshnessPublicationTrustSmokeTest.php b/apps/platform/tests/Browser/Spec174EvidenceFreshnessPublicationTrustSmokeTest.php
index e54c0ad5..f86e7e32 100644
--- a/apps/platform/tests/Browser/Spec174EvidenceFreshnessPublicationTrustSmokeTest.php
+++ b/apps/platform/tests/Browser/Spec174EvidenceFreshnessPublicationTrustSmokeTest.php
@@ -4,10 +4,10 @@
 
 use App\Filament\Resources\EvidenceSnapshotResource;
 use App\Filament\Resources\ReviewPackResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\ManagedEnvironment;
-use App\Support\TenantReviewCompletenessState;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewCompletenessState;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Workspaces\WorkspaceContext;
 use Tests\Feature\Concerns\BuildsGovernanceArtifactTruthFixtures;
 
@@ -25,16 +25,16 @@
     ]);
     createUserWithTenant(tenant: $partialTenant, user: $user, role: 'owner');
 
-    $staleSnapshot = seedStaleTenantReviewEvidence($staleTenant);
-    $partialSnapshot = seedPartialTenantReviewEvidence($partialTenant);
+    $staleSnapshot = seedStaleEnvironmentReviewEvidence($staleTenant);
+    $partialSnapshot = seedPartialEnvironmentReviewEvidence($partialTenant);
 
     $partialReview = $this->makeArtifactTruthReview(
         tenant: $partialTenant,
         user: $user,
         snapshot: $partialSnapshot,
         reviewOverrides: [
-            'status' => TenantReviewStatus::Ready->value,
-            'completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'status' => EnvironmentReviewStatus::Ready->value,
+            'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
         ],
         summaryOverrides: [
             'publish_blockers' => [],
@@ -52,10 +52,10 @@
         user: $user,
         snapshot: $staleSnapshot,
         reviewOverrides: [
-            'status' => TenantReviewStatus::Published->value,
+            'status' => EnvironmentReviewStatus::Published->value,
             'published_at' => now(),
             'published_by_user_id' => (int) $user->getKey(),
-            'completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
         ],
         summaryOverrides: [
             'publish_blockers' => [],
@@ -74,8 +74,8 @@
         snapshot: $staleSnapshot,
         review: $staleReview,
         summaryOverrides: [
-            'review_status' => TenantReviewStatus::Published->value,
-            'review_completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'review_status' => EnvironmentReviewStatus::Published->value,
+            'review_completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
         ],
     );
 
@@ -90,7 +90,7 @@
         ->assertSee('Stale')
         ->assertSee('Refresh the stale evidence before relying on this snapshot');
 
-    visit(TenantReviewResource::tenantScopedUrl('view', ['record' => $partialReview], $partialTenant))
+    visit(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $partialReview], $partialTenant))
         ->waitForText('Outcome summary')
         ->assertNoJavaScriptErrors()
         ->assertSee('Internal only')
@@ -129,17 +129,17 @@
 
     $staleSnapshot = $this->makeStaleArtifactTruthEvidenceSnapshot($staleTenant);
     $freshSnapshot = $this->makeArtifactTruthEvidenceSnapshot($freshTenant);
-    $partialSnapshot = seedPartialTenantReviewEvidence($partialTenant);
+    $partialSnapshot = seedPartialEnvironmentReviewEvidence($partialTenant);
 
     $this->makeArtifactTruthReview(
         tenant: $staleTenant,
         user: $user,
         snapshot: $staleSnapshot,
         reviewOverrides: [
-            'status' => TenantReviewStatus::Published->value,
+            'status' => EnvironmentReviewStatus::Published->value,
             'published_at' => now(),
             'published_by_user_id' => (int) $user->getKey(),
-            'completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
         ],
         summaryOverrides: [
             'publish_blockers' => [],
@@ -157,8 +157,8 @@
         user: $user,
         snapshot: $partialSnapshot,
         reviewOverrides: [
-            'status' => TenantReviewStatus::Ready->value,
-            'completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'status' => EnvironmentReviewStatus::Ready->value,
+            'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
         ],
         summaryOverrides: [
             'publish_blockers' => [],
diff --git a/apps/platform/tests/Browser/Spec192RecordPageHeaderDisciplineSmokeTest.php b/apps/platform/tests/Browser/Spec192RecordPageHeaderDisciplineSmokeTest.php
index 798cefcc..a98689fa 100644
--- a/apps/platform/tests/Browser/Spec192RecordPageHeaderDisciplineSmokeTest.php
+++ b/apps/platform/tests/Browser/Spec192RecordPageHeaderDisciplineSmokeTest.php
@@ -10,8 +10,8 @@
 use App\Filament\Resources\FindingExceptionResource;
 use App\Filament\Resources\PolicyVersionResource;
 use App\Filament\Resources\ReviewPackResource;
-use App\Filament\Resources\TenantResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Filament\Resources\Workspaces\WorkspaceResource;
 use App\Models\AlertDestination;
 use App\Models\BackupSet;
@@ -85,7 +85,7 @@ function spec192ApprovedFindingException(ManagedEnvironment $tenant, User $reque
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => (string) $onboardingTenant->managed_environment_id,
-            'tenant_name' => (string) $onboardingTenant->name,
+            'environment_name' => (string) $onboardingTenant->name,
         ],
     ]);
 
@@ -129,7 +129,7 @@ function spec192ApprovedFindingException(ManagedEnvironment $tenant, User $reque
     ]);
 
     $exception = spec192ApprovedFindingException($tenant, $user);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
 
     $this->actingAs($user)->withSession([
         WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
@@ -157,19 +157,19 @@ function spec192ApprovedFindingException(ManagedEnvironment $tenant, User $reque
         ->assertSee('Open finding')
         ->assertSee('Renew exception');
 
-    visit(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
+    visit(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
         ->waitForText('Related context')
         ->assertNoJavaScriptErrors()
         ->assertScript("document.querySelectorAll('[data-supporting-group-kind]').length === 0", true)
         ->assertSee('Outcome summary')
         ->assertSee('Evidence snapshot');
 
-    visit(TenantResource::getUrl('edit', ['record' => $onboardingTenant], panel: 'admin'))
-        ->waitForText('Related context')
+    visit(ManagedEnvironmentResource::getUrl('edit', ['record' => $onboardingTenant], panel: 'admin'))
+        ->waitForText('Environment governance overview')
         ->assertNoJavaScriptErrors()
         ->assertScript("document.querySelectorAll('[data-supporting-group-kind]').length === 0", true)
-        ->assertSee('Resume onboarding')
-        ->assertSee('Open environment detail');
+        ->assertSee((string) $onboardingTenant->name)
+        ->assertSee('Recommended next actions');
 });
 
 it('smokes the explicit workflow-heavy tenant detail exception without javascript errors', function (): void {
@@ -183,12 +183,12 @@ function spec192ApprovedFindingException(ManagedEnvironment $tenant, User $reque
     ]);
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
-    visit(TenantResource::getUrl('view', ['record' => $tenant], panel: 'admin'))
-        ->waitForText('Related context')
+    visit(ManagedEnvironmentResource::getUrl('view', ['record' => $tenant], panel: 'admin'))
+        ->waitForText('Environment governance overview')
         ->assertNoJavaScriptErrors()
         ->assertScript("document.querySelectorAll('[data-supporting-group-kind]').length === 0", true)
-        ->assertSee('Edit tenant')
-        ->assertSee('Open provider connections');
+        ->assertSee((string) $tenant->name)
+        ->assertSee('Provider Health');
 });
 
 it('smokes the compliant reference baseline without header regressions or javascript errors', function (): void {
@@ -245,13 +245,13 @@ function spec192ApprovedFindingException(ManagedEnvironment $tenant, User $reque
         ],
     ]);
 
-    $reviewSnapshot = seedTenantReviewEvidence($tenant);
-    $review = composeTenantReviewForTest($tenant, $user, $reviewSnapshot);
+    $reviewSnapshot = seedEnvironmentReviewEvidence($tenant);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $reviewSnapshot);
 
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'evidence_snapshot_id' => (int) $reviewSnapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
     ]);
diff --git a/apps/platform/tests/Browser/Spec193MonitoringSurfaceHierarchySmokeTest.php b/apps/platform/tests/Browser/Spec193MonitoringSurfaceHierarchySmokeTest.php
index 2e952cd9..7c29e261 100644
--- a/apps/platform/tests/Browser/Spec193MonitoringSurfaceHierarchySmokeTest.php
+++ b/apps/platform/tests/Browser/Spec193MonitoringSurfaceHierarchySmokeTest.php
@@ -84,7 +84,7 @@
         ->assertNoConsoleLogs()
         ->assertSee('Alert deliveries');
 
-    visit(\App\Filament\Pages\TenantDashboard::getUrl(tenant: $diagnosticsTenant))
+    visit(\App\Filament\Pages\EnvironmentDashboard::getUrl(tenant: $diagnosticsTenant))
         ->assertNoJavaScriptErrors()
         ->assertNoConsoleLogs()
         ->assertSee($diagnosticsTenant->name)
diff --git a/apps/platform/tests/Browser/Spec194GovernanceFrictionSmokeTest.php b/apps/platform/tests/Browser/Spec194GovernanceFrictionSmokeTest.php
index b42e7b7e..92d134f2 100644
--- a/apps/platform/tests/Browser/Spec194GovernanceFrictionSmokeTest.php
+++ b/apps/platform/tests/Browser/Spec194GovernanceFrictionSmokeTest.php
@@ -5,8 +5,8 @@
 use App\Filament\Pages\Monitoring\FindingExceptionsQueue;
 use App\Filament\Resources\EvidenceSnapshotResource;
 use App\Filament\Resources\FindingExceptionResource;
-use App\Filament\Resources\TenantResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\EvidenceSnapshot;
 use App\Models\Finding;
 use App\Models\FindingException;
@@ -22,8 +22,8 @@
 use App\Support\OperationRunOutcome;
 use App\Support\OperationRunStatus;
 use App\Support\System\SystemOperationRunLinks;
-use App\Support\TenantReviewCompletenessState;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewCompletenessState;
+use App\Support\EnvironmentReviewStatus;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
 pest()->browser()->timeout(20_000);
@@ -142,11 +142,11 @@ function spec194RelativeRedirect(string $redirect): string
         'initiated_by_user_id' => (int) $user->getKey(),
     ]);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
 
     $review->forceFill([
-        'status' => TenantReviewStatus::Ready->value,
-        'completeness_state' => TenantReviewCompletenessState::Complete->value,
+        'status' => EnvironmentReviewStatus::Ready->value,
+        'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
         'summary' => array_replace_recursive(is_array($review->summary) ? $review->summary : [], [
             'publish_blockers' => [],
             'section_state_counts' => [
@@ -194,7 +194,7 @@ function spec194RelativeRedirect(string $redirect): string
         ->assertSee('Renew exception')
         ->assertSee('Revoke exception');
 
-    visit(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
+    visit(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
         ->waitForText('Related context')
         ->assertNoJavaScriptErrors()
         ->assertNoConsoleLogs()
@@ -224,42 +224,38 @@ function spec194RelativeRedirect(string $redirect): string
         ->assertSee('Refresh evidence')
         ->assertSee('Expire snapshot');
 
-    visit(TenantResource::getUrl('view', ['record' => $tenant], panel: 'admin'))
-        ->waitForText('Related context')
+    visit(ManagedEnvironmentResource::getUrl('view', ['record' => $tenant], panel: 'admin'))
+        ->waitForText('Environment governance overview')
         ->assertNoJavaScriptErrors()
         ->assertNoConsoleLogs()
-        ->click('[aria-label="Lifecycle"]')
-        ->waitForText('Archive')
-        ->click('button:has-text("Archive")')
-        ->waitForText('Archive reason')
-        ->click('button:has-text("Cancel")')
-        ->assertSee('Lifecycle');
+        ->assertSee((string) $tenant->name)
+        ->assertSee('Recommended next actions');
 
-    visit(TenantResource::getUrl('edit', ['record' => $tenant], panel: 'admin'))
-        ->waitForText('Related context')
+    visit(ManagedEnvironmentResource::getUrl('edit', ['record' => $tenant], panel: 'admin'))
+        ->waitForText('Environment governance overview')
         ->assertNoJavaScriptErrors()
         ->assertNoConsoleLogs()
-        ->assertSee('Lifecycle');
+        ->assertSee((string) $tenant->name);
 
     visit(spec194SmokeLoginUrl(
         $user,
         $archivedTenant,
-        TenantResource::getUrl('view', ['record' => $archivedTenant], panel: 'admin'),
+        ManagedEnvironmentResource::getUrl('view', ['record' => $archivedTenant], panel: 'admin'),
     ))
-        ->waitForText('Related context')
+        ->waitForText('Environment governance overview')
         ->assertNoJavaScriptErrors()
         ->assertNoConsoleLogs()
-        ->assertSee('Lifecycle');
+        ->assertSee((string) $archivedTenant->name);
 
     visit(spec194SmokeLoginUrl(
         $user,
         $archivedTenant,
-        TenantResource::getUrl('edit', ['record' => $archivedTenant], panel: 'admin'),
+        ManagedEnvironmentResource::getUrl('edit', ['record' => $archivedTenant], panel: 'admin'),
     ))
-        ->waitForText('Related context')
+        ->waitForText('Environment governance overview')
         ->assertNoJavaScriptErrors()
         ->assertNoConsoleLogs()
-        ->assertSee('Lifecycle');
+        ->assertSee((string) $archivedTenant->name);
 });
 
 it('smokes system run triage semantics without javascript errors', function (): void {
diff --git a/apps/platform/tests/Browser/Spec202GovernanceSubjectTaxonomySmokeTest.php b/apps/platform/tests/Browser/Spec202GovernanceSubjectTaxonomySmokeTest.php
index 8f717c4a..c3f82c0e 100644
--- a/apps/platform/tests/Browser/Spec202GovernanceSubjectTaxonomySmokeTest.php
+++ b/apps/platform/tests/Browser/Spec202GovernanceSubjectTaxonomySmokeTest.php
@@ -100,7 +100,7 @@ function spec202SmokeLoginUrl(User $user, ManagedEnvironment $tenant, string $re
         ->assertSee('Support readiness')
         ->assertSee('Capture baseline')
         ->click('Capture baseline')
-        ->waitForText('Source ManagedEnvironment')
+        ->waitForText('Source environment')
         ->click('Cancel')
         ->assertSee('Capture baseline');
 
@@ -113,7 +113,7 @@ function spec202SmokeLoginUrl(User $user, ManagedEnvironment $tenant, string $re
         ->assertSee('Canonical governed-subject scope V2 is already stored for this baseline profile.')
         ->assertSee('Compare now')
         ->click('Compare now')
-        ->waitForText('Target ManagedEnvironment')
+        ->waitForText('Target environment')
         ->click('Cancel')
         ->assertSee('Compare now');
 });
diff --git a/apps/platform/tests/Browser/Spec265DecisionRegisterSmokeTest.php b/apps/platform/tests/Browser/Spec265DecisionRegisterSmokeTest.php
index f44402a1..3ba20e1b 100644
--- a/apps/platform/tests/Browser/Spec265DecisionRegisterSmokeTest.php
+++ b/apps/platform/tests/Browser/Spec265DecisionRegisterSmokeTest.php
@@ -79,7 +79,7 @@ function spec265SmokeLoginUrl(User $user, ManagedEnvironment $tenant, string $re
         ->waitForText('Decision register')
         ->assertNoJavaScriptErrors()
         ->assertNoConsoleLogs()
-        ->assertSee('The register is currently filtered to one tenant.')
+        ->assertSee('The register is currently filtered to one environment.')
         ->assertSee($tenant->name)
         ->assertSee('Showing 1 result')
         ->assertSeeIn('tbody tr.fi-ta-row:first-of-type', $tenant->name)
@@ -94,7 +94,7 @@ function spec265SmokeLoginUrl(User $user, ManagedEnvironment $tenant, string $re
         ->waitForText('Decision register')
         ->assertNoJavaScriptErrors()
         ->assertNoConsoleLogs()
-        ->assertSee('The register is currently filtered to one tenant.')
+        ->assertSee('The register is currently filtered to one environment.')
         ->assertSee($tenant->name)
         ->assertSee('Showing 1 result');
 });
diff --git a/apps/platform/tests/Browser/Spec279ManagedEnvironmentCoreCutoverSmokeTest.php b/apps/platform/tests/Browser/Spec279ManagedEnvironmentCoreCutoverSmokeTest.php
index 83c0ac9f..db335f3e 100644
--- a/apps/platform/tests/Browser/Spec279ManagedEnvironmentCoreCutoverSmokeTest.php
+++ b/apps/platform/tests/Browser/Spec279ManagedEnvironmentCoreCutoverSmokeTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\ChooseTenant;
+use App\Filament\Pages\ChooseEnvironment;
 use App\Models\ManagedEnvironment;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -29,7 +29,7 @@
         WorkspaceContext::SESSION_KEY => (int) $environment->workspace_id,
     ]);
 
-    visit(ChooseTenant::getUrl(panel: 'admin'))
+    visit(ChooseEnvironment::getUrl(panel: 'admin'))
         ->waitForText('Spec 279 Production')
         ->assertSee($environment->workspace->name)
         ->assertSee('Active')
diff --git a/apps/platform/tests/Browser/Spec280WorkspaceTenancyEnvironmentRoutingSmokeTest.php b/apps/platform/tests/Browser/Spec280WorkspaceTenancyEnvironmentRoutingSmokeTest.php
index 057161ee..c1358e1b 100644
--- a/apps/platform/tests/Browser/Spec280WorkspaceTenancyEnvironmentRoutingSmokeTest.php
+++ b/apps/platform/tests/Browser/Spec280WorkspaceTenancyEnvironmentRoutingSmokeTest.php
@@ -78,7 +78,7 @@
         ->assertNoJavaScriptErrors()
         ->assertNoConsoleLogs();
 
-    $environmentChooser = visit(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]))
+    $environmentChooser = visit(route('admin.workspace.managed-environments.index', ['workspace' => $workspace]))
         ->waitForText('Spec 280 Production')
         ->assertSee('Spec 280 Secondary')
         ->assertDontSee('Spec 280 Other Workspace ManagedEnvironment')
diff --git a/apps/platform/tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php b/apps/platform/tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php
index 5daaa4b7..f65a30a3 100644
--- a/apps/platform/tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php
+++ b/apps/platform/tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php
@@ -5,7 +5,7 @@
 use App\Filament\Resources\ProviderConnectionResource;
 use App\Models\ManagedEnvironment;
 use App\Models\ProviderConnection;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Support\ManagedEnvironmentLinks;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -37,7 +37,7 @@
         'verification_status' => 'healthy',
     ]);
 
-    $draft = TenantOnboardingSession::query()->create([
+    $draft = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $tenant->workspace_id,
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => '88888888-8888-8888-8888-888888888888',
diff --git a/apps/platform/tests/Browser/Spec282GovernanceArtifactRetargetingSmokeTest.php b/apps/platform/tests/Browser/Spec282GovernanceArtifactRetargetingSmokeTest.php
index fd42acbc..8aff83ec 100644
--- a/apps/platform/tests/Browser/Spec282GovernanceArtifactRetargetingSmokeTest.php
+++ b/apps/platform/tests/Browser/Spec282GovernanceArtifactRetargetingSmokeTest.php
@@ -46,8 +46,8 @@
         'workspace_id' => (int) $workspace->getKey(),
     ]);
 
-    $snapshot = seedTenantReviewEvidence($tenant);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $report = StoredReport::query()
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->where('workspace_id', (int) $tenant->workspace_id)
@@ -58,7 +58,7 @@
     ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
         'expires_at' => now()->addDay(),
@@ -66,7 +66,7 @@
 
     $this->actingAs($user);
 
-    visit(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]))
+    visit(route('admin.workspace.managed-environments.index', ['workspace' => $workspace]))
         ->waitForText('Spec 282 Production')
         ->click('[wire\\:key="tenant-'.$tenant->getKey().'"]')
         ->waitForText('Spec 282 Production')
diff --git a/apps/platform/tests/Browser/Spec284ArtifactSourceTaxonomySmokeTest.php b/apps/platform/tests/Browser/Spec284ArtifactSourceTaxonomySmokeTest.php
index 4ead0c6c..6966bc8b 100644
--- a/apps/platform/tests/Browser/Spec284ArtifactSourceTaxonomySmokeTest.php
+++ b/apps/platform/tests/Browser/Spec284ArtifactSourceTaxonomySmokeTest.php
@@ -6,7 +6,7 @@
 use App\Filament\Resources\FindingResource;
 use App\Filament\Resources\InventoryItemResource;
 use App\Filament\Resources\StoredReportResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\Finding;
 use App\Models\InventoryItem;
 use App\Models\StoredReport;
@@ -36,8 +36,8 @@
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
     ]);
-    $snapshot = seedTenantReviewEvidence($tenant, findingCount: 1, driftCount: 1);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $snapshot = seedEnvironmentReviewEvidence($tenant, findingCount: 1, driftCount: 1);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
 
     $this->actingAs($user)->withSession([
         WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
@@ -73,7 +73,7 @@
         ->assertNoJavaScriptErrors()
         ->assertNoConsoleLogs();
 
-    visit(TenantReviewResource::getUrl('view', ['record' => $review], tenant: $tenant))
+    visit(EnvironmentReviewResource::getUrl('view', ['record' => $review], tenant: $tenant))
         ->waitForText('Sections')
         ->click('Details')
         ->waitForText('Artifact source')
diff --git a/apps/platform/tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php b/apps/platform/tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php
index 0bd48456..699a0a5a 100644
--- a/apps/platform/tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php
+++ b/apps/platform/tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php
@@ -8,7 +8,7 @@
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
-use App\Services\Auth\TenantMembershipManager;
+use App\Services\Auth\ManagedEnvironmentMembershipManager;
 use App\Services\Auth\WorkspaceMembershipManager;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -46,7 +46,7 @@
     ]);
 
     app(WorkspaceMembershipManager::class)->changeRole($workspace, $owner, $memberMembership, 'operator');
-    app(TenantMembershipManager::class)->grantScope($allowedTenant, $owner, $member, source: 'manual');
+    app(ManagedEnvironmentMembershipManager::class)->grantScope($allowedTenant, $owner, $member, source: 'manual');
 
     Finding::factory()->for($allowedTenant)->create([
         'workspace_id' => (int) $workspace->getKey(),
@@ -58,12 +58,12 @@
     ]);
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
-    $managedTenantsPath = (string) parse_url(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]), PHP_URL_PATH);
+    $managedEnvironmentsPath = (string) parse_url(route('admin.workspace.managed-environments.index', ['workspace' => $workspace]), PHP_URL_PATH);
     $findingsIndexPath = (string) parse_url(FindingResource::getUrl('index', tenant: $allowedTenant, panel: 'admin'), PHP_URL_PATH);
 
-    visit(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]))
+    visit(route('admin.workspace.managed-environments.index', ['workspace' => $workspace]))
         ->waitForText('Spec 285 Allowed')
-        ->assertScript("window.location.pathname === '{$managedTenantsPath}'", true)
+        ->assertScript("window.location.pathname === '{$managedEnvironmentsPath}'", true)
         ->assertSee('Spec 285 Allowed')
         ->assertDontSee('Spec 285 Denied')
         ->assertNoJavaScriptErrors()
diff --git a/apps/platform/tests/Browser/Spec286EnvironmentCopyNeutralizationSmokeTest.php b/apps/platform/tests/Browser/Spec286EnvironmentCopyNeutralizationSmokeTest.php
index 5391734a..614776cf 100644
--- a/apps/platform/tests/Browser/Spec286EnvironmentCopyNeutralizationSmokeTest.php
+++ b/apps/platform/tests/Browser/Spec286EnvironmentCopyNeutralizationSmokeTest.php
@@ -66,7 +66,7 @@
 
     $this->actingAs($user);
 
-    $landing = visit(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]))
+    $landing = visit(route('admin.workspace.managed-environments.index', ['workspace' => $workspace]))
         ->waitForText('Managed environments')
         ->assertSee('Choose environment')
         ->assertSee('Spec 286 Production')
diff --git a/apps/platform/tests/Browser/Spec300ManagedEnvironmentNamingConsolidationSmokeTest.php b/apps/platform/tests/Browser/Spec300ManagedEnvironmentNamingConsolidationSmokeTest.php
new file mode 100644
index 00000000..b7eb814f
--- /dev/null
+++ b/apps/platform/tests/Browser/Spec300ManagedEnvironmentNamingConsolidationSmokeTest.php
@@ -0,0 +1,133 @@
+<?php
+
+declare(strict_types=1);
+
+use App\Filament\Pages\EnvironmentDashboard;
+use App\Filament\Resources\ProviderConnectionResource;
+use App\Models\OperationRun;
+use App\Models\ProviderConnection;
+use App\Support\ManagedEnvironmentLinks;
+use App\Support\OperationRunOutcome;
+use App\Support\OperationRunStatus;
+use App\Support\Workspaces\WorkspaceContext;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+uses(RefreshDatabase::class);
+
+pest()->browser()->timeout(25_000);
+
+it('smokes Spec 300 managed-environment naming consolidation proof surfaces', function (): void {
+    [$user, $environment] = createUserWithTenant(
+        role: 'owner',
+        workspaceRole: 'owner',
+        ensureDefaultMicrosoftProviderConnection: false,
+    );
+
+    $environment->forceFill([
+        'name' => 'Spec 300 Production',
+        'slug' => 'spec-300-production',
+        'managed_environment_id' => '30000000-0000-0000-0000-000000000300',
+    ])->save();
+
+    $workspace = $environment->workspace()->firstOrFail();
+
+    $connection = ProviderConnection::factory()->platform()->consentGranted()->create([
+        'workspace_id' => (int) $workspace->getKey(),
+        'managed_environment_id' => (int) $environment->getKey(),
+        'display_name' => 'Spec 300 Microsoft Connection',
+        'entra_tenant_id' => '30000000-0000-0000-0000-000000000300',
+        'is_default' => true,
+        'verification_status' => 'healthy',
+    ]);
+
+    OperationRun::factory()->create([
+        'workspace_id' => (int) $workspace->getKey(),
+        'managed_environment_id' => (int) $environment->getKey(),
+        'type' => 'inventory_sync',
+        'status' => OperationRunStatus::Queued->value,
+        'outcome' => OperationRunOutcome::Pending->value,
+    ]);
+
+    $this->actingAs($user)->withSession([
+        WorkspaceContext::SESSION_KEY => (int) $workspace->getKey(),
+        WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => [
+            (string) $workspace->getKey() => (int) $environment->getKey(),
+        ],
+    ]);
+    session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
+
+    $workspaceOverviewPath = (string) parse_url(route('admin.workspace.home', ['workspace' => $workspace]), PHP_URL_PATH);
+    $environmentIndexPath = (string) parse_url(ManagedEnvironmentLinks::indexUrl($workspace), PHP_URL_PATH);
+    $environmentDashboardPath = (string) parse_url(EnvironmentDashboard::getUrl(tenant: $environment), PHP_URL_PATH);
+    $operationsPath = (string) parse_url(ManagedEnvironmentLinks::operationsUrl($environment), PHP_URL_PATH);
+    $providerConnectionPath = (string) parse_url(
+        ProviderConnectionResource::getUrl('view', [
+            'record' => $connection,
+            'managed_environment_id' => $environment->external_id,
+        ], panel: 'admin'),
+        PHP_URL_PATH,
+    );
+    $requiredPermissionsPath = (string) parse_url(ManagedEnvironmentLinks::requiredPermissionsUrl($environment), PHP_URL_PATH);
+
+    visit(route('admin.workspace.home', ['workspace' => $workspace]))
+        ->waitForText('Workspace overview')
+        ->assertScript("window.location.pathname === '{$workspaceOverviewPath}'", true)
+        ->assertSee('Accessible environments')
+        ->assertDontSee('Accessible tenants')
+        ->assertDontSee('/admin/t/')
+        ->assertDontSee('/admin/tenants')
+        ->assertNoJavaScriptErrors()
+        ->assertNoConsoleLogs();
+
+    $dashboard = visit(ManagedEnvironmentLinks::indexUrl($workspace))
+        ->waitForText('Spec 300 Production')
+        ->assertScript("window.location.pathname === '{$environmentIndexPath}'", true)
+        ->assertDontSee('/admin/t/')
+        ->assertDontSee('/admin/tenants')
+        ->click('[wire\\:key="tenant-'.$environment->getKey().'"]')
+        ->waitForText('Spec 300 Production')
+        ->waitForText('Show all operations')
+        ->assertScript("window.location.pathname === '{$environmentDashboardPath}'", true)
+        ->assertDontSee('Tenant dashboard')
+        ->assertDontSee('Tenant required permissions')
+        ->assertDontSee('/admin/t/')
+        ->assertDontSee('/admin/tenants')
+        ->assertNoJavaScriptErrors()
+        ->assertNoConsoleLogs();
+
+    $dashboard
+        ->assertSee('Operations')
+        ->assertNoJavaScriptErrors()
+        ->assertNoConsoleLogs();
+
+    visit(ManagedEnvironmentLinks::operationsUrl($environment))
+        ->waitForText('Monitoring landing')
+        ->assertSee('Spec 300 Production')
+        ->assertScript("window.location.pathname === '{$operationsPath}'", true)
+        ->assertScript("window.location.search.includes('managed_environment_id={$environment->getKey()}')", true)
+        ->assertNoJavaScriptErrors()
+        ->assertNoConsoleLogs();
+
+    visit(ProviderConnectionResource::getUrl('view', [
+        'record' => $connection,
+        'managed_environment_id' => $environment->external_id,
+    ], panel: 'admin'))
+        ->waitForText('Spec 300 Microsoft Connection')
+        ->assertScript("window.location.pathname === '{$providerConnectionPath}'", true)
+        ->assertSee('Microsoft tenant ID')
+        ->assertSee('Spec 300 Production')
+        ->assertDontSee('/admin/t/')
+        ->assertDontSee('/admin/tenants')
+        ->assertNoJavaScriptErrors()
+        ->assertNoConsoleLogs();
+
+    visit(ManagedEnvironmentLinks::requiredPermissionsUrl($environment))
+        ->waitForText('Required permissions')
+        ->assertScript("window.location.pathname === '{$requiredPermissionsPath}'", true)
+        ->assertSee('Missing')
+        ->assertDontSee('Tenant required permissions')
+        ->assertDontSee('/admin/t/')
+        ->assertDontSee('/admin/tenants')
+        ->assertNoJavaScriptErrors()
+        ->assertNoConsoleLogs();
+});
diff --git a/apps/platform/tests/Browser/TenantMembershipsPageTest.php b/apps/platform/tests/Browser/TenantMembershipsPageTest.php
index 773f3cf5..559f6ae8 100644
--- a/apps/platform/tests/Browser/TenantMembershipsPageTest.php
+++ b/apps/platform/tests/Browser/TenantMembershipsPageTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\User;
 use App\Support\Workspaces\WorkspaceContext;
 
@@ -21,16 +21,15 @@
     ]);
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
-    $viewPage = visit(TenantResource::getUrl('view', ['record' => $tenant->getRouteKey()], panel: 'admin'));
+    $viewPage = visit(ManagedEnvironmentResource::getUrl('view', ['record' => $tenant->getRouteKey()], panel: 'admin'));
 
     $viewPage
         ->assertNoJavaScriptErrors()
         ->assertSee((string) $tenant->name)
-        ->assertSee('Manage access scope')
         ->assertScript("document.body.innerText.includes('Add member')", false)
         ->assertScript("document.body.innerText.includes('browser-tenant-member@example.test')", false);
 
-    $membershipsPage = $viewPage->click('Manage access scope');
+    $membershipsPage = visit(ManagedEnvironmentResource::getUrl('memberships', ['record' => $tenant->getRouteKey()], panel: 'admin'));
 
     $membershipsPage
         ->assertNoJavaScriptErrors()
diff --git a/apps/platform/tests/Feature/090/ActionSurfaceSmokeTest.php b/apps/platform/tests/Feature/090/ActionSurfaceSmokeTest.php
index 5a1b69ab..97468f77 100644
--- a/apps/platform/tests/Feature/090/ActionSurfaceSmokeTest.php
+++ b/apps/platform/tests/Feature/090/ActionSurfaceSmokeTest.php
@@ -5,7 +5,7 @@
 use App\Filament\Resources\BackupScheduleResource;
 use App\Filament\Resources\FindingResource;
 use App\Filament\Resources\ProviderConnectionResource;
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Filament\Resources\Workspaces\WorkspaceResource;
 use App\Support\Ui\ActionSurface\ActionSurfaceExemptions;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -22,7 +22,7 @@ public function test_spec090_removes_in_scope_resources_from_baseline_action_sur
         $this->assertFalse($exemptions->hasClass(ProviderConnectionResource::class));
         $this->assertFalse($exemptions->hasClass(BackupScheduleResource::class));
         $this->assertFalse($exemptions->hasClass(FindingResource::class));
-        $this->assertFalse($exemptions->hasClass(TenantResource::class));
+        $this->assertFalse($exemptions->hasClass(ManagedEnvironmentResource::class));
         $this->assertFalse($exemptions->hasClass(WorkspaceResource::class));
     }
 }
diff --git a/apps/platform/tests/Feature/AdminConsentCallbackTest.php b/apps/platform/tests/Feature/AdminConsentCallbackTest.php
index 9a4eef1f..275fc64b 100644
--- a/apps/platform/tests/Feature/AdminConsentCallbackTest.php
+++ b/apps/platform/tests/Feature/AdminConsentCallbackTest.php
@@ -2,7 +2,7 @@
 
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\Workspace;
 use App\Models\OperationRun;
 use App\Support\ManagedEnvironmentLinks;
@@ -86,7 +86,7 @@
         'type' => 'provider.connection.check',
     ]);
 
-    $draft = TenantOnboardingSession::query()->create([
+    $draft = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $tenant->workspace_id,
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -120,8 +120,8 @@
     $workspace = Workspace::factory()->create();
 
     $response = $this->withSession([
-        'tenant_onboard_workspace_id' => (int) $workspace->getKey(),
-        'tenant_onboard_state' => 'state-456',
+        'environment_onboard_workspace_id' => (int) $workspace->getKey(),
+        'environment_onboard_state' => 'state-456',
     ])->get(route('admin.consent.callback', [
         'tenant' => 'new-tenant',
         'state' => 'state-456',
diff --git a/apps/platform/tests/Feature/Audit/OnboardingDraftAuditTest.php b/apps/platform/tests/Feature/Audit/OnboardingDraftAuditTest.php
index 2a1de263..187a9355 100644
--- a/apps/platform/tests/Feature/Audit/OnboardingDraftAuditTest.php
+++ b/apps/platform/tests/Feature/Audit/OnboardingDraftAuditTest.php
@@ -2,12 +2,12 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\AuditLog;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -33,14 +33,14 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
-        ->call('identifyManagedTenant', [
+        ->test(ManagedEnvironmentOnboardingWizard::class)
+        ->call('identifyManagedEnvironment', [
             'entra_tenant_id' => '11111111-1111-1111-1111-111111111111',
             'environment' => 'prod',
             'name' => 'Audit ManagedEnvironment',
         ]);
 
-    $firstDraft = TenantOnboardingSession::query()
+    $firstDraft = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('entra_tenant_id', '11111111-1111-1111-1111-111111111111')
         ->firstOrFail();
@@ -57,8 +57,8 @@
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
-        ->call('identifyManagedTenant', [
+        ->test(ManagedEnvironmentOnboardingWizard::class)
+        ->call('identifyManagedEnvironment', [
             'entra_tenant_id' => '11111111-1111-1111-1111-111111111111',
             'environment' => 'prod',
             'name' => 'Audit ManagedEnvironment',
@@ -67,11 +67,11 @@
 
     expect(AuditLog::query()
         ->where('workspace_id', (int) $workspace->getKey())
-        ->where('action', AuditActionId::ManagedTenantOnboardingStart->value)
+        ->where('action', AuditActionId::ManagedEnvironmentOnboardingStart->value)
         ->exists())->toBeTrue()
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $workspace->getKey())
-            ->where('action', AuditActionId::ManagedTenantOnboardingResume->value)
+            ->where('action', AuditActionId::ManagedEnvironmentOnboardingResume->value)
             ->exists())->toBeTrue();
 });
 
@@ -108,7 +108,7 @@
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
+        ->test(ManagedEnvironmentOnboardingWizard::class)
         ->callAction(
             TestAction::make('resume_draft_'.$draft->getKey())
                 ->schemaComponent('draft_picker_actions_'.$draft->getKey())
@@ -117,11 +117,11 @@
 
     expect(AuditLog::query()
         ->where('workspace_id', (int) $workspace->getKey())
-        ->where('action', AuditActionId::ManagedTenantOnboardingDraftSelected->value)
+        ->where('action', AuditActionId::ManagedEnvironmentOnboardingDraftSelected->value)
         ->where('resource_id', (string) $draft->getKey())
         ->exists())->toBeTrue();
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class, [
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class, [
         'onboardingDraft' => (int) $draft->getKey(),
     ]);
 
@@ -133,7 +133,7 @@
 
     expect(AuditLog::query()
         ->where('workspace_id', (int) $workspace->getKey())
-        ->where('action', AuditActionId::ManagedTenantOnboardingDraftUpdated->value)
+        ->where('action', AuditActionId::ManagedEnvironmentOnboardingDraftUpdated->value)
         ->where('resource_id', (string) $draft->getKey())
         ->exists())->toBeTrue();
 });
@@ -181,7 +181,7 @@
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class, [
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class, [
         'onboardingDraft' => (int) $draft->getKey(),
     ]);
 
@@ -209,23 +209,23 @@
 
     expect(AuditLog::query()
         ->where('workspace_id', (int) $workspace->getKey())
-        ->where('action', AuditActionId::ManagedTenantOnboardingProviderConnectionChanged->value)
+        ->where('action', AuditActionId::ManagedEnvironmentOnboardingProviderConnectionChanged->value)
         ->exists())->toBeTrue()
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $workspace->getKey())
-            ->where('action', AuditActionId::ManagedTenantOnboardingVerificationStart->value)
+            ->where('action', AuditActionId::ManagedEnvironmentOnboardingVerificationStart->value)
             ->exists())->toBeTrue()
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $workspace->getKey())
-            ->where('action', AuditActionId::ManagedTenantOnboardingVerificationPersisted->value)
+            ->where('action', AuditActionId::ManagedEnvironmentOnboardingVerificationPersisted->value)
             ->exists())->toBeTrue()
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $workspace->getKey())
-            ->where('action', AuditActionId::ManagedTenantOnboardingBootstrapStarted->value)
+            ->where('action', AuditActionId::ManagedEnvironmentOnboardingBootstrapStarted->value)
             ->exists())->toBeTrue()
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $workspace->getKey())
-            ->where('action', AuditActionId::ManagedTenantOnboardingCancelled->value)
+            ->where('action', AuditActionId::ManagedEnvironmentOnboardingCancelled->value)
             ->exists())->toBeTrue();
 });
 
@@ -241,9 +241,9 @@
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => '55555555-5555-5555-5555-555555555555',
         'environment' => 'prod',
         'name' => 'Override ManagedEnvironment',
@@ -293,10 +293,10 @@
 
     expect(AuditLog::query()
         ->where('workspace_id', (int) $workspace->getKey())
-        ->where('action', AuditActionId::ManagedTenantOnboardingActivationOverrideUsed->value)
+        ->where('action', AuditActionId::ManagedEnvironmentOnboardingActivationOverrideUsed->value)
         ->exists())->toBeTrue()
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $workspace->getKey())
-            ->where('action', AuditActionId::ManagedTenantOnboardingActivation->value)
+            ->where('action', AuditActionId::ManagedEnvironmentOnboardingActivation->value)
             ->exists())->toBeTrue();
 });
diff --git a/apps/platform/tests/Feature/Audit/ProviderConnectionIdentityAuditTest.php b/apps/platform/tests/Feature/Audit/ProviderConnectionIdentityAuditTest.php
index 3f3275db..c528f83f 100644
--- a/apps/platform/tests/Feature/Audit/ProviderConnectionIdentityAuditTest.php
+++ b/apps/platform/tests/Feature/Audit/ProviderConnectionIdentityAuditTest.php
@@ -30,7 +30,7 @@
 
     $response->assertRedirect();
 
-    $state = session('tenant_onboard_state');
+    $state = session('environment_onboard_state');
 
     $this->get(route('admin.consent.callback', [
         'tenant' => $tenant->managed_environment_id,
diff --git a/apps/platform/tests/Feature/Audit/TenantLifecycleAuditLogTest.php b/apps/platform/tests/Feature/Audit/TenantLifecycleAuditLogTest.php
index a13574d7..278b7b2e 100644
--- a/apps/platform/tests/Feature/Audit/TenantLifecycleAuditLogTest.php
+++ b/apps/platform/tests/Feature/Audit/TenantLifecycleAuditLogTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\AuditLog;
 use App\Models\ManagedEnvironment;
 use App\Support\Audit\AuditActionId;
@@ -18,7 +18,7 @@
 
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionExists('archive', function (Action $action): bool {
             return $action->getLabel() === 'Archive' && $action->isConfirmationRequired();
         })
@@ -50,7 +50,7 @@
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionExists('restore', function (Action $action): bool {
             return $action->getLabel() === 'Restore' && $action->isConfirmationRequired();
         })
diff --git a/apps/platform/tests/Feature/Audit/TenantMembershipAuditLogTest.php b/apps/platform/tests/Feature/Audit/TenantMembershipAuditLogTest.php
index dad1f5de..041eb0df 100644
--- a/apps/platform/tests/Feature/Audit/TenantMembershipAuditLogTest.php
+++ b/apps/platform/tests/Feature/Audit/TenantMembershipAuditLogTest.php
@@ -4,7 +4,7 @@
 use App\Models\ManagedEnvironmentMembership;
 use App\Models\User;
 use App\Models\WorkspaceMembership;
-use App\Services\Auth\TenantMembershipManager;
+use App\Services\Auth\ManagedEnvironmentMembershipManager;
 use App\Support\Audit\AuditActionId;
 
 it('writes canonical audit action IDs for environment access-scope mutations', function () {
@@ -17,8 +17,8 @@
         'role' => 'readonly',
     ]);
 
-    /** @var TenantMembershipManager $manager */
-    $manager = app(TenantMembershipManager::class);
+    /** @var ManagedEnvironmentMembershipManager $manager */
+    $manager = app(ManagedEnvironmentMembershipManager::class);
 
     $membership = $manager->grantScope(
         tenant: $tenant,
@@ -74,8 +74,8 @@
         ->where('user_id', $owner->id)
         ->firstOrFail();
 
-    /** @var TenantMembershipManager $manager */
-    $manager = app(TenantMembershipManager::class);
+    /** @var ManagedEnvironmentMembershipManager $manager */
+    $manager = app(ManagedEnvironmentMembershipManager::class);
 
     expect(fn () => $manager->changeRole(
         tenant: $tenant,
diff --git a/apps/platform/tests/Feature/Auth/AdminLocalSmokeLoginTest.php b/apps/platform/tests/Feature/Auth/AdminLocalSmokeLoginTest.php
index d22dad0e..fd68f501 100644
--- a/apps/platform/tests/Feature/Auth/AdminLocalSmokeLoginTest.php
+++ b/apps/platform/tests/Feature/Auth/AdminLocalSmokeLoginTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Http\Middleware\SuppressDebugbarForSmokeRequests;
 use Barryvdh\Debugbar\LaravelDebugbar;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -21,7 +21,7 @@
     ]));
 
     $response
-        ->assertRedirect(TenantDashboard::getUrl(tenant: $tenant))
+        ->assertRedirect(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertPlainCookie(
             SuppressDebugbarForSmokeRequests::COOKIE_NAME,
             SuppressDebugbarForSmokeRequests::COOKIE_VALUE,
@@ -35,7 +35,7 @@
         ->and(data_get(session(App\Support\Workspaces\WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY), (string) $tenant->workspace_id))
         ->toBe((int) $tenant->getKey());
 
-    $this->get(TenantDashboard::getUrl(tenant: $tenant))->assertSuccessful();
+    $this->get(EnvironmentDashboard::getUrl(tenant: $tenant))->assertSuccessful();
 });
 
 it('suppresses debugbar only for smoke-cookie requests and restores normal state afterward', function (): void {
diff --git a/apps/platform/tests/Feature/Auth/BackupHealthBrowserFixtureLoginTest.php b/apps/platform/tests/Feature/Auth/BackupHealthBrowserFixtureLoginTest.php
index cd79a2f0..8c5d6bc0 100644
--- a/apps/platform/tests/Feature/Auth/BackupHealthBrowserFixtureLoginTest.php
+++ b/apps/platform/tests/Feature/Auth/BackupHealthBrowserFixtureLoginTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Filament\Resources\BackupSetResource;
 use App\Http\Middleware\SuppressDebugbarForSmokeRequests;
 use App\Models\ManagedEnvironment;
@@ -28,7 +28,7 @@
     expect($tenant)->not->toBeNull();
 
     $this->get(route('admin.local.backup-health-browser-fixture-login'))
-        ->assertRedirect(TenantDashboard::getUrl(tenant: $tenant))
+        ->assertRedirect(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertPlainCookie(
             SuppressDebugbarForSmokeRequests::COOKIE_NAME,
             SuppressDebugbarForSmokeRequests::COOKIE_VALUE,
@@ -37,7 +37,7 @@
     $this->assertAuthenticatedAs($user);
     expect(session(WorkspaceContext::SESSION_KEY))->toBe((int) $workspace->getKey());
 
-    $this->get(TenantDashboard::getUrl(tenant: $tenant))
+    $this->get(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertOk();
 
     $this->get(BackupSetResource::getUrl('index', tenant: $tenant))
diff --git a/apps/platform/tests/Feature/Auth/DbOnlyPagesDoNotMakeHttpRequestsTest.php b/apps/platform/tests/Feature/Auth/DbOnlyPagesDoNotMakeHttpRequestsTest.php
index 19500630..178072f6 100644
--- a/apps/platform/tests/Feature/Auth/DbOnlyPagesDoNotMakeHttpRequestsTest.php
+++ b/apps/platform/tests/Feature/Auth/DbOnlyPagesDoNotMakeHttpRequestsTest.php
@@ -31,5 +31,5 @@
     ]);
 
     $this->get('/admin/no-access')->assertOk();
-    $this->get('/admin/choose-tenant')->assertOk();
+    $this->get('/admin/choose-environment')->assertOk();
 });
diff --git a/apps/platform/tests/Feature/Auth/PostLoginRoutingByMembershipTest.php b/apps/platform/tests/Feature/Auth/PostLoginRoutingByMembershipTest.php
index 20d569f6..0fd05b10 100644
--- a/apps/platform/tests/Feature/Auth/PostLoginRoutingByMembershipTest.php
+++ b/apps/platform/tests/Feature/Auth/PostLoginRoutingByMembershipTest.php
@@ -103,7 +103,7 @@ function entra_fake_token_exchange(string $tid, string $oid): void
     $response->assertRedirect('/admin');
 });
 
-it('routes to choose-tenant when user has multiple tenant memberships', function () {
+it('routes to choose-environment when user has multiple tenant memberships', function () {
     entra_configure_services();
     entra_fake_token_exchange('tenant-1', 'object-1');
 
diff --git a/apps/platform/tests/Feature/Auth/SessionSeparationSmokeTest.php b/apps/platform/tests/Feature/Auth/SessionSeparationSmokeTest.php
index da35790f..82a0edfe 100644
--- a/apps/platform/tests/Feature/Auth/SessionSeparationSmokeTest.php
+++ b/apps/platform/tests/Feature/Auth/SessionSeparationSmokeTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\Workspace;
@@ -35,12 +35,12 @@
 
     $this->actingAs($nonMember)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get(TenantDashboard::getUrl(tenant: $tenant))
+        ->get(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertNotFound();
 
     $this->actingAs($member)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get(TenantDashboard::getUrl(tenant: $tenant))
+        ->get(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertSuccessful();
 
     $this->get('/system')->assertNotFound();
diff --git a/apps/platform/tests/Feature/Auth/TenantChooserSelectionTest.php b/apps/platform/tests/Feature/Auth/TenantChooserSelectionTest.php
index afe84837..9e7fade5 100644
--- a/apps/platform/tests/Feature/Auth/TenantChooserSelectionTest.php
+++ b/apps/platform/tests/Feature/Auth/TenantChooserSelectionTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\ChooseTenant;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\ChooseEnvironment;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -42,7 +42,7 @@
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $activeTenant->workspace_id);
 
-    $this->get('/admin/choose-tenant')
+    $this->get('/admin/choose-environment')
         ->assertSuccessful()
         ->assertSee('Active ManagedEnvironment')
         ->assertSee('Other Active ManagedEnvironment')
@@ -50,9 +50,9 @@
         ->assertDontSee('Draft ManagedEnvironment')
         ->assertDontSee('Archived ManagedEnvironment');
 
-    Livewire::test(ChooseTenant::class)
-        ->call('selectTenant', (int) $activeTenant->getKey())
-        ->assertRedirect(TenantDashboard::getUrl(tenant: $activeTenant));
+    Livewire::test(ChooseEnvironment::class)
+        ->call('selectEnvironment', (int) $activeTenant->getKey())
+        ->assertRedirect(EnvironmentDashboard::getUrl(tenant: $activeTenant));
 
     $user->refresh();
 
@@ -78,6 +78,6 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
-        ->post(route('admin.select-tenant'), ['managed_environment_id' => (int) $tenant->getKey()])
+        ->post(route('admin.select-environment'), ['managed_environment_id' => (int) $tenant->getKey()])
         ->assertNotFound();
 });
diff --git a/apps/platform/tests/Feature/Authorization/OperatorExplanationSurfaceAuthorizationTest.php b/apps/platform/tests/Feature/Authorization/OperatorExplanationSurfaceAuthorizationTest.php
index 3e71f252..b6e8e250 100644
--- a/apps/platform/tests/Feature/Authorization/OperatorExplanationSurfaceAuthorizationTest.php
+++ b/apps/platform/tests/Feature/Authorization/OperatorExplanationSurfaceAuthorizationTest.php
@@ -6,7 +6,7 @@
 use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
 use App\Filament\Pages\Reviews\ReviewRegister;
 use App\Filament\Resources\BaselineSnapshotResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\BaselineProfile;
 use App\Models\BaselineSnapshot;
 use App\Models\OperationRun;
@@ -79,15 +79,15 @@
         ->assertForbidden();
 });
 
-it('returns 404 for non-members on the tenant review explanation detail surface', function (): void {
+it('returns 404 for non-members on the environment review explanation detail surface', function (): void {
     $targetTenant = ManagedEnvironment::factory()->create();
     [$member] = createUserWithTenant(role: 'owner');
     $reviewOwner = User::factory()->create();
     createUserWithTenant(tenant: $targetTenant, user: $reviewOwner, role: 'owner');
-    $review = composeTenantReviewForTest($targetTenant, $reviewOwner);
+    $review = composeEnvironmentReviewForTest($targetTenant, $reviewOwner);
 
     $this->actingAs($member)
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $targetTenant))
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $targetTenant))
         ->assertNotFound();
 });
 
@@ -195,7 +195,7 @@
     $run = OperationRun::factory()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $workspace->getKey(),
-        'type' => 'tenant.review_pack.generate',
+        'type' => 'environment.review_pack.generate',
         'status' => 'completed',
         'outcome' => 'succeeded',
         'completed_at' => now(),
diff --git a/apps/platform/tests/Feature/Badges/OnboardingBadgeSemanticsTest.php b/apps/platform/tests/Feature/Badges/OnboardingBadgeSemanticsTest.php
index bd2d0153..1d019d17 100644
--- a/apps/platform/tests/Feature/Badges/OnboardingBadgeSemanticsTest.php
+++ b/apps/platform/tests/Feature/Badges/OnboardingBadgeSemanticsTest.php
@@ -4,7 +4,7 @@
 use App\Support\Badges\BadgeDomain;
 
 it('maps onboarding verification status blocked to a Blocked danger badge', function (): void {
-    $spec = BadgeCatalog::spec(BadgeDomain::ManagedTenantOnboardingVerificationStatus, 'blocked');
+    $spec = BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentOnboardingVerificationStatus, 'blocked');
 
     expect($spec->label)->toBe('Blocked');
     expect($spec->color)->toBe('danger');
@@ -12,7 +12,7 @@
 });
 
 it('maps onboarding verification status ready to a Ready success badge', function (): void {
-    $spec = BadgeCatalog::spec(BadgeDomain::ManagedTenantOnboardingVerificationStatus, 'ready');
+    $spec = BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentOnboardingVerificationStatus, 'ready');
 
     expect($spec->label)->toBe('Ready');
     expect($spec->color)->toBe('success');
@@ -20,7 +20,7 @@
 });
 
 it('normalizes onboarding verification status input before mapping', function (): void {
-    $spec = BadgeCatalog::spec(BadgeDomain::ManagedTenantOnboardingVerificationStatus, 'NEEDS ATTENTION');
+    $spec = BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentOnboardingVerificationStatus, 'NEEDS ATTENTION');
 
     expect($spec->label)->toBe('Needs attention');
 });
diff --git a/apps/platform/tests/Feature/BaselineDriftEngine/BaselineCaptureAuditEventsTest.php b/apps/platform/tests/Feature/BaselineDriftEngine/BaselineCaptureAuditEventsTest.php
index f19345f5..6864d010 100644
--- a/apps/platform/tests/Feature/BaselineDriftEngine/BaselineCaptureAuditEventsTest.php
+++ b/apps/platform/tests/Feature/BaselineDriftEngine/BaselineCaptureAuditEventsTest.php
@@ -40,7 +40,7 @@
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
         ],
         initiator: $user,
diff --git a/apps/platform/tests/Feature/BaselineDriftEngine/BaselineSnapshotNoTenantIdentifiersTest.php b/apps/platform/tests/Feature/BaselineDriftEngine/BaselineSnapshotNoTenantIdentifiersTest.php
index ab6dd284..08c4263d 100644
--- a/apps/platform/tests/Feature/BaselineDriftEngine/BaselineSnapshotNoTenantIdentifiersTest.php
+++ b/apps/platform/tests/Feature/BaselineDriftEngine/BaselineSnapshotNoTenantIdentifiersTest.php
@@ -62,7 +62,7 @@
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
         ],
         initiator: $user,
diff --git a/apps/platform/tests/Feature/BaselineDriftEngine/CaptureBaselineContentTest.php b/apps/platform/tests/Feature/BaselineDriftEngine/CaptureBaselineContentTest.php
index fc87700d..600c5bea 100644
--- a/apps/platform/tests/Feature/BaselineDriftEngine/CaptureBaselineContentTest.php
+++ b/apps/platform/tests/Feature/BaselineDriftEngine/CaptureBaselineContentTest.php
@@ -78,7 +78,7 @@
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
         ],
         initiator: $user,
diff --git a/apps/platform/tests/Feature/BaselineDriftEngine/CaptureBaselineFullContentOnDemandTest.php b/apps/platform/tests/Feature/BaselineDriftEngine/CaptureBaselineFullContentOnDemandTest.php
index d89ad671..00a3da8f 100644
--- a/apps/platform/tests/Feature/BaselineDriftEngine/CaptureBaselineFullContentOnDemandTest.php
+++ b/apps/platform/tests/Feature/BaselineDriftEngine/CaptureBaselineFullContentOnDemandTest.php
@@ -124,7 +124,7 @@ public function capture(
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
         ],
         initiator: $user,
diff --git a/apps/platform/tests/Feature/BaselineDriftEngine/CaptureBaselineMetaFallbackTest.php b/apps/platform/tests/Feature/BaselineDriftEngine/CaptureBaselineMetaFallbackTest.php
index 09351960..8f328949 100644
--- a/apps/platform/tests/Feature/BaselineDriftEngine/CaptureBaselineMetaFallbackTest.php
+++ b/apps/platform/tests/Feature/BaselineDriftEngine/CaptureBaselineMetaFallbackTest.php
@@ -68,7 +68,7 @@
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
         ],
         initiator: $user,
diff --git a/apps/platform/tests/Feature/Baselines/BaselineCaptureAmbiguousMatchGapTest.php b/apps/platform/tests/Feature/Baselines/BaselineCaptureAmbiguousMatchGapTest.php
index 45808b4a..05510b64 100644
--- a/apps/platform/tests/Feature/Baselines/BaselineCaptureAmbiguousMatchGapTest.php
+++ b/apps/platform/tests/Feature/Baselines/BaselineCaptureAmbiguousMatchGapTest.php
@@ -65,7 +65,7 @@
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
         ],
         initiator: $user,
@@ -177,7 +177,7 @@
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
         ],
         initiator: $user,
diff --git a/apps/platform/tests/Feature/Baselines/BaselineCaptureGapClassificationTest.php b/apps/platform/tests/Feature/Baselines/BaselineCaptureGapClassificationTest.php
index dd67da4a..34ab18b2 100644
--- a/apps/platform/tests/Feature/Baselines/BaselineCaptureGapClassificationTest.php
+++ b/apps/platform/tests/Feature/Baselines/BaselineCaptureGapClassificationTest.php
@@ -67,7 +67,7 @@
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => [
                 'policy_types' => ['deviceConfiguration'],
                 'foundation_types' => ['roleScopeTag'],
diff --git a/apps/platform/tests/Feature/Baselines/BaselineCaptureRbacRoleDefinitionsTest.php b/apps/platform/tests/Feature/Baselines/BaselineCaptureRbacRoleDefinitionsTest.php
index 5bcd99b8..9dac3c50 100644
--- a/apps/platform/tests/Feature/Baselines/BaselineCaptureRbacRoleDefinitionsTest.php
+++ b/apps/platform/tests/Feature/Baselines/BaselineCaptureRbacRoleDefinitionsTest.php
@@ -109,7 +109,7 @@
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => [
                 'policy_types' => [],
                 'foundation_types' => ['intuneRoleDefinition'],
diff --git a/apps/platform/tests/Feature/Baselines/BaselineCaptureTest.php b/apps/platform/tests/Feature/Baselines/BaselineCaptureTest.php
index 726c8720..da4743e9 100644
--- a/apps/platform/tests/Feature/Baselines/BaselineCaptureTest.php
+++ b/apps/platform/tests/Feature/Baselines/BaselineCaptureTest.php
@@ -72,7 +72,7 @@ function runBaselineCaptureJob(
 
     $context = is_array($run->context) ? $run->context : [];
     expect($context['baseline_profile_id'])->toBe((int) $profile->getKey());
-    expect($context['source_tenant_id'])->toBe((int) $tenant->getKey());
+    expect($context['source_environment_id'])->toBe((int) $tenant->getKey());
     expect($context)->toHaveKey('effective_scope');
     expect(data_get($context, 'progress.phase.key'))->toBe('preparing');
     expect(data_get($context, 'progress.phase.label'))->toBe('Preparing baseline capture.');
@@ -328,7 +328,7 @@ function runBaselineCaptureJob(
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
         ],
         initiator: $user,
@@ -485,7 +485,7 @@ function runBaselineCaptureJob(
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
         ],
         initiator: $user,
@@ -510,7 +510,7 @@ function runBaselineCaptureJob(
         'run_identity_hash' => hash('sha256', 'second-run-'.now()->timestamp),
         'context' => [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
         ],
     ]);
@@ -595,7 +595,7 @@ function runBaselineCaptureJob(
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
         ],
         initiator: $user,
@@ -671,7 +671,7 @@ function runBaselineCaptureJob(
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => [], 'foundation_types' => []],
         ],
         initiator: $user,
diff --git a/apps/platform/tests/Feature/Baselines/BaselineCompareFindingsTest.php b/apps/platform/tests/Feature/Baselines/BaselineCompareFindingsTest.php
index 6f03d080..16942968 100644
--- a/apps/platform/tests/Feature/Baselines/BaselineCompareFindingsTest.php
+++ b/apps/platform/tests/Feature/Baselines/BaselineCompareFindingsTest.php
@@ -1485,7 +1485,7 @@
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
         ],
         initiator: $user,
diff --git a/apps/platform/tests/Feature/Baselines/BaselineResolutionDeterminismTest.php b/apps/platform/tests/Feature/Baselines/BaselineResolutionDeterminismTest.php
index 11b03828..ac33d125 100644
--- a/apps/platform/tests/Feature/Baselines/BaselineResolutionDeterminismTest.php
+++ b/apps/platform/tests/Feature/Baselines/BaselineResolutionDeterminismTest.php
@@ -106,7 +106,7 @@
         'outcome' => OperationRunOutcome::Pending->value,
         'context' => [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => [
                 'policy_types' => ['deviceConfiguration'],
                 'foundation_types' => ['roleScopeTag'],
diff --git a/apps/platform/tests/Feature/Concerns/BuildsGovernanceArtifactTruthFixtures.php b/apps/platform/tests/Feature/Concerns/BuildsGovernanceArtifactTruthFixtures.php
index 1e47cdc7..353f9f99 100644
--- a/apps/platform/tests/Feature/Concerns/BuildsGovernanceArtifactTruthFixtures.php
+++ b/apps/platform/tests/Feature/Concerns/BuildsGovernanceArtifactTruthFixtures.php
@@ -8,15 +8,15 @@
 use App\Models\OperationRun;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Support\Evidence\EvidenceCompletenessState;
 use App\Support\Evidence\EvidenceSnapshotStatus;
 use App\Support\OperationRunOutcome;
 use App\Support\OperationRunStatus;
 use App\Support\ReviewPackStatus;
-use App\Support\TenantReviewCompletenessState;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewCompletenessState;
+use App\Support\EnvironmentReviewStatus;
 
 trait BuildsGovernanceArtifactTruthFixtures
 {
@@ -103,7 +103,7 @@ protected function makeArtifactTruthReview(
         ?EvidenceSnapshot $snapshot = null,
         array $reviewOverrides = [],
         array $summaryOverrides = [],
-    ): TenantReview {
+    ): EnvironmentReview {
         $snapshot ??= $this->makeArtifactTruthEvidenceSnapshot($tenant);
 
         $defaults = [
@@ -111,8 +111,8 @@ protected function makeArtifactTruthReview(
             'workspace_id' => (int) $tenant->workspace_id,
             'evidence_snapshot_id' => (int) $snapshot->getKey(),
             'initiated_by_user_id' => (int) $user->getKey(),
-            'status' => TenantReviewStatus::Ready->value,
-            'completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'status' => EnvironmentReviewStatus::Ready->value,
+            'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
             'summary' => array_replace_recursive([
                 'publish_blockers' => [],
                 'section_state_counts' => [
@@ -130,7 +130,7 @@ protected function makeArtifactTruthReview(
             'generated_at' => now(),
         ];
 
-        return TenantReview::query()->create(array_replace($defaults, $reviewOverrides));
+        return EnvironmentReview::query()->create(array_replace($defaults, $reviewOverrides));
     }
 
     protected function makePartialArtifactTruthReview(
@@ -139,14 +139,14 @@ protected function makePartialArtifactTruthReview(
         ?EvidenceSnapshot $snapshot = null,
         array $reviewOverrides = [],
         array $summaryOverrides = [],
-    ): TenantReview {
+    ): EnvironmentReview {
         return $this->makeArtifactTruthReview(
             tenant: $tenant,
             user: $user,
             snapshot: $snapshot,
             reviewOverrides: array_replace([
-                'status' => TenantReviewStatus::Ready->value,
-                'completeness_state' => TenantReviewCompletenessState::Partial->value,
+                'status' => EnvironmentReviewStatus::Ready->value,
+                'completeness_state' => EnvironmentReviewCompletenessState::Partial->value,
             ], $reviewOverrides),
             summaryOverrides: array_replace_recursive([
                 'section_state_counts' => [
@@ -165,14 +165,14 @@ protected function makeBlockedArtifactTruthReview(
         ?EvidenceSnapshot $snapshot = null,
         array $reviewOverrides = [],
         array $summaryOverrides = [],
-    ): TenantReview {
+    ): EnvironmentReview {
         return $this->makeArtifactTruthReview(
             tenant: $tenant,
             user: $user,
             snapshot: $snapshot,
             reviewOverrides: array_replace([
-                'status' => TenantReviewStatus::Draft->value,
-                'completeness_state' => TenantReviewCompletenessState::Complete->value,
+                'status' => EnvironmentReviewStatus::Draft->value,
+                'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
             ], $reviewOverrides),
             summaryOverrides: array_replace_recursive([
                 'publish_blockers' => ['Resolve the remaining review blocker before publication.'],
@@ -186,7 +186,7 @@ protected function makeInternalOnlyArtifactTruthReview(
         ?EvidenceSnapshot $snapshot = null,
         array $reviewOverrides = [],
         array $summaryOverrides = [],
-    ): TenantReview {
+    ): EnvironmentReview {
         $snapshot ??= $this->makeStaleArtifactTruthEvidenceSnapshot($tenant);
 
         return $this->makeArtifactTruthReview(
@@ -194,8 +194,8 @@ protected function makeInternalOnlyArtifactTruthReview(
             user: $user,
             snapshot: $snapshot,
             reviewOverrides: array_replace([
-                'status' => TenantReviewStatus::Ready->value,
-                'completeness_state' => TenantReviewCompletenessState::Stale->value,
+                'status' => EnvironmentReviewStatus::Ready->value,
+                'completeness_state' => EnvironmentReviewCompletenessState::Stale->value,
             ], $reviewOverrides),
             summaryOverrides: array_replace_recursive([
                 'section_state_counts' => [
@@ -212,7 +212,7 @@ protected function makeArtifactTruthReviewPack(
         ManagedEnvironment $tenant,
         User $user,
         ?EvidenceSnapshot $snapshot = null,
-        ?TenantReview $review = null,
+        ?EnvironmentReview $review = null,
         array $packOverrides = [],
         array $summaryOverrides = [],
     ): ReviewPack {
@@ -222,7 +222,7 @@ protected function makeArtifactTruthReviewPack(
         $defaults = [
             'managed_environment_id' => (int) $tenant->getKey(),
             'workspace_id' => (int) $tenant->workspace_id,
-            'tenant_review_id' => (int) $review->getKey(),
+            'environment_review_id' => (int) $review->getKey(),
             'evidence_snapshot_id' => (int) $snapshot->getKey(),
             'initiated_by_user_id' => (int) $user->getKey(),
             'status' => ReviewPackStatus::Ready->value,
@@ -255,7 +255,7 @@ protected function makeBlockedArtifactTruthReviewPack(
         ManagedEnvironment $tenant,
         User $user,
         ?EvidenceSnapshot $snapshot = null,
-        ?TenantReview $review = null,
+        ?EnvironmentReview $review = null,
         array $packOverrides = [],
         array $summaryOverrides = [],
     ): ReviewPack {
@@ -282,7 +282,7 @@ protected function makeInternalOnlyArtifactTruthReviewPack(
         ManagedEnvironment $tenant,
         User $user,
         ?EvidenceSnapshot $snapshot = null,
-        ?TenantReview $review = null,
+        ?EnvironmentReview $review = null,
         array $packOverrides = [],
         array $summaryOverrides = [],
     ): ReviewPack {
diff --git a/apps/platform/tests/Feature/Concerns/BuildsPortfolioCompareFixtures.php b/apps/platform/tests/Feature/Concerns/BuildsPortfolioCompareFixtures.php
index 5a356595..e813d9fd 100644
--- a/apps/platform/tests/Feature/Concerns/BuildsPortfolioCompareFixtures.php
+++ b/apps/platform/tests/Feature/Concerns/BuildsPortfolioCompareFixtures.php
@@ -18,31 +18,31 @@
 trait BuildsPortfolioCompareFixtures
 {
     /**
-     * @return array{user: User, workspace: Workspace, sourceTenant: ManagedEnvironment, targetTenant: ManagedEnvironment}
+     * @return array{user: User, workspace: Workspace, sourceEnvironment: ManagedEnvironment, targetEnvironment: ManagedEnvironment}
      */
-    protected function makeCrossTenantCompareFixture(
+    protected function makeCrossEnvironmentCompareFixture(
         string $workspaceRole = 'owner',
         string $tenantRole = 'owner',
     ): array {
-        $sourceTenant = ManagedEnvironment::factory()->create([
+        $sourceEnvironment = ManagedEnvironment::factory()->create([
             'name' => 'Source ManagedEnvironment',
         ]);
 
-        [$user, $sourceTenant] = createUserWithTenant(
-            tenant: $sourceTenant,
+        [$user, $sourceEnvironment] = createUserWithTenant(
+            tenant: $sourceEnvironment,
             role: $tenantRole,
             workspaceRole: $workspaceRole,
         );
 
-        $workspace = Workspace::query()->findOrFail((int) $sourceTenant->workspace_id);
+        $workspace = Workspace::query()->findOrFail((int) $sourceEnvironment->workspace_id);
 
-        $targetTenant = ManagedEnvironment::factory()->create([
+        $targetEnvironment = ManagedEnvironment::factory()->create([
             'workspace_id' => (int) $workspace->getKey(),
             'name' => 'Target ManagedEnvironment',
         ]);
 
         $user->tenants()->syncWithoutDetaching([
-            (int) $targetTenant->getKey() => ['role' => $tenantRole],
+            (int) $targetEnvironment->getKey() => ['role' => $tenantRole],
         ]);
 
         app(CapabilityResolver::class)->clearCache();
@@ -51,8 +51,8 @@ protected function makeCrossTenantCompareFixture(
         return [
             'user' => $user,
             'workspace' => $workspace,
-            'sourceTenant' => $sourceTenant,
-            'targetTenant' => $targetTenant,
+            'sourceEnvironment' => $sourceEnvironment,
+            'targetEnvironment' => $targetEnvironment,
         ];
     }
 
diff --git a/apps/platform/tests/Feature/Concerns/BuildsPortfolioTriageFixtures.php b/apps/platform/tests/Feature/Concerns/BuildsPortfolioTriageFixtures.php
index ab53ee00..ec54ce27 100644
--- a/apps/platform/tests/Feature/Concerns/BuildsPortfolioTriageFixtures.php
+++ b/apps/platform/tests/Feature/Concerns/BuildsPortfolioTriageFixtures.php
@@ -4,13 +4,13 @@
 
 namespace Tests\Feature\Concerns;
 
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
 use App\Models\BackupSet;
 use App\Models\RestoreRun;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Models\User;
-use App\Services\PortfolioTriage\TenantTriageReviewService;
+use App\Services\PortfolioTriage\ManagedEnvironmentTriageReviewService;
 use App\Support\BackupHealth\TenantBackupHealthAssessment;
 use App\Support\BackupHealth\TenantBackupHealthResolver;
 use App\Support\RestoreSafety\RestoreResultAttention;
@@ -137,9 +137,9 @@ protected function usePortfolioTriageWorkspace(User $user, ManagedEnvironment $t
         session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
         Filament::setTenant(null, true);
         request()->attributes->remove('tenant_resource.posture_snapshot');
-        session()->forget('tables.'.md5(ListTenants::class).'_filters');
-        session()->forget('tables.'.md5(ListTenants::class).'_search');
-        session()->forget('tables.'.md5(ListTenants::class).'_sort');
+        session()->forget('tables.'.md5(ListManagedEnvironments::class).'_filters');
+        session()->forget('tables.'.md5(ListManagedEnvironments::class).'_search');
+        session()->forget('tables.'.md5(ListManagedEnvironments::class).'_sort');
     }
 
     protected function portfolioTriageRegistryList(User $user, ManagedEnvironment $workspaceTenant, array $query = []): mixed
@@ -150,7 +150,7 @@ protected function portfolioTriageRegistryList(User $user, ManagedEnvironment $w
             ? Livewire::withQueryParams($query)->actingAs($user)
             : Livewire::actingAs($user);
 
-        return $factory->test(ListTenants::class);
+        return $factory->test(ListManagedEnvironments::class);
     }
 
     /**
@@ -173,22 +173,22 @@ protected function portfolioReturnFilters(
     protected function seedPortfolioTriageReview(
         ManagedEnvironment $tenant,
         string $concernFamily,
-        string $manualState = TenantTriageReview::STATE_REVIEWED,
+        string $manualState = ManagedEnvironmentTriageReview::STATE_REVIEWED,
         ?User $actor = null,
         bool $changedFingerprint = false,
-    ): TenantTriageReview {
+    ): ManagedEnvironmentTriageReview {
         $backupHealth = app(TenantBackupHealthResolver::class)->assess($tenant);
         $recoveryEvidence = app(RestoreSafetyResolver::class)->dashboardRecoveryEvidence($tenant);
 
         $review = match ($manualState) {
-            TenantTriageReview::STATE_REVIEWED => app(TenantTriageReviewService::class)->markReviewed(
+            ManagedEnvironmentTriageReview::STATE_REVIEWED => app(ManagedEnvironmentTriageReviewService::class)->markReviewed(
                 tenant: $tenant,
                 concernFamily: $concernFamily,
                 backupHealth: $backupHealth,
                 recoveryEvidence: $recoveryEvidence,
                 actor: $actor,
             ),
-            TenantTriageReview::STATE_FOLLOW_UP_NEEDED => app(TenantTriageReviewService::class)->markFollowUpNeeded(
+            ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED => app(ManagedEnvironmentTriageReviewService::class)->markFollowUpNeeded(
                 tenant: $tenant,
                 concernFamily: $concernFamily,
                 backupHealth: $backupHealth,
@@ -209,7 +209,7 @@ protected function seedPortfolioTriageReview(
             ])->save();
         }
 
-        request()->attributes->remove('tenant_resource.triage_review_snapshot');
+        request()->attributes->remove('managed_environment_resource.triage_review_snapshot');
 
         return $review->fresh(['reviewer']);
     }
diff --git a/apps/platform/tests/Feature/Console/TenantpilotSeedBackupHealthBrowserFixtureCommandTest.php b/apps/platform/tests/Feature/Console/TenantpilotSeedBackupHealthBrowserFixtureCommandTest.php
index 7b7f934f..b8d3f579 100644
--- a/apps/platform/tests/Feature/Console/TenantpilotSeedBackupHealthBrowserFixtureCommandTest.php
+++ b/apps/platform/tests/Feature/Console/TenantpilotSeedBackupHealthBrowserFixtureCommandTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Filament\Resources\BackupSetResource;
 use App\Filament\Widgets\Dashboard\NeedsAttention;
 use App\Filament\Widgets\Dashboard\RecoveryReadiness;
@@ -50,11 +50,11 @@
     ]);
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
-    $this->get(route('filament.admin.pages.choose-tenant'))
+    $this->get(route('filament.admin.pages.choose-environment'))
         ->assertOk()
         ->assertSee((string) $tenant->name);
 
-    $this->get(TenantDashboard::getUrl(tenant: $tenant))
+    $this->get(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertOk();
 
     setAdminPanelContext($tenant);
diff --git a/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationActionsTest.php b/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationActionsTest.php
index 9d023135..23139d6b 100644
--- a/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationActionsTest.php
+++ b/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationActionsTest.php
@@ -2,25 +2,25 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Filament\Resources\FindingExceptionResource;
 use App\Filament\Resources\FindingResource;
 use App\Models\Finding;
 use App\Models\FindingException;
 use App\Models\OperationRun;
 use App\Models\ManagedEnvironment;
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 use App\Support\Links\RequiredPermissionsLinks;
 use App\Support\OperationRunLinks;
 use App\Support\OperationRunOutcome;
 use App\Support\OperationRunStatus;
-use App\Support\TenantDashboard\TenantDashboardSummaryBuilder;
+use App\Support\EnvironmentDashboard\EnvironmentDashboardSummaryBuilder;
 
 use function Pest\Laravel\mock;
 
-function mockTenantDashboardActionPermissions(array $overview = []): void
+function mockEnvironmentDashboardActionPermissions(array $overview = []): void
 {
-    mock(TenantRequiredPermissionsViewModelBuilder::class, function ($mock) use ($overview): void {
+    mock(ManagedEnvironmentRequiredPermissionsViewModelBuilder::class, function ($mock) use ($overview): void {
         $mock->shouldReceive('build')->andReturn([
             'overview' => array_replace_recursive([
                 'overall' => 'ready',
@@ -98,7 +98,7 @@ function tenantDashboardButtonClassesForXPath(string $content, string $xpathExpr
 it('prioritizes operations requiring attention below permissions and high severity findings and keeps canonical hub links', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardActionPermissions([
+    mockEnvironmentDashboardActionPermissions([
         'overall' => 'blocked',
         'counts' => [
             'missing_application' => 1,
@@ -125,7 +125,7 @@ function tenantDashboardButtonClassesForXPath(string $content, string $xpathExpr
         'completed_at' => now()->subMinute(),
     ]);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -145,7 +145,7 @@ function tenantDashboardButtonClassesForXPath(string $content, string $xpathExpr
         ])
         ->and($recommendedActions[2]['title'] ?? null)->toBe('Review operations requiring attention')
         ->and($recommendedActions[2]['reason'] ?? null)->toBe('One or more operations finished with an outcome that needs follow-up.')
-        ->and($recommendedActions[2]['impact'] ?? null)->toBe('The tenant should not be treated as fully healthy until the operation outcome has been reviewed.')
+        ->and($recommendedActions[2]['impact'] ?? null)->toBe('The environment should not be treated as fully healthy until the operation outcome has been reviewed.')
         ->and($recommendedActions[2]['actionLabel'] ?? null)->toBe('Review operations')
         ->and($recommendedActions[2]['actionUrl'] ?? null)->toBe(OperationRunLinks::index($tenant, activeTab: OperationRun::PROBLEM_CLASS_TERMINAL_FOLLOW_UP, problemClass: OperationRun::PROBLEM_CLASS_TERMINAL_FOLLOW_UP));
 });
@@ -153,7 +153,7 @@ function tenantDashboardButtonClassesForXPath(string $content, string $xpathExpr
 it('uses review permissions as the top recommended-action CTA when permissions are the highest follow-up', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardActionPermissions([
+    mockEnvironmentDashboardActionPermissions([
         'overall' => 'blocked',
         'counts' => [
             'missing_application' => 2,
@@ -161,7 +161,7 @@ function tenantDashboardButtonClassesForXPath(string $content, string $xpathExpr
         ],
     ]);
 
-    $recommendedActions = app(TenantDashboardSummaryBuilder::class)
+    $recommendedActions = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray()['recommendedActions'];
 
@@ -174,7 +174,7 @@ function tenantDashboardButtonClassesForXPath(string $content, string $xpathExpr
 it('orders productized recommended actions by priority and caps the visible list at three repo-real CTAs', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardActionPermissions([
+    mockEnvironmentDashboardActionPermissions([
         'overall' => 'blocked',
         'counts' => [
             'missing_application' => 2,
@@ -225,7 +225,7 @@ function tenantDashboardButtonClassesForXPath(string $content, string $xpathExpr
         'evidence_summary' => ['reference_count' => 0],
     ]);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -249,7 +249,7 @@ function tenantDashboardButtonClassesForXPath(string $content, string $xpathExpr
     $this->actingAs($user);
     setAdminEnvironmentContext($tenant);
 
-    $content = $this->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+    $content = $this->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertSuccessful()
         ->getContent();
 
@@ -281,7 +281,7 @@ function tenantDashboardButtonClassesForXPath(string $content, string $xpathExpr
 it('assigns semantically distinct icons to overdue-findings and recovery-posture follow-ups', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardActionPermissions();
+    mockEnvironmentDashboardActionPermissions();
 
     [$profile, $snapshot] = seedActiveBaselineForTenant($tenant);
     seedBaselineCompareRun($tenant, $profile, $snapshot, workspaceOverviewCompareCoverage());
@@ -298,7 +298,7 @@ function tenantDashboardButtonClassesForXPath(string $content, string $xpathExpr
             'status' => Finding::STATUS_NEW,
         ]);
 
-    $actions = app(TenantDashboardSummaryBuilder::class)
+    $actions = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray()['recommendedActions'];
 
@@ -311,9 +311,9 @@ function tenantDashboardButtonClassesForXPath(string $content, string $xpathExpr
 it('keeps continue-review follow-up unavailable for readonly members who can only inspect review state', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'readonly');
 
-    composeTenantReviewForTest($tenant, $user);
+    composeEnvironmentReviewForTest($tenant, $user);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
diff --git a/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationAuthorizationTest.php b/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationAuthorizationTest.php
index efd34e74..db512551 100644
--- a/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationAuthorizationTest.php
+++ b/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationAuthorizationTest.php
@@ -4,15 +4,15 @@
 
 use App\Filament\Resources\FindingResource;
 use App\Filament\Pages\Governance\GovernanceInbox;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\Finding;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Services\Auth\CapabilityResolver;
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 use App\Support\Auth\Capabilities;
 use App\Support\Links\RequiredPermissionsLinks;
-use App\Support\TenantDashboard\TenantDashboardSummaryBuilder;
+use App\Support\EnvironmentDashboard\EnvironmentDashboardSummaryBuilder;
 use Filament\Actions\Action;
 use Filament\Actions\ActionGroup;
 use Illuminate\Support\Facades\Gate;
@@ -60,9 +60,9 @@ function tenantDashboardGovernanceStatusRows(string $content): array
     return $rows;
 }
 
-function mockTenantDashboardAuthorizationPermissions(array $overview = []): void
+function mockEnvironmentDashboardAuthorizationPermissions(array $overview = []): void
 {
-    mock(TenantRequiredPermissionsViewModelBuilder::class, function ($mock) use ($overview): void {
+    mock(ManagedEnvironmentRequiredPermissionsViewModelBuilder::class, function ($mock) use ($overview): void {
         $mock->shouldReceive('build')->andReturn([
             'overview' => array_replace_recursive([
                 'overall' => 'ready',
@@ -117,7 +117,7 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
     $outsider = User::factory()->create();
 
     $this->actingAs($outsider)
-        ->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+        ->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertNotFound();
 });
 
@@ -127,7 +127,7 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
     $this->actingAs($user);
     setAdminEnvironmentContext($tenant);
 
-    $this->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+    $this->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertSuccessful();
 });
 
@@ -145,7 +145,7 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
     setAdminEnvironmentContext($tenant);
 
     $component = Livewire::actingAs($user)
-        ->test(TenantDashboard::class)
+        ->test(EnvironmentDashboard::class)
         ->assertActionVisible('primaryFollowUp')
         ->assertActionVisible('requestSupport')
         ->assertActionVisible('openSupportDiagnostics');
@@ -171,7 +171,7 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
 it('falls back to the governance inbox header action with tenant continuity when no summary action is available', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardAuthorizationPermissions();
+    mockEnvironmentDashboardAuthorizationPermissions();
 
     [$profile, $snapshot] = seedActiveBaselineForTenant($tenant);
 
@@ -184,7 +184,7 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
     setAdminEnvironmentContext($tenant);
 
     $component = Livewire::actingAs($user)
-        ->test(TenantDashboard::class)
+        ->test(EnvironmentDashboard::class)
         ->assertActionVisible('primaryFollowUp');
 
     $primaryAction = collect(tenantDashboardProductizationHeaderActions($component))
@@ -201,7 +201,7 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
 it('derives the primary header CTA from the top recommended action instead of hard-coding operations copy', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardAuthorizationPermissions([
+    mockEnvironmentDashboardAuthorizationPermissions([
         'overall' => 'blocked',
         'counts' => [
             'missing_application' => 1,
@@ -211,12 +211,12 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
 
     setAdminEnvironmentContext($tenant);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
     $component = Livewire::actingAs($user)
-        ->test(TenantDashboard::class)
+        ->test(EnvironmentDashboard::class)
         ->assertActionVisible('primaryFollowUp');
 
     $primaryAction = collect(tenantDashboardProductizationHeaderActions($component))
@@ -232,7 +232,7 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
 it('renders governance status rows as interactive only when a repo-real follow-up url is available', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardAuthorizationPermissions();
+    mockEnvironmentDashboardAuthorizationPermissions();
 
     [$profile, $baselineSnapshot] = seedActiveBaselineForTenant($tenant);
     seedBaselineCompareRun($tenant, $profile, $baselineSnapshot, workspaceOverviewCompareCoverage());
@@ -240,14 +240,14 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
     $backupSet = workspaceOverviewSeedHealthyBackup($tenant);
     workspaceOverviewSeedRestoreHistory($tenant, $backupSet);
 
-    $evidenceSnapshot = seedTenantReviewEvidence($tenant);
-    $tenantReview = composeTenantReviewForTest($tenant, $user, $evidenceSnapshot);
+    $evidenceSnapshot = seedEnvironmentReviewEvidence($tenant);
+    $environmentReview = composeEnvironmentReviewForTest($tenant, $user, $evidenceSnapshot);
 
     Gate::define(Capabilities::TENANT_VIEW, fn (): bool => false);
     Gate::define(Capabilities::EVIDENCE_VIEW, fn (): bool => false);
-    Gate::define(Capabilities::TENANT_REVIEW_VIEW, fn (): bool => false);
+    Gate::define(Capabilities::ENVIRONMENT_REVIEW_VIEW, fn (): bool => false);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -261,7 +261,7 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
     $this->actingAs($user);
     setAdminEnvironmentContext($tenant);
 
-    $content = $this->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+    $content = $this->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertSuccessful()
         ->getContent();
 
@@ -287,7 +287,7 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
 it('uses the existing governance status action urls as clickable row targets when the actor is entitled', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardAuthorizationPermissions();
+    mockEnvironmentDashboardAuthorizationPermissions();
 
     [$profile, $baselineSnapshot] = seedActiveBaselineForTenant($tenant);
     seedBaselineCompareRun($tenant, $profile, $baselineSnapshot, workspaceOverviewCompareCoverage());
@@ -295,10 +295,10 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
     $backupSet = workspaceOverviewSeedHealthyBackup($tenant);
     workspaceOverviewSeedRestoreHistory($tenant, $backupSet);
 
-    $evidenceSnapshot = seedTenantReviewEvidence($tenant);
-    $tenantReview = composeTenantReviewForTest($tenant, $user, $evidenceSnapshot);
+    $evidenceSnapshot = seedEnvironmentReviewEvidence($tenant);
+    $environmentReview = composeEnvironmentReviewForTest($tenant, $user, $evidenceSnapshot);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -313,7 +313,7 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
     $this->actingAs($user);
     setAdminEnvironmentContext($tenant);
 
-    $content = $this->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+    $content = $this->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertSuccessful()
         ->getContent();
 
@@ -368,7 +368,7 @@ function tenantDashboardProductizationHeaderMoreActionNames(Testable $component)
         'status' => Finding::STATUS_NEW,
     ]);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
diff --git a/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationReadinessTest.php b/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationReadinessTest.php
index bcc9609d..f7e32f8e 100644
--- a/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationReadinessTest.php
+++ b/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationReadinessTest.php
@@ -3,27 +3,27 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Filament\Resources\EvidenceSnapshotResource;
 use App\Filament\Resources\ReviewPackResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Filament\Widgets\Dashboard\RecoveryReadiness;
 use App\Models\BackupItem;
 use App\Models\BackupSet;
 use App\Models\Finding;
 use App\Models\ProviderConnection;
 use App\Models\ReviewPack;
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 use App\Support\Links\RequiredPermissionsLinks;
-use App\Support\TenantDashboard\TenantDashboardSummaryBuilder;
+use App\Support\EnvironmentDashboard\EnvironmentDashboardSummaryBuilder;
 use Filament\Facades\Filament;
 use Livewire\Livewire;
 
 use function Pest\Laravel\mock;
 
-function mockTenantDashboardReadinessPermissions(array $overview = []): void
+function mockEnvironmentDashboardReadinessPermissions(array $overview = []): void
 {
-    mock(TenantRequiredPermissionsViewModelBuilder::class, function ($mock) use ($overview): void {
+    mock(ManagedEnvironmentRequiredPermissionsViewModelBuilder::class, function ($mock) use ($overview): void {
         $mock->shouldReceive('build')->andReturn([
             'overview' => array_replace_recursive([
                 'overall' => 'ready',
@@ -69,11 +69,11 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
 it('surfaces customer-safe output honestly when evidence exists but no review pack is ready', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardReadinessPermissions();
+    mockEnvironmentDashboardReadinessPermissions();
 
-    seedTenantReviewEvidence($tenant);
+    seedEnvironmentReviewEvidence($tenant);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -89,18 +89,18 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
 it('links ready customer-safe output directly to the latest review pack', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardReadinessPermissions();
+    mockEnvironmentDashboardReadinessPermissions();
 
-    $snapshot = seedTenantReviewEvidence($tenant);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
     ]);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -116,7 +116,7 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
 it('uses required-permissions truth for provider blockage readiness summaries', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardReadinessPermissions([
+    mockEnvironmentDashboardReadinessPermissions([
         'overall' => 'blocked',
         'counts' => [
             'missing_application' => 2,
@@ -136,7 +136,7 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
         'display_name' => 'Microsoft Graph',
     ]);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -160,12 +160,12 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
 it('keeps readiness follow-up destinations tenant-scoped across review, evidence, output, and permissions surfaces', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardReadinessPermissions();
+    mockEnvironmentDashboardReadinessPermissions();
 
-    $snapshot = seedTenantReviewEvidence($tenant);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -177,7 +177,7 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
 
     expect($currentReview)
         ->not->toBeNull()
-        ->and($currentReview['actionUrl'])->toBe(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
+        ->and($currentReview['actionUrl'])->toBe(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
         ->and($evidenceCoverage)
         ->not->toBeNull()
         ->and($evidenceCoverage['actionUrl'])->toBe(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshot], panel: 'admin', tenant: $tenant))
@@ -195,7 +195,7 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
 it('surfaces current-review progress only from repo-real review summary metrics', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardReadinessPermissions();
+    mockEnvironmentDashboardReadinessPermissions();
 
     Finding::factory()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
@@ -211,8 +211,8 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
         'status' => Finding::STATUS_RISK_ACCEPTED,
     ]);
 
-    $snapshot = seedTenantReviewEvidence($tenant, findingCount: 1, driftCount: 0);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $snapshot = seedEnvironmentReviewEvidence($tenant, findingCount: 1, driftCount: 0);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $reviewSummary = is_array($review->summary) ? $review->summary : [];
     $completedSections = (int) ($reviewSummary['section_state_counts']['complete'] ?? 0);
     $totalSections = max(1, (int) ($reviewSummary['section_count'] ?? 0));
@@ -223,7 +223,7 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
         (int) round(($completedSections / $totalSections) * 100),
     );
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -242,7 +242,7 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
 it('renders current-review progress bars with a fixed visible track height and filament tone colors', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardReadinessPermissions();
+    mockEnvironmentDashboardReadinessPermissions();
 
     Finding::factory()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
@@ -258,13 +258,13 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
         'status' => Finding::STATUS_RISK_ACCEPTED,
     ]);
 
-    $snapshot = seedTenantReviewEvidence($tenant, findingCount: 1, driftCount: 0);
-    composeTenantReviewForTest($tenant, $user, $snapshot);
+    $snapshot = seedEnvironmentReviewEvidence($tenant, findingCount: 1, driftCount: 0);
+    composeEnvironmentReviewForTest($tenant, $user, $snapshot);
 
     $this->actingAs($user);
     setAdminEnvironmentContext($tenant);
 
-    $content = $this->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+    $content = $this->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertSuccessful()
         ->getContent();
 
@@ -277,16 +277,16 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
 it('omits current-review progress bars when the review summary has no real denominators', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardReadinessPermissions();
+    mockEnvironmentDashboardReadinessPermissions();
 
-    $snapshot = seedTenantReviewEvidence($tenant);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
 
     $review->forceFill([
         'summary' => [],
     ])->save();
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -300,9 +300,9 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
 it('shows honest fallback states when review and evidence artifacts are not available yet', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardReadinessPermissions();
+    mockEnvironmentDashboardReadinessPermissions();
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -314,12 +314,12 @@ function mockTenantDashboardReadinessPermissions(array $overview = []): void
     expect($currentReview)
         ->not->toBeNull()
         ->and($currentReview['status'])->toBe('No active review')
-        ->and($currentReview['body'])->toBe('There is currently no review in progress for this tenant.')
-        ->and($currentReview['actionUrl'])->toBe(TenantReviewResource::tenantScopedUrl('index', tenant: $tenant))
+        ->and($currentReview['body'])->toBe('There is currently no review in progress for this environment.')
+        ->and($currentReview['actionUrl'])->toBe(EnvironmentReviewResource::tenantScopedUrl('index', tenant: $tenant))
         ->and($providerHealth)
         ->not->toBeNull()
         ->and($providerHealth['status'])->toBe('Provider status unavailable')
-        ->and($providerHealth['body'])->toBe('No provider health snapshot is currently available for this tenant.')
+        ->and($providerHealth['body'])->toBe('No provider health snapshot is currently available for this environment.')
         ->and($providerHealth['actionUrl'])->toBe(RequiredPermissionsLinks::requiredPermissions($tenant))
         ->and($outputCard)
         ->not->toBeNull()
diff --git a/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationSummaryTest.php b/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationSummaryTest.php
index d875e95a..27d1ec8d 100644
--- a/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationSummaryTest.php
+++ b/apps/platform/tests/Feature/Dashboard/TenantDashboardProductizationSummaryTest.php
@@ -2,23 +2,23 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\Finding;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 use App\Support\OperationCatalog;
 use App\Support\OperationRunLinks;
 use App\Support\OperationRunOutcome;
 use App\Support\OperationRunStatus;
-use App\Support\TenantDashboard\TenantDashboardSummaryBuilder;
+use App\Support\EnvironmentDashboard\EnvironmentDashboardSummaryBuilder;
 use Illuminate\Support\Carbon;
 
 use function Pest\Laravel\mock;
 
-function mockTenantDashboardSummaryPermissions(array $overview = []): void
+function mockEnvironmentDashboardSummaryPermissions(array $overview = []): void
 {
-    mock(TenantRequiredPermissionsViewModelBuilder::class, function ($mock) use ($overview): void {
+    mock(ManagedEnvironmentRequiredPermissionsViewModelBuilder::class, function ($mock) use ($overview): void {
         $mock->shouldReceive('build')->andReturn([
             'overview' => array_replace_recursive([
                 'overall' => 'ready',
@@ -38,7 +38,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
 it('renders the decision-first tenant overview with the capped first-screen structure', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardSummaryPermissions();
+    mockEnvironmentDashboardSummaryPermissions();
 
     [$profile, $snapshot] = seedActiveBaselineForTenant($tenant);
 
@@ -74,7 +74,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
     $this->actingAs($user);
     setAdminEnvironmentContext($tenant);
 
-    $response = $this->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+    $response = $this->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertSuccessful()
         ->assertSee($tenant->name)
         ->assertSee('Recommended next actions')
@@ -136,7 +136,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
     try {
         [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-        mockTenantDashboardSummaryPermissions([
+        mockEnvironmentDashboardSummaryPermissions([
             'counts' => [
                 'missing_application' => 2,
                 'missing_delegated' => 1,
@@ -196,7 +196,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
             ]);
         }
 
-        $kpis = collect(app(TenantDashboardSummaryBuilder::class)
+        $kpis = collect(app(EnvironmentDashboardSummaryBuilder::class)
             ->build($tenant, $user)
             ->toArray()['kpis'])
             ->keyBy('key');
@@ -229,7 +229,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
 it('adds semantic icon metadata to governance status rows and curated operations attention items', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardSummaryPermissions();
+    mockEnvironmentDashboardSummaryPermissions();
 
     OperationRun::factory()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
@@ -244,7 +244,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
     OperationRun::factory()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'type' => 'tenant.review_pack.generate',
+        'type' => 'environment.review_pack.generate',
         'status' => OperationRunStatus::Completed->value,
         'outcome' => OperationRunOutcome::Failed->value,
         'created_at' => now()->subMinutes(2),
@@ -261,7 +261,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
         'completed_at' => now()->subMinute(),
     ]);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -281,7 +281,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
 it('shows calm honest fallbacks when no urgent tenant follow-up is visible', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardSummaryPermissions();
+    mockEnvironmentDashboardSummaryPermissions();
 
     [$profile, $snapshot] = seedActiveBaselineForTenant($tenant);
 
@@ -294,7 +294,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
     $this->actingAs($user);
     setAdminEnvironmentContext($tenant);
 
-    $response = $this->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+    $response = $this->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertSuccessful()
         ->assertSee('No immediate action is waiting.')
         ->assertDontSee('Recent operations')
@@ -310,7 +310,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
 it('builds a curated operations requiring attention summary and excludes healthy active runs', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardSummaryPermissions();
+    mockEnvironmentDashboardSummaryPermissions();
 
     $healthyRunningRun = OperationRun::factory()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
@@ -344,7 +344,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
         'completed_at' => now()->subMinutes(3),
     ]);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -381,7 +381,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
     $this->actingAs($user);
     setAdminEnvironmentContext($tenant);
 
-    $this->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+    $this->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertSuccessful()
         ->assertSee('data-testid="tenant-dashboard-operations-attention-summary"', false)
         ->assertSee('Review operation')
@@ -395,7 +395,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
 it('omits the compact active operations summary when no qualifying visible run exists', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    mockTenantDashboardSummaryPermissions();
+    mockEnvironmentDashboardSummaryPermissions();
 
     OperationRun::factory()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
@@ -408,7 +408,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
         'completed_at' => now()->subMinute(),
     ]);
 
-    $summary = app(TenantDashboardSummaryBuilder::class)
+    $summary = app(EnvironmentDashboardSummaryBuilder::class)
         ->build($tenant, $user)
         ->toArray();
 
@@ -417,7 +417,7 @@ function mockTenantDashboardSummaryPermissions(array $overview = []): void
     $this->actingAs($user);
     setAdminEnvironmentContext($tenant);
 
-    $this->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+    $this->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertSuccessful()
         ->assertDontSee('data-testid="tenant-dashboard-operations-attention-summary"', false)
         ->assertDontSee('Review operation')
diff --git a/apps/platform/tests/Feature/DirectoryGroups/TenantGroupSelectorsDbOnlyTest.php b/apps/platform/tests/Feature/DirectoryGroups/TenantGroupSelectorsDbOnlyTest.php
index 286db6e9..4d95b5c0 100644
--- a/apps/platform/tests/Feature/DirectoryGroups/TenantGroupSelectorsDbOnlyTest.php
+++ b/apps/platform/tests/Feature/DirectoryGroups/TenantGroupSelectorsDbOnlyTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\EntraGroup;
 use App\Models\ManagedEnvironment;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -22,7 +22,7 @@
             'display_name' => 'TenantPilot Operators',
         ]);
 
-    $options = assertNoOutboundHttp(fn () => TenantResource::groupSearchOptions($tenant, 'Ten'));
+    $options = assertNoOutboundHttp(fn () => ManagedEnvironmentResource::groupSearchOptions($tenant, 'Ten'));
 
     expect($options)->toMatchArray([
         '33333333-3333-3333-3333-333333333333' => 'TenantPilot Operators (…33333333)',
@@ -42,7 +42,7 @@
             'display_name' => 'TenantPilot Admins',
         ]);
 
-    $label = assertNoOutboundHttp(fn () => TenantResource::groupLabelFromCache($tenant, '44444444-4444-4444-4444-444444444444'));
+    $label = assertNoOutboundHttp(fn () => ManagedEnvironmentResource::groupLabelFromCache($tenant, '44444444-4444-4444-4444-444444444444'));
 
     expect($label)->toBe('TenantPilot Admins (…44444444)');
 });
diff --git a/apps/platform/tests/Feature/EntraAdminRoles/AdminRolesSummaryWidgetTest.php b/apps/platform/tests/Feature/EntraAdminRoles/AdminRolesSummaryWidgetTest.php
index 564969be..e42c6831 100644
--- a/apps/platform/tests/Feature/EntraAdminRoles/AdminRolesSummaryWidgetTest.php
+++ b/apps/platform/tests/Feature/EntraAdminRoles/AdminRolesSummaryWidgetTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Resources\StoredReportResource;
-use App\Filament\Widgets\Tenant\AdminRolesSummaryWidget;
+use App\Filament\Widgets\ManagedEnvironment\AdminRolesSummaryWidget;
 use App\Jobs\ScanEntraAdminRolesJob;
 use App\Models\StoredReport;
 use App\Models\ManagedEnvironment;
diff --git a/apps/platform/tests/Feature/EntraAdminRoles/EntraPermissionsRegistryTest.php b/apps/platform/tests/Feature/EntraAdminRoles/EntraPermissionsRegistryTest.php
index 19ca5fba..7b603a9c 100644
--- a/apps/platform/tests/Feature/EntraAdminRoles/EntraPermissionsRegistryTest.php
+++ b/apps/platform/tests/Feature/EntraAdminRoles/EntraPermissionsRegistryTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Services\Auth\RoleCapabilityMap;
-use App\Services\Intune\TenantPermissionService;
+use App\Services\Intune\ManagedEnvironmentPermissionService;
 use App\Support\Auth\Capabilities;
 use App\Support\TenantRole;
 
@@ -37,11 +37,11 @@
 });
 
 // ---------------------------------------------------------------------------
-// T028 — TenantPermissionService merge tests
+// T028 — ManagedEnvironmentPermissionService merge tests
 // ---------------------------------------------------------------------------
 
 it('merged required permissions include both Intune and Entra entries', function (): void {
-    $service = app(TenantPermissionService::class);
+    $service = app(ManagedEnvironmentPermissionService::class);
     $permissions = $service->getRequiredPermissions();
 
     $keys = array_column($permissions, 'key');
@@ -53,7 +53,7 @@
 });
 
 it('RoleManagement.Read.Directory has correct type and features in merged list', function (): void {
-    $service = app(TenantPermissionService::class);
+    $service = app(ManagedEnvironmentPermissionService::class);
     $permissions = $service->getRequiredPermissions();
 
     $entraPermission = collect($permissions)->firstWhere('key', 'RoleManagement.Read.Directory');
@@ -64,7 +64,7 @@
 });
 
 it('existing Intune permissions unchanged after Entra merge', function (): void {
-    $service = app(TenantPermissionService::class);
+    $service = app(ManagedEnvironmentPermissionService::class);
     $merged = $service->getRequiredPermissions();
 
     $intuneOnly = config('intune_permissions.permissions', []);
@@ -83,7 +83,7 @@
 it('empty entra_permissions config returns only Intune entries', function (): void {
     config()->set('entra_permissions.permissions', []);
 
-    $service = app(TenantPermissionService::class);
+    $service = app(ManagedEnvironmentPermissionService::class);
     $permissions = $service->getRequiredPermissions();
 
     $intuneOnly = config('intune_permissions.permissions', []);
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewAuditLogTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewAuditLogTest.php
similarity index 68%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewAuditLogTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewAuditLogTest.php
index 4344781d..a86dd890 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewAuditLogTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewAuditLogTest.php
@@ -4,12 +4,12 @@
 
 use App\Jobs\GenerateReviewPackJob;
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\AuditLog;
 use App\Models\EvidenceSnapshot;
 use App\Services\ReviewPackService;
-use App\Services\TenantReviews\TenantReviewLifecycleService;
-use App\Services\TenantReviews\TenantReviewService;
+use App\Services\EnvironmentReviews\EnvironmentReviewLifecycleService;
+use App\Services\EnvironmentReviews\EnvironmentReviewService;
 use App\Support\Audit\AuditActionId;
 use Illuminate\Support\Facades\Storage;
 
@@ -17,13 +17,13 @@
     Storage::fake('exports');
 });
 
-it('records tenant-review audit history across create, refresh, publish, export, successor, and archive flows', function (): void {
+it('records environment-review audit history across create, refresh, publish, export, successor, and archive flows', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    $reviewService = app(TenantReviewService::class);
-    $lifecycle = app(TenantReviewLifecycleService::class);
+    $reviewService = app(EnvironmentReviewService::class);
+    $lifecycle = app(EnvironmentReviewLifecycleService::class);
 
-    $initialSnapshot = seedTenantReviewEvidence($tenant);
+    $initialSnapshot = seedEnvironmentReviewEvidence($tenant);
     $review = $reviewService->create($tenant, $initialSnapshot, $user);
     $review = $reviewService->compose($review);
 
@@ -35,7 +35,7 @@
             'expires_at' => now(),
         ]);
 
-    $refreshSnapshot = seedTenantReviewEvidence(
+    $refreshSnapshot = seedEnvironmentReviewEvidence(
         tenant: $tenant,
         findingCount: 6,
         driftCount: 2,
@@ -65,7 +65,7 @@
     );
     app()->call([$job, 'handle']);
 
-    $nextReview = $lifecycle->createNextReview($published->fresh(), $user, seedTenantReviewEvidence(
+    $nextReview = $lifecycle->createNextReview($published->fresh(), $user, seedEnvironmentReviewEvidence(
         tenant: $tenant,
         findingCount: 7,
         driftCount: 1,
@@ -74,39 +74,39 @@
 
     $lifecycle->archive($nextReview, $user, 'Replacing with a newer governance review.');
 
-    expect(AuditLog::query()->where('action', AuditActionId::TenantReviewCreated->value)->exists())->toBeTrue()
-        ->and(AuditLog::query()->where('action', AuditActionId::TenantReviewRefreshed->value)->exists())->toBeTrue()
-        ->and(AuditLog::query()->where('action', AuditActionId::TenantReviewPublished->value)->exists())->toBeTrue()
-        ->and(AuditLog::query()->where('action', AuditActionId::TenantReviewExported->value)->exists())->toBeTrue()
-        ->and(AuditLog::query()->where('action', AuditActionId::TenantReviewSuccessorCreated->value)->exists())->toBeTrue()
-        ->and(AuditLog::query()->where('action', AuditActionId::TenantReviewArchived->value)->exists())->toBeTrue();
+    expect(AuditLog::query()->where('action', AuditActionId::EnvironmentReviewCreated->value)->exists())->toBeTrue()
+        ->and(AuditLog::query()->where('action', AuditActionId::EnvironmentReviewRefreshed->value)->exists())->toBeTrue()
+        ->and(AuditLog::query()->where('action', AuditActionId::EnvironmentReviewPublished->value)->exists())->toBeTrue()
+        ->and(AuditLog::query()->where('action', AuditActionId::EnvironmentReviewExported->value)->exists())->toBeTrue()
+        ->and(AuditLog::query()->where('action', AuditActionId::EnvironmentReviewSuccessorCreated->value)->exists())->toBeTrue()
+        ->and(AuditLog::query()->where('action', AuditActionId::EnvironmentReviewArchived->value)->exists())->toBeTrue();
 
     $exportAudit = AuditLog::query()
-        ->where('action', AuditActionId::TenantReviewExported->value)
+        ->where('action', AuditActionId::EnvironmentReviewExported->value)
         ->latest('id')
         ->first();
 
     $publishAudit = AuditLog::query()
-        ->where('action', AuditActionId::TenantReviewPublished->value)
+        ->where('action', AuditActionId::EnvironmentReviewPublished->value)
         ->latest('id')
         ->first();
 
     $archiveAudit = AuditLog::query()
-        ->where('action', AuditActionId::TenantReviewArchived->value)
+        ->where('action', AuditActionId::EnvironmentReviewArchived->value)
         ->latest('id')
         ->first();
 
     expect($exportAudit)->not->toBeNull()
-        ->and($exportAudit?->resource_type)->toBe('tenant_review')
+        ->and($exportAudit?->resource_type)->toBe('environment_review')
         ->and(data_get($exportAudit?->metadata, 'review_pack_id'))->toBe((int) $pack->getKey())
         ->and(data_get($publishAudit?->metadata, 'reason'))->toBe('Publishing the current review pack.')
         ->and(data_get($archiveAudit?->metadata, 'reason'))->toBe('Replacing with a newer governance review.');
 });
 
-it('records customer workspace interpretation metadata when a tenant review is opened', function (): void {
+it('records customer workspace interpretation metadata when a environment review is opened', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'readonly');
-    $snapshot = seedTenantReviewEvidence($tenant);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
 
     $review->forceFill([
         'status' => 'published',
@@ -117,7 +117,7 @@
     setAdminEnvironmentContext($tenant);
 
     $this->actingAs($user)
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant).'?'.http_build_query([
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant).'?'.http_build_query([
             CustomerReviewWorkspace::DETAIL_CONTEXT_QUERY_KEY => 1,
             'source_surface' => CustomerReviewWorkspace::SOURCE_SURFACE,
             'tenant_filter_id' => (string) $tenant->getKey(),
@@ -126,12 +126,12 @@
         ->assertOk();
 
     $audit = AuditLog::query()
-        ->where('action', AuditActionId::TenantReviewOpened->value)
+        ->where('action', AuditActionId::EnvironmentReviewOpened->value)
         ->latest('id')
         ->first();
 
     expect($audit)->not->toBeNull()
-        ->and($audit?->resource_type)->toBe('tenant_review')
+        ->and($audit?->resource_type)->toBe('environment_review')
         ->and(data_get($audit?->metadata, 'review_id'))->toBe((int) $review->getKey())
         ->and(data_get($audit?->metadata, 'source_surface'))->toBe(CustomerReviewWorkspace::SOURCE_SURFACE)
         ->and(data_get($audit?->metadata, 'tenant_filter_id'))->toBe((string) $tenant->getKey())
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewCanonicalControlReferenceTest.php
similarity index 86%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewCanonicalControlReferenceTest.php
index 54448709..e9cd496b 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewCanonicalControlReferenceTest.php
@@ -5,11 +5,11 @@
 use App\Models\Finding;
 use App\Support\Governance\Controls\ComplianceEvidenceMappingV1;
 
-it('passes shared canonical control references through tenant review composition', function (): void {
+it('passes shared canonical control references through environment review composition', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $snapshot = seedTenantReviewEvidence($tenant, findingCount: 0, driftCount: 1);
+    $snapshot = seedEnvironmentReviewEvidence($tenant, findingCount: 0, driftCount: 1);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $openRisks = $review->sections->firstWhere('section_key', 'open_risks');
     $executiveSummary = $review->sections->firstWhere('section_key', 'executive_summary');
     $controlInterpretation = $review->sections->firstWhere('section_key', ComplianceEvidenceMappingV1::SECTION_KEY);
@@ -46,8 +46,8 @@
         'subject_external_id' => 'canonical-triaged',
     ]);
 
-    $snapshot = seedTenantReviewEvidence($tenant, findingCount: 0, driftCount: 0);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $snapshot = seedEnvironmentReviewEvidence($tenant, findingCount: 0, driftCount: 0);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $openRisks = $review->sections->firstWhere('section_key', 'open_risks');
     $entries = $openRisks->render_payload['entries'] ?? [];
 
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewCreationTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewCreationTest.php
similarity index 72%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewCreationTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewCreationTest.php
index c4ba0dd0..a76cbf37 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewCreationTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewCreationTest.php
@@ -4,14 +4,14 @@
 
 use App\Models\Finding;
 use App\Services\Evidence\EvidenceSnapshotService;
-use App\Support\TenantReviewCompletenessState;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewCompletenessState;
+use App\Support\EnvironmentReviewStatus;
 
-it('creates an anchored tenant review from a chosen evidence snapshot and keeps that basis stable after live data changes', function (): void {
+it('creates an anchored environment review from a chosen evidence snapshot and keeps that basis stable after live data changes', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
 
     expect($review->evidence_snapshot_id)->toBe((int) $snapshot->getKey())
         ->and($review->sections)->toHaveCount(7)
@@ -42,7 +42,7 @@
 it('records completeness and publish blockers when the evidence basis is partial or missing', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    $snapshot = seedTenantReviewEvidence(
+    $snapshot = seedEnvironmentReviewEvidence(
         tenant: $tenant,
         permissionPayload: [
             'required_count' => 10,
@@ -51,9 +51,9 @@
         operationRunCount: 0,
     );
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
 
-    expect($review->completeness_state)->toBe(TenantReviewCompletenessState::Missing->value)
-        ->and($review->status)->toBe(TenantReviewStatus::Draft->value)
+    expect($review->completeness_state)->toBe(EnvironmentReviewCompletenessState::Missing->value)
+        ->and($review->status)->toBe(EnvironmentReviewStatus::Draft->value)
         ->and($review->publishBlockers())->not->toBeEmpty();
 });
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewCycleTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewCycleTest.php
similarity index 59%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewCycleTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewCycleTest.php
index ca70294b..f1c2c826 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewCycleTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewCycleTest.php
@@ -3,13 +3,13 @@
 declare(strict_types=1);
 
 use App\Models\EvidenceSnapshot;
-use App\Services\TenantReviews\TenantReviewLifecycleService;
-use App\Support\TenantReviewStatus;
+use App\Services\EnvironmentReviews\EnvironmentReviewLifecycleService;
+use App\Support\EnvironmentReviewStatus;
 
-it('creates a successor draft from a published tenant review without mutating the published review body', function (): void {
+it('creates a successor draft from a published environment review without mutating the published review body', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $publishedReview = app(TenantReviewLifecycleService::class)->publish(
-        composeTenantReviewForTest($tenant, $user),
+    $publishedReview = app(EnvironmentReviewLifecycleService::class)->publish(
+        composeEnvironmentReviewForTest($tenant, $user),
         $user,
         'Ready for the next review cycle.',
     );
@@ -22,21 +22,21 @@
             'expires_at' => now(),
         ]);
 
-    $nextSnapshot = seedTenantReviewEvidence(
+    $nextSnapshot = seedEnvironmentReviewEvidence(
         tenant: $tenant,
         findingCount: 5,
         driftCount: 2,
         operationRunCount: 2,
     );
 
-    $nextReview = app(TenantReviewLifecycleService::class)->createNextReview($publishedReview, $user, $nextSnapshot);
+    $nextReview = app(EnvironmentReviewLifecycleService::class)->createNextReview($publishedReview, $user, $nextSnapshot);
     $publishedReview->refresh();
 
     expect((int) $nextReview->getKey())->not->toBe((int) $publishedReview->getKey())
         ->and($nextReview->isMutable())->toBeTrue()
         ->and($nextReview->evidence_snapshot_id)->toBe((int) $nextSnapshot->getKey());
 
-    expect($publishedReview->status)->toBe(TenantReviewStatus::Superseded->value)
+    expect($publishedReview->status)->toBe(EnvironmentReviewStatus::Superseded->value)
         ->and($publishedReview->superseded_by_review_id)->toBe((int) $nextReview->getKey())
         ->and($publishedReview->published_at)->not->toBeNull();
 });
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewExecutivePackTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewExecutivePackTest.php
similarity index 87%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewExecutivePackTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewExecutivePackTest.php
index 66c229a0..c51dff45 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewExecutivePackTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewExecutivePackTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantReviewResource;
-use App\Filament\Widgets\Tenant\TenantReviewPackCard;
+use App\Filament\Resources\EnvironmentReviewResource;
+use App\Filament\Widgets\ManagedEnvironment\ManagedEnvironmentReviewPackCard;
 use App\Jobs\GenerateReviewPackJob;
 use App\Services\ReviewPackService;
 use Illuminate\Support\Facades\Storage;
@@ -13,12 +13,12 @@
     Storage::fake('exports');
 });
 
-it('renders an executive-ready tenant review and exports a pack with matching section order and summary truth', function (): void {
+it('renders an executive-ready environment review and exports a pack with matching section order and summary truth', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $review = composeTenantReviewForTest($tenant, $user);
+    $review = composeEnvironmentReviewForTest($tenant, $user);
 
     $this->actingAs($user)
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
         ->assertOk()
         ->assertSee('Executive posture')
         ->assertSee('Executive summary')
@@ -41,7 +41,7 @@
     $review->refresh()->load(['sections', 'evidenceSnapshot']);
 
     $zipContent = Storage::disk('exports')->get((string) $pack->file_path);
-    $tempFile = tempnam(sys_get_temp_dir(), 'tenant-review-pack-');
+    $tempFile = tempnam(sys_get_temp_dir(), 'environment-review-pack-');
     file_put_contents($tempFile, $zipContent);
 
     $zip = new ZipArchive;
@@ -85,6 +85,6 @@
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(TenantReviewPackCard::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentReviewPackCard::class, ['record' => $tenant])
         ->assertSee('View review');
 });
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewExplanationSurfaceTest.php
similarity index 88%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewExplanationSurfaceTest.php
index d4b00544..96f7deba 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewExplanationSurfaceTest.php
@@ -4,7 +4,7 @@
 
 use App\Filament\Pages\Reviews\ReviewRegister;
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\ManagedEnvironment;
 use App\Support\OperationRunLinks;
 use App\Support\ReasonTranslation\ReasonPresenter;
@@ -16,7 +16,7 @@
 
 uses(BuildsGovernanceArtifactTruthFixtures::class);
 
-it('reuses the same operator explanation on tenant review detail and review register surfaces', function (): void {
+it('reuses the same operator explanation on environment review detail and review register surfaces', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
 
@@ -35,9 +35,9 @@
     );
 
     $presenter = app(ArtifactTruthPresenter::class);
-    $truth = $presenter->forTenantReview($review);
+    $truth = $presenter->forEnvironmentReview($review);
     $explanation = $truth->operatorExplanation;
-    $detailOutcome = $presenter->compressedOutcomeFor($review, SurfaceCompressionContext::tenantReview());
+    $detailOutcome = $presenter->compressedOutcomeFor($review, SurfaceCompressionContext::environmentReview());
     $registerOutcome = $presenter->compressedOutcomeFor($review, SurfaceCompressionContext::reviewRegister());
     $reasonSemantics = app(ReasonPresenter::class)->semantics($truth->reason?->toReasonResolutionEnvelope());
 
@@ -46,7 +46,7 @@
     setAdminEnvironmentContext($tenant);
 
     $this->actingAs($user)
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
         ->assertOk()
         ->assertSee($detailOutcome?->primaryReason ?? '')
         ->assertSee($explanation?->nextActionText ?? '')
@@ -69,8 +69,8 @@
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
 
-    $snapshot = seedTenantReviewEvidence($tenant);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
         'status' => 'published',
         'published_at' => now(),
@@ -82,7 +82,7 @@
     setAdminEnvironmentContext($tenant);
 
     $this->actingAs($user)
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant).'?'.http_build_query([
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant).'?'.http_build_query([
             CustomerReviewWorkspace::DETAIL_CONTEXT_QUERY_KEY => 1,
             'source_surface' => CustomerReviewWorkspace::SOURCE_SURFACE,
             'tenant_filter_id' => (string) $tenant->getKey(),
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewExportOperationsUxTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewExportOperationsUxTest.php
similarity index 82%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewExportOperationsUxTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewExportOperationsUxTest.php
index c66bb251..7f4b9f39 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewExportOperationsUxTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewExportOperationsUxTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantReviewResource\Pages\ViewTenantReview;
+use App\Filament\Resources\EnvironmentReviewResource\Pages\ViewEnvironmentReview;
 use App\Jobs\GenerateReviewPackJob;
 use App\Models\OperationRun;
 use App\Models\ReviewPack;
@@ -24,12 +24,12 @@
     $tenant = ManagedEnvironment::factory()->create();
     [$owner, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
     [$readonly] = createUserWithTenant(tenant: $tenant, user: User::factory()->create(), role: 'readonly');
-    $review = composeTenantReviewForTest($tenant, $owner);
+    $review = composeEnvironmentReviewForTest($tenant, $owner);
 
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($readonly)
-        ->test(ViewTenantReview::class, ['record' => $review->getKey()])
+        ->test(ViewEnvironmentReview::class, ['record' => $review->getKey()])
         ->assertActionVisible('export_executive_pack')
         ->assertActionDisabled('export_executive_pack');
 });
@@ -38,17 +38,17 @@
     Notification::fake();
 
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $review = composeTenantReviewForTest($tenant, $user);
+    $review = composeEnvironmentReviewForTest($tenant, $user);
 
     setAdminEnvironmentContext($tenant);
 
     $component = Livewire::actingAs($user)
-        ->test(ViewTenantReview::class, ['record' => $review->getKey()])
+        ->test(ViewEnvironmentReview::class, ['record' => $review->getKey()])
         ->callAction('export_executive_pack')
         ->assertNotified();
 
     $pack = ReviewPack::query()
-        ->where('tenant_review_id', (int) $review->getKey())
+        ->where('environment_review_id', (int) $review->getKey())
         ->latest('id')
         ->firstOrFail();
 
@@ -60,7 +60,7 @@
         ->callAction('export_executive_pack')
         ->assertNotified();
 
-    expect(ReviewPack::query()->where('tenant_review_id', (int) $review->getKey())->count())->toBe(1);
+    expect(ReviewPack::query()->where('environment_review_id', (int) $review->getKey())->count())->toBe(1);
 
     $job = new GenerateReviewPackJob(
         reviewPackId: (int) $pack->getKey(),
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewLifecycleTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewLifecycleTest.php
similarity index 66%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewLifecycleTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewLifecycleTest.php
index 0ae4b6a6..674e842c 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewLifecycleTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewLifecycleTest.php
@@ -2,10 +2,10 @@
 
 declare(strict_types=1);
 
-use App\Services\TenantReviews\TenantReviewLifecycleService;
-use App\Services\TenantReviews\TenantReviewReadinessGate;
-use App\Support\TenantReviewCompletenessState;
-use App\Support\TenantReviewStatus;
+use App\Services\EnvironmentReviews\EnvironmentReviewLifecycleService;
+use App\Services\EnvironmentReviews\EnvironmentReviewReadinessGate;
+use App\Support\EnvironmentReviewCompletenessState;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthPresenter;
 use Tests\Feature\Concerns\BuildsGovernanceArtifactTruthFixtures;
 
@@ -14,7 +14,7 @@
 it('blocks publication when required review sections are missing from the anchored evidence basis', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    $review = composeTenantReviewForTest($tenant, $user, seedTenantReviewEvidence(
+    $review = composeEnvironmentReviewForTest($tenant, $user, seedEnvironmentReviewEvidence(
         tenant: $tenant,
         permissionPayload: [
             'required_count' => 11,
@@ -23,29 +23,29 @@
         operationRunCount: 0,
     ));
 
-    expect(app(TenantReviewReadinessGate::class)->canPublish($review))->toBeFalse()
+    expect(app(EnvironmentReviewReadinessGate::class)->canPublish($review))->toBeFalse()
         ->and($review->publishBlockers())->not->toBeEmpty();
 
-    $truth = app(ArtifactTruthPresenter::class)->forTenantReview($review);
+    $truth = app(ArtifactTruthPresenter::class)->forEnvironmentReview($review);
 
     expect($truth->artifactExistence)->toBe('created')
         ->and($truth->publicationReadiness)->toBe('blocked')
         ->and($truth->primaryLabel)->toBe('Publication blocked')
         ->and($truth->nextStepText())->toBe('Resolve the review blockers before publication');
 
-    expect(fn () => app(TenantReviewLifecycleService::class)->publish($review, $user, 'Ready for formal publication.'))
+    expect(fn () => app(EnvironmentReviewLifecycleService::class)->publish($review, $user, 'Ready for formal publication.'))
         ->toThrow(\InvalidArgumentException::class);
 });
 
-it('publishes ready tenant reviews and archives them without mutating the published evidence history', function (): void {
+it('publishes ready environment reviews and archives them without mutating the published evidence history', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
     $review = $this->makeArtifactTruthReview(
         tenant: $tenant,
         user: $user,
         snapshot: $this->makeArtifactTruthEvidenceSnapshot($tenant),
         reviewOverrides: [
-            'status' => TenantReviewStatus::Ready->value,
-            'completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'status' => EnvironmentReviewStatus::Ready->value,
+            'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
         ],
         summaryOverrides: [
             'publish_blockers' => [],
@@ -58,19 +58,19 @@
         ],
     );
 
-    $published = app(TenantReviewLifecycleService::class)->publish($review, $user, 'Ready for formal publication.');
+    $published = app(EnvironmentReviewLifecycleService::class)->publish($review, $user, 'Ready for formal publication.');
     $publishedAt = $published->published_at?->toIso8601String();
 
-    expect($published->status)->toBe(TenantReviewStatus::Published->value)
+    expect($published->status)->toBe(EnvironmentReviewStatus::Published->value)
         ->and($published->published_by_user_id)->toBe((int) $user->getKey())
         ->and($publishedAt)->not->toBeNull();
 
-    $publishedTruth = app(ArtifactTruthPresenter::class)->forTenantReview($published);
+    $publishedTruth = app(ArtifactTruthPresenter::class)->forEnvironmentReview($published);
 
-    $archived = app(TenantReviewLifecycleService::class)->archive($published, $user, 'Superseded by newer review cycle.');
-    $archivedTruth = app(ArtifactTruthPresenter::class)->forTenantReview($archived);
+    $archived = app(EnvironmentReviewLifecycleService::class)->archive($published, $user, 'Superseded by newer review cycle.');
+    $archivedTruth = app(ArtifactTruthPresenter::class)->forEnvironmentReview($archived);
 
-    expect($archived->status)->toBe(TenantReviewStatus::Archived->value)
+    expect($archived->status)->toBe(EnvironmentReviewStatus::Archived->value)
         ->and($archived->archived_at)->not->toBeNull()
         ->and($archived->published_at?->toIso8601String())->toBe($publishedAt)
         ->and($publishedTruth->publicationReadiness)->toBe('publishable')
@@ -82,17 +82,17 @@
 
 it('keeps stale published reviews internal only even when the lifecycle status is published', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $snapshot = seedStaleTenantReviewEvidence($tenant);
+    $snapshot = seedStaleEnvironmentReviewEvidence($tenant);
 
     $review = $this->makeArtifactTruthReview(
         tenant: $tenant,
         user: $user,
         snapshot: $snapshot,
         reviewOverrides: [
-            'status' => TenantReviewStatus::Published->value,
+            'status' => EnvironmentReviewStatus::Published->value,
             'published_at' => now(),
             'published_by_user_id' => (int) $user->getKey(),
-            'completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
         ],
         summaryOverrides: [
             'publish_blockers' => [],
@@ -105,7 +105,7 @@
         ],
     );
 
-    $truth = app(ArtifactTruthPresenter::class)->forTenantReview($review);
+    $truth = app(ArtifactTruthPresenter::class)->forEnvironmentReview($review);
 
     expect($truth->freshnessState)->toBe('stale')
         ->and($truth->publicationReadiness)->toBe('internal_only')
@@ -115,15 +115,15 @@
 
 it('downgrades structurally ready reviews with partial evidence to internal only', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $snapshot = seedPartialTenantReviewEvidence($tenant);
+    $snapshot = seedPartialEnvironmentReviewEvidence($tenant);
 
     $review = $this->makeArtifactTruthReview(
         tenant: $tenant,
         user: $user,
         snapshot: $snapshot,
         reviewOverrides: [
-            'status' => TenantReviewStatus::Ready->value,
-            'completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'status' => EnvironmentReviewStatus::Ready->value,
+            'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
         ],
         summaryOverrides: [
             'publish_blockers' => [],
@@ -136,7 +136,7 @@
         ],
     );
 
-    $truth = app(ArtifactTruthPresenter::class)->forTenantReview($review);
+    $truth = app(ArtifactTruthPresenter::class)->forEnvironmentReview($review);
 
     expect($truth->contentState)->toBe('partial')
         ->and($truth->freshnessState)->toBe('current')
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewOperationsUxTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewOperationsUxTest.php
similarity index 69%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewOperationsUxTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewOperationsUxTest.php
index bc7d323b..4d91a218 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewOperationsUxTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewOperationsUxTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Jobs\ComposeTenantReviewJob;
+use App\Jobs\ComposeEnvironmentReviewJob;
 use App\Jobs\Concerns\BridgesFailedOperationRun;
 use App\Models\OperationRun;
 use App\Notifications\OperationRunCompleted;
@@ -18,19 +18,19 @@
     Notification::fake();
 
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $snapshot = seedTenantReviewEvidence($tenant, operationRunCount: 3);
+    $snapshot = seedEnvironmentReviewEvidence($tenant, operationRunCount: 3);
 
-    $review = app(\App\Services\TenantReviews\TenantReviewService::class)->create($tenant, $snapshot, $user);
+    $review = app(\App\Services\EnvironmentReviews\EnvironmentReviewService::class)->create($tenant, $snapshot, $user);
     $run = OperationRun::query()->findOrFail($review->operation_run_id);
 
-    expect($run->type)->toBe(OperationRunType::TenantReviewCompose->value)
+    expect($run->type)->toBe(OperationRunType::EnvironmentReviewCompose->value)
         ->and(OperationCatalog::label((string) $run->type))->toBe('Review composition')
         ->and(data_get($run->context, 'progress.composite.operation_count'))->toBe(3)
         ->and(data_get($run->context, 'progress.composite.label'))->toBe('Review composition is aggregating 3 operations.');
 
-    Queue::assertPushed(ComposeTenantReviewJob::class);
+    Queue::assertPushed(ComposeEnvironmentReviewJob::class);
 
-    $job = new ComposeTenantReviewJob((int) $review->getKey(), (int) $run->getKey());
+    $job = new ComposeEnvironmentReviewJob((int) $review->getKey(), (int) $run->getKey());
     app()->call([$job, 'handle']);
 
     $run->refresh();
@@ -41,8 +41,8 @@
     Notification::assertSentTo($user, OperationRunCompleted::class);
 });
 
-it('declares the tenant review lifecycle contract explicitly', function (): void {
-    $job = new ComposeTenantReviewJob(tenantReviewId: 1, operationRunId: 1);
+it('declares the environment review lifecycle contract explicitly', function (): void {
+    $job = new ComposeEnvironmentReviewJob(environmentReviewId: 1, operationRunId: 1);
 
     expect(class_uses_recursive($job))->toContain(BridgesFailedOperationRun::class)
         ->and($job->timeout)->toBe(240)
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewRbacTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewRbacTest.php
similarity index 62%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewRbacTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewRbacTest.php
index cad35781..a549c908 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewRbacTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewRbacTest.php
@@ -2,27 +2,27 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantReviewResource;
-use App\Filament\Resources\TenantReviewResource\Pages\ListTenantReviews;
-use App\Filament\Resources\TenantReviewResource\Pages\ViewTenantReview;
+use App\Filament\Resources\EnvironmentReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource\Pages\ListEnvironmentReviews;
+use App\Filament\Resources\EnvironmentReviewResource\Pages\ViewEnvironmentReview;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Support\Auth\UiTooltips;
 use Livewire\Livewire;
 
-it('returns not found for non-members on the tenant review library and detail routes', function (): void {
+it('returns not found for non-members on the environment review library and detail routes', function (): void {
     $targetTenant = ManagedEnvironment::factory()->create();
     [$member] = createUserWithTenant(role: 'owner');
     $reviewOwner = User::factory()->create();
     createUserWithTenant(tenant: $targetTenant, user: $reviewOwner, role: 'owner');
-    $review = composeTenantReviewForTest($targetTenant, $reviewOwner);
+    $review = composeEnvironmentReviewForTest($targetTenant, $reviewOwner);
 
     $this->actingAs($member)
-        ->get(TenantReviewResource::tenantScopedUrl('index', tenant: $targetTenant))
+        ->get(EnvironmentReviewResource::tenantScopedUrl('index', tenant: $targetTenant))
         ->assertNotFound();
 
     $this->actingAs($member)
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $targetTenant))
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $targetTenant))
         ->assertNotFound();
 });
 
@@ -30,22 +30,22 @@
     $tenant = ManagedEnvironment::factory()->create();
     [$owner, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
     [$readonly] = createUserWithTenant(tenant: $tenant, user: User::factory()->create(), role: 'readonly');
-    $review = composeTenantReviewForTest($tenant, $owner);
+    $review = composeEnvironmentReviewForTest($tenant, $owner);
 
     $this->actingAs($readonly)
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
         ->assertOk();
 
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($readonly)
-        ->test(ListTenantReviews::class)
+        ->test(ListEnvironmentReviews::class)
         ->assertActionVisible('create_review')
         ->assertActionDisabled('create_review')
         ->assertActionExists('create_review', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission());
 
     Livewire::actingAs($readonly)
-        ->test(ViewTenantReview::class, ['record' => $review->getKey()])
+        ->test(ViewEnvironmentReview::class, ['record' => $review->getKey()])
         ->assertActionVisible('publish_review')
         ->assertActionDisabled('publish_review')
         ->assertActionVisible('archive_review')
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewRegisterPrefilterTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewRegisterPrefilterTest.php
similarity index 93%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewRegisterPrefilterTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewRegisterPrefilterTest.php
index f46a52ed..3a8730e8 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewRegisterPrefilterTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewRegisterPrefilterTest.php
@@ -17,11 +17,11 @@
     ]);
     createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly');
 
-    $reviewA = composeTenantReviewForTest($tenantA, $user);
-    $reviewB = composeTenantReviewForTest(
+    $reviewA = composeEnvironmentReviewForTest($tenantA, $user);
+    $reviewB = composeEnvironmentReviewForTest(
         $tenantB,
         $user,
-        seedTenantReviewEvidence(
+        seedEnvironmentReviewEvidence(
             tenant: $tenantB,
             permissionPayload: [
                 'required_count' => 11,
@@ -58,10 +58,10 @@
     ]);
     createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly');
 
-    $reviewA = composeTenantReviewForTest(
+    $reviewA = composeEnvironmentReviewForTest(
         $tenantA,
         $user,
-        seedTenantReviewEvidence(
+        seedEnvironmentReviewEvidence(
             tenant: $tenantA,
             permissionPayload: [
                 'required_count' => 11,
@@ -70,7 +70,7 @@
             operationRunCount: 0,
         ),
     );
-    $reviewB = composeTenantReviewForTest($tenantB, $user);
+    $reviewB = composeEnvironmentReviewForTest($tenantB, $user);
 
     $this->actingAs($user);
     setAdminPanelContext();
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewRegisterRbacTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewRegisterRbacTest.php
similarity index 89%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewRegisterRbacTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewRegisterRbacTest.php
index a95913f6..44614921 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewRegisterRbacTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewRegisterRbacTest.php
@@ -20,7 +20,7 @@
         ->assertNotFound();
 });
 
-it('returns 404 for workspace members that have no tenant-review visibility in the active workspace', function (): void {
+it('returns 404 for workspace members that have no environment-review visibility in the active workspace', function (): void {
     $workspace = Workspace::factory()->create();
     $user = User::factory()->create();
 
@@ -39,7 +39,7 @@
 it('allows entitled workspace members to access the canonical review register', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
-    composeTenantReviewForTest($tenant, $user);
+    composeEnvironmentReviewForTest($tenant, $user);
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
@@ -51,10 +51,10 @@
     $tenantAllowed = ManagedEnvironment::factory()->create(['name' => 'Allowed ManagedEnvironment']);
     [$user, $tenantAllowed] = createUserWithTenant(tenant: $tenantAllowed, role: 'readonly');
 
-    $allowedReview = composeTenantReviewForTest(
+    $allowedReview = composeEnvironmentReviewForTest(
         $tenantAllowed,
         $user,
-        seedTenantReviewEvidence(
+        seedEnvironmentReviewEvidence(
             tenant: $tenantAllowed,
             permissionPayload: [
                 'required_count' => 11,
@@ -69,7 +69,7 @@
         'name' => 'Denied ManagedEnvironment',
     ]);
     [$otherOwner, $tenantDenied] = createUserWithTenant(tenant: $tenantDenied, role: 'owner');
-    $deniedReview = composeTenantReviewForTest($tenantDenied, $otherOwner);
+    $deniedReview = composeEnvironmentReviewForTest($tenantDenied, $otherOwner);
 
     $this->actingAs($user);
     setAdminPanelContext();
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewRegisterTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewRegisterTest.php
similarity index 82%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewRegisterTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewRegisterTest.php
index 8c4a9982..acab06b4 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewRegisterTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewRegisterTest.php
@@ -5,15 +5,15 @@
 use App\Filament\Pages\Reviews\ReviewRegister;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
-use App\Support\TenantReviewCompletenessState;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewCompletenessState;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Workspaces\WorkspaceContext;
 use Livewire\Livewire;
 use Tests\Feature\Concerns\BuildsGovernanceArtifactTruthFixtures;
 
 uses(BuildsGovernanceArtifactTruthFixtures::class);
 
-it('lists only entitled tenant reviews in the canonical review register and filters by tenant', function (): void {
+it('lists only entitled environment reviews in the canonical review register and filters by tenant', function (): void {
     $tenantA = ManagedEnvironment::factory()->create(['name' => 'Alpha ManagedEnvironment']);
     [$user, $tenantA] = createUserWithTenant(tenant: $tenantA, role: 'owner');
 
@@ -30,9 +30,9 @@
     $foreignOwner = User::factory()->create();
     createUserWithTenant(tenant: $tenantC, user: $foreignOwner, role: 'owner');
 
-    $reviewA = composeTenantReviewForTest($tenantA, $user);
-    $reviewB = composeTenantReviewForTest($tenantB, $user);
-    $reviewC = composeTenantReviewForTest($tenantC, $foreignOwner);
+    $reviewA = composeEnvironmentReviewForTest($tenantA, $user);
+    $reviewB = composeEnvironmentReviewForTest($tenantB, $user);
+    $reviewC = composeEnvironmentReviewForTest($tenantC, $foreignOwner);
 
     $this->actingAs($user);
     setAdminPanelContext();
@@ -52,7 +52,7 @@
 
 it('shows a single clear-filters empty-state action when no review rows match the current register view', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $review = composeTenantReviewForTest($tenant, $user);
+    $review = composeEnvironmentReviewForTest($tenant, $user);
 
     $this->actingAs($user);
     setAdminPanelContext();
@@ -77,8 +77,8 @@
     ]);
     createUserWithTenant(tenant: $tenantB, user: $user, role: 'owner');
 
-    $reviewA = composeTenantReviewForTest($tenantA, $user);
-    $reviewB = composeTenantReviewForTest($tenantB, $user);
+    $reviewA = composeEnvironmentReviewForTest($tenantA, $user);
+    $reviewB = composeEnvironmentReviewForTest($tenantB, $user);
 
     $this->actingAs($user);
     setAdminPanelContext();
@@ -103,7 +103,7 @@
     expect(app(WorkspaceContext::class)->lastTenantId())->toBeNull();
 });
 
-it('keeps stale and partial review rows aligned with tenant review detail trust', function (): void {
+it('keeps stale and partial review rows aligned with environment review detail trust', function (): void {
     $staleTenant = ManagedEnvironment::factory()->create(['name' => 'Stale ManagedEnvironment']);
     [$user, $staleTenant] = createUserWithTenant(tenant: $staleTenant, role: 'owner');
 
@@ -116,12 +116,12 @@
     $staleReview = $this->makeArtifactTruthReview(
         tenant: $staleTenant,
         user: $user,
-        snapshot: seedStaleTenantReviewEvidence($staleTenant),
+        snapshot: seedStaleEnvironmentReviewEvidence($staleTenant),
         reviewOverrides: [
-            'status' => TenantReviewStatus::Published->value,
+            'status' => EnvironmentReviewStatus::Published->value,
             'published_at' => now(),
             'published_by_user_id' => (int) $user->getKey(),
-            'completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
         ],
         summaryOverrides: [
             'publish_blockers' => [],
@@ -137,10 +137,10 @@
     $partialReview = $this->makeArtifactTruthReview(
         tenant: $partialTenant,
         user: $user,
-        snapshot: seedPartialTenantReviewEvidence($partialTenant),
+        snapshot: seedPartialEnvironmentReviewEvidence($partialTenant),
         reviewOverrides: [
-            'status' => TenantReviewStatus::Ready->value,
-            'completeness_state' => TenantReviewCompletenessState::Complete->value,
+            'status' => EnvironmentReviewStatus::Ready->value,
+            'completeness_state' => EnvironmentReviewCompletenessState::Complete->value,
         ],
         summaryOverrides: [
             'publish_blockers' => [],
diff --git a/apps/platform/tests/Feature/TenantReview/TenantReviewUiContractTest.php b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewUiContractTest.php
similarity index 72%
rename from apps/platform/tests/Feature/TenantReview/TenantReviewUiContractTest.php
rename to apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewUiContractTest.php
index 27d905bf..fec81573 100644
--- a/apps/platform/tests/Feature/TenantReview/TenantReviewUiContractTest.php
+++ b/apps/platform/tests/Feature/EnvironmentReview/EnvironmentReviewUiContractTest.php
@@ -4,15 +4,15 @@
 
 use App\Filament\Pages\Reviews\ReviewRegister;
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
-use App\Filament\Resources\TenantReviewResource;
-use App\Filament\Resources\TenantReviewResource\Pages\ListTenantReviews;
-use App\Filament\Resources\TenantReviewResource\Pages\ViewTenantReview;
+use App\Filament\Resources\EnvironmentReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource\Pages\ListEnvironmentReviews;
+use App\Filament\Resources\EnvironmentReviewResource\Pages\ViewEnvironmentReview;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
-use App\Support\TenantReviewStatus;
-use App\Services\TenantReviews\TenantReviewLifecycleService;
+use App\Support\EnvironmentReviewStatus;
+use App\Services\EnvironmentReviews\EnvironmentReviewLifecycleService;
 use App\Support\Ui\GovernanceActions\GovernanceActionCatalog;
 use App\Support\Workspaces\WorkspaceContext;
 use Filament\Actions\Action;
@@ -28,7 +28,7 @@
     Storage::fake('exports');
 });
 
-function tenantReviewContractHeaderActions(Testable $component): array
+function environmentReviewContractHeaderActions(Testable $component): array
 {
     $instance = $component->instance();
 
@@ -39,23 +39,23 @@ function tenantReviewContractHeaderActions(Testable $component): array
     return $instance->getCachedHeaderActions();
 }
 
-it('disables tenant-review global search while keeping the view page available for resource inspection', function (): void {
-    $reflection = new ReflectionClass(TenantReviewResource::class);
+it('disables environment-review global search while keeping the view page available for resource inspection', function (): void {
+    $reflection = new ReflectionClass(EnvironmentReviewResource::class);
 
     expect($reflection->getStaticPropertyValue('isGloballySearchable'))->toBeFalse()
-        ->and(array_keys(TenantReviewResource::getPages()))->toContain('view');
+        ->and(array_keys(EnvironmentReviewResource::getPages()))->toContain('view');
 });
 
-it('keeps tenant review list and canonical register empty states to a single CTA', function (): void {
+it('keeps environment review list and canonical register empty states to a single CTA', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
     $this->actingAs($user);
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(ListTenantReviews::class)
+        ->test(ListEnvironmentReviews::class)
         ->assertTableEmptyStateActionsExistInOrder(['create_first_review'])
-        ->assertSee('No tenant reviews yet')
+        ->assertSee('No environment reviews yet')
         ->mountAction('create_review')
         ->assertActionMounted('create_review');
 
@@ -69,15 +69,15 @@ function tenantReviewContractHeaderActions(Testable $component): array
         ->assertSee('No review records match this view');
 });
 
-it('keeps tenant review list inspection on row click and reserves the row action for executive export', function (): void {
+it('keeps environment review list inspection on row click and reserves the row action for executive export', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $review = composeTenantReviewForTest($tenant, $user);
+    $review = composeEnvironmentReviewForTest($tenant, $user);
 
     $this->actingAs($user);
     setAdminEnvironmentContext($tenant);
 
     $livewire = Livewire::actingAs($user)
-        ->test(ListTenantReviews::class)
+        ->test(ListEnvironmentReviews::class)
         ->assertCanSeeTableRecords([$review]);
 
     $table = $livewire->instance()->getTable();
@@ -89,20 +89,20 @@ function tenantReviewContractHeaderActions(Testable $component): array
 
     expect($rowActionNames)->toEqualCanonicalizing(['export_executive_pack'])
         ->and($table->getBulkActions())->toBeEmpty()
-        ->and($table->getRecordUrl($review))->toBe(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant));
+        ->and($table->getRecordUrl($review))->toBe(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant));
 });
 
-it('requires confirmation for destructive tenant-review actions and preserves disabled management visibility for readonly users', function (): void {
+it('requires confirmation for destructive environment-review actions and preserves disabled management visibility for readonly users', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$owner, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
     [$readonly] = createUserWithTenant(tenant: $tenant, user: User::factory()->create(), role: 'readonly');
-    $review = composeTenantReviewForTest($tenant, $owner);
+    $review = composeEnvironmentReviewForTest($tenant, $owner);
     $refreshRule = GovernanceActionCatalog::rule('refresh_review');
 
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($readonly)
-        ->test(ViewTenantReview::class, ['record' => $review->getKey()])
+        ->test(ViewEnvironmentReview::class, ['record' => $review->getKey()])
         ->assertActionVisible('refresh_review')
         ->assertActionDisabled('refresh_review')
         ->assertActionVisible('publish_review')
@@ -113,7 +113,7 @@ function tenantReviewContractHeaderActions(Testable $component): array
         ->assertActionDisabled('archive_review');
 
     Livewire::actingAs($owner)
-        ->test(ViewTenantReview::class, ['record' => $review->getKey()])
+        ->test(ViewEnvironmentReview::class, ['record' => $review->getKey()])
         ->assertActionExists('refresh_review', fn (Action $action): bool => $action->getLabel() === $refreshRule->canonicalLabel
             && $action->isConfirmationRequired()
             && $action->getModalHeading() === $refreshRule->modalHeading
@@ -122,44 +122,44 @@ function tenantReviewContractHeaderActions(Testable $component): array
         ->assertActionMounted('refresh_review');
 
     Livewire::actingAs($owner)
-        ->test(ViewTenantReview::class, ['record' => $review->getKey()])
+        ->test(ViewEnvironmentReview::class, ['record' => $review->getKey()])
         ->mountAction('publish_review')
         ->assertActionMounted('publish_review')
         ->callMountedAction()
         ->assertHasActionErrors(['publish_reason']);
 
-    $published = app(TenantReviewLifecycleService::class)->publish($review, $owner, 'Ready for publication.');
+    $published = app(EnvironmentReviewLifecycleService::class)->publish($review, $owner, 'Ready for publication.');
 
     Livewire::actingAs($owner)
-        ->test(ViewTenantReview::class, ['record' => $published->getKey()])
+        ->test(ViewEnvironmentReview::class, ['record' => $published->getKey()])
         ->mountAction('archive_review')
         ->assertActionMounted('archive_review')
         ->callMountedAction()
         ->assertHasActionErrors(['archive_reason']);
 });
 
-it('keeps tenant review header hierarchy to one primary action and moves related links into summary context', function (): void {
+it('keeps environment review header hierarchy to one primary action and moves related links into summary context', function (): void {
     [$owner, $tenant] = createUserWithTenant(role: 'owner');
-    $review = composeTenantReviewForTest($tenant, $owner);
+    $review = composeEnvironmentReviewForTest($tenant, $owner);
 
     setAdminEnvironmentContext($tenant);
 
     $this->actingAs($owner)
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
         ->assertOk()
         ->assertSee('Related context')
         ->assertSee('Evidence snapshot');
 
     $component = Livewire::actingAs($owner)
-        ->test(ViewTenantReview::class, ['record' => $review->getKey()]);
+        ->test(ViewEnvironmentReview::class, ['record' => $review->getKey()]);
 
-    $topLevelActionNames = collect(tenantReviewContractHeaderActions($component))
+    $topLevelActionNames = collect(environmentReviewContractHeaderActions($component))
         ->reject(static fn ($action): bool => $action instanceof ActionGroup)
         ->map(static fn ($action): ?string => $action instanceof Action ? $action->getName() : null)
         ->filter()
         ->values()
         ->all();
-    $groupLabels = collect(tenantReviewContractHeaderActions($component))
+    $groupLabels = collect(environmentReviewContractHeaderActions($component))
         ->filter(static fn ($action): bool => $action instanceof ActionGroup)
         ->map(static fn (ActionGroup $action): string => (string) $action->getLabel())
         ->values()
@@ -172,11 +172,11 @@ function tenantReviewContractHeaderActions(Testable $component): array
 it('uses the current review-pack download as the only customer-workspace detail header action', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
@@ -186,7 +186,7 @@ function tenantReviewContractHeaderActions(Testable $component): array
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
         'file_path' => 'review-packs/customer-detail-primary.zip',
@@ -198,7 +198,7 @@ function tenantReviewContractHeaderActions(Testable $component): array
     setAdminEnvironmentContext($tenant);
 
     $this->actingAs($user)
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant).'?'.http_build_query([
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant).'?'.http_build_query([
             CustomerReviewWorkspace::DETAIL_CONTEXT_QUERY_KEY => 1,
         ]))
         ->assertOk()
@@ -212,7 +212,7 @@ function tenantReviewContractHeaderActions(Testable $component): array
 
     $component = Livewire::withQueryParams([CustomerReviewWorkspace::DETAIL_CONTEXT_QUERY_KEY => 1])
         ->actingAs($user)
-        ->test(ViewTenantReview::class, ['record' => $review->getKey()])
+        ->test(ViewEnvironmentReview::class, ['record' => $review->getKey()])
         ->assertActionVisible('download_current_review_pack')
         ->assertActionEnabled('download_current_review_pack')
         ->assertActionDoesNotExist('publish_review')
@@ -223,7 +223,7 @@ function tenantReviewContractHeaderActions(Testable $component): array
 
     $component->assertActionExists('download_current_review_pack', fn (Action $action): bool => $action->getLabel() === 'Download governance package');
 
-    $topLevelActionNames = collect(tenantReviewContractHeaderActions($component))
+    $topLevelActionNames = collect(environmentReviewContractHeaderActions($component))
         ->map(static fn ($action): ?string => $action instanceof Action ? $action->getName() : null)
         ->filter()
         ->values()
@@ -235,9 +235,9 @@ function tenantReviewContractHeaderActions(Testable $component): array
 it('shows publication truth and next-step guidance when a review is not yet publishable', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$owner, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = TenantReview::query()->create([
+    $review = EnvironmentReview::query()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
@@ -248,12 +248,12 @@ function tenantReviewContractHeaderActions(Testable $component): array
             'publish_blockers' => ['Review the approval note before publication.'],
             'section_state_counts' => ['complete' => 6, 'partial' => 0, 'missing' => 0, 'stale' => 0],
         ],
-        'fingerprint' => hash('sha256', 'tenant-review-ui-contract'),
+        'fingerprint' => hash('sha256', 'environment-review-ui-contract'),
         'generated_at' => now(),
     ]);
 
     $this->actingAs($owner)
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
         ->assertOk()
         ->assertSee('Outcome summary')
         ->assertDontSee('Artifact truth')
@@ -274,7 +274,7 @@ function tenantReviewContractHeaderActions(Testable $component): array
     $review = $this->makeInternalOnlyArtifactTruthReview($tenant, $owner);
 
     $this->actingAs($owner)
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
         ->assertOk()
         ->assertSee('Internal only')
         ->assertSee('Publication readiness')
diff --git a/apps/platform/tests/Feature/Evidence/EvidenceSnapshotResourceTest.php b/apps/platform/tests/Feature/Evidence/EvidenceSnapshotResourceTest.php
index 8c9821b7..e43924da 100644
--- a/apps/platform/tests/Feature/Evidence/EvidenceSnapshotResourceTest.php
+++ b/apps/platform/tests/Feature/Evidence/EvidenceSnapshotResourceTest.php
@@ -397,7 +397,7 @@ function suspendEvidenceSnapshotWorkspace(ManagedEnvironment $tenant): void
                     'status' => 'running',
                 ],
                 [
-                    'type' => 'tenant.review_pack.generate',
+                    'type' => 'environment.review_pack.generate',
                     'outcome' => 'succeeded',
                     'status' => 'completed',
                 ],
diff --git a/apps/platform/tests/Feature/Filament/AdminHomeRedirectsToChooseTenantWhenWorkspaceSelectedTest.php b/apps/platform/tests/Feature/Filament/AdminHomeRedirectsToChooseEnvironmentWhenWorkspaceSelectedTest.php
similarity index 100%
rename from apps/platform/tests/Feature/Filament/AdminHomeRedirectsToChooseTenantWhenWorkspaceSelectedTest.php
rename to apps/platform/tests/Feature/Filament/AdminHomeRedirectsToChooseEnvironmentWhenWorkspaceSelectedTest.php
diff --git a/apps/platform/tests/Feature/Filament/AdminTenantScopedSurfacesRedirectToChooseTenantTest.php b/apps/platform/tests/Feature/Filament/AdminTenantScopedSurfacesRedirectToChooseEnvironmentTest.php
similarity index 99%
rename from apps/platform/tests/Feature/Filament/AdminTenantScopedSurfacesRedirectToChooseTenantTest.php
rename to apps/platform/tests/Feature/Filament/AdminTenantScopedSurfacesRedirectToChooseEnvironmentTest.php
index 67b95ed9..b5729b2b 100644
--- a/apps/platform/tests/Feature/Filament/AdminTenantScopedSurfacesRedirectToChooseTenantTest.php
+++ b/apps/platform/tests/Feature/Filament/AdminTenantScopedSurfacesRedirectToChooseEnvironmentTest.php
@@ -102,5 +102,5 @@
         });
 
     expect($response->getStatusCode())->toBeIn([200, 302]);
-    expect($response->headers->get('Location'))->not->toBe('/admin/choose-tenant');
+    expect($response->headers->get('Location'))->not->toBe('/admin/choose-environment');
 })->with('admin tenant scoped surface paths');
diff --git a/apps/platform/tests/Feature/Filament/ArchivedTenantViewTest.php b/apps/platform/tests/Feature/Filament/ArchivedTenantViewTest.php
index 7d8b2727..ebd6158c 100644
--- a/apps/platform/tests/Feature/Filament/ArchivedTenantViewTest.php
+++ b/apps/platform/tests/Feature/Filament/ArchivedTenantViewTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Support\Rbac\UiTooltips;
 use Filament\Facades\Filament;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -19,7 +19,7 @@
 
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertSee('ManagedEnvironment archived')
         ->assertSee(UiTooltips::TENANT_ARCHIVED)
         ->assertSee('This environment remains available for inspection and audit history, but it is not selectable as active context until you restore it.')
diff --git a/apps/platform/tests/Feature/Filament/Artifacts/ArtifactSourceTaxonomySurfaceTest.php b/apps/platform/tests/Feature/Filament/Artifacts/ArtifactSourceTaxonomySurfaceTest.php
index e6bcce52..06b11d9d 100644
--- a/apps/platform/tests/Feature/Filament/Artifacts/ArtifactSourceTaxonomySurfaceTest.php
+++ b/apps/platform/tests/Feature/Filament/Artifacts/ArtifactSourceTaxonomySurfaceTest.php
@@ -6,7 +6,7 @@
 use App\Filament\Resources\FindingResource;
 use App\Filament\Resources\InventoryItemResource;
 use App\Filament\Resources\StoredReportResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\Finding;
 use App\Models\InventoryItem;
 use App\Models\ManagedEnvironment;
@@ -39,8 +39,8 @@
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
     ]);
-    $snapshot = seedTenantReviewEvidence($tenant, findingCount: 1, driftCount: 1);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $snapshot = seedEnvironmentReviewEvidence($tenant, findingCount: 1, driftCount: 1);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
 
     $this->actingAs($user)
         ->get(FindingResource::getUrl('view', ['record' => $finding], tenant: $tenant))
@@ -69,7 +69,7 @@
         ->assertSee('Provider source detail');
 
     $this->actingAs($user)
-        ->get(TenantReviewResource::getUrl('view', ['record' => $review], tenant: $tenant))
+        ->get(EnvironmentReviewResource::getUrl('view', ['record' => $review], tenant: $tenant))
         ->assertOk()
         ->assertSee('Artifact source')
         ->assertSee('Source family')
diff --git a/apps/platform/tests/Feature/Filament/BaselineCompareCoverageBannerTest.php b/apps/platform/tests/Feature/Filament/BaselineCompareCoverageBannerTest.php
index 5966a94c..3d573a79 100644
--- a/apps/platform/tests/Feature/Filament/BaselineCompareCoverageBannerTest.php
+++ b/apps/platform/tests/Feature/Filament/BaselineCompareCoverageBannerTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Widgets\Tenant\BaselineCompareCoverageBanner;
+use App\Filament\Widgets\ManagedEnvironment\BaselineCompareCoverageBanner;
 use App\Models\BaselineProfile;
 use App\Models\BaselineSnapshot;
 use App\Models\BaselineTenantAssignment;
diff --git a/apps/platform/tests/Feature/Filament/BaselineCompareSummaryConsistencyTest.php b/apps/platform/tests/Feature/Filament/BaselineCompareSummaryConsistencyTest.php
index 4226ad6f..97af52c3 100644
--- a/apps/platform/tests/Feature/Filament/BaselineCompareSummaryConsistencyTest.php
+++ b/apps/platform/tests/Feature/Filament/BaselineCompareSummaryConsistencyTest.php
@@ -4,7 +4,7 @@
 
 use App\Filament\Pages\BaselineCompareLanding;
 use App\Filament\Widgets\Dashboard\BaselineCompareNow;
-use App\Filament\Widgets\Tenant\BaselineCompareCoverageBanner;
+use App\Filament\Widgets\ManagedEnvironment\BaselineCompareCoverageBanner;
 use App\Models\BaselineProfile;
 use App\Models\BaselineSnapshot;
 use App\Models\BaselineTenantAssignment;
diff --git a/apps/platform/tests/Feature/Filament/BaselineProfileCaptureStartSurfaceTest.php b/apps/platform/tests/Feature/Filament/BaselineProfileCaptureStartSurfaceTest.php
index a81386ed..c63a2eff 100644
--- a/apps/platform/tests/Feature/Filament/BaselineProfileCaptureStartSurfaceTest.php
+++ b/apps/platform/tests/Feature/Filament/BaselineProfileCaptureStartSurfaceTest.php
@@ -81,7 +81,7 @@ function seedCaptureProfileForTenant(
         ->assertActionVisible('capture')
         ->assertActionHasLabel('capture', 'Capture baseline')
         ->assertActionDisabled('capture')
-        ->callAction('capture', data: ['source_tenant_id' => (int) $tenant->getKey()])
+        ->callAction('capture', data: ['source_environment_id' => (int) $tenant->getKey()])
         ->assertStatus(200);
 
     Queue::assertNotPushed(CaptureBaselineSnapshotJob::class);
@@ -105,7 +105,7 @@ function seedCaptureProfileForTenant(
         ->assertActionVisible('capture')
         ->assertActionHasLabel('capture', 'Capture baseline (full content)')
         ->assertActionEnabled('capture')
-        ->callAction('capture', data: ['source_tenant_id' => (int) $tenant->getKey()])
+        ->callAction('capture', data: ['source_environment_id' => (int) $tenant->getKey()])
         ->assertStatus(200);
 
     $topLevelActionNames = collect(baselineProfileCaptureHeaderActions($component))
@@ -147,7 +147,7 @@ function seedCaptureProfileForTenant(
         ->assertActionVisible('capture')
         ->assertActionHasLabel('capture', 'Capture baseline')
         ->assertActionEnabled('capture')
-        ->callAction('capture', data: ['source_tenant_id' => (int) $tenant->getKey()])
+        ->callAction('capture', data: ['source_environment_id' => (int) $tenant->getKey()])
         ->assertNotified('Cannot start capture')
         ->assertStatus(200);
 
@@ -170,7 +170,7 @@ function seedCaptureProfileForTenant(
         ->assertActionVisible('capture')
         ->assertActionHasLabel('capture', 'Capture baseline (full content)')
         ->assertActionEnabled('capture')
-        ->callAction('capture', data: ['source_tenant_id' => (int) $tenant->getKey()])
+        ->callAction('capture', data: ['source_environment_id' => (int) $tenant->getKey()])
         ->assertNotified('Cannot start capture')
         ->assertStatus(200);
 
@@ -224,7 +224,7 @@ function seedCaptureProfileForTenant(
     Livewire::actingAs($user)
         ->test(ViewBaselineProfile::class, ['record' => $profile->getKey()])
         ->assertActionVisible('capture')
-        ->callAction('capture', data: ['source_tenant_id' => (int) $tenant->getKey()])
+        ->callAction('capture', data: ['source_environment_id' => (int) $tenant->getKey()])
         ->assertNotified('Cannot start capture')
         ->assertStatus(200);
 
diff --git a/apps/platform/tests/Feature/Filament/BaselineProfileCompareStartSurfaceTest.php b/apps/platform/tests/Feature/Filament/BaselineProfileCompareStartSurfaceTest.php
index 0949e280..e75f6bea 100644
--- a/apps/platform/tests/Feature/Filament/BaselineProfileCompareStartSurfaceTest.php
+++ b/apps/platform/tests/Feature/Filament/BaselineProfileCompareStartSurfaceTest.php
@@ -65,7 +65,7 @@ function seedComparableBaselineProfileForTenant(ManagedEnvironment $tenant, Base
         ->assertActionVisible('compareNow')
         ->assertActionHasLabel('compareNow', 'Compare now (full content)')
         ->assertActionDisabled('compareNow')
-        ->callAction('compareNow', data: ['target_tenant_id' => (int) $tenant->getKey()])
+        ->callAction('compareNow', data: ['target_environment_id' => (int) $tenant->getKey()])
         ->assertStatus(200);
 
     Queue::assertNotPushed(CompareBaselineToTenantJob::class);
@@ -86,7 +86,7 @@ function seedComparableBaselineProfileForTenant(ManagedEnvironment $tenant, Base
         ->assertActionVisible('compareNow')
         ->assertActionHasLabel('compareNow', 'Compare now (full content)')
         ->assertActionEnabled('compareNow')
-        ->callAction('compareNow', data: ['target_tenant_id' => (int) $tenant->getKey()])
+        ->callAction('compareNow', data: ['target_environment_id' => (int) $tenant->getKey()])
         ->assertStatus(200);
 
     Queue::assertPushed(CompareBaselineToTenantJob::class);
@@ -116,7 +116,7 @@ function seedComparableBaselineProfileForTenant(ManagedEnvironment $tenant, Base
         ->assertActionVisible('compareNow')
         ->assertActionHasLabel('compareNow', 'Compare now (full content)')
         ->assertActionEnabled('compareNow')
-        ->callAction('compareNow', data: ['target_tenant_id' => (int) $tenant->getKey()])
+        ->callAction('compareNow', data: ['target_environment_id' => (int) $tenant->getKey()])
         ->assertNotified('Cannot start comparison')
         ->assertStatus(200);
 
@@ -163,7 +163,7 @@ function seedComparableBaselineProfileForTenant(ManagedEnvironment $tenant, Base
     Livewire::actingAs($user)
         ->test(ViewBaselineProfile::class, ['record' => $profile->getKey()])
         ->assertSee('Mixed strategy scope')
-        ->callAction('compareNow', data: ['target_tenant_id' => (int) $tenant->getKey()])
+        ->callAction('compareNow', data: ['target_environment_id' => (int) $tenant->getKey()])
         ->assertNotified('Cannot start comparison')
         ->assertStatus(200);
 
@@ -271,7 +271,7 @@ function seedComparableBaselineProfileForTenant(ManagedEnvironment $tenant, Base
     Livewire::actingAs($user)
         ->test(ViewBaselineProfile::class, ['record' => $profile->getKey()])
         ->assertActionVisible('compareNow')
-        ->callAction('compareNow', data: ['target_tenant_id' => (int) $tenant->getKey()])
+        ->callAction('compareNow', data: ['target_environment_id' => (int) $tenant->getKey()])
         ->assertNotified('Cannot start comparison')
         ->assertStatus(200);
 
diff --git a/apps/platform/tests/Feature/Filament/ChooseTenantEmptyStateRegisterTenantCtaVisibilityTest.php b/apps/platform/tests/Feature/Filament/ChooseEnvironmentEmptyStateRegisterTenantCtaVisibilityTest.php
similarity index 95%
rename from apps/platform/tests/Feature/Filament/ChooseTenantEmptyStateRegisterTenantCtaVisibilityTest.php
rename to apps/platform/tests/Feature/Filament/ChooseEnvironmentEmptyStateRegisterTenantCtaVisibilityTest.php
index f46ede13..1557ecc0 100644
--- a/apps/platform/tests/Feature/Filament/ChooseTenantEmptyStateRegisterTenantCtaVisibilityTest.php
+++ b/apps/platform/tests/Feature/Filament/ChooseEnvironmentEmptyStateRegisterTenantCtaVisibilityTest.php
@@ -31,7 +31,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get('/admin/choose-tenant')
+        ->get('/admin/choose-environment')
         ->assertSuccessful()
         ->assertSee(__('localization.shell.no_active_environments'))
         ->assertSee(__('localization.shell.view_managed_environments'))
@@ -51,7 +51,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get('/admin/choose-tenant')
+        ->get('/admin/choose-environment')
         ->assertSuccessful()
         ->assertSee(__('localization.shell.no_active_environments'))
         ->assertSee('Switch workspace')
diff --git a/apps/platform/tests/Feature/Filament/ChooseTenantIsWorkspaceScopedTest.php b/apps/platform/tests/Feature/Filament/ChooseEnvironmentIsWorkspaceScopedTest.php
similarity index 96%
rename from apps/platform/tests/Feature/Filament/ChooseTenantIsWorkspaceScopedTest.php
rename to apps/platform/tests/Feature/Filament/ChooseEnvironmentIsWorkspaceScopedTest.php
index 6e7ffd00..6a6b7318 100644
--- a/apps/platform/tests/Feature/Filament/ChooseTenantIsWorkspaceScopedTest.php
+++ b/apps/platform/tests/Feature/Filament/ChooseEnvironmentIsWorkspaceScopedTest.php
@@ -12,7 +12,7 @@
 
 uses(RefreshDatabase::class);
 
-it('only shows tenants from the currently selected workspace on choose-tenant', function (): void {
+it('only shows tenants from the currently selected workspace on choose-environment', function (): void {
     $user = User::factory()->create();
 
     $workspaceA = Workspace::factory()->create(['name' => 'Workspace A']);
@@ -62,7 +62,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspaceA->getKey()])
-        ->get('/admin/choose-tenant')
+        ->get('/admin/choose-environment')
         ->assertSuccessful()
         ->assertSee('ManagedEnvironment A')
         ->assertDontSee('ManagedEnvironment B');
diff --git a/apps/platform/tests/Feature/Filament/ChooseTenantRequiresWorkspaceTest.php b/apps/platform/tests/Feature/Filament/ChooseEnvironmentRequiresWorkspaceTest.php
similarity index 84%
rename from apps/platform/tests/Feature/Filament/ChooseTenantRequiresWorkspaceTest.php
rename to apps/platform/tests/Feature/Filament/ChooseEnvironmentRequiresWorkspaceTest.php
index 5b43f978..2a36373c 100644
--- a/apps/platform/tests/Feature/Filament/ChooseTenantRequiresWorkspaceTest.php
+++ b/apps/platform/tests/Feature/Filament/ChooseEnvironmentRequiresWorkspaceTest.php
@@ -9,7 +9,7 @@
 
 uses(RefreshDatabase::class);
 
-it('redirects choose-tenant to choose-workspace when workspace is not selected', function (): void {
+it('redirects choose-environment to choose-workspace when workspace is not selected', function (): void {
     $user = User::factory()->create([
         'last_workspace_id' => null,
     ]);
@@ -30,6 +30,6 @@
     ]);
 
     $this->actingAs($user)
-        ->get('/admin/choose-tenant')
+        ->get('/admin/choose-environment')
         ->assertRedirect('/admin/choose-workspace');
 });
diff --git a/apps/platform/tests/Feature/Filament/CreateCtaPlacementTest.php b/apps/platform/tests/Feature/Filament/CreateCtaPlacementTest.php
index 260098c0..a8497a04 100644
--- a/apps/platform/tests/Feature/Filament/CreateCtaPlacementTest.php
+++ b/apps/platform/tests/Feature/Filament/CreateCtaPlacementTest.php
@@ -7,7 +7,7 @@
 use App\Filament\Resources\ProviderConnectionResource\Pages\ListProviderConnections;
 use App\Filament\Resources\ReviewPackResource\Pages\ListReviewPacks;
 use App\Filament\Resources\RestoreRunResource\Pages\ListRestoreRuns;
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
 use App\Filament\Resources\Workspaces\Pages\ListWorkspaces;
 use App\Models\BackupSchedule;
 use App\Models\BackupSet;
@@ -303,7 +303,7 @@ function getPlacementEmptyStateAction(Testable $component, string $name): ?Actio
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()]);
 
-    $component = Livewire::test(ListTenants::class)
+    $component = Livewire::test(ListManagedEnvironments::class)
         ->assertTableEmptyStateActionsExistInOrder(['add_tenant']);
 
     $emptyStateCreate = getPlacementEmptyStateAction($component, 'add_tenant');
@@ -320,7 +320,7 @@ function getPlacementEmptyStateAction(Testable $component, string $name): ?Actio
 
     $this->actingAs($user);
 
-    $component = Livewire::test(ListTenants::class)
+    $component = Livewire::test(ListManagedEnvironments::class)
         ->assertCountTableRecords(1);
 
     $headerCreate = getHeaderAction($component, 'add_tenant');
@@ -359,7 +359,7 @@ function getPlacementEmptyStateAction(Testable $component, string $name): ?Actio
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()]);
 
-    $component = Livewire::test(ListTenants::class)
+    $component = Livewire::test(ListManagedEnvironments::class)
         ->assertTableEmptyStateActionsExistInOrder(['add_tenant']);
 
     $emptyStateCreate = getPlacementEmptyStateAction($component, 'add_tenant');
@@ -382,7 +382,7 @@ function getPlacementEmptyStateAction(Testable $component, string $name): ?Actio
 
     $this->actingAs($user);
 
-    $component = Livewire::test(ListTenants::class)
+    $component = Livewire::test(ListManagedEnvironments::class)
         ->assertCountTableRecords(1);
 
     $headerCreate = getHeaderAction($component, 'add_tenant');
@@ -416,7 +416,7 @@ function getPlacementEmptyStateAction(Testable $component, string $name): ?Actio
 
     $this->actingAs($user);
 
-    $component = Livewire::test(ListTenants::class)
+    $component = Livewire::test(ListManagedEnvironments::class)
         ->assertCountTableRecords(1);
 
     $headerCreate = getHeaderAction($component, 'add_tenant');
diff --git a/apps/platform/tests/Feature/Filament/EditTenantHeaderDisciplineTest.php b/apps/platform/tests/Feature/Filament/EditTenantHeaderDisciplineTest.php
index ddd3a83b..5d1170ce 100644
--- a/apps/platform/tests/Feature/Filament/EditTenantHeaderDisciplineTest.php
+++ b/apps/platform/tests/Feature/Filament/EditTenantHeaderDisciplineTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\EditTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\EditManagedEnvironment;
 use App\Models\ManagedEnvironment;
 use Filament\Actions\Action;
 use Filament\Actions\ActionGroup;
@@ -62,7 +62,7 @@ function editTenantHeaderPrimaryNames(Testable $component): array
     $this->actingAs($user);
     Filament::setTenant($tenant, true);
 
-    $component = Livewire::test(EditTenant::class, ['record' => $tenant->getRouteKey()])
+    $component = Livewire::test(EditManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertSee('Related context')
         ->assertSee('Open environment detail')
         ->assertSee('Resume onboarding');
@@ -78,7 +78,7 @@ function editTenantHeaderPrimaryNames(Testable $component): array
     $this->actingAs($user);
     Filament::setTenant($tenant, true);
 
-    $component = Livewire::test(EditTenant::class, ['record' => $tenant->getRouteKey()])
+    $component = Livewire::test(EditManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionVisible('archive')
         ->assertActionEnabled('archive')
         ->assertActionExists('archive', fn (Action $action): bool => $action->isConfirmationRequired());
diff --git a/apps/platform/tests/Feature/Filament/EnvironmentContextSurfaceCopyTest.php b/apps/platform/tests/Feature/Filament/EnvironmentContextSurfaceCopyTest.php
index 1e60e0ca..7162c722 100644
--- a/apps/platform/tests/Feature/Filament/EnvironmentContextSurfaceCopyTest.php
+++ b/apps/platform/tests/Feature/Filament/EnvironmentContextSurfaceCopyTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Support\Workspaces\WorkspaceContext;
 use Filament\Facades\Filament;
 
@@ -13,7 +13,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $environment->workspace_id])
-        ->get(TenantDashboard::getUrl(tenant: $environment))
+        ->get(EnvironmentDashboard::getUrl(tenant: $environment))
         ->assertOk()
         ->assertSee('Switch environment')
         ->assertSee('Clear environment scope')
diff --git a/apps/platform/tests/Feature/Filament/TenantReviewHeaderDisciplineTest.php b/apps/platform/tests/Feature/Filament/EnvironmentReviewHeaderDisciplineTest.php
similarity index 57%
rename from apps/platform/tests/Feature/Filament/TenantReviewHeaderDisciplineTest.php
rename to apps/platform/tests/Feature/Filament/EnvironmentReviewHeaderDisciplineTest.php
index 37982e86..a26117c4 100644
--- a/apps/platform/tests/Feature/Filament/TenantReviewHeaderDisciplineTest.php
+++ b/apps/platform/tests/Feature/Filament/EnvironmentReviewHeaderDisciplineTest.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantReviewResource\Pages\ViewTenantReview;
-use App\Models\TenantReview;
-use App\Support\TenantReviewStatus;
+use App\Filament\Resources\EnvironmentReviewResource\Pages\ViewEnvironmentReview;
+use App\Models\EnvironmentReview;
+use App\Support\EnvironmentReviewStatus;
 use Filament\Actions\Action;
 use Filament\Actions\ActionGroup;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -13,7 +13,7 @@
 
 uses(RefreshDatabase::class);
 
-function tenantReviewHeaderActions(Testable $component): array
+function environmentReviewHeaderActions(Testable $component): array
 {
     $instance = $component->instance();
 
@@ -24,9 +24,9 @@ function tenantReviewHeaderActions(Testable $component): array
     return $instance->getCachedHeaderActions();
 }
 
-function tenantReviewHeaderPrimaryNames(Testable $component): array
+function environmentReviewHeaderPrimaryNames(Testable $component): array
 {
-    return collect(tenantReviewHeaderActions($component))
+    return collect(environmentReviewHeaderActions($component))
         ->reject(static fn ($action): bool => $action instanceof ActionGroup)
         ->map(static fn ($action): ?string => $action instanceof Action ? $action->getName() : null)
         ->filter()
@@ -34,9 +34,9 @@ function tenantReviewHeaderPrimaryNames(Testable $component): array
         ->all();
 }
 
-function tenantReviewHeaderGroupLabels(Testable $component): array
+function environmentReviewHeaderGroupLabels(Testable $component): array
 {
-    return collect(tenantReviewHeaderActions($component))
+    return collect(environmentReviewHeaderActions($component))
         ->filter(static fn ($action): bool => $action instanceof ActionGroup)
         ->map(static fn (ActionGroup $action): string => (string) $action->getLabel())
         ->values()
@@ -45,25 +45,25 @@ function tenantReviewHeaderGroupLabels(Testable $component): array
 
 it('keeps ready reviews to one primary action and renders related navigation in the summary context', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $review = composeTenantReviewForTest($tenant, $user);
+    $review = composeEnvironmentReviewForTest($tenant, $user);
 
     setAdminEnvironmentContext($tenant);
 
     $component = Livewire::actingAs($user)
-        ->test(ViewTenantReview::class, ['record' => $review->getKey()])
+        ->test(ViewEnvironmentReview::class, ['record' => $review->getKey()])
         ->assertSee('Related context')
         ->assertSee('Evidence snapshot');
 
-    expect(tenantReviewHeaderPrimaryNames($component))->toBe(['publish_review'])
-        ->and(tenantReviewHeaderGroupLabels($component))->toBe(['More', 'Danger']);
+    expect(environmentReviewHeaderPrimaryNames($component))->toBe(['publish_review'])
+        ->and(environmentReviewHeaderGroupLabels($component))->toBe(['More', 'Danger']);
 });
 
 it('promotes executive-pack export as the only visible primary action after publication', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $review = composeTenantReviewForTest($tenant, $user);
+    $review = composeEnvironmentReviewForTest($tenant, $user);
 
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
@@ -71,11 +71,11 @@ function tenantReviewHeaderGroupLabels(Testable $component): array
     setAdminEnvironmentContext($tenant);
 
     $component = Livewire::actingAs($user)
-        ->test(ViewTenantReview::class, ['record' => $review->getKey()])
+        ->test(ViewEnvironmentReview::class, ['record' => $review->getKey()])
         ->assertActionVisible('export_executive_pack')
         ->assertActionEnabled('export_executive_pack');
 
-    expect(tenantReviewHeaderPrimaryNames($component))->toBe(['export_executive_pack'])
-        ->and(tenantReviewHeaderGroupLabels($component))->toContain('More')
-        ->and(tenantReviewHeaderPrimaryNames($component))->not->toContain('refresh_review', 'publish_review');
+    expect(environmentReviewHeaderPrimaryNames($component))->toBe(['export_executive_pack'])
+        ->and(environmentReviewHeaderGroupLabels($component))->toContain('More')
+        ->and(environmentReviewHeaderPrimaryNames($component))->not->toContain('refresh_review', 'publish_review');
 });
diff --git a/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactAdminPanelRegistrationTest.php b/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactAdminPanelRegistrationTest.php
index 1dcc6154..c4b783f0 100644
--- a/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactAdminPanelRegistrationTest.php
+++ b/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactAdminPanelRegistrationTest.php
@@ -13,7 +13,7 @@
 use App\Filament\Resources\ReviewPackResource;
 use App\Filament\Resources\RestoreRunResource;
 use App\Filament\Resources\StoredReportResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\ManagedEnvironment;
 use App\Models\StoredReport;
 use App\Models\User;
@@ -35,7 +35,7 @@
         ->and(BackupScheduleResource::shouldRegisterNavigation())->toBeTrue()
         ->and(BackupSetResource::shouldRegisterNavigation())->toBeTrue()
         ->and(RestoreRunResource::shouldRegisterNavigation())->toBeTrue()
-        ->and(TenantReviewResource::shouldRegisterNavigation())->toBeTrue();
+        ->and(EnvironmentReviewResource::shouldRegisterNavigation())->toBeTrue();
 });
 
 it('builds workspace-first admin urls for governance resources', function (): void {
@@ -66,7 +66,7 @@
         FindingResource::class,
         FindingExceptionResource::class,
         EvidenceSnapshotResource::class,
-        TenantReviewResource::class,
+        EnvironmentReviewResource::class,
         ReviewPackResource::class,
         StoredReportResource::class,
     ] as $resourceClass) {
@@ -156,7 +156,7 @@
         FindingResource::class,
         FindingExceptionResource::class,
         EvidenceSnapshotResource::class,
-        TenantReviewResource::class,
+        EnvironmentReviewResource::class,
         ReviewPackResource::class,
         StoredReportResource::class,
     ] as $resourceClass) {
diff --git a/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactDeepLinkContractTest.php b/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactDeepLinkContractTest.php
index a566b220..43f7cd4d 100644
--- a/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactDeepLinkContractTest.php
+++ b/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactDeepLinkContractTest.php
@@ -8,7 +8,7 @@
 use App\Filament\Resources\FindingResource;
 use App\Filament\Resources\RestoreRunResource;
 use App\Filament\Resources\ReviewPackResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\AuditLog;
 use App\Models\BackupSet;
 use App\Models\Finding;
@@ -58,7 +58,7 @@ function governanceArtifactAuditRecord(ManagedEnvironment $tenant, string $resou
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner', setUiContext: false);
 
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
     $run = OperationRun::factory()
         ->forTenant($tenant)
@@ -117,7 +117,7 @@ function governanceArtifactAuditRecord(ManagedEnvironment $tenant, string $resou
             ],
         ]);
 
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
     $snapshotRun = OperationRun::factory()
         ->forTenant($tenant)
         ->create([
@@ -129,11 +129,11 @@ function governanceArtifactAuditRecord(ManagedEnvironment $tenant, string $resou
         'operation_run_id' => (int) $snapshotRun->getKey(),
     ])->save();
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $reviewRun = OperationRun::factory()
         ->forTenant($tenant)
         ->create([
-            'type' => OperationRunType::TenantReviewCompose->value,
+            'type' => OperationRunType::EnvironmentReviewCompose->value,
             'status' => OperationRunStatus::Completed->value,
             'outcome' => OperationRunOutcome::Succeeded->value,
         ]);
@@ -151,7 +151,7 @@ function governanceArtifactAuditRecord(ManagedEnvironment $tenant, string $resou
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
         'operation_run_id' => (int) $packRun->getKey(),
@@ -186,7 +186,7 @@ function governanceArtifactAuditRecord(ManagedEnvironment $tenant, string $resou
 
     expect($reviewLinks)->toMatchArray([
         OperationRunLinks::collectionLabel() => OperationRunLinks::index($tenant),
-        'ManagedEnvironment Review' => TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant),
+        'ManagedEnvironment Review' => EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant),
     ]);
 
     expect($packLinks)->toMatchArray([
diff --git a/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactEnvironmentContextTest.php b/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactEnvironmentContextTest.php
index 9c1b2c12..ce4df406 100644
--- a/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactEnvironmentContextTest.php
+++ b/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactEnvironmentContextTest.php
@@ -5,12 +5,12 @@
 use App\Filament\Resources\EvidenceSnapshotResource;
 use App\Filament\Resources\ReviewPackResource;
 use App\Filament\Resources\StoredReportResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\EvidenceSnapshot;
 use App\Models\ManagedEnvironment;
 use App\Models\ReviewPack;
 use App\Models\StoredReport;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Support\Workspaces\WorkspaceContext;
 
 it('resolves review pack access from the remembered admin environment context', function (): void {
@@ -50,7 +50,7 @@
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner', setUiContext: false);
 
-    seedTenantReviewEvidence($tenant);
+    seedEnvironmentReviewEvidence($tenant);
 
     $this->actingAs($user);
     setAdminPanelContext();
@@ -74,11 +74,11 @@
         ->and($pack?->status)->toBeString();
 });
 
-it('starts tenant review creation from the remembered admin environment context', function (): void {
+it('starts environment review creation from the remembered admin environment context', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner', setUiContext: false);
 
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
     $this->actingAs($user);
     setAdminPanelContext();
@@ -87,17 +87,17 @@
         (string) $tenant->workspace_id => (int) $tenant->getKey(),
     ]);
 
-    TenantReviewResource::executeCreateReview([
+    EnvironmentReviewResource::executeCreateReview([
         'evidence_snapshot_id' => (string) $snapshot->getKey(),
     ]);
 
-    $review = TenantReview::query()
+    $review = EnvironmentReview::query()
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->where('workspace_id', (int) $tenant->workspace_id)
         ->latest('id')
         ->first();
 
-    expect($review)->toBeInstanceOf(TenantReview::class)
+    expect($review)->toBeInstanceOf(EnvironmentReview::class)
         ->and((int) $review?->evidence_snapshot_id)->toBe((int) $snapshot->getKey());
 });
 
@@ -159,4 +159,4 @@
     expect(StoredReportResource::canViewAny())->toBeTrue()
         ->and(StoredReportResource::canView($report))->toBeTrue()
         ->and(StoredReportResource::canView($otherReport))->toBeFalse();
-});
\ No newline at end of file
+});
diff --git a/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactLegacyTenantPanelGuardTest.php b/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactLegacyTenantPanelGuardTest.php
index 2eea79b8..b7f84981 100644
--- a/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactLegacyTenantPanelGuardTest.php
+++ b/apps/platform/tests/Feature/Filament/GovernanceArtifacts/GovernanceArtifactLegacyTenantPanelGuardTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\ManagedEnvironment;
 use App\Models\Workspace;
 use Tests\Support\OpsUx\SourceFileScanner;
@@ -28,7 +28,7 @@ function governanceArtifactLegacyTenantGuardedFiles(): array
         $root.'/app/Filament/Resources/RestoreRunResource.php',
         $root.'/app/Filament/Resources/ReviewPackResource.php',
         $root.'/app/Filament/Resources/StoredReportResource.php',
-        $root.'/app/Filament/Resources/TenantReviewResource.php',
+        $root.'/app/Filament/Resources/EnvironmentReviewResource.php',
         $root.'/app/Support/GovernanceInbox/GovernanceInboxSectionBuilder.php',
         $root.'/app/Support/Navigation/RelatedNavigationResolver.php',
         $root.'/app/Support/OperationRunLinks.php',
@@ -52,7 +52,7 @@ function governanceArtifactLegacyTenantForbiddenPatterns(): array
             'reason' => 'Touched governance artifact surfaces must not hardcode legacy /admin/t route language.',
         ],
         [
-            'pattern' => "/TenantReviewResource::tenantScopedUrl\\([^\\n]*,\\s*'tenant'\\)/",
+            'pattern' => "/EnvironmentReviewResource::tenantScopedUrl\\([^\\n]*,\\s*'tenant'\\)/",
             'reason' => 'Touched review drillthrough call-sites must not carry a stale tenant-panel hint.',
         ],
         [
@@ -96,22 +96,22 @@ function governanceArtifactLegacyTenantForbiddenPatterns(): array
     expect($violations)->toBeEmpty();
 })->group('surface-guard');
 
-it('keeps tenant review scoped urls on workspace-first admin routes even when a legacy tenant hint is supplied', function (): void {
+it('keeps environment review scoped urls on workspace-first admin routes even when a legacy tenant hint is supplied', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner', setUiContext: false);
 
-    $snapshot = seedTenantReviewEvidence($tenant);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $workspace = Workspace::query()->whereKey((int) $tenant->workspace_id)->firstOrFail();
 
     setAdminPanelContext();
 
     $path = parse_url(
-        TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant, 'tenant'),
+        EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant, 'tenant'),
         PHP_URL_PATH,
     );
 
     expect($path)
-        ->toBe('/admin/workspaces/'.$workspace->getRouteKey().'/environments/'.$tenant->getRouteKey().'/tenant-reviews/'.$review->getRouteKey())
+        ->toBe('/admin/workspaces/'.$workspace->getRouteKey().'/environments/'.$tenant->getRouteKey().'/environment-reviews/'.$review->getRouteKey())
         ->not->toContain('/admin/t/');
 })->group('surface-guard');
diff --git a/apps/platform/tests/Feature/Filament/HousekeepingTest.php b/apps/platform/tests/Feature/Filament/HousekeepingTest.php
index a6d1804e..f02b1cef 100644
--- a/apps/platform/tests/Feature/Filament/HousekeepingTest.php
+++ b/apps/platform/tests/Feature/Filament/HousekeepingTest.php
@@ -4,7 +4,7 @@
 use App\Filament\Resources\PolicyResource\Pages\ListPolicies;
 use App\Filament\Resources\PolicyVersionResource\Pages\ListPolicyVersions;
 use App\Filament\Resources\RestoreRunResource\Pages\ListRestoreRuns;
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
 use App\Models\BackupItem;
 use App\Models\BackupSet;
 use App\Models\Policy;
@@ -381,7 +381,7 @@
     $this->actingAs($user);
     setAdminPanelContext($tenant);
 
-    Livewire::test(ListTenants::class)
+    Livewire::test(ListManagedEnvironments::class)
         ->callTableAction('archive', $tenant, [
             'archive_reason' => 'Removing this tenant from the active housekeeping list.',
         ]);
@@ -440,7 +440,7 @@
     ]);
 
     $component = Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->filterTable('trashed', true)
         ->assertSee($active->name)
         ->assertSee($archived->name);
@@ -487,7 +487,7 @@
     ]);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->filterTable('trashed', false)
         ->callTableAction('restore', $tenant);
 
diff --git a/apps/platform/tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php b/apps/platform/tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php
index 08bf596b..d44b124e 100644
--- a/apps/platform/tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php
+++ b/apps/platform/tests/Feature/Filament/ManagedEnvironmentAccessScopeManagementTest.php
@@ -2,15 +2,15 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ManageTenantMemberships;
-use App\Filament\Resources\TenantResource\RelationManagers\TenantMembershipsRelationManager;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ManageEnvironmentAccessScopes;
+use App\Filament\Resources\ManagedEnvironmentResource\RelationManagers\ManagedEnvironmentMembershipsRelationManager;
 use App\Models\AuditLog;
 use App\Models\ManagedEnvironment;
 use App\Models\ManagedEnvironmentMembership;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
-use App\Services\Auth\TenantMembershipManager;
+use App\Services\Auth\ManagedEnvironmentMembershipManager;
 use App\Support\Audit\AuditActionId;
 use Filament\Actions\Action;
 use Livewire\Livewire;
@@ -35,9 +35,9 @@
     ]);
 
     Livewire::actingAs($owner)
-        ->test(TenantMembershipsRelationManager::class, [
+        ->test(ManagedEnvironmentMembershipsRelationManager::class, [
             'ownerRecord' => $tenant,
-            'pageClass' => ManageTenantMemberships::class,
+            'pageClass' => ManageEnvironmentAccessScopes::class,
         ])
         ->callTableAction('add_member', null, [
             'user_id' => (int) $member->getKey(),
@@ -80,9 +80,9 @@
     ]);
 
     Livewire::actingAs($owner)
-        ->test(TenantMembershipsRelationManager::class, [
+        ->test(ManagedEnvironmentMembershipsRelationManager::class, [
             'ownerRecord' => $tenant,
-            'pageClass' => ManageTenantMemberships::class,
+            'pageClass' => ManageEnvironmentAccessScopes::class,
         ])
         ->assertTableActionExists('remove', fn (Action $action): bool => $action->isConfirmationRequired(), $scope)
         ->callTableAction('remove', $scope);
@@ -116,6 +116,6 @@
         'source' => 'manual',
     ]);
 
-    expect(fn () => app(TenantMembershipManager::class)->changeRole($tenant, $owner, $scope, 'owner'))
+    expect(fn () => app(ManagedEnvironmentMembershipManager::class)->changeRole($tenant, $owner, $scope, 'owner'))
         ->toThrow(DomainException::class, 'Managed-environment access scopes do not manage roles. Change the workspace role instead.');
 });
diff --git a/apps/platform/tests/Feature/Filament/ManagedTenantsLandingLifecycleTest.php b/apps/platform/tests/Feature/Filament/ManagedEnvironmentsLandingLifecycleTest.php
similarity index 93%
rename from apps/platform/tests/Feature/Filament/ManagedTenantsLandingLifecycleTest.php
rename to apps/platform/tests/Feature/Filament/ManagedEnvironmentsLandingLifecycleTest.php
index 316a354a..40e49c43 100644
--- a/apps/platform/tests/Feature/Filament/ManagedTenantsLandingLifecycleTest.php
+++ b/apps/platform/tests/Feature/Filament/ManagedEnvironmentsLandingLifecycleTest.php
@@ -44,7 +44,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]))
+        ->get(route('admin.workspace.managed-environments.index', ['workspace' => $workspace]))
         ->assertSuccessful()
         ->assertSee('Active ManagedEnvironment')
         ->assertSee('Onboarding ManagedEnvironment')
@@ -86,14 +86,14 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]))
+        ->get(route('admin.workspace.managed-environments.index', ['workspace' => $workspace]))
         ->assertSuccessful()
         ->assertSee('Discoverable Draft ManagedEnvironment')
         ->assertSee('Discoverable Onboarding ManagedEnvironment')
         ->assertSee('Discoverable Archived ManagedEnvironment');
 });
 
-it('keeps administrative landing discoverability broader than choose-tenant selection', function (): void {
+it('keeps administrative landing discoverability broader than choose-environment selection', function (): void {
     $workspace = Workspace::factory()->create(['slug' => 'landing-vs-selector']);
     $user = User::factory()->create();
 
@@ -129,7 +129,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]))
+        ->get(route('admin.workspace.managed-environments.index', ['workspace' => $workspace]))
         ->assertSuccessful()
         ->assertSee('Landing Active ManagedEnvironment')
         ->assertSee('Landing Draft ManagedEnvironment')
@@ -138,7 +138,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get('/admin/choose-tenant')
+        ->get('/admin/choose-environment')
         ->assertSuccessful()
         ->assertSee('Landing Active ManagedEnvironment')
         ->assertDontSee('Landing Draft ManagedEnvironment')
diff --git a/apps/platform/tests/Feature/Filament/RecentOperationsSummaryWidgetTest.php b/apps/platform/tests/Feature/Filament/RecentOperationsSummaryWidgetTest.php
index 588c79de..079a6457 100644
--- a/apps/platform/tests/Feature/Filament/RecentOperationsSummaryWidgetTest.php
+++ b/apps/platform/tests/Feature/Filament/RecentOperationsSummaryWidgetTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Widgets\Dashboard\RecentOperations;
-use App\Filament\Widgets\Tenant\RecentOperationsSummary;
+use App\Filament\Widgets\ManagedEnvironment\RecentOperationsSummary;
 use App\Models\OperationRun;
 use App\Support\OperationRunLinks;
 use App\Support\OperationRunOutcome;
diff --git a/apps/platform/tests/Feature/Filament/Resources/TenantResource/TenantWorkspaceRemovalTest.php b/apps/platform/tests/Feature/Filament/Resources/TenantResource/TenantWorkspaceRemovalTest.php
index 212568c2..3941081e 100644
--- a/apps/platform/tests/Feature/Filament/Resources/TenantResource/TenantWorkspaceRemovalTest.php
+++ b/apps/platform/tests/Feature/Filament/Resources/TenantResource/TenantWorkspaceRemovalTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\AuditLog;
 use App\Models\ManagedEnvironment;
 use App\Models\OperationRun;
@@ -35,7 +35,7 @@
     $this->actingAs($user);
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionVisible('remove_from_workspace')
         ->assertActionExists('remove_from_workspace', fn (Action $action): bool => $action->isConfirmationRequired())
         ->callAction('remove_from_workspace', data: [
@@ -83,7 +83,7 @@
         ->exists())->toBeFalse();
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertSee('Removed from workspace');
 
     $this->actingAs($user)
@@ -94,7 +94,7 @@
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionVisible('restore_to_workspace')
         ->assertActionExists('restore_to_workspace', fn (Action $action): bool => $action->isConfirmationRequired())
         ->callAction('restore_to_workspace', data: [
diff --git a/apps/platform/tests/Feature/Filament/ReviewRegisterDerivedStateMemoizationTest.php b/apps/platform/tests/Feature/Filament/ReviewRegisterDerivedStateMemoizationTest.php
index 5ff2628b..0f1ccfe7 100644
--- a/apps/platform/tests/Feature/Filament/ReviewRegisterDerivedStateMemoizationTest.php
+++ b/apps/platform/tests/Feature/Filament/ReviewRegisterDerivedStateMemoizationTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Reviews\ReviewRegister;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Support\Ui\DerivedState\DerivedStateFamily;
 use App\Support\Ui\DerivedState\RequestScopedDerivedStateStore;
 use App\Support\Ui\GovernanceArtifactTruth\ArtifactTruthPresenter;
@@ -16,7 +16,7 @@
 
 it('reuses one artifact-truth resolution per row on the canonical review register', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $review = composeTenantReviewForTest($tenant, $user);
+    $review = composeEnvironmentReviewForTest($tenant, $user);
 
     setAdminPanelContext();
     $this->actingAs($user);
@@ -28,38 +28,38 @@
         ->assertSee('Outcome')
         ->assertSee('Next step');
 
-    $truth = app(ArtifactTruthPresenter::class)->forTenantReview($review->fresh());
+    $truth = app(ArtifactTruthPresenter::class)->forEnvironmentReview($review->fresh());
     $registerOutcome = app(ArtifactTruthPresenter::class)->compressedOutcomeFor(
         $review->fresh(),
         SurfaceCompressionContext::reviewRegister(),
     );
     $detailOutcome = app(ArtifactTruthPresenter::class)->compressedOutcomeFor(
         $review->fresh(),
-        SurfaceCompressionContext::tenantReview(),
+        SurfaceCompressionContext::environmentReview(),
     );
     $store = app(RequestScopedDerivedStateStore::class);
 
     expect($store->countStored(
         DerivedStateFamily::ArtifactTruth,
-        TenantReview::class,
+        EnvironmentReview::class,
         (string) $review->getKey(),
-        'tenant_review',
+        'environment_review',
     ))->toBe(1)
         ->and($store->countStored(
             DerivedStateFamily::ArtifactTruth,
-            TenantReview::class,
+            EnvironmentReview::class,
             (string) $review->getKey(),
             SurfaceCompressionContext::reviewRegister()->cacheVariant(),
         ))->toBe(1)
         ->and($store->countStored(
             DerivedStateFamily::ArtifactTruth,
-            TenantReview::class,
+            EnvironmentReview::class,
             (string) $review->getKey(),
-            SurfaceCompressionContext::tenantReview()->cacheVariant(),
+            SurfaceCompressionContext::environmentReview()->cacheVariant(),
         ))->toBe(1)
         ->and($truth->primaryLabel)->not->toBe('')
         ->and($truth->nextStepText())->not->toBe('')
         ->and($registerOutcome?->decisionDirection)->toBe($detailOutcome?->decisionDirection)
         ->and($registerOutcome?->surfaceFamily)->toBe('review_register')
-        ->and($detailOutcome?->surfaceFamily)->toBe('tenant_review');
+        ->and($detailOutcome?->surfaceFamily)->toBe('environment_review');
 });
diff --git a/apps/platform/tests/Feature/Filament/SelectTenantPostPersistsLastUsedTest.php b/apps/platform/tests/Feature/Filament/SelectEnvironmentPostPersistsLastUsedTest.php
similarity index 88%
rename from apps/platform/tests/Feature/Filament/SelectTenantPostPersistsLastUsedTest.php
rename to apps/platform/tests/Feature/Filament/SelectEnvironmentPostPersistsLastUsedTest.php
index 481fe08f..1325383d 100644
--- a/apps/platform/tests/Feature/Filament/SelectTenantPostPersistsLastUsedTest.php
+++ b/apps/platform/tests/Feature/Filament/SelectEnvironmentPostPersistsLastUsedTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Models\ManagedEnvironmentMembership;
 use App\Models\User;
@@ -42,9 +42,9 @@
     $response = $this
         ->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->post(route('admin.select-tenant'), ['managed_environment_id' => (int) $tenant->getKey()]);
+        ->post(route('admin.select-environment'), ['managed_environment_id' => (int) $tenant->getKey()]);
 
-    $response->assertRedirect(TenantDashboard::getUrl(tenant: $tenant));
+    $response->assertRedirect(EnvironmentDashboard::getUrl(tenant: $tenant));
 
     $user->refresh();
 
diff --git a/apps/platform/tests/Feature/Filament/SharedVerificationReportFamilyContractTest.php b/apps/platform/tests/Feature/Filament/SharedVerificationReportFamilyContractTest.php
index 4e460b4f..75f30ed6 100644
--- a/apps/platform/tests/Feature/Filament/SharedVerificationReportFamilyContractTest.php
+++ b/apps/platform/tests/Feature/Filament/SharedVerificationReportFamilyContractTest.php
@@ -2,11 +2,11 @@
 
 declare(strict_types=1);
 
-use App\Filament\Widgets\Tenant\TenantVerificationReport;
+use App\Filament\Widgets\ManagedEnvironment\ManagedEnvironmentVerificationReport;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -114,7 +114,7 @@
         ],
     ]);
 
-    TenantOnboardingSession::query()->create([
+    ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -176,7 +176,7 @@
     ]);
 
     $component = Livewire::actingAs($user)
-        ->test(TenantVerificationReport::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentVerificationReport::class, ['record' => $tenant])
         ->assertSee('ManagedEnvironment widget verification');
 
     expect($component->html())
diff --git a/apps/platform/tests/Feature/Filament/TableStandardsCriticalListsTest.php b/apps/platform/tests/Feature/Filament/TableStandardsCriticalListsTest.php
index eea80066..ec8f4039 100644
--- a/apps/platform/tests/Feature/Filament/TableStandardsCriticalListsTest.php
+++ b/apps/platform/tests/Feature/Filament/TableStandardsCriticalListsTest.php
@@ -10,7 +10,7 @@
 use App\Filament\Resources\FindingResource\Pages\ListFindings;
 use App\Filament\Resources\PolicyResource\Pages\ListPolicies;
 use App\Filament\Resources\ProviderConnectionResource\Pages\ListProviderConnections;
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
 use App\Models\BackupSet;
 use App\Support\Filament\TablePaginationProfiles;
 use Filament\Facades\Filament;
@@ -47,7 +47,7 @@ function spec125CriticalTenantContext(bool $ensureDefaultMicrosoftProviderConnec
 
     setAdminPanelContext();
 
-    $component = Livewire::actingAs($user)->test(ListTenants::class)
+    $component = Livewire::actingAs($user)->test(ListManagedEnvironments::class)
         ->assertTableEmptyStateActionsExistInOrder(['add_tenant']);
 
     $table = spec125CriticalTable($component);
diff --git a/apps/platform/tests/Feature/Filament/TableStatePersistenceTest.php b/apps/platform/tests/Feature/Filament/TableStatePersistenceTest.php
index 9b17a8a2..4ca6f352 100644
--- a/apps/platform/tests/Feature/Filament/TableStatePersistenceTest.php
+++ b/apps/platform/tests/Feature/Filament/TableStatePersistenceTest.php
@@ -16,7 +16,7 @@
 use App\Filament\Resources\PolicyVersionResource\Pages\ListPolicyVersions;
 use App\Filament\Resources\ProviderConnectionResource\Pages\ListProviderConnections;
 use App\Filament\Resources\RestoreRunResource\Pages\ListRestoreRuns;
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
 use App\Models\AuditLog;
 use App\Models\Finding;
 use App\Models\FindingException;
@@ -67,7 +67,7 @@ function spec125AssertPersistedTableState(
     setAdminPanelContext();
 
     spec125AssertPersistedTableState(
-        ListTenants::class,
+        ListManagedEnvironments::class,
         [],
         'ManagedEnvironment',
         'name',
diff --git a/apps/platform/tests/Feature/Filament/TenantActionsAuthorizationTest.php b/apps/platform/tests/Feature/Filament/TenantActionsAuthorizationTest.php
index 8089a032..7cac3f07 100644
--- a/apps/platform/tests/Feature/Filament/TenantActionsAuthorizationTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantActionsAuthorizationTest.php
@@ -1,8 +1,8 @@
 <?php
 
-use App\Filament\Pages\ChooseTenant;
-use App\Filament\Pages\TenantDashboard;
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
+use App\Filament\Pages\ChooseEnvironment;
+use App\Filament\Pages\EnvironmentDashboard;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
 use App\Models\ManagedEnvironment;
 use App\Support\Auth\UiTooltips;
 use Filament\Facades\Filament;
@@ -17,7 +17,7 @@
     Http::preventStrayRequests();
 });
 
-test('readonly users may switch current tenant via ChooseTenant', function () {
+test('readonly users may switch current tenant via ChooseEnvironment', function () {
     [$user, $tenantA] = createUserWithTenant(role: 'readonly', fixtureProfile: 'credential-enabled');
 
     $tenantB = ManagedEnvironment::factory()->create([
@@ -35,9 +35,9 @@
     expect($tenantB->fresh()->is_current)->toBeTrue();
 
     Livewire::actingAs($user)
-        ->test(ChooseTenant::class)
-        ->call('selectTenant', $tenantA->getKey())
-        ->assertRedirect(TenantDashboard::getUrl(tenant: $tenantA));
+        ->test(ChooseEnvironment::class)
+        ->call('selectEnvironment', $tenantA->getKey())
+        ->assertRedirect(EnvironmentDashboard::getUrl(tenant: $tenantA));
 });
 
 test('users cannot switch to a tenant they are not a member of', function () {
@@ -48,8 +48,8 @@
     ]);
 
     Livewire::actingAs($user)
-        ->test(ChooseTenant::class)
-        ->call('selectTenant', $tenant->getKey())
+        ->test(ChooseEnvironment::class)
+        ->call('selectEnvironment', $tenant->getKey())
         ->assertStatus(404);
 });
 
@@ -61,7 +61,7 @@
     expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_DELETE, $tenant))->toBeFalse();
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionDisabled('archive', $tenant)
         ->assertTableActionExists('archive', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), $tenant)
         ->callTableAction('archive', $tenant, [
@@ -81,7 +81,7 @@
     expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_DELETE, $tenant))->toBeFalse();
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionDisabled('forceDelete', $tenant)
         ->assertTableActionExists('forceDelete', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), $tenant)
         ->callTableAction('forceDelete', $tenant);
@@ -97,7 +97,7 @@
     expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_MANAGE, $tenant))->toBeFalse();
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionDisabled('verify', $tenant)
         ->assertTableActionExists('verify', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), $tenant)
         ->callTableAction('verify', $tenant);
@@ -111,7 +111,7 @@
     expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_MANAGE, $tenant))->toBeFalse();
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionDisabled('setup_rbac', $tenant);
 });
 
@@ -123,7 +123,7 @@
     expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_MANAGE, $tenant))->toBeFalse();
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionDisabled('edit', $tenant)
         ->assertTableActionExists('edit', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), $tenant);
 });
@@ -133,11 +133,11 @@
 
     Filament::setTenant($tenant, true);
 
-    expect(\App\Filament\Resources\TenantResource::adminConsentUrl($tenant))->not->toBeNull();
+    expect(\App\Filament\Resources\ManagedEnvironmentResource::adminConsentUrl($tenant))->not->toBeNull();
     expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_MANAGE, $tenant))->toBeFalse();
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionDisabled('admin_consent', $tenant)
         ->assertTableActionExists('admin_consent', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), $tenant);
 });
@@ -150,7 +150,7 @@
     expect(Gate::forUser($user)->allows(\App\Support\Auth\Capabilities::TENANT_SYNC, $tenant))->toBeFalse();
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionDisabled('syncTenant', $tenant)
         ->assertTableActionExists('syncTenant', fn ($action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), $tenant);
 });
diff --git a/apps/platform/tests/Feature/Filament/TenantDashboardArrivalContextPerformanceTest.php b/apps/platform/tests/Feature/Filament/TenantDashboardArrivalContextPerformanceTest.php
index d5d7f7e5..44f18d00 100644
--- a/apps/platform/tests/Feature/Filament/TenantDashboardArrivalContextPerformanceTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantDashboardArrivalContextPerformanceTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Support\PortfolioTriage\PortfolioArrivalContextResolver;
 use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
 use App\Support\RestoreSafety\RestoreResultAttention;
@@ -65,7 +65,7 @@ function performanceArrivalRequest(array $query, int $workspaceId): Request
     $this->seedPortfolioRecoveryConcern($tenant, RestoreResultAttention::STATE_PARTIAL);
     $this->actingAs($user);
 
-    $arrivalUrl = TenantDashboard::getUrl([
+    $arrivalUrl = EnvironmentDashboard::getUrl([
         PortfolioArrivalContextToken::QUERY_PARAMETER => PortfolioArrivalContextToken::encode([
             'sourceSurface' => PortfolioArrivalContextToken::SOURCE_WORKSPACE_OVERVIEW,
             'tenantRouteKey' => (string) $tenant->external_id,
diff --git a/apps/platform/tests/Feature/Filament/TenantDashboardArrivalContextTest.php b/apps/platform/tests/Feature/Filament/TenantDashboardArrivalContextTest.php
index bae0e80c..06adf814 100644
--- a/apps/platform/tests/Feature/Filament/TenantDashboardArrivalContextTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantDashboardArrivalContextTest.php
@@ -2,13 +2,13 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Filament\Resources\BackupSetResource;
 use App\Filament\Resources\RestoreRunResource;
-use App\Filament\Resources\TenantResource;
-use App\Filament\Widgets\Tenant\TenantTriageArrivalContinuity;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Widgets\ManagedEnvironment\ManagedEnvironmentTriageArrivalContinuity;
 use App\Models\AuditLog;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use Filament\Actions\Action;
 use App\Services\Auth\CapabilityResolver;
 use App\Support\Audit\AuditActionId;
@@ -28,7 +28,7 @@
 
 function tenantDashboardArrivalUrl(\App\Models\ManagedEnvironment $tenant, array $state): string
 {
-    return TenantDashboard::getUrl([
+    return EnvironmentDashboard::getUrl([
         PortfolioArrivalContextToken::QUERY_PARAMETER => PortfolioArrivalContextToken::encode($state),
     ], panel: 'admin', tenant: $tenant);
 }
@@ -42,7 +42,7 @@ function tenantDashboardArrivalWidget(\App\Models\User $user, \App\Models\Manage
 
     return Livewire::withQueryParams([
         PortfolioArrivalContextToken::QUERY_PARAMETER => PortfolioArrivalContextToken::encode($state),
-    ])->actingAs($user)->test(TenantTriageArrivalContinuity::class);
+    ])->actingAs($user)->test(ManagedEnvironmentTriageArrivalContinuity::class);
 }
 
 it('renders source surface, concern, next step, and return flow for workspace backup arrivals', function (): void {
@@ -78,7 +78,7 @@ function tenantDashboardArrivalWidget(\App\Models\User $user, \App\Models\Manage
     $restoreRun = $this->seedPortfolioRecoveryConcern($tenant, RestoreResultAttention::STATE_COMPLETED_WITH_FOLLOW_UP);
     $this->actingAs($user);
 
-    $returnUrl = TenantResource::getUrl('index', [
+    $returnUrl = ManagedEnvironmentResource::getUrl('index', [
         'recovery_evidence' => [TenantRecoveryTriagePresentation::RECOVERY_EVIDENCE_WEAKENED],
         'triage_sort' => TenantRecoveryTriagePresentation::TRIAGE_SORT_WORST_FIRST,
     ], panel: 'admin');
@@ -114,11 +114,11 @@ function tenantDashboardArrivalWidget(\App\Models\User $user, \App\Models\Manage
     [$user, $tenant] = $this->makePortfolioTriageActor('Generic ManagedEnvironment Session');
     $this->actingAs($user);
 
-    $this->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+    $this->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertOk()
         ->assertDontSee('Triage arrival');
 
-    $this->get(TenantDashboard::getUrl([
+    $this->get(EnvironmentDashboard::getUrl([
         PortfolioArrivalContextToken::QUERY_PARAMETER => 'not-base64url',
     ], panel: 'admin', tenant: $tenant))
         ->assertOk()
@@ -213,22 +213,22 @@ function tenantDashboardArrivalWidget(\App\Models\User $user, \App\Models\Manage
             && str_contains((string) $action->getModalDescription(), 'TenantPilot only'))
         ->mountAction('markReviewed');
 
-    expect(TenantTriageReview::query()->count())->toBe(0);
+    expect(ManagedEnvironmentTriageReview::query()->count())->toBe(0);
 
     $component
         ->callMountedAction()
         ->assertSee('Reviewed');
 
-    expect(TenantTriageReview::query()
+    expect(ManagedEnvironmentTriageReview::query()
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->where('concern_family', PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH)
-        ->where('current_state', TenantTriageReview::STATE_REVIEWED)
+        ->where('current_state', ManagedEnvironmentTriageReview::STATE_REVIEWED)
         ->whereNull('resolved_at')
         ->exists())->toBeTrue()
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $tenant->workspace_id)
             ->where('managed_environment_id', (int) $tenant->getKey())
-            ->where('action', AuditActionId::TenantTriageReviewMarkedReviewed->value)
+            ->where('action', AuditActionId::ManagedEnvironmentTriageReviewMarkedReviewed->value)
             ->exists())->toBeTrue();
 });
 
@@ -238,7 +238,7 @@ function tenantDashboardArrivalWidget(\App\Models\User $user, \App\Models\Manage
     $this->seedPortfolioTriageReview(
         $tenant,
         PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH,
-        TenantTriageReview::STATE_REVIEWED,
+        ManagedEnvironmentTriageReview::STATE_REVIEWED,
         $user,
         changedFingerprint: true,
     );
diff --git a/apps/platform/tests/Feature/Filament/TenantDashboardDbOnlyTest.php b/apps/platform/tests/Feature/Filament/TenantDashboardDbOnlyTest.php
index 295f5c67..002289c6 100644
--- a/apps/platform/tests/Feature/Filament/TenantDashboardDbOnlyTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantDashboardDbOnlyTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Filament\Widgets\Dashboard\DashboardKpis;
 use App\Filament\Widgets\Dashboard\RecoveryReadiness;
 use App\Models\BackupItem;
@@ -53,7 +53,7 @@
     Filament::setTenant($tenant, true);
 
     assertNoOutboundHttp(function () use ($tenant): void {
-        $this->get(TenantDashboard::getUrl(tenant: $tenant))
+        $this->get(EnvironmentDashboard::getUrl(tenant: $tenant))
             ->assertOk()
             ->assertSee('/admin/choose-workspace', false)
             ->assertDontSee('data-testid="tenant-dashboard-operations-attention-summary"', false)
@@ -78,6 +78,6 @@
     $outsider = User::factory()->create();
 
     $this->actingAs($outsider)
-        ->get(TenantDashboard::getUrl(tenant: $tenant))
+        ->get(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertNotFound();
 });
diff --git a/apps/platform/tests/Feature/Filament/TenantDashboardTenantScopeTest.php b/apps/platform/tests/Feature/Filament/TenantDashboardTenantScopeTest.php
index 143d07b8..ccd2e4a3 100644
--- a/apps/platform/tests/Feature/Filament/TenantDashboardTenantScopeTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantDashboardTenantScopeTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Filament\Resources\BackupSetResource;
 use App\Filament\Widgets\Dashboard\NeedsAttention;
 use App\Filament\Widgets\Dashboard\RecoveryReadiness;
@@ -47,7 +47,7 @@
 
     $this->actingAs($user);
 
-    $this->get(TenantDashboard::getUrl(tenant: $tenant))
+    $this->get(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertOk()
         ->assertDontSee('Other ManagedEnvironment Policy');
 });
@@ -98,7 +98,7 @@
         ->assertSee('Backup posture')
         ->assertSee('Stale');
 
-    $this->get(TenantDashboard::getUrl(tenant: $tenant))
+    $this->get(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertOk();
 
     $this->get(BackupSetResource::getUrl('index', tenant: $tenant))
diff --git a/apps/platform/tests/Feature/Filament/TenantDiagnosticsRepairsTest.php b/apps/platform/tests/Feature/Filament/TenantDiagnosticsRepairsTest.php
index 858f581a..1d51b25b 100644
--- a/apps/platform/tests/Feature/Filament/TenantDiagnosticsRepairsTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantDiagnosticsRepairsTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDiagnostics;
+use App\Filament\Pages\EnvironmentDiagnostics;
 use App\Models\AuditLog;
 use App\Models\ManagedEnvironmentMembership;
 use App\Support\Audit\AuditActionId;
@@ -25,7 +25,7 @@
 
         Filament::setTenant($tenant, true);
 
-        Livewire::test(TenantDiagnostics::class)
+        Livewire::test(EnvironmentDiagnostics::class)
             ->assertSee('All good')
             ->assertActionHidden('bootstrapOwner')
             ->assertActionHidden('mergeDuplicateMemberships');
@@ -43,7 +43,7 @@
             ->where('role', 'owner')
             ->count())->toBe(0);
 
-        Livewire::test(TenantDiagnostics::class)
+        Livewire::test(EnvironmentDiagnostics::class)
             ->assertDontSee('Missing owner')
             ->assertActionHidden('bootstrapOwner');
     });
@@ -67,7 +67,7 @@
             'created_by_user_id' => (int) $readonly->getKey(),
         ]);
 
-        Livewire::test(TenantDiagnostics::class)
+        Livewire::test(EnvironmentDiagnostics::class)
             ->assertActionVisible('mergeDuplicateMemberships')
             ->assertActionDisabled('mergeDuplicateMemberships')
             ->assertActionExists('mergeDuplicateMemberships', function (Action $action): bool {
@@ -100,7 +100,7 @@
             ->where('user_id', (int) $owner->getKey())
             ->count())->toBeGreaterThan(1);
 
-        Livewire::test(TenantDiagnostics::class)
+        Livewire::test(EnvironmentDiagnostics::class)
             ->assertActionVisible('mergeDuplicateMemberships')
             ->assertActionEnabled('mergeDuplicateMemberships')
             ->mountAction('mergeDuplicateMemberships')
diff --git a/apps/platform/tests/Feature/Filament/TenantGlobalSearchLifecycleScopeTest.php b/apps/platform/tests/Feature/Filament/TenantGlobalSearchLifecycleScopeTest.php
index 748b40e5..11d0fb02 100644
--- a/apps/platform/tests/Feature/Filament/TenantGlobalSearchLifecycleScopeTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantGlobalSearchLifecycleScopeTest.php
@@ -5,8 +5,8 @@
 use App\Filament\Resources\BaselineSnapshotResource;
 use App\Filament\Resources\EvidenceSnapshotResource;
 use App\Filament\Resources\OperationRunResource;
-use App\Filament\Resources\TenantResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\ManagedEnvironment;
 use App\Support\Workspaces\WorkspaceContext;
 use Filament\Facades\Filament;
@@ -47,9 +47,9 @@ function tenantSearchTitles($results): array
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $active->workspace_id);
 
-    $results = TenantResource::getGlobalSearchResults('Lifecycle');
+    $results = ManagedEnvironmentResource::getGlobalSearchResults('Lifecycle');
 
-    expect(TenantResource::canGloballySearch())->toBeFalse()
+    expect(ManagedEnvironmentResource::canGloballySearch())->toBeFalse()
         ->and(tenantSearchTitles($results))->toBe([]);
 });
 
@@ -57,5 +57,5 @@ function tenantSearchTitles($results): array
     expect(OperationRunResource::canGloballySearch())->toBeFalse()
         ->and(EvidenceSnapshotResource::canGloballySearch())->toBeFalse()
         ->and(BaselineSnapshotResource::canGloballySearch())->toBeFalse()
-        ->and(TenantReviewResource::canGloballySearch())->toBeFalse();
+        ->and(EnvironmentReviewResource::canGloballySearch())->toBeFalse();
 });
diff --git a/apps/platform/tests/Feature/Filament/TenantLifecyclePresentationAcrossTenantSurfacesTest.php b/apps/platform/tests/Feature/Filament/TenantLifecyclePresentationAcrossTenantSurfacesTest.php
index a96198fd..6f40d137 100644
--- a/apps/platform/tests/Feature/Filament/TenantLifecyclePresentationAcrossTenantSurfacesTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantLifecyclePresentationAcrossTenantSurfacesTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\Workspace;
@@ -45,7 +45,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]))
+        ->get(route('admin.workspace.managed-environments.index', ['workspace' => $workspace]))
         ->assertSuccessful()
         ->assertSee('Active ManagedEnvironment')
         ->assertSee('Onboarding ManagedEnvironment')
@@ -62,7 +62,7 @@
 
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertSee('Lifecycle summary')
         ->assertSee('This environment is active and available across normal management, environment selection, and operational follow-up flows.')
         ->assertSee('RBAC status')
@@ -79,7 +79,7 @@
 
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertSee('ManagedEnvironment archived')
         ->assertSee('This environment remains available for inspection and audit history, but it is not selectable as active context until you restore it.');
 });
diff --git a/apps/platform/tests/Feature/Filament/TenantLifecycleStatusDomainSeparationTest.php b/apps/platform/tests/Feature/Filament/TenantLifecycleStatusDomainSeparationTest.php
index 42bd65b1..ae865738 100644
--- a/apps/platform/tests/Feature/Filament/TenantLifecycleStatusDomainSeparationTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantLifecycleStatusDomainSeparationTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\OperationRun;
 use App\Models\ManagedEnvironment;
 use App\Support\OperationRunOutcome;
@@ -31,7 +31,7 @@
 
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertSee('Lifecycle summary')
         ->assertSee('This environment is still onboarding. It remains visible on management and review surfaces, but it is not selectable as active context until onboarding completes.')
         ->assertDontSee('App status')
diff --git a/apps/platform/tests/Feature/Filament/TenantMakeCurrentTest.php b/apps/platform/tests/Feature/Filament/TenantMakeCurrentTest.php
index db8d7cec..d3478666 100644
--- a/apps/platform/tests/Feature/Filament/TenantMakeCurrentTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantMakeCurrentTest.php
@@ -1,7 +1,7 @@
 <?php
 
-use App\Filament\Pages\ChooseTenant;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\ChooseEnvironment;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\UserTenantPreference;
@@ -31,9 +31,9 @@
     setAdminPanelContext($first);
     session()->put(WorkspaceContext::SESSION_KEY, (int) $first->workspace_id);
 
-    Livewire::test(ChooseTenant::class)
-        ->call('selectTenant', $second->getKey())
-        ->assertRedirect(TenantDashboard::getUrl(panel: 'admin', tenant: $second));
+    Livewire::test(ChooseEnvironment::class)
+        ->call('selectEnvironment', $second->getKey())
+        ->assertRedirect(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $second));
 
     $preference = UserTenantPreference::query()
         ->where('user_id', $user->getKey())
diff --git a/apps/platform/tests/Feature/Filament/TenantMembersDbOnlyRenderTest.php b/apps/platform/tests/Feature/Filament/TenantMembersDbOnlyRenderTest.php
index 55d1c4aa..fb07d8bd 100644
--- a/apps/platform/tests/Feature/Filament/TenantMembersDbOnlyRenderTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantMembersDbOnlyRenderTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
-use App\Filament\Resources\TenantResource\RelationManagers\TenantMembershipsRelationManager;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
+use App\Filament\Resources\ManagedEnvironmentResource\RelationManagers\ManagedEnvironmentMembershipsRelationManager;
 use App\Models\User;
 use Illuminate\Support\Facades\Bus;
 use Illuminate\Support\Facades\Http;
@@ -25,9 +25,9 @@
     Http::preventStrayRequests();
 
     Livewire::actingAs($user)
-        ->test(TenantMembershipsRelationManager::class, [
+        ->test(ManagedEnvironmentMembershipsRelationManager::class, [
             'ownerRecord' => $tenant,
-            'pageClass' => ViewTenant::class,
+            'pageClass' => ViewManagedEnvironment::class,
         ])
         ->assertSee($member->email);
 
diff --git a/apps/platform/tests/Feature/Filament/TenantMembersTest.php b/apps/platform/tests/Feature/Filament/TenantMembersTest.php
index 6b5657f9..c5a6c310 100644
--- a/apps/platform/tests/Feature/Filament/TenantMembersTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantMembersTest.php
@@ -2,12 +2,12 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ManageTenantMemberships;
-use App\Filament\Resources\TenantResource\RelationManagers\TenantMembershipsRelationManager;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ManageEnvironmentAccessScopes;
+use App\Filament\Resources\ManagedEnvironmentResource\RelationManagers\ManagedEnvironmentMembershipsRelationManager;
 use App\Models\ManagedEnvironmentMembership;
 use App\Models\User;
 use App\Models\WorkspaceMembership;
-use App\Services\Auth\TenantMembershipManager;
+use App\Services\Auth\ManagedEnvironmentMembershipManager;
 use Livewire\Livewire;
 
 it('allows an owner to add and remove explicit environment access scopes', function (): void {
@@ -21,9 +21,9 @@
     ]);
 
     Livewire::actingAs($owner)
-        ->test(TenantMembershipsRelationManager::class, [
+        ->test(ManagedEnvironmentMembershipsRelationManager::class, [
             'ownerRecord' => $tenant,
-            'pageClass' => ManageTenantMemberships::class,
+            'pageClass' => ManageEnvironmentAccessScopes::class,
         ])
         ->callTableAction('add_member', null, [
             'user_id' => $member->getKey(),
@@ -39,9 +39,9 @@
     expect($membership?->role)->toBe('readonly');
 
     Livewire::actingAs($owner)
-        ->test(TenantMembershipsRelationManager::class, [
+        ->test(ManagedEnvironmentMembershipsRelationManager::class, [
             'ownerRecord' => $tenant,
-            'pageClass' => ManageTenantMemberships::class,
+            'pageClass' => ManageEnvironmentAccessScopes::class,
         ])
         ->callTableAction('remove', $membership);
 
@@ -66,9 +66,9 @@
     ]);
 
     Livewire::actingAs($readonly)
-        ->test(TenantMembershipsRelationManager::class, [
+        ->test(ManagedEnvironmentMembershipsRelationManager::class, [
             'ownerRecord' => $tenant,
-            'pageClass' => ManageTenantMemberships::class,
+            'pageClass' => ManageEnvironmentAccessScopes::class,
         ])
         ->assertTableActionVisible('add_member')
         ->assertTableActionDisabled('add_member')
@@ -84,6 +84,6 @@
         ->where('user_id', $owner->getKey())
         ->firstOrFail();
 
-    expect(fn () => app(TenantMembershipManager::class)->changeRole($tenant, $owner, $membership, 'manager'))
+    expect(fn () => app(ManagedEnvironmentMembershipManager::class)->changeRole($tenant, $owner, $membership, 'manager'))
         ->toThrow(DomainException::class, 'Managed-environment access scopes do not manage roles. Change the workspace role instead.');
 });
diff --git a/apps/platform/tests/Feature/Filament/TenantPortfolioContextSwitchTest.php b/apps/platform/tests/Feature/Filament/TenantPortfolioContextSwitchTest.php
index c6af1886..8ae4df6d 100644
--- a/apps/platform/tests/Feature/Filament/TenantPortfolioContextSwitchTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantPortfolioContextSwitchTest.php
@@ -1,7 +1,7 @@
 <?php
 
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Jobs\BulkTenantSyncJob;
 use App\Models\ManagedEnvironment;
 use App\Support\Auth\UiTooltips;
@@ -45,7 +45,7 @@
     [$user, $authorizedTenant] = createUserWithTenant($authorizedTenant, role: 'owner');
     $this->actingAs($user);
 
-    $this->get(TenantResource::getUrl('edit', ['record' => $unauthorizedTenant], panel: 'admin'))->assertNotFound();
+    $this->get(ManagedEnvironmentResource::getUrl('edit', ['record' => $unauthorizedTenant], panel: 'admin'))->assertNotFound();
 });
 
 test('tenant portfolio lists only tenants the user can access', function () {
@@ -86,7 +86,7 @@
 
     setAdminPanelContext($tenantA);
 
-    Livewire::test(ListTenants::class)
+    Livewire::test(ListManagedEnvironments::class)
         ->assertTableBulkActionVisible('syncSelected')
         ->callTableBulkAction('syncSelected', collect([$tenantA, $tenantB]));
 
@@ -110,7 +110,7 @@
     setAdminPanelContext($tenant);
 
     $livewire = Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->selectTableRecords([$tenant])
         ->assertTableBulkActionVisible('syncSelected')
         ->assertTableBulkActionDisabled('syncSelected');
@@ -138,7 +138,7 @@
     setAdminPanelContext($tenantA);
 
     $livewire = Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertCanSeeTableRecords([$tenantA])
         ->assertCanNotSeeTableRecords([$tenantB])
         ->selectTableRecords([$tenantA])
diff --git a/apps/platform/tests/Feature/Filament/TenantRbacWizardTest.php b/apps/platform/tests/Feature/Filament/TenantRbacWizardTest.php
index 08aeac54..7dc3b6ef 100644
--- a/apps/platform/tests/Feature/Filament/TenantRbacWizardTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantRbacWizardTest.php
@@ -1,6 +1,6 @@
 <?php
 
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Http\Controllers\RbacDelegatedAuthController;
 use App\Models\ProviderConnection;
 use App\Models\ProviderCredential;
@@ -62,7 +62,7 @@ function tenantWithApp(): ManagedEnvironment
     $this->actingAs($user);
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->mountAction('setup_rbac')
         ->setActionData([
             'role_definition_id' => 'role-1',
@@ -160,7 +160,7 @@ public function request(string $method, string $path, array $options = []): Grap
         };
     });
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->mountAction('setup_rbac')
         ->setActionData([
             'role_definition_id' => 'role-1',
@@ -275,7 +275,7 @@ public function request(string $method, string $path, array $options = []): Grap
         };
     });
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->mountAction('setup_rbac')
         ->setActionData([
             'role_definition_id' => 'role-1',
@@ -381,7 +381,7 @@ public function request(string $method, string $path, array $options = []): Grap
         };
     });
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->mountAction('setup_rbac')
         ->setActionData([
             'role_definition_id' => 'role-1',
@@ -405,14 +405,14 @@ public function request(string $method, string $path, array $options = []): Grap
     $this->actingAs($user);
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->mountAction('setup_rbac')
         ->setActionData([
             'group_mode' => 'existing',
         ])
         ->assertFormFieldDisabled('existing_group_id');
 
-    expect(\App\Filament\Resources\TenantResource::groupSearchHelper($tenant))->toBe('Login to search groups');
+    expect(\App\Filament\Resources\ManagedEnvironmentResource::groupSearchHelper($tenant))->toBe('Login to search groups');
 });
 
 test('group picker toggles when switching modes', function () {
@@ -421,7 +421,7 @@ public function request(string $method, string $path, array $options = []): Grap
     $this->actingAs($user);
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->mountAction('setup_rbac')
         ->setActionData([
             'group_mode' => 'existing',
@@ -519,12 +519,12 @@ public function request(string $method, string $path, array $options = []): Grap
         };
     });
 
-    $options = \App\Filament\Resources\TenantResource::groupSearchOptions($tenant, 'Ops');
+    $options = \App\Filament\Resources\ManagedEnvironmentResource::groupSearchOptions($tenant, 'Ops');
 
     expect($options)->toHaveKey('group-123');
     expect($options['group-123'])->toContain('Ops Team');
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->mountAction('setup_rbac')
         ->setActionData([
             'group_mode' => 'existing',
@@ -633,12 +633,12 @@ public function request(string $method, string $path, array $options = []): Grap
         };
     });
 
-    $roles = \App\Filament\Resources\TenantResource::roleSearchOptions($tenant, 'Policy');
+    $roles = \App\Filament\Resources\ManagedEnvironmentResource::roleSearchOptions($tenant, 'Policy');
 
     expect($roles)->toHaveKey('role-1');
     expect($roles['role-1'])->toContain('Policy and Profile Manager');
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->mountAction('setup_rbac')
         ->setActionData([
             'role_definition_id' => 'role-1',
diff --git a/apps/platform/tests/Feature/Filament/TenantRegistryArrivalContextTest.php b/apps/platform/tests/Feature/Filament/TenantRegistryArrivalContextTest.php
index bb9ffa5a..103089f1 100644
--- a/apps/platform/tests/Feature/Filament/TenantRegistryArrivalContextTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantRegistryArrivalContextTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
-use App\Filament\Resources\TenantResource;
+use App\Filament\Pages\EnvironmentDashboard;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Support\BackupHealth\TenantBackupHealthAssessment;
 use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
 use App\Support\RestoreSafety\RestoreResultAttention;
@@ -33,7 +33,7 @@ function tenantRegistryArrivalStateFromUrl(string $url): ?array
 
     $this->usePortfolioTriageWorkspace($user, $anchorTenant);
 
-    $expectedUrl = TenantResource::tenantDashboardOpenUrl($weakenedTenant, $triageState);
+    $expectedUrl = ManagedEnvironmentResource::tenantDashboardOpenUrl($weakenedTenant, $triageState);
 
     $this->portfolioTriageRegistryList($user, $anchorTenant, $triageState)
         ->assertTableActionHasUrl('openTenant', $expectedUrl, $weakenedTenant);
@@ -56,7 +56,7 @@ function tenantRegistryArrivalStateFromUrl(string $url): ?array
 it('keeps generic registry opens free of arrival context when triage intent is not active', function (): void {
     [$user, $tenant] = $this->makePortfolioTriageActor('Generic Registry ManagedEnvironment');
 
-    $expectedUrl = TenantDashboard::getUrl(panel: 'admin', tenant: $tenant);
+    $expectedUrl = EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant);
 
     $this->usePortfolioTriageWorkspace($user, $tenant);
 
@@ -75,7 +75,7 @@ function tenantRegistryArrivalStateFromUrl(string $url): ?array
 
     $this->usePortfolioTriageWorkspace($user, $anchorTenant);
 
-    $expectedUrl = TenantResource::tenantDashboardOpenUrl($priorityTenant, [
+    $expectedUrl = ManagedEnvironmentResource::tenantDashboardOpenUrl($priorityTenant, [
         'triage_sort' => TenantRecoveryTriagePresentation::TRIAGE_SORT_WORST_FIRST,
     ]);
 
diff --git a/apps/platform/tests/Feature/Filament/TenantRegistryRecoveryTriageTest.php b/apps/platform/tests/Feature/Filament/TenantRegistryRecoveryTriageTest.php
index e1b1ac89..0e1c317f 100644
--- a/apps/platform/tests/Feature/Filament/TenantRegistryRecoveryTriageTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantRegistryRecoveryTriageTest.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
-use App\Filament\Resources\TenantResource;
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
+use App\Filament\Pages\EnvironmentDashboard;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
 use App\Models\Policy;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
@@ -67,15 +67,15 @@ function tenantRegistryList(ManagedEnvironment $workspaceTenant, User $user, arr
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspaceTenant->workspace_id);
     Filament::setTenant(null, true);
     request()->attributes->remove('tenant_resource.posture_snapshot');
-    session()->forget('tables.'.md5(ListTenants::class).'_filters');
-    session()->forget('tables.'.md5(ListTenants::class).'_search');
-    session()->forget('tables.'.md5(ListTenants::class).'_sort');
+    session()->forget('tables.'.md5(ListManagedEnvironments::class).'_filters');
+    session()->forget('tables.'.md5(ListManagedEnvironments::class).'_search');
+    session()->forget('tables.'.md5(ListManagedEnvironments::class).'_sort');
 
     $factory = $query !== []
         ? Livewire::withQueryParams($query)->actingAs($user)
         : Livewire::actingAs($user);
 
-    return $factory->test(ListTenants::class);
+    return $factory->test(ListManagedEnvironments::class);
 }
 
 function tenantRegistryBackupAssessment(
@@ -164,13 +164,13 @@ function tenantRegistryRecoveryEvidence(
         ->assertTableColumnFormattedStateSet('backup_posture', 'Healthy', $metadataTenant)
         ->assertTableColumnFormattedStateSet('recovery_evidence', 'No recent issues visible', $metadataTenant)
         ->assertTableActionVisible('openTenant', $weakenedTenant)
-        ->assertTableActionHasUrl('openTenant', TenantDashboard::getUrl(panel: 'admin', tenant: $weakenedTenant), $weakenedTenant)
+        ->assertTableActionHasUrl('openTenant', EnvironmentDashboard::getUrl(panel: 'admin', tenant: $weakenedTenant), $weakenedTenant)
         ->assertDontSee('recoverable')
         ->assertDontSee('recovery proven')
         ->assertDontSee('validated overall');
 
     expect($component->instance()->getTable()->getRecordUrl($weakenedTenant))
-        ->toBe(TenantResource::getUrl('view', ['record' => $weakenedTenant], panel: 'admin'));
+        ->toBe(ManagedEnvironmentResource::getUrl('view', ['record' => $weakenedTenant], panel: 'admin'));
 });
 
 it('filters the registry to exact backup and recovery posture slices', function (): void {
@@ -207,7 +207,7 @@ function tenantRegistryRecoveryEvidence(
     tenantRegistryList($calmTenant, $user)
         ->assertTableColumnFormattedStateSet('recovery_evidence', 'Unvalidated', $unvalidatedTenant);
 
-    $tenantResourceReflection = new ReflectionClass(TenantResource::class);
+    $tenantResourceReflection = new ReflectionClass(ManagedEnvironmentResource::class);
     $postureSnapshot = $tenantResourceReflection->getMethod('postureSnapshot');
     $postureSnapshot->setAccessible(true);
 
@@ -227,7 +227,7 @@ function tenantRegistryRecoveryEvidence(
     expect($recoveryFiltered->instance()->getFilteredTableQuery()?->pluck('managed_environments.name')->all())
         ->toBe(['Unvalidated Recovery ManagedEnvironment'])
         ->and($recoveryFiltered->instance()->getTable()->getRecordUrl($unvalidatedTenant))
-        ->toBe(TenantResource::getUrl('view', ['record' => $unvalidatedTenant], panel: 'admin'));
+        ->toBe(ManagedEnvironmentResource::getUrl('view', ['record' => $unvalidatedTenant], panel: 'admin'));
 });
 
 it('orders the visible tenant registry worst-first with stable tenant-name tie breaks when triage sorting is requested', function (): void {
diff --git a/apps/platform/tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php b/apps/platform/tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php
index daaff61c..4686b96b 100644
--- a/apps/platform/tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php
@@ -2,13 +2,13 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\AuditLog;
 use App\Services\Auth\CapabilityResolver;
 use App\Support\Auth\Capabilities;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Support\Audit\AuditActionId;
 use App\Support\BackupHealth\TenantBackupHealthAssessment;
 use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
@@ -43,9 +43,9 @@
 
     $this->seedPortfolioBackupConcern($calmTenant, TenantBackupHealthAssessment::POSTURE_HEALTHY);
 
-    $this->seedPortfolioTriageReview($reviewedTenant, PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH, TenantTriageReview::STATE_REVIEWED, $user);
-    $this->seedPortfolioTriageReview($followUpTenant, PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH, TenantTriageReview::STATE_FOLLOW_UP_NEEDED, $user);
-    $this->seedPortfolioTriageReview($changedTenant, PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH, TenantTriageReview::STATE_REVIEWED, $user, changedFingerprint: true);
+    $this->seedPortfolioTriageReview($reviewedTenant, PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH, ManagedEnvironmentTriageReview::STATE_REVIEWED, $user);
+    $this->seedPortfolioTriageReview($followUpTenant, PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH, ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED, $user);
+    $this->seedPortfolioTriageReview($changedTenant, PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH, ManagedEnvironmentTriageReview::STATE_REVIEWED, $user, changedFingerprint: true);
 
     $this->portfolioTriageRegistryList($user, $anchorTenant, [
         'backup_posture' => [TenantBackupHealthAssessment::POSTURE_STALE],
@@ -60,7 +60,7 @@
     $reviewedNames = $this->portfolioTriageRegistryList($user, $anchorTenant, [
         'backup_posture' => [TenantBackupHealthAssessment::POSTURE_STALE],
     ])
-        ->filterTable('review_state', [TenantTriageReview::STATE_REVIEWED])
+        ->filterTable('review_state', [ManagedEnvironmentTriageReview::STATE_REVIEWED])
         ->instance()
         ->getFilteredTableQuery()
         ?->pluck('managed_environments.name')
@@ -69,7 +69,7 @@
     $followUpNames = $this->portfolioTriageRegistryList($user, $anchorTenant, [
         'backup_posture' => [TenantBackupHealthAssessment::POSTURE_STALE],
     ])
-        ->filterTable('review_state', [TenantTriageReview::STATE_FOLLOW_UP_NEEDED])
+        ->filterTable('review_state', [ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED])
         ->instance()
         ->getFilteredTableQuery()
         ?->pluck('managed_environments.name')
@@ -78,7 +78,7 @@
     $changedNames = $this->portfolioTriageRegistryList($user, $anchorTenant, [
         'backup_posture' => [TenantBackupHealthAssessment::POSTURE_STALE],
     ])
-        ->filterTable('review_state', [TenantTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW])
+        ->filterTable('review_state', [ManagedEnvironmentTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW])
         ->instance()
         ->getFilteredTableQuery()
         ?->pluck('managed_environments.name')
@@ -87,7 +87,7 @@
     $notReviewedNames = $this->portfolioTriageRegistryList($user, $anchorTenant, [
         'backup_posture' => [TenantBackupHealthAssessment::POSTURE_STALE],
     ])
-        ->filterTable('review_state', [TenantTriageReview::DERIVED_STATE_NOT_REVIEWED])
+        ->filterTable('review_state', [ManagedEnvironmentTriageReview::DERIVED_STATE_NOT_REVIEWED])
         ->instance()
         ->getFilteredTableQuery()
         ?->pluck('managed_environments.name')
@@ -108,7 +108,7 @@
     $this->seedPortfolioTriageReview(
         $mixedTenant,
         PortfolioArrivalContextToken::FAMILY_RECOVERY_EVIDENCE,
-        TenantTriageReview::STATE_FOLLOW_UP_NEEDED,
+        ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED,
         $user,
     );
 
@@ -146,7 +146,7 @@
         ],
     ]);
 
-    expect(app(CapabilityResolver::class)->can($user, $actionTenant, Capabilities::TENANT_TRIAGE_REVIEW_MANAGE))->toBeTrue();
+    expect(app(CapabilityResolver::class)->can($user, $actionTenant, Capabilities::MANAGED_ENVIRONMENT_TRIAGE_REVIEW_MANAGE))->toBeTrue();
 
     expect($action)->not->toBeNull()
         ->and($action?->getRecord())->toBeInstanceOf(ManagedEnvironment::class)
@@ -173,18 +173,18 @@
     $component
         ->callMountedAction();
 
-    expect(TenantTriageReview::query()
+    expect(ManagedEnvironmentTriageReview::query()
             ->where('managed_environment_id', (int) $actionTenant->getKey())
             ->where('concern_family', PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH)
-            ->where('current_state', TenantTriageReview::STATE_REVIEWED)
+            ->where('current_state', ManagedEnvironmentTriageReview::STATE_REVIEWED)
             ->whereNull('resolved_at')
             ->exists())->toBeTrue()
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $actionTenant->workspace_id)
             ->where('managed_environment_id', (int) $actionTenant->getKey())
-            ->where('action', AuditActionId::TenantTriageReviewMarkedReviewed->value)
+            ->where('action', AuditActionId::ManagedEnvironmentTriageReviewMarkedReviewed->value)
             ->exists())->toBeTrue()
-        ->and($component->instance())->toBeInstanceOf(ListTenants::class);
+        ->and($component->instance())->toBeInstanceOf(ListManagedEnvironments::class);
 });
 
 it('keeps review-state mutations available on the tenant detail header for the current concern', function (): void {
@@ -198,7 +198,7 @@
     session([WorkspaceContext::SESSION_KEY => (int) $actionTenant->workspace_id]);
 
     $component = Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $actionTenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $actionTenant->getRouteKey()])
         ->assertActionVisible('markReviewed')
         ->assertActionEnabled('markReviewed')
         ->assertActionExists('markReviewed', fn (Action $action): bool => $action->isConfirmationRequired()
@@ -214,16 +214,16 @@
         ->callMountedAction()
         ->assertHasNoActionErrors();
 
-    expect(TenantTriageReview::query()
+    expect(ManagedEnvironmentTriageReview::query()
         ->where('managed_environment_id', (int) $actionTenant->getKey())
         ->where('concern_family', PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH)
-        ->where('current_state', TenantTriageReview::STATE_REVIEWED)
+        ->where('current_state', ManagedEnvironmentTriageReview::STATE_REVIEWED)
         ->whereNull('resolved_at')
         ->exists())->toBeTrue()
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $actionTenant->workspace_id)
             ->where('managed_environment_id', (int) $actionTenant->getKey())
-            ->where('action', AuditActionId::TenantTriageReviewMarkedReviewed->value)
+            ->where('action', AuditActionId::ManagedEnvironmentTriageReviewMarkedReviewed->value)
             ->exists())->toBeTrue()
-        ->and($component->instance())->toBeInstanceOf(ViewTenant::class);
+        ->and($component->instance())->toBeInstanceOf(ViewManagedEnvironment::class);
 });
diff --git a/apps/platform/tests/Feature/Filament/TenantRequiredPermissionsPageTest.php b/apps/platform/tests/Feature/Filament/TenantRequiredPermissionsPageTest.php
index bb14f0f2..da7f23b8 100644
--- a/apps/platform/tests/Feature/Filament/TenantRequiredPermissionsPageTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantRequiredPermissionsPageTest.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantRequiredPermissions;
+use App\Filament\Pages\EnvironmentRequiredPermissions;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Models\User;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -12,7 +12,7 @@
 
 uses(RefreshDatabase::class);
 
-function seedTenantRequiredPermissionsFixture(ManagedEnvironment $tenant): void
+function seedEnvironmentRequiredPermissionsFixture(ManagedEnvironment $tenant): void
 {
     config()->set('intune_permissions.permissions', [
         [
@@ -36,7 +36,7 @@ function seedTenantRequiredPermissionsFixture(ManagedEnvironment $tenant): void
     ]);
     config()->set('entra_permissions.permissions', []);
 
-    TenantPermission::query()->create([
+    ManagedEnvironmentPermission::query()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'permission_key' => 'Group.Read.All',
         'status' => 'missing',
@@ -44,7 +44,7 @@ function seedTenantRequiredPermissionsFixture(ManagedEnvironment $tenant): void
         'last_checked_at' => now(),
     ]);
 
-    TenantPermission::query()->create([
+    ManagedEnvironmentPermission::query()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'permission_key' => 'Reports.Read.All',
         'status' => 'granted',
@@ -63,12 +63,12 @@ function tenantRequiredPermissionsComponent(User $user, ManagedEnvironment $tena
         'tenant' => (string) $tenant->external_id,
     ], $query);
 
-    return Livewire::withQueryParams($query)->test(TenantRequiredPermissions::class);
+    return Livewire::withQueryParams($query)->test(EnvironmentRequiredPermissions::class);
 }
 
 it('uses native table filters and search while keeping summary state aligned with visible rows', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'readonly');
-    seedTenantRequiredPermissionsFixture($tenant);
+    seedEnvironmentRequiredPermissionsFixture($tenant);
 
     $component = tenantRequiredPermissionsComponent($user, $tenant)
         ->assertTableFilterExists('status')
@@ -107,7 +107,7 @@ function tenantRequiredPermissionsComponent(User $user, ManagedEnvironment $tena
 
 it('keeps copy payloads feature-scoped and shows the native no-matches state', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'readonly');
-    seedTenantRequiredPermissionsFixture($tenant);
+    seedEnvironmentRequiredPermissionsFixture($tenant);
 
     $component = tenantRequiredPermissionsComponent($user, $tenant)
         ->set('tableFilters.features.values', ['backup'])
diff --git a/apps/platform/tests/Feature/Filament/TenantResourceIndexIsWorkspaceScopedTest.php b/apps/platform/tests/Feature/Filament/TenantResourceIndexIsWorkspaceScopedTest.php
index 240929f7..097bcf2d 100644
--- a/apps/platform/tests/Feature/Filament/TenantResourceIndexIsWorkspaceScopedTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantResourceIndexIsWorkspaceScopedTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
 use App\Models\ManagedEnvironment;
 use App\Models\ManagedEnvironmentMembership;
 use App\Models\User;
@@ -84,7 +84,7 @@
     Filament::setTenant(null, true);
 
     $component = Livewire::actingAs($user)
-        ->test(\App\Filament\Resources\TenantResource\Pages\ListTenants::class)
+        ->test(\App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments::class)
         ->assertTableEmptyStateActionsExistInOrder(['add_tenant'])
         ->searchTable('ManagedEnvironment')
         ->call('sortTable', 'name', 'desc')
@@ -103,7 +103,7 @@
     expect(session()->get($component->instance()->getTableSortSessionKey()))->toBe('name:desc');
 
     Livewire::actingAs($user)
-        ->test(\App\Filament\Resources\TenantResource\Pages\ListTenants::class)
+        ->test(\App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments::class)
         ->assertSet('tableSearch', 'ManagedEnvironment')
         ->assertSet('tableSort', 'name:desc')
         ->assertSet('tableFilters.environment.value', 'prod');
@@ -149,14 +149,14 @@
     Filament::setTenant(null, true);
 
     $recoveryFiltered = Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->filterTable('recovery_evidence', ['unvalidated']);
 
     expect($recoveryFiltered->instance()->getFilteredTableQuery()?->pluck('managed_environments.name')->all())
         ->toBe([(string) $visibleTenant->name]);
 
     $backupFiltered = Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->filterTable('backup_posture', [TenantBackupHealthAssessment::POSTURE_DEGRADED]);
 
     expect($backupFiltered->instance()->getFilteredTableQuery()?->pluck('managed_environments.name')->all())
diff --git a/apps/platform/tests/Feature/Filament/TenantRoleDefinitionsSelectorDbOnlyTest.php b/apps/platform/tests/Feature/Filament/TenantRoleDefinitionsSelectorDbOnlyTest.php
index 45d5f062..63f2962a 100644
--- a/apps/platform/tests/Feature/Filament/TenantRoleDefinitionsSelectorDbOnlyTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantRoleDefinitionsSelectorDbOnlyTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\EntraRoleDefinition;
 use App\Models\ManagedEnvironment;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -22,7 +22,7 @@
             'display_name' => 'Policy and Profile Manager',
         ]);
 
-    $options = assertNoOutboundHttp(fn () => TenantResource::roleSearchOptions($tenant, 'Pol'));
+    $options = assertNoOutboundHttp(fn () => ManagedEnvironmentResource::roleSearchOptions($tenant, 'Pol'));
 
     expect($options)->toMatchArray([
         '11111111-1111-1111-1111-111111111111' => 'Policy and Profile Manager (11111111)',
@@ -42,7 +42,7 @@
             'display_name' => 'Read Only Operator',
         ]);
 
-    $label = assertNoOutboundHttp(fn () => TenantResource::roleLabelFromCache($tenant, '22222222-2222-2222-2222-222222222222'));
+    $label = assertNoOutboundHttp(fn () => ManagedEnvironmentResource::roleLabelFromCache($tenant, '22222222-2222-2222-2222-222222222222'));
 
     expect($label)->toBe('Read Only Operator (22222222)');
 });
diff --git a/apps/platform/tests/Feature/Filament/TenantScopingTest.php b/apps/platform/tests/Feature/Filament/TenantScopingTest.php
index 412b9e37..d795fcdc 100644
--- a/apps/platform/tests/Feature/Filament/TenantScopingTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantScopingTest.php
@@ -31,14 +31,14 @@
         ->assertDontSee('ManagedEnvironment B Connection');
 });
 
-it('does not show non-member tenants in the choose-tenant list', function (): void {
+it('does not show non-member tenants in the choose-environment list', function (): void {
     $tenantA = ManagedEnvironment::factory()->create(['name' => 'ManagedEnvironment A']);
     $tenantB = ManagedEnvironment::factory()->create(['name' => 'ManagedEnvironment B']);
 
     [$user] = createUserWithTenant($tenantA, role: 'owner');
 
     $this->actingAs($user)
-        ->get('/admin/choose-tenant')
+        ->get('/admin/choose-environment')
         ->assertOk()
         ->assertSee('ManagedEnvironment A')
         ->assertDontSee('ManagedEnvironment B');
diff --git a/apps/platform/tests/Feature/Filament/TenantSetupTest.php b/apps/platform/tests/Feature/Filament/TenantSetupTest.php
index a8061557..5f343d86 100644
--- a/apps/platform/tests/Feature/Filament/TenantSetupTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantSetupTest.php
@@ -1,11 +1,11 @@
 <?php
 
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ProviderCredential;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Models\User;
 use App\Support\ManagedEnvironmentLinks;
 use App\Support\OperationRunLinks;
@@ -54,7 +54,7 @@
         ],
     ]);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->callAction('verify');
 
     $run = OperationRun::query()
@@ -111,7 +111,7 @@
         'consent_status' => 'granted',
     ]);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->callAction('verify');
 
     $run = OperationRun::query()
@@ -146,7 +146,7 @@
     $permissions = config('intune_permissions.permissions', []);
     $firstKey = $permissions[0]['key'] ?? 'DeviceManagementConfiguration.ReadWrite.All';
 
-    TenantPermission::create([
+    ManagedEnvironmentPermission::create([
         'managed_environment_id' => $tenant->id,
         'permission_key' => $firstKey,
         'status' => 'ok',
@@ -180,7 +180,7 @@
     session([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]);
 
     Livewire::actingAs($user)
-        ->test(\App\Filament\Resources\TenantResource\Pages\ListTenants::class)
+        ->test(\App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments::class)
         ->assertTableActionVisible('open_in_entra', $tenant);
 });
 
@@ -198,7 +198,7 @@
 
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->mountAction('archive')
         ->setActionData([
             'archive_reason' => 'Archiving this tenant from the detail workflow.',
diff --git a/apps/platform/tests/Feature/Filament/TenantSwitcherUrlResolvesTenantTest.php b/apps/platform/tests/Feature/Filament/TenantSwitcherUrlResolvesTenantTest.php
index 57658683..41a161b7 100644
--- a/apps/platform/tests/Feature/Filament/TenantSwitcherUrlResolvesTenantTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantSwitcherUrlResolvesTenantTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Models\Workspace;
 use Filament\Facades\Filament;
@@ -30,7 +30,7 @@
     expect(Filament::getTenant()?->is($tenantA))->toBeTrue();
 
     $response = $this->actingAs($user)
-        ->get(TenantDashboard::getUrl(tenant: $tenantB));
+        ->get(EnvironmentDashboard::getUrl(tenant: $tenantB));
 
     $response->assertSuccessful();
     expect(Filament::getTenant())->toBeInstanceOf(ManagedEnvironment::class);
diff --git a/apps/platform/tests/Feature/Filament/TenantTruthCleanupSpec179Test.php b/apps/platform/tests/Feature/Filament/TenantTruthCleanupSpec179Test.php
index 83c04c06..7c48005b 100644
--- a/apps/platform/tests/Feature/Filament/TenantTruthCleanupSpec179Test.php
+++ b/apps/platform/tests/Feature/Filament/TenantTruthCleanupSpec179Test.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
 use App\Support\Providers\ProviderConsentStatus;
@@ -46,7 +46,7 @@
     Filament::setTenant(null, true);
 
     $component = Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertCanSeeTableRecords([$tenant]);
 
     $table = $component->instance()->getTable();
@@ -106,7 +106,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     Filament::setTenant(null, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertSee('Lifecycle summary')
         ->assertSee('This environment is still onboarding. It remains visible on management and review surfaces, but it is not selectable as active context until onboarding completes.')
         ->assertSee('RBAC status')
@@ -151,7 +151,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     Filament::setTenant(null, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertSee('Needs action: set a default provider connection.')
         ->assertSee('Fallback Microsoft Connection')
         ->assertSee('Open Provider Connections');
@@ -186,7 +186,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     Filament::setTenant(null, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertSee('Active')
         ->assertSee('Granted')
         ->assertSee('Blocked')
diff --git a/apps/platform/tests/Feature/Filament/TenantVerificationReportWidgetTest.php b/apps/platform/tests/Feature/Filament/TenantVerificationReportWidgetTest.php
index e1cf6a1c..391f2078 100644
--- a/apps/platform/tests/Feature/Filament/TenantVerificationReportWidgetTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantVerificationReportWidgetTest.php
@@ -2,16 +2,16 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
-use App\Filament\Widgets\Tenant\TenantVerificationReport;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
+use App\Filament\Widgets\ManagedEnvironment\ManagedEnvironmentVerificationReport;
 use App\Jobs\ProviderConnectionHealthCheckJob;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ProviderCredential;
 use App\Services\Intune\RbacHealthService;
 use App\Services\Intune\TenantConfigService;
-use App\Services\Intune\TenantPermissionService;
+use App\Services\Intune\ManagedEnvironmentPermissionService;
 use App\Support\OperationRunLinks;
 use App\Support\Verification\VerificationReportWriter;
 use Filament\Facades\Filament;
@@ -45,7 +45,7 @@
         ],
     ]);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->callAction('verify');
 
     $run = OperationRun::query()
@@ -109,7 +109,7 @@
 
     assertNoOutboundHttp(function () use ($user): void {
         $component = Livewire::actingAs($user)
-            ->test(TenantVerificationReport::class)
+            ->test(ManagedEnvironmentVerificationReport::class)
             ->assertSee('Provider connection preflight')
             ->assertSee(OperationRunLinks::openLabel())
             ->assertDontSee('Start verification')
@@ -141,10 +141,10 @@
     ]);
 
     $component = Livewire::actingAs($user)
-        ->test(TenantVerificationReport::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentVerificationReport::class, ['record' => $tenant])
         ->assertSee(OperationRunLinks::openLabel())
         ->assertDontSee('Start verification')
-        ->assertSee(ViewTenant::verificationHeaderActionLabel());
+        ->assertSee(ViewManagedEnvironment::verificationHeaderActionLabel());
 
     expect(substr_count($component->html(), OperationRunLinks::openLabel()))->toBe(1)
         ->and(substr_count($component->html(), 'Start verification'))->toBe(0);
@@ -162,7 +162,7 @@
         $mock->shouldReceive('testConnectivity')->never();
     });
 
-    $this->mock(TenantPermissionService::class, function ($mock): void {
+    $this->mock(ManagedEnvironmentPermissionService::class, function ($mock): void {
         $mock->shouldReceive('compare')->never();
     });
 
@@ -174,7 +174,7 @@
 
     assertNoOutboundHttp(function () use ($user, $tenant): void {
         Livewire::actingAs($user)
-            ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+            ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
             ->assertSee('Verification report');
     });
 });
@@ -203,7 +203,7 @@
         ],
     ]);
 
-    Livewire::test(TenantVerificationReport::class, ['record' => $tenant])
+    Livewire::test(ManagedEnvironmentVerificationReport::class, ['record' => $tenant])
         ->assertSee('No provider verification check has been recorded yet.')
         ->call('startVerification');
 
@@ -236,7 +236,7 @@
     Filament::setTenant($tenant, true);
 
     Livewire::actingAs($user)
-        ->test(TenantVerificationReport::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentVerificationReport::class, ['record' => $tenant])
         ->assertSee('No provider verification check has been recorded yet.')
         ->assertSee('Verification can be started from tenant management only while the tenant is active.')
         ->assertDontSee('Start verification');
@@ -268,7 +268,7 @@
         ],
     ]);
 
-    Livewire::test(ListTenants::class)
+    Livewire::test(ListManagedEnvironments::class)
         ->callTableAction('verify', $tenant);
 
     $run = OperationRun::query()
diff --git a/apps/platform/tests/Feature/Filament/TenantViewHeaderUiEnforcementTest.php b/apps/platform/tests/Feature/Filament/TenantViewHeaderUiEnforcementTest.php
index bb7b7ee6..819a9afa 100644
--- a/apps/platform/tests/Feature/Filament/TenantViewHeaderUiEnforcementTest.php
+++ b/apps/platform/tests/Feature/Filament/TenantViewHeaderUiEnforcementTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\AuditLog;
 use App\Models\ManagedEnvironment;
 use App\Support\Rbac\UiTooltips;
@@ -23,14 +23,14 @@
         $tenant->makeCurrent();
         Filament::setTenant($tenant, true);
 
-        Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
             ->assertActionVisible('archive')
             ->assertActionDisabled('archive')
             ->assertActionExists('archive', function (Action $action): bool {
                 return $action->getTooltip() === UiTooltips::INSUFFICIENT_PERMISSION;
             });
 
-        $contextEntries = collect(TenantResource::tenantViewContextEntries($tenant))->keyBy('key');
+        $contextEntries = collect(ManagedEnvironmentResource::tenantViewContextEntries($tenant))->keyBy('key');
 
         expect($contextEntries->get('tenant_edit')['availability'] ?? null)->toBe('authorization_denied')
             ->and($contextEntries->get('provider_connections')['availability'] ?? null)->toBe('available');
@@ -44,11 +44,11 @@
         $tenant->makeCurrent();
         Filament::setTenant($tenant, true);
 
-        Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
             ->assertActionVisible('archive')
             ->assertActionEnabled('archive');
 
-        $contextEntries = collect(TenantResource::tenantViewContextEntries($tenant))->keyBy('key');
+        $contextEntries = collect(ManagedEnvironmentResource::tenantViewContextEntries($tenant))->keyBy('key');
 
         expect($contextEntries->get('tenant_edit')['availability'] ?? null)->toBe('available')
             ->and($contextEntries->get('provider_connections')['availability'] ?? null)->toBe('available');
@@ -62,7 +62,7 @@
         $tenant->makeCurrent();
         Filament::setTenant($tenant, true);
 
-        Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
             ->assertActionDisabled('archive')
             ->mountAction('archive')
             ->setActionData([
@@ -92,7 +92,7 @@
         $this->actingAs($user);
         Filament::setTenant(null, true);
 
-        expect(collect(TenantResource::tenantViewContextEntries($tenant))
+        expect(collect(ManagedEnvironmentResource::tenantViewContextEntries($tenant))
             ->firstWhere('key', 'related_onboarding')['value'] ?? null)
             ->toBe('Resume onboarding');
     });
@@ -131,7 +131,7 @@
             ->where('action', \App\Support\Audit\AuditActionId::TenantReturnedToDraft->value)
             ->exists())->toBeTrue();
 
-        expect(collect(TenantResource::tenantViewContextEntries($tenant))
+        expect(collect(ManagedEnvironmentResource::tenantViewContextEntries($tenant))
             ->firstWhere('key', 'related_onboarding')['value'] ?? null)
             ->toBe('View cancelled onboarding draft');
     });
diff --git a/apps/platform/tests/Feature/Filament/WorkspaceContextTopbarAndTenantSelectionTest.php b/apps/platform/tests/Feature/Filament/WorkspaceContextTopbarAndTenantSelectionTest.php
index 6783d054..21564d78 100644
--- a/apps/platform/tests/Feature/Filament/WorkspaceContextTopbarAndTenantSelectionTest.php
+++ b/apps/platform/tests/Feature/Filament/WorkspaceContextTopbarAndTenantSelectionTest.php
@@ -48,7 +48,7 @@
     $user->forceFill(['last_workspace_id' => (int) $workspaceA->getKey()])->save();
 
     $this->actingAs($user)
-        ->get(route('filament.admin.pages.choose-tenant'))
+        ->get(route('filament.admin.pages.choose-environment'))
         ->assertOk()
         ->assertSee($tenantA->name)
         ->assertDontSee($tenantB->name);
diff --git a/apps/platform/tests/Feature/Filament/WorkspaceOnlySurfaceTenantIndependenceTest.php b/apps/platform/tests/Feature/Filament/WorkspaceOnlySurfaceTenantIndependenceTest.php
index 3e18b2d9..d4a90569 100644
--- a/apps/platform/tests/Feature/Filament/WorkspaceOnlySurfaceTenantIndependenceTest.php
+++ b/apps/platform/tests/Feature/Filament/WorkspaceOnlySurfaceTenantIndependenceTest.php
@@ -4,7 +4,7 @@
 
 use App\Filament\Resources\AlertRuleResource;
 use App\Filament\Resources\BaselineProfileResource;
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\AlertRule;
 use App\Models\BaselineProfile;
 use App\Models\ManagedEnvironment;
@@ -45,7 +45,7 @@
         ->assertSee('Workspace baseline');
 
     $this->withSession($session)
-        ->get(TenantResource::getUrl(panel: 'admin'))
+        ->get(ManagedEnvironmentResource::getUrl(panel: 'admin'))
         ->assertOk()
         ->assertSee($tenant->name);
 });
@@ -99,7 +99,7 @@
             ->assertSee('Workspace-wide baseline');
 
         $this->withSession($session)
-            ->get(TenantResource::getUrl(panel: 'admin'))
+            ->get(ManagedEnvironmentResource::getUrl(panel: 'admin'))
             ->assertOk()
             ->assertSee('Phoenicon')
             ->assertSee('YPTW2');
diff --git a/apps/platform/tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php b/apps/platform/tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php
index dea4e1c5..01ddd5ff 100644
--- a/apps/platform/tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php
+++ b/apps/platform/tests/Feature/Filament/WorkspaceOverviewAuthorizationTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Models\User;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -118,11 +118,11 @@
     expect($metrics->get('backup_attention_tenants')['value'])->toBe(1)
         ->and($metrics->get('backup_attention_tenants')['destination']['kind'])->toBe('tenant_dashboard')
         ->and($metrics->get('backup_attention_tenants')['destination']['disabled'])->toBeFalse()
-        ->and($metrics->get('backup_attention_tenants')['destination_url'])->toStartWith(TenantDashboard::getUrl(tenant: $backupTenant).'?arrival=')
+        ->and($metrics->get('backup_attention_tenants')['destination_url'])->toStartWith(EnvironmentDashboard::getUrl(tenant: $backupTenant).'?arrival=')
         ->and($metrics->get('recovery_attention_tenants')['value'])->toBe(1)
         ->and($metrics->get('recovery_attention_tenants')['destination']['kind'])->toBe('tenant_dashboard')
         ->and($metrics->get('recovery_attention_tenants')['destination']['disabled'])->toBeFalse()
-        ->and($metrics->get('recovery_attention_tenants')['destination_url'])->toStartWith(TenantDashboard::getUrl(tenant: $recoveryTenant).'?arrival=');
+        ->and($metrics->get('recovery_attention_tenants')['destination_url'])->toStartWith(EnvironmentDashboard::getUrl(tenant: $recoveryTenant).'?arrival=');
 });
 
 it('falls back to the visible tenant dashboard when hidden peers are excluded from backup and recovery metric drill-through', function (): void {
@@ -179,8 +179,8 @@
 
     expect($metrics->get('backup_attention_tenants')['value'])->toBe(1)
         ->and($metrics->get('backup_attention_tenants')['destination']['kind'])->toBe('tenant_dashboard')
-        ->and($metrics->get('backup_attention_tenants')['destination_url'])->toStartWith(TenantDashboard::getUrl(tenant: $visibleBackupTenant).'?arrival=')
+        ->and($metrics->get('backup_attention_tenants')['destination_url'])->toStartWith(EnvironmentDashboard::getUrl(tenant: $visibleBackupTenant).'?arrival=')
         ->and($metrics->get('recovery_attention_tenants')['value'])->toBe(1)
         ->and($metrics->get('recovery_attention_tenants')['destination']['kind'])->toBe('tenant_dashboard')
-        ->and($metrics->get('recovery_attention_tenants')['destination_url'])->toStartWith(TenantDashboard::getUrl(tenant: $visibleRecoveryTenant).'?arrival=');
+        ->and($metrics->get('recovery_attention_tenants')['destination_url'])->toStartWith(EnvironmentDashboard::getUrl(tenant: $visibleRecoveryTenant).'?arrival=');
 });
diff --git a/apps/platform/tests/Feature/Filament/WorkspaceOverviewContentTest.php b/apps/platform/tests/Feature/Filament/WorkspaceOverviewContentTest.php
index 93689601..0e30c231 100644
--- a/apps/platform/tests/Feature/Filament/WorkspaceOverviewContentTest.php
+++ b/apps/platform/tests/Feature/Filament/WorkspaceOverviewContentTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\ManagedEnvironment;
 use App\Models\OperationRun;
 use App\Support\OperationRunStatus;
@@ -116,10 +116,10 @@
     $overview = app(WorkspaceOverviewBuilder::class)->build($anchorTenant->workspace()->firstOrFail(), $user);
     $metrics = collect($overview['summary_metrics'])->keyBy('key');
 
-    expect($metrics->get('backup_attention_tenants')['destination']['kind'])->toBe('choose_tenant')
-        ->and($metrics->get('backup_attention_tenants')['destination_url'])->toContain(TenantResource::getUrl('index', panel: 'admin'))
+    expect($metrics->get('backup_attention_tenants')['destination']['kind'])->toBe('choose_environment')
+        ->and($metrics->get('backup_attention_tenants')['destination_url'])->toContain(ManagedEnvironmentResource::getUrl('index', panel: 'admin'))
         ->and($metrics->get('backup_attention_tenants')['destination_url'])->not->toContain('arrival=')
-        ->and($metrics->get('recovery_attention_tenants')['destination']['kind'])->toBe('choose_tenant')
-        ->and($metrics->get('recovery_attention_tenants')['destination_url'])->toContain(TenantResource::getUrl('index', panel: 'admin'))
+        ->and($metrics->get('recovery_attention_tenants')['destination']['kind'])->toBe('choose_environment')
+        ->and($metrics->get('recovery_attention_tenants')['destination_url'])->toContain(ManagedEnvironmentResource::getUrl('index', panel: 'admin'))
         ->and($metrics->get('recovery_attention_tenants')['destination_url'])->not->toContain('arrival=');
 });
diff --git a/apps/platform/tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php b/apps/platform/tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php
index d9ed78cb..bd2f60c4 100644
--- a/apps/platform/tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php
+++ b/apps/platform/tests/Feature/Filament/WorkspaceOverviewDrilldownContinuityTest.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
 use App\Filament\Resources\EvidenceSnapshotResource;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Filament\Widgets\Dashboard\NeedsAttention as TenantNeedsAttention;
 use App\Filament\Widgets\Workspace\WorkspaceNeedsAttention;
 use App\Models\AlertDelivery;
@@ -139,7 +139,7 @@
     $this->actingAs($user);
 
     $evidenceUrl = EvidenceSnapshotResource::getUrl('index', panel: 'admin', tenant: $tenant);
-    $reviewUrl = TenantReviewResource::tenantScopedUrl('index', [], $tenant);
+    $reviewUrl = EnvironmentReviewResource::tenantScopedUrl('index', [], $tenant);
 
     $items = [
         [
@@ -168,7 +168,7 @@
             'url' => $evidenceUrl,
         ],
         [
-            'key' => 'tenant_review_attention',
+            'key' => 'environment_review_attention',
             'managed_environment_id' => (int) $tenant->getKey(),
             'tenant_label' => (string) $tenant->name,
             'tenant_route_key' => (string) $tenant->external_id,
@@ -180,7 +180,7 @@
             'badge' => 'Review',
             'badge_color' => 'warning',
             'destination' => [
-                'kind' => 'tenant_reviews',
+                'kind' => 'environment_reviews',
                 'url' => $reviewUrl,
                 'tenant_route_key' => (string) $tenant->external_id,
                 'label' => 'Open review',
@@ -295,7 +295,7 @@
 
     $backupRegistry = Livewire::withQueryParams($backupQuery)
         ->actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertSet('tableFilters.backup_posture.values', [
             'absent',
             'stale',
@@ -314,7 +314,7 @@
 
     $recoveryRegistry = Livewire::withQueryParams($recoveryQuery)
         ->actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertSet('tableFilters.recovery_evidence.values', [
             'weakened',
             'unvalidated',
diff --git a/apps/platform/tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php b/apps/platform/tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php
index 312e1a9d..48b4901f 100644
--- a/apps/platform/tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php
+++ b/apps/platform/tests/Feature/Filament/WorkspaceOverviewPermissionVisibilityTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Services\Auth\CapabilityResolver;
 use App\Support\Auth\Capabilities;
@@ -162,10 +162,10 @@
         ->and($items->get('backup_health')['destination']['kind'])->toBe('tenant_dashboard')
         ->and($items->get('backup_health')['destination']['disabled'])->toBeFalse()
         ->and($items->get('backup_health')['helper_text'])->toBeNull()
-        ->and($items->get('backup_health')['url'])->toStartWith(TenantDashboard::getUrl(tenant: $backupTenant).'?arrival=')
+        ->and($items->get('backup_health')['url'])->toStartWith(EnvironmentDashboard::getUrl(tenant: $backupTenant).'?arrival=')
         ->and($items->get('recovery_evidence')['action_disabled'])->toBeFalse()
         ->and($items->get('recovery_evidence')['destination']['kind'])->toBe('tenant_dashboard')
         ->and($items->get('recovery_evidence')['destination']['disabled'])->toBeFalse()
         ->and($items->get('recovery_evidence')['helper_text'])->toBeNull()
-        ->and($items->get('recovery_evidence')['url'])->toStartWith(TenantDashboard::getUrl(tenant: $recoveryTenant).'?arrival=');
+        ->and($items->get('recovery_evidence')['url'])->toStartWith(EnvironmentDashboard::getUrl(tenant: $recoveryTenant).'?arrival=');
 });
diff --git a/apps/platform/tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php b/apps/platform/tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php
index f3bf6558..b1560d6a 100644
--- a/apps/platform/tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php
+++ b/apps/platform/tests/Feature/Filament/WorkspaceOverviewSummaryMetricsTest.php
@@ -95,7 +95,7 @@
 
     expect($metrics->get('governance_attention_tenants')['value'])->toBe(4)
         ->and($metrics->get('governance_attention_tenants')['category'])->toBe('governance_risk')
-        ->and($metrics->get('governance_attention_tenants')['destination']['kind'])->toBe('choose_tenant');
+        ->and($metrics->get('governance_attention_tenants')['destination']['kind'])->toBe('choose_environment');
 });
 
 it('keeps activity and alerts metrics separate from governance risk', function (): void {
@@ -207,16 +207,16 @@
 
     expect($metrics->get('backup_attention_tenants')['value'])->toBe(2)
         ->and($metrics->get('backup_attention_tenants')['category'])->toBe('backup_health')
-        ->and($metrics->get('backup_attention_tenants')['destination']['kind'])->toBe('choose_tenant')
-        ->and($metrics->get('backup_attention_tenants')['destination_url'])->toStartWith(\App\Filament\Resources\TenantResource::getUrl(panel: 'admin'))
+        ->and($metrics->get('backup_attention_tenants')['destination']['kind'])->toBe('choose_environment')
+        ->and($metrics->get('backup_attention_tenants')['destination_url'])->toStartWith(\App\Filament\Resources\ManagedEnvironmentResource::getUrl(panel: 'admin'))
         ->and($backupDestination['filters'])->toBe([
             'backup_posture' => ['absent', 'stale', 'degraded'],
             'triage_sort' => 'worst_first',
         ])
         ->and($metrics->get('recovery_attention_tenants')['value'])->toBe(2)
         ->and($metrics->get('recovery_attention_tenants')['category'])->toBe('recovery_evidence')
-        ->and($recoveryDestination['kind'])->toBe('choose_tenant')
-        ->and($metrics->get('recovery_attention_tenants')['destination_url'])->toStartWith(\App\Filament\Resources\TenantResource::getUrl(panel: 'admin'))
+        ->and($recoveryDestination['kind'])->toBe('choose_environment')
+        ->and($metrics->get('recovery_attention_tenants')['destination_url'])->toStartWith(\App\Filament\Resources\ManagedEnvironmentResource::getUrl(panel: 'admin'))
         ->and($recoveryDestination['filters'])->toBe([
             'recovery_evidence' => ['weakened', 'unvalidated'],
             'triage_sort' => 'worst_first',
diff --git a/apps/platform/tests/Feature/Filament/WorkspaceOverviewTriageReviewProgressTest.php b/apps/platform/tests/Feature/Filament/WorkspaceOverviewTriageReviewProgressTest.php
index 409cf1f3..a703246c 100644
--- a/apps/platform/tests/Feature/Filament/WorkspaceOverviewTriageReviewProgressTest.php
+++ b/apps/platform/tests/Feature/Filament/WorkspaceOverviewTriageReviewProgressTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Support\BackupHealth\TenantBackupHealthAssessment;
 use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
 use App\Support\Workspaces\WorkspaceOverviewBuilder;
@@ -36,9 +36,9 @@
     $calmBackup = $this->seedPortfolioBackupConcern($calmTenant, TenantBackupHealthAssessment::POSTURE_HEALTHY);
     workspaceOverviewSeedRestoreHistory($calmTenant, $calmBackup, 'completed');
 
-    $this->seedPortfolioTriageReview($reviewedTenant, PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH, TenantTriageReview::STATE_REVIEWED, $user);
-    $this->seedPortfolioTriageReview($followUpTenant, PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH, TenantTriageReview::STATE_FOLLOW_UP_NEEDED, $user);
-    $this->seedPortfolioTriageReview($changedTenant, PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH, TenantTriageReview::STATE_REVIEWED, $user, changedFingerprint: true);
+    $this->seedPortfolioTriageReview($reviewedTenant, PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH, ManagedEnvironmentTriageReview::STATE_REVIEWED, $user);
+    $this->seedPortfolioTriageReview($followUpTenant, PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH, ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED, $user);
+    $this->seedPortfolioTriageReview($changedTenant, PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH, ManagedEnvironmentTriageReview::STATE_REVIEWED, $user, changedFingerprint: true);
 
     $workspace = $anchorTenant->workspace()->firstOrFail();
     $overview = app(WorkspaceOverviewBuilder::class)->build($workspace, $user);
diff --git a/apps/platform/tests/Feature/Findings/FindingExceptionRegisterTest.php b/apps/platform/tests/Feature/Findings/FindingExceptionRegisterTest.php
index 85069e65..355d740d 100644
--- a/apps/platform/tests/Feature/Findings/FindingExceptionRegisterTest.php
+++ b/apps/platform/tests/Feature/Findings/FindingExceptionRegisterTest.php
@@ -5,7 +5,7 @@
 use App\Filament\Resources\FindingExceptionResource;
 use App\Filament\Resources\FindingExceptionResource\Pages\ListFindingExceptions;
 use App\Filament\Resources\FindingExceptionResource\Pages\ViewFindingException;
-use App\Filament\Widgets\Tenant\FindingExceptionStatsOverview;
+use App\Filament\Widgets\ManagedEnvironment\FindingExceptionStatsOverview;
 use App\Models\Finding;
 use App\Models\FindingException;
 use App\Models\User;
@@ -136,7 +136,7 @@
 
     $this->actingAs($viewer)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $otherWorkspace->getKey()])
-        ->get(route('admin.finding-exceptions.open-queue', ['tenant' => (string) $tenant->external_id]))
+        ->get(route('admin.finding-exceptions.open-queue', ['environment' => (string) $tenant->external_id]))
         ->assertRedirect(
             \App\Filament\Pages\Monitoring\FindingExceptionsQueue::getUrl([
                 'tenant' => (string) $tenant->external_id,
diff --git a/apps/platform/tests/Feature/Findings/FindingOutcomeSummaryReportingTest.php b/apps/platform/tests/Feature/Findings/FindingOutcomeSummaryReportingTest.php
index e66d4aea..bbee6a90 100644
--- a/apps/platform/tests/Feature/Findings/FindingOutcomeSummaryReportingTest.php
+++ b/apps/platform/tests/Feature/Findings/FindingOutcomeSummaryReportingTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Reviews\ReviewRegister;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\EvidenceSnapshot;
 use App\Models\Finding;
 use App\Services\Evidence\EvidenceSnapshotService;
@@ -99,7 +99,7 @@ function materializeFindingOutcomeSnapshot(\App\Models\ManagedEnvironment $tenan
         ->and(data_get($verifiedEntry, 'terminal_outcome.verification_state'))->toBe(FindingOutcomeSemantics::VERIFICATION_VERIFIED);
 });
 
-it('propagates finding outcome summaries into evidence snapshots tenant reviews and review packs', function (): void {
+it('propagates finding outcome summaries into evidence snapshots environment reviews and review packs', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
     seedFindingOutcomeMatrix($tenant);
@@ -110,7 +110,7 @@ function materializeFindingOutcomeSnapshot(\App\Models\ManagedEnvironment $tenan
         ->and(data_get($snapshot->summary, 'finding_outcomes.'.FindingOutcomeSemantics::OUTCOME_VERIFIED_CLEARED))->toBe(1)
         ->and(data_get($snapshot->summary, 'finding_report_buckets.accepted_risk'))->toBe(1);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
 
     expect(data_get($review->summary, 'finding_outcomes.'.FindingOutcomeSemantics::OUTCOME_CLOSED_DUPLICATE))->toBe(1)
         ->and(data_get($review->summary, 'finding_report_buckets.administrative_closure'))->toBe(1);
@@ -118,7 +118,7 @@ function materializeFindingOutcomeSnapshot(\App\Models\ManagedEnvironment $tenan
     setAdminEnvironmentContext($tenant);
 
     $this->actingAs($user)
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
         ->assertOk()
         ->assertSee('Terminal outcomes:')
         ->assertSee('resolved pending verification')
diff --git a/apps/platform/tests/Feature/Findings/FindingsListEnterpriseUxTest.php b/apps/platform/tests/Feature/Findings/FindingsListEnterpriseUxTest.php
index 765bf9a0..146539bd 100644
--- a/apps/platform/tests/Feature/Findings/FindingsListEnterpriseUxTest.php
+++ b/apps/platform/tests/Feature/Findings/FindingsListEnterpriseUxTest.php
@@ -4,7 +4,7 @@
 
 use App\Filament\Resources\FindingResource;
 use App\Filament\Resources\FindingResource\Pages\ListFindings;
-use App\Filament\Widgets\Tenant\FindingStatsOverview;
+use App\Filament\Widgets\ManagedEnvironment\FindingStatsOverview;
 use App\Models\Finding;
 use Filament\Facades\Filament;
 use Illuminate\Foundation\Testing\RefreshDatabase;
diff --git a/apps/platform/tests/Feature/Findings/MyWorkInboxTest.php b/apps/platform/tests/Feature/Findings/MyWorkInboxTest.php
index 0a878ff6..7b95ea7f 100644
--- a/apps/platform/tests/Feature/Findings/MyWorkInboxTest.php
+++ b/apps/platform/tests/Feature/Findings/MyWorkInboxTest.php
@@ -303,7 +303,7 @@ function makeAssignedFindingForInbox(ManagedEnvironment $tenant, User $assignee,
 
     myWorkInboxPage($user)
         ->assertSee('No visible assigned findings right now')
-        ->assertTableEmptyStateActionsExistInOrder(['choose_tenant_empty']);
+        ->assertTableEmptyStateActionsExistInOrder(['choose_environment_empty']);
 });
 
 it('uses the active visible environment for the calm empty-state drillback when environment context exists', function (): void {
diff --git a/apps/platform/tests/Feature/Governance/GovernanceInboxPageTest.php b/apps/platform/tests/Feature/Governance/GovernanceInboxPageTest.php
index b57d8d43..5af4028e 100644
--- a/apps/platform/tests/Feature/Governance/GovernanceInboxPageTest.php
+++ b/apps/platform/tests/Feature/Governance/GovernanceInboxPageTest.php
@@ -8,12 +8,12 @@
 use App\Models\FindingException;
 use App\Models\OperationRun;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Support\BackupHealth\TenantBackupHealthResolver;
 use App\Support\OperationRunOutcome;
 use App\Support\OperationRunStatus;
 use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
-use App\Support\PortfolioTriage\TenantTriageReviewFingerprint;
+use App\Support\PortfolioTriage\ManagedEnvironmentTriageReviewFingerprint;
 use App\Support\Workspaces\WorkspaceContext;
 
 it('renders visible governance attention sections on the governance inbox page', function (): void {
@@ -88,12 +88,12 @@
     ]);
 
     $backupHealthResolver = app(TenantBackupHealthResolver::class);
-    $fingerprints = app(TenantTriageReviewFingerprint::class);
+    $fingerprints = app(ManagedEnvironmentTriageReviewFingerprint::class);
     $alphaBackupFingerprint = $fingerprints->forBackupHealth($backupHealthResolver->assess($alphaTenant));
 
     expect($alphaBackupFingerprint)->not->toBeNull();
 
-    TenantTriageReview::factory()
+    ManagedEnvironmentTriageReview::factory()
         ->for($alphaTenant)
         ->followUpNeeded()
         ->create([
diff --git a/apps/platform/tests/Feature/Guards/ActionSurfaceContractTest.php b/apps/platform/tests/Feature/Guards/ActionSurfaceContractTest.php
index fc209ebe..a13ab4c8 100644
--- a/apps/platform/tests/Feature/Guards/ActionSurfaceContractTest.php
+++ b/apps/platform/tests/Feature/Guards/ActionSurfaceContractTest.php
@@ -12,11 +12,11 @@
 use App\Filament\Pages\Monitoring\Operations;
 use App\Filament\Pages\NoAccess;
 use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Filament\Pages\Reviews\ReviewRegister;
-use App\Filament\Pages\TenantDiagnostics;
-use App\Filament\Pages\TenantRequiredPermissions;
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\EnvironmentDiagnostics;
+use App\Filament\Pages\EnvironmentRequiredPermissions;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Filament\Resources\AlertDeliveryResource;
 use App\Filament\Resources\AlertDeliveryResource\Pages\ListAlertDeliveries;
 use App\Filament\Resources\AlertDestinationResource;
@@ -55,13 +55,13 @@
 use App\Filament\Resources\RestoreRunResource\Pages\ListRestoreRuns;
 use App\Filament\Resources\ReviewPackResource;
 use App\Filament\Resources\ReviewPackResource\Pages\ListReviewPacks;
-use App\Filament\Resources\TenantResource;
-use App\Filament\Resources\TenantResource\Pages\ManageTenantMemberships;
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
-use App\Filament\Resources\TenantResource\RelationManagers\TenantMembershipsRelationManager;
-use App\Filament\Resources\TenantReviewResource;
-use App\Filament\Resources\TenantReviewResource\Pages\ListTenantReviews;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ManageEnvironmentAccessScopes;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
+use App\Filament\Resources\ManagedEnvironmentResource\RelationManagers\ManagedEnvironmentMembershipsRelationManager;
+use App\Filament\Resources\EnvironmentReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource\Pages\ListEnvironmentReviews;
 use App\Filament\Resources\Workspaces\Pages\ListWorkspaces;
 use App\Filament\Resources\Workspaces\Pages\ViewWorkspace;
 use App\Filament\Resources\Workspaces\RelationManagers\WorkspaceMembershipsRelationManager;
@@ -187,7 +187,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
     $components = collect(ActionSurfaceValidator::withBaselineExemptions()->discoveredComponents())
         ->keyBy('className');
 
-    $tenantResource = $components->get(\App\Filament\Resources\TenantResource::class);
+    $tenantResource = $components->get(\App\Filament\Resources\ManagedEnvironmentResource::class);
     $policyResource = $components->get(\App\Filament\Resources\PolicyResource::class);
 
     expect($tenantResource)->not->toBeNull();
@@ -506,9 +506,9 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
     $tenant->makeCurrent();
     Filament::setTenant($tenant, true);
 
-    $livewire = Livewire::test(TenantMembershipsRelationManager::class, [
+    $livewire = Livewire::test(ManagedEnvironmentMembershipsRelationManager::class, [
         'ownerRecord' => $tenant,
-        'pageClass' => ViewTenant::class,
+        'pageClass' => ViewManagedEnvironment::class,
     ])
         ->assertCanSeeTableRecords([$membership]);
 
@@ -611,37 +611,37 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
     $tenant->makeCurrent();
     Filament::setTenant($tenant, true);
 
-    $membershipsUrl = TenantResource::getUrl('memberships', ['record' => $tenant->getRouteKey()], panel: 'admin');
+    $membershipsUrl = ManagedEnvironmentResource::getUrl('memberships', ['record' => $tenant->getRouteKey()], panel: 'admin');
 
     $this->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
-        ->get(TenantResource::getUrl('view', ['record' => $tenant->getRouteKey()], panel: 'admin'))
+        ->get(ManagedEnvironmentResource::getUrl('view', ['record' => $tenant->getRouteKey()], panel: 'admin'))
         ->assertOk()
         ->assertDontSee('/admin/tenants', false)
         ->assertDontSee('/admin/t/', false)
-        ->assertDontSeeLivewire(TenantMembershipsRelationManager::class);
+        ->assertDontSeeLivewire(ManagedEnvironmentMembershipsRelationManager::class);
 
     session([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]);
 
     $membershipsPage = Livewire::actingAs($user)
-        ->test(ManageTenantMemberships::class, ['tenant' => $tenant->getRouteKey()])
+        ->test(ManageEnvironmentAccessScopes::class, ['environment' => $tenant->getRouteKey()])
         ->assertActionVisible('back_to_overview')
         ->assertActionDoesNotExist('memberships')
         ->assertActionExists('back_to_overview', fn ($action): bool => $action->getLabel() === 'Back to environment overview'
             && $action->getUrl() === ManagedEnvironmentLinks::viewUrl($tenant));
 
     expect($membershipsPage->instance()->getRelationManagers())
-        ->toContain(TenantMembershipsRelationManager::class);
+        ->toContain(ManagedEnvironmentMembershipsRelationManager::class);
 
     $this->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
-        ->get(TenantResource::getUrl('memberships', ['record' => $tenant->getRouteKey()], panel: 'admin'))
+        ->get(ManagedEnvironmentResource::getUrl('memberships', ['record' => $tenant->getRouteKey()], panel: 'admin'))
         ->assertOk()
         ->assertSee('Manage environment access scope')
         ->assertSee('Workspace membership defines the role. Explicit environment scopes only narrow which workspace members can see this environment.')
         ->assertSee('Back to environment overview')
-        ->assertDontSeeLivewire(\App\Filament\Widgets\Tenant\RecentOperationsSummary::class)
-        ->assertDontSeeLivewire(\App\Filament\Widgets\Tenant\TenantVerificationReport::class)
-        ->assertDontSeeLivewire(\App\Filament\Widgets\Tenant\AdminRolesSummaryWidget::class)
-        ->assertSeeLivewire(TenantMembershipsRelationManager::class);
+        ->assertDontSeeLivewire(\App\Filament\Widgets\ManagedEnvironment\RecentOperationsSummary::class)
+        ->assertDontSeeLivewire(\App\Filament\Widgets\ManagedEnvironment\ManagedEnvironmentVerificationReport::class)
+        ->assertDontSeeLivewire(\App\Filament\Widgets\ManagedEnvironment\AdminRolesSummaryWidget::class)
+        ->assertSeeLivewire(ManagedEnvironmentMembershipsRelationManager::class);
 });
 
 it('keeps the tenant registry action surface on row inspect plus one safe dashboard shortcut for active tenants', function (): void {
@@ -654,13 +654,13 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
     session([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]);
 
     $list = Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionVisible('openTenant', $tenant)
         ->assertTableActionHidden('related_onboarding', $tenant)
-        ->assertTableActionHasUrl('openTenant', TenantDashboard::getUrl(panel: 'admin', tenant: $tenant), $tenant);
+        ->assertTableActionHasUrl('openTenant', EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant), $tenant);
 
     expect($list->instance()->getTable()->getRecordUrl($tenant))
-        ->toBe(TenantResource::getUrl('view', ['record' => $tenant], panel: 'admin'));
+        ->toBe(ManagedEnvironmentResource::getUrl('view', ['record' => $tenant], panel: 'admin'));
 });
 
 it('keeps tenant detail header actions aligned with the shared administrative family while preserving workflow-heavy exceptions', function (): void {
@@ -686,7 +686,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
     session([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]);
 
     $listComponent = Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionVisible('admin_consent', $tenant)
         ->assertTableActionVisible('open_in_entra', $tenant)
         ->assertTableActionVisible('syncTenant', $tenant)
@@ -698,7 +698,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
     $markFollowUpNeededAction = $listComponent->instance()->getTable()->getAction('markFollowUpNeeded');
 
     $component = Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionVisible('admin_consent')
         ->assertActionVisible('open_in_entra')
         ->assertActionVisible('syncTenant')
@@ -756,7 +756,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
         ->and($visibleHeaderActionNames)->toContain('markReviewed')
         ->and($visibleHeaderActionNames)->toContain('markFollowUpNeeded')
         ->and($visibleHeaderActionNames)->not->toContain('forceDelete')
-        ->and(collect(TenantResource::tenantViewContextEntries($tenant))->pluck('key')->all())->toContain('tenant_edit');
+        ->and(collect(ManagedEnvironmentResource::tenantViewContextEntries($tenant))->pluck('key')->all())->toContain('tenant_edit');
 });
 
 it('renders the backup items relation manager on the backup set detail page', function (): void {
@@ -843,8 +843,8 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
         InventoryCoverage::class => InventoryCoverage::actionSurfaceDeclaration(),
         NoAccess::class => NoAccess::actionSurfaceDeclaration(),
         TenantlessOperationRunViewer::class => TenantlessOperationRunViewer::actionSurfaceDeclaration(),
-        TenantDiagnostics::class => TenantDiagnostics::actionSurfaceDeclaration(),
-        TenantRequiredPermissions::class => TenantRequiredPermissions::actionSurfaceDeclaration(),
+        EnvironmentDiagnostics::class => EnvironmentDiagnostics::actionSurfaceDeclaration(),
+        EnvironmentRequiredPermissions::class => EnvironmentRequiredPermissions::actionSurfaceDeclaration(),
         AlertDeliveryResource::class => AlertDeliveryResource::actionSurfaceDeclaration(),
         BackupScheduleResource::class => BackupScheduleResource::actionSurfaceDeclaration(),
         BackupScheduleOperationRunsRelationManager::class => BackupScheduleOperationRunsRelationManager::actionSurfaceDeclaration(),
@@ -859,7 +859,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
         OperationRunResource::class => OperationRunResource::actionSurfaceDeclaration(),
         ReviewPackResource::class => ReviewPackResource::actionSurfaceDeclaration(),
         RestoreRunResource::class => RestoreRunResource::actionSurfaceDeclaration(),
-        TenantMembershipsRelationManager::class => TenantMembershipsRelationManager::actionSurfaceDeclaration(),
+        ManagedEnvironmentMembershipsRelationManager::class => ManagedEnvironmentMembershipsRelationManager::actionSurfaceDeclaration(),
         VersionsRelationManager::class => VersionsRelationManager::actionSurfaceDeclaration(),
         BaselineProfileResource::class => BaselineProfileResource::actionSurfaceDeclaration(),
         WorkspaceMembershipsRelationManager::class => WorkspaceMembershipsRelationManager::actionSurfaceDeclaration(),
@@ -938,14 +938,14 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
 it('keeps first-slice trusted-state page action-surface status explicit', function (): void {
     $baselineExemptions = ActionSurfaceExemptions::baseline();
 
-    expect(method_exists(TenantRequiredPermissions::class, 'actionSurfaceDeclaration'))->toBeTrue()
-        ->and($baselineExemptions->hasClass(TenantRequiredPermissions::class))->toBeFalse();
+    expect(method_exists(EnvironmentRequiredPermissions::class, 'actionSurfaceDeclaration'))->toBeTrue()
+        ->and($baselineExemptions->hasClass(EnvironmentRequiredPermissions::class))->toBeFalse();
 
     expect(method_exists(Alerts::class, 'actionSurfaceDeclaration'))->toBeTrue()
         ->and($baselineExemptions->hasClass(Alerts::class))->toBeFalse();
 
-    expect($baselineExemptions->hasClass(ManagedTenantOnboardingWizard::class))->toBeTrue()
-        ->and((string) $baselineExemptions->reasonForClass(ManagedTenantOnboardingWizard::class))->toContain('dedicated conformance tests')
+    expect($baselineExemptions->hasClass(ManagedEnvironmentOnboardingWizard::class))->toBeTrue()
+        ->and((string) $baselineExemptions->reasonForClass(ManagedEnvironmentOnboardingWizard::class))->toContain('dedicated conformance tests')
         ->toContain('spec 172');
 
     expect(method_exists(\App\Filament\System\Pages\Ops\Runbooks::class, 'actionSurfaceDeclaration'))->toBeFalse()
@@ -958,9 +958,9 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
 it('keeps spec 172 retrofit surfaces covered without broad baseline exemptions', function (): void {
     $baselineExemptions = ActionSurfaceExemptions::baseline();
 
-    expect($baselineExemptions->hasClass(ViewTenant::class))->toBeFalse()
-        ->and($baselineExemptions->hasClass(ManagedTenantOnboardingWizard::class))->toBeTrue()
-        ->and((string) $baselineExemptions->reasonForClass(ManagedTenantOnboardingWizard::class))
+    expect($baselineExemptions->hasClass(ViewManagedEnvironment::class))->toBeFalse()
+        ->and($baselineExemptions->hasClass(ManagedEnvironmentOnboardingWizard::class))->toBeTrue()
+        ->and((string) $baselineExemptions->reasonForClass(ManagedEnvironmentOnboardingWizard::class))
         ->toContain('spec 172')
         ->toContain('OnboardingVerificationTest')
         ->toContain('OnboardingVerificationClustersTest')
@@ -981,11 +981,11 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
         \App\Filament\System\Pages\Directory\ViewWorkspace::class,
         \App\Filament\Pages\BreakGlassRecovery::class,
         \App\Filament\Pages\ChooseWorkspace::class,
-        \App\Filament\Pages\ChooseTenant::class,
+        \App\Filament\Pages\ChooseEnvironment::class,
         \App\Filament\Pages\Tenancy\RegisterTenant::class,
-        \App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class,
-        \App\Filament\Pages\Workspaces\ManagedTenantsLanding::class,
-        \App\Filament\Pages\TenantDashboard::class,
+        \App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class,
+        \App\Filament\Pages\Workspaces\ManagedEnvironmentsLanding::class,
+        \App\Filament\Pages\EnvironmentDashboard::class,
     ]);
 
     foreach ($inventory as $className => $surface) {
@@ -1008,11 +1008,11 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
 
     expect($mustRemainBaselineExempt)->toEqualCanonicalizing([
         \App\Filament\Pages\ChooseWorkspace::class,
-        \App\Filament\Pages\ChooseTenant::class,
+        \App\Filament\Pages\ChooseEnvironment::class,
         \App\Filament\Pages\Tenancy\RegisterTenant::class,
-        \App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class,
-        \App\Filament\Pages\Workspaces\ManagedTenantsLanding::class,
-        \App\Filament\Pages\TenantDashboard::class,
+        \App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class,
+        \App\Filament\Pages\Workspaces\ManagedEnvironmentsLanding::class,
+        \App\Filament\Pages\EnvironmentDashboard::class,
     ]);
 
     foreach ($mustRemainBaselineExempt as $className) {
@@ -1119,7 +1119,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
 
     foreach ([
         BackupItemsRelationManager::class,
-        TenantMembershipsRelationManager::class,
+        ManagedEnvironmentMembershipsRelationManager::class,
         WorkspaceMembershipsRelationManager::class,
     ] as $className) {
         expect(method_exists($className, 'actionSurfaceDeclaration'))
@@ -1177,7 +1177,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
 
     foreach ([
         NoAccess::class,
-        TenantDiagnostics::class,
+        EnvironmentDiagnostics::class,
     ] as $className) {
         expect(method_exists($className, 'actionSurfaceDeclaration'))
             ->toBeTrue("{$className} should declare its action surface once enrolled.");
@@ -1191,7 +1191,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
     $baselineExemptions = ActionSurfaceExemptions::baseline();
 
     foreach ([
-        TenantRequiredPermissions::class,
+        EnvironmentRequiredPermissions::class,
     ] as $className) {
         expect(method_exists($className, 'actionSurfaceDeclaration'))
             ->toBeTrue("{$className} should declare its action surface once enrolled.");
@@ -1311,14 +1311,14 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
         ->and($table->getRecordUrl($snapshot))->toBe(EvidenceSnapshotResource::getUrl('view', ['record' => $snapshot]));
 });
 
-it('uses clickable rows without a duplicate View action on the tenant reviews list', function (): void {
+it('uses clickable rows without a duplicate View action on the environment reviews list', function (): void {
     [$user, $tenant] = createMinimalUserWithTenant(role: 'owner');
-    $review = composeTenantReviewForTest($tenant, $user);
+    $review = composeEnvironmentReviewForTest($tenant, $user);
 
     $this->actingAs($user);
     setAdminEnvironmentContext($tenant);
 
-    $livewire = Livewire::test(ListTenantReviews::class)
+    $livewire = Livewire::test(ListEnvironmentReviews::class)
         ->assertCanSeeTableRecords([$review]);
 
     $table = $livewire->instance()->getTable();
@@ -1330,7 +1330,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
 
     expect($rowActionNames)->toEqualCanonicalizing(['export_executive_pack'])
         ->and($table->getBulkActions())->toBeEmpty()
-        ->and($table->getRecordUrl($review))->toBe(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant));
+        ->and($table->getRecordUrl($review))->toBe(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant));
 });
 
 it('uses clickable rows while keeping download direct and grouping expire under More on the review packs list', function (): void {
@@ -1582,7 +1582,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
 it('keeps review and evidence references on clickable-row open without duplicate inspect actions', function (): void {
     [$user, $tenant] = createMinimalUserWithTenant(role: 'owner');
 
-    $review = composeTenantReviewForTest($tenant, $user)->load('evidenceSnapshot');
+    $review = composeEnvironmentReviewForTest($tenant, $user)->load('evidenceSnapshot');
     $snapshot = $review->evidenceSnapshot;
 
     $this->actingAs($user);
@@ -1608,7 +1608,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
         ->and(ReviewRegister::actionSurfaceDeclaration()->slot(ActionSurfaceSlot::InspectAffordance)?->details)->toBe(ActionSurfaceInspectAffordance::ClickableRow->value)
         ->and($reviewActionNames)->not->toContain('view_review')
         ->and($reviewActionNames)->toContain('export_executive_pack')
-        ->and($reviewTable->getRecordUrl($review))->toBe(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $review->tenant, 'tenant'))
+        ->and($reviewTable->getRecordUrl($review))->toBe(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $review->tenant, 'tenant'))
         ->and(EvidenceOverview::actionSurfaceDeclaration()->surfaceType)->toBe(ActionSurfaceType::ReadOnlyRegistryReport)
         ->and(EvidenceOverview::actionSurfaceDeclaration()->slot(ActionSurfaceSlot::InspectAffordance)?->details)->toBe(ActionSurfaceInspectAffordance::ClickableRow->value)
         ->and($snapshot)->toBeInstanceOf(EvidenceSnapshot::class)
@@ -1725,10 +1725,10 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
     $this->actingAs($manager);
     setAdminEnvironmentContext($tenant);
 
-    Livewire::test(TenantDiagnostics::class)
+    Livewire::test(EnvironmentDiagnostics::class)
         ->assertActionExists('bootstrapOwner');
 
-    $declaration = TenantDiagnostics::actionSurfaceDeclaration();
+    $declaration = EnvironmentDiagnostics::actionSurfaceDeclaration();
 
     expect((string) ($declaration->slot(ActionSurfaceSlot::ListHeader)?->details ?? ''))
         ->toContain('repair actions')
@@ -1757,9 +1757,9 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
     [$user, $tenant] = createMinimalUserWithTenant(role: 'readonly');
 
     $response = $this->actingAs($user)
-        ->get(TenantRequiredPermissions::getUrl([
+        ->get(EnvironmentRequiredPermissions::getUrl([
             'workspace' => (int) $tenant->workspace_id,
-            'tenant' => $tenant,
+            'environment' => $tenant,
         ], panel: 'admin'));
 
     $response->assertOk()
@@ -1768,7 +1768,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
         ->assertSee('Re-run verification')
         ->assertSee('Start verification');
 
-    $declaration = TenantRequiredPermissions::actionSurfaceDeclaration();
+    $declaration = EnvironmentRequiredPermissions::actionSurfaceDeclaration();
 
     expect((string) ($declaration->exemption(ActionSurfaceSlot::ListHeader)?->reason ?? ''))
         ->toContain('body sections')
@@ -2309,7 +2309,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
         ->values()
         ->all();
 
-    expect($workflowHeavy)->toBe([\App\Filament\Resources\TenantResource\Pages\ViewTenant::class])
+    expect($workflowHeavy)->toBe([\App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment::class])
         ->and($referencePages)->toEqualCanonicalizing([
             \App\Filament\Resources\ReviewPackResource\Pages\ViewReviewPack::class,
             \App\Filament\Resources\AlertDestinationResource\Pages\ViewAlertDestination::class,
@@ -2346,7 +2346,7 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
         BaselineCompareLanding::class,
         BaselineCompareMatrix::class,
         ReviewRegister::class,
-        TenantDiagnostics::class,
+        EnvironmentDiagnostics::class,
     ])
         ->and($baselineExemptions->hasClass(Alerts::class))->toBeFalse()
         ->and(method_exists(Alerts::class, 'actionSurfaceDeclaration'))->toBeTrue()
@@ -2361,8 +2361,8 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
             BaselineCompareMatrix::class,
             ReviewRegister::class,
         ])
-        ->and(ActionSurfaceExemptions::spec193MonitoringSurface(TenantDiagnostics::class)['classification'] ?? null)->toBe('special_type_acceptable')
-        ->and(ActionSurfaceExemptions::spec193MonitoringSurface(TenantDiagnostics::class)['exceptionReason'] ?? null)->toContain('diagnostic');
+        ->and(ActionSurfaceExemptions::spec193MonitoringSurface(EnvironmentDiagnostics::class)['classification'] ?? null)->toBe('special_type_acceptable')
+        ->and(ActionSurfaceExemptions::spec193MonitoringSurface(EnvironmentDiagnostics::class)['exceptionReason'] ?? null)->toContain('diagnostic');
 });
 
 it('keeps spec 193 hierarchy work from expanding confirmation, reason capture, or compare-start semantics', function (): void {
@@ -2465,10 +2465,10 @@ function actionSurfaceSystemPanelContext(array $capabilities): PlatformUser
         \App\Filament\Resources\BaselineProfileResource::class,
         \App\Filament\Resources\EvidenceSnapshotResource::class,
         \App\Filament\Resources\FindingExceptionResource::class,
-        \App\Filament\Resources\TenantReviewResource::class,
-        \App\Filament\Resources\TenantResource::class,
-        \App\Filament\Resources\TenantResource\Pages\EditTenant::class,
-        \App\Filament\Resources\TenantResource\Pages\ViewTenant::class,
+        \App\Filament\Resources\EnvironmentReviewResource::class,
+        \App\Filament\Resources\ManagedEnvironmentResource::class,
+        \App\Filament\Resources\ManagedEnvironmentResource\Pages\EditManagedEnvironment::class,
+        \App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment::class,
     ] as $className) {
         $source = file_get_contents((string) (new ReflectionClass($className))->getFileName()) ?: '';
 
diff --git a/apps/platform/tests/Feature/Guards/ActionSurfaceValidatorTest.php b/apps/platform/tests/Feature/Guards/ActionSurfaceValidatorTest.php
index 05bf8a97..c96368ba 100644
--- a/apps/platform/tests/Feature/Guards/ActionSurfaceValidatorTest.php
+++ b/apps/platform/tests/Feature/Guards/ActionSurfaceValidatorTest.php
@@ -309,7 +309,7 @@ function formatActionSurfaceIssues(array $issues): string
 
 it('fails when a spec 195 residual surface is missing structured evidence', function (): void {
     $inventory = ActionSurfaceExemptions::spec195ResidualSurfaceInventory();
-    $inventory[\App\Filament\Pages\Workspaces\ManagedTenantsLanding::class]['evidence'] = [];
+    $inventory[\App\Filament\Pages\Workspaces\ManagedEnvironmentsLanding::class]['evidence'] = [];
 
     $issues = ActionSurfaceValidator::validateSpec195ResidualInventoryFixture(
         inventory: $inventory,
@@ -318,7 +318,7 @@ function formatActionSurfaceIssues(array $issues): string
     );
 
     expect(formatActionSurfaceIssues($issues))
-        ->toContain(\App\Filament\Pages\Workspaces\ManagedTenantsLanding::class)
+        ->toContain(\App\Filament\Pages\Workspaces\ManagedEnvironmentsLanding::class)
         ->toContain('require at least one structured evidence descriptor');
 });
 
diff --git a/apps/platform/tests/Feature/Guards/AdminTenantResolverGuardTest.php b/apps/platform/tests/Feature/Guards/AdminTenantResolverGuardTest.php
index a4e72413..78ea38e0 100644
--- a/apps/platform/tests/Feature/Guards/AdminTenantResolverGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/AdminTenantResolverGuardTest.php
@@ -6,7 +6,7 @@ function adminTenantResolverGuardedFiles(): array
 {
     return [
         'app/Filament/Pages/BaselineCompareLanding.php',
-        'app/Filament/Pages/TenantDiagnostics.php',
+        'app/Filament/Pages/EnvironmentDiagnostics.php',
         'app/Filament/Pages/InventoryCoverage.php',
         'app/Filament/Widgets/Inventory/InventoryKpiHeader.php',
         'app/Filament/Pages/Monitoring/Operations.php',
@@ -29,8 +29,8 @@ function adminTenantResolverGuardedFiles(): array
         'app/Filament/Resources/AlertDeliveryResource.php',
         'app/Filament/Resources/AlertDeliveryResource/Pages/ListAlertDeliveries.php',
         'app/Filament/Pages/Monitoring/AuditLog.php',
-        'app/Filament/Pages/TenantRequiredPermissions.php',
-        'app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php',
+        'app/Filament/Pages/EnvironmentRequiredPermissions.php',
+        'app/Filament/Pages/Workspaces/ManagedEnvironmentOnboardingWizard.php',
         'app/Filament/Resources/ProviderConnectionResource/Pages/ListProviderConnections.php',
         'app/Filament/Resources/RestoreRunResource.php',
         'app/Filament/Resources/RestoreRunResource/Pages/CreateRestoreRun.php',
@@ -40,8 +40,8 @@ function adminTenantResolverGuardedFiles(): array
 function adminTenantResolverExceptionFiles(): array
 {
     return [
-        'app/Filament/Pages/ChooseTenant.php',
-        'app/Http/Controllers/SelectTenantController.php',
+        'app/Filament/Pages/ChooseEnvironment.php',
+        'app/Http/Controllers/SelectEnvironmentController.php',
         'app/Support/Middleware/EnsureFilamentTenantSelected.php',
         'app/Filament/Concerns/ResolvesPanelTenantContext.php',
     ];
@@ -101,6 +101,6 @@ function adminTenantResolverExceptionFiles(): array
     $guardedFiles = adminTenantResolverGuardedFiles();
 
     expect($guardedFiles)
-        ->toContain('app/Filament/Pages/TenantRequiredPermissions.php')
-        ->toContain('app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php');
+        ->toContain('app/Filament/Pages/EnvironmentRequiredPermissions.php')
+        ->toContain('app/Filament/Pages/Workspaces/ManagedEnvironmentOnboardingWizard.php');
 });
diff --git a/apps/platform/tests/Feature/Guards/ConfidenceLaneContractTest.php b/apps/platform/tests/Feature/Guards/ConfidenceLaneContractTest.php
index 38b493d1..253db58d 100644
--- a/apps/platform/tests/Feature/Guards/ConfidenceLaneContractTest.php
+++ b/apps/platform/tests/Feature/Guards/ConfidenceLaneContractTest.php
@@ -62,7 +62,7 @@
             'tests/Feature/Rbac/BackupItemsRelationManagerUiEnforcementTest.php',
             'tests/Feature/Rbac/WorkspaceMembershipsRelationManagerUiEnforcementTest.php',
             'tests/Feature/SettingsFoundation/WorkspaceSettingsManageTest.php',
-            'tests/Feature/Filament/TenantReviewHeaderDisciplineTest.php',
+            'tests/Feature/Filament/EnvironmentReviewHeaderDisciplineTest.php',
             'tests/Feature/Filament/PanelNavigationSegregationTest.php',
         );
 
diff --git a/apps/platform/tests/Feature/Guards/EnvironmentCopyNeutralizationGuardTest.php b/apps/platform/tests/Feature/Guards/EnvironmentCopyNeutralizationGuardTest.php
index d29d677f..162f8736 100644
--- a/apps/platform/tests/Feature/Guards/EnvironmentCopyNeutralizationGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/EnvironmentCopyNeutralizationGuardTest.php
@@ -6,10 +6,10 @@
 
 it('keeps in-scope surfaces free of retired tenant-first and provider-first copy', function (): void {
     $forbiddenCopyByFile = [
-        'apps/platform/app/Filament/Pages/ChooseTenant.php' => [
+        'apps/platform/app/Filament/Pages/ChooseEnvironment.php' => [
             'Choose tenant',
         ],
-        'apps/platform/resources/views/filament/pages/choose-tenant.blade.php' => [
+        'apps/platform/resources/views/filament/pages/choose-environment.blade.php' => [
             'Choose tenant',
             'Select the tenant for your normal active operating context.',
             'No tenant selected is still a valid workspace state',
@@ -17,10 +17,10 @@
             'View managed tenants',
             'Add tenant',
         ],
-        'apps/platform/app/Filament/Pages/Workspaces/ManagedTenantsLanding.php' => [
+        'apps/platform/app/Filament/Pages/Workspaces/ManagedEnvironmentsLanding.php' => [
             'Managed tenants',
         ],
-        'apps/platform/resources/views/filament/pages/workspaces/managed-tenants-landing.blade.php' => [
+        'apps/platform/resources/views/filament/pages/workspaces/managed-environments-landing.blade.php' => [
             'No managed tenants yet',
             'Choose tenant',
             'Add tenant',
@@ -96,7 +96,7 @@
             'Open tenant detail',
             'tenant drilldowns',
         ],
-        'apps/platform/resources/views/filament/pages/tenant-required-permissions.blade.php' => [
+        'apps/platform/resources/views/filament/pages/environment-required-permissions.blade.php' => [
             'No tenant selected',
         ],
         'apps/platform/lang/en/localization.php' => [
diff --git a/apps/platform/tests/Feature/Guards/FilamentTableStandardsGuardTest.php b/apps/platform/tests/Feature/Guards/FilamentTableStandardsGuardTest.php
index b054e6d8..73b8a3d1 100644
--- a/apps/platform/tests/Feature/Guards/FilamentTableStandardsGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/FilamentTableStandardsGuardTest.php
@@ -6,7 +6,7 @@
 
 it('declares default sorts for the standardized table surface inventory', function (): void {
     $paths = collect([
-        'app/Filament/Resources/TenantResource.php',
+        'app/Filament/Resources/ManagedEnvironmentResource.php',
         'app/Filament/Resources/PolicyResource.php',
         'app/Filament/Resources/BackupSetResource.php',
         'app/Filament/Resources/BackupScheduleResource.php',
@@ -23,13 +23,13 @@
         'app/Filament/Resources/PolicyVersionResource.php',
         'app/Filament/Resources/ReviewPackResource.php',
         'app/Filament/Resources/Workspaces/WorkspaceResource.php',
-        'app/Filament/Resources/TenantResource/RelationManagers/TenantMembershipsRelationManager.php',
+        'app/Filament/Resources/ManagedEnvironmentResource/RelationManagers/ManagedEnvironmentMembershipsRelationManager.php',
         'app/Filament/Resources/Workspaces/RelationManagers/WorkspaceMembershipsRelationManager.php',
         'app/Filament/Resources/BaselineProfileResource/RelationManagers/BaselineTenantAssignmentsRelationManager.php',
         'app/Filament/Resources/BackupSetResource/RelationManagers/BackupItemsRelationManager.php',
         'app/Filament/Resources/PolicyResource/RelationManagers/VersionsRelationManager.php',
         'app/Filament/Resources/BackupScheduleResource/RelationManagers/BackupScheduleOperationRunsRelationManager.php',
-        'app/Filament/Pages/TenantRequiredPermissions.php',
+        'app/Filament/Pages/EnvironmentRequiredPermissions.php',
         'app/Filament/Pages/InventoryCoverage.php',
         'app/Filament/Pages/Monitoring/EvidenceOverview.php',
         'app/Filament/System/Pages/Directory/Tenants.php',
@@ -61,7 +61,7 @@
 
 it('declares domain-specific empty states across the standardized table surface inventory', function (): void {
     $patternByPath = [
-        'app/Filament/Resources/TenantResource.php' => ['->emptyStateHeading('],
+        'app/Filament/Resources/ManagedEnvironmentResource.php' => ['->emptyStateHeading('],
         'app/Filament/Resources/PolicyResource.php' => ['->emptyStateHeading('],
         'app/Filament/Resources/BackupSetResource.php' => ['->emptyStateHeading('],
         'app/Filament/Resources/BackupScheduleResource.php' => ['->emptyStateHeading('],
@@ -78,13 +78,13 @@
         'app/Filament/Resources/PolicyVersionResource.php' => ['->emptyStateHeading('],
         'app/Filament/Resources/ReviewPackResource.php' => ['->emptyStateHeading('],
         'app/Filament/Resources/Workspaces/WorkspaceResource.php' => ['->emptyStateHeading('],
-        'app/Filament/Resources/TenantResource/RelationManagers/TenantMembershipsRelationManager.php' => ['->emptyStateHeading('],
+        'app/Filament/Resources/ManagedEnvironmentResource/RelationManagers/ManagedEnvironmentMembershipsRelationManager.php' => ['->emptyStateHeading('],
         'app/Filament/Resources/Workspaces/RelationManagers/WorkspaceMembershipsRelationManager.php' => ['->emptyStateHeading('],
         'app/Filament/Resources/BaselineProfileResource/RelationManagers/BaselineTenantAssignmentsRelationManager.php' => ['->emptyStateHeading('],
         'app/Filament/Resources/BackupSetResource/RelationManagers/BackupItemsRelationManager.php' => ['->emptyStateHeading('],
         'app/Filament/Resources/PolicyResource/RelationManagers/VersionsRelationManager.php' => ['->emptyStateHeading('],
         'app/Filament/Resources/BackupScheduleResource/RelationManagers/BackupScheduleOperationRunsRelationManager.php' => ['->emptyStateHeading('],
-        'app/Filament/Pages/TenantRequiredPermissions.php' => ['->emptyStateHeading('],
+        'app/Filament/Pages/EnvironmentRequiredPermissions.php' => ['->emptyStateHeading('],
         'app/Filament/Pages/InventoryCoverage.php' => ['->emptyStateHeading('],
         'app/Filament/Pages/Monitoring/EvidenceOverview.php' => ['->emptyStateHeading('],
         'app/Filament/System/Pages/Directory/Tenants.php' => ['->emptyStateHeading('],
@@ -127,7 +127,7 @@
 
 it('keeps persistence declarations explicit on the designated critical and follow-up filter surfaces', function (): void {
     $paths = [
-        'app/Filament/Resources/TenantResource.php',
+        'app/Filament/Resources/ManagedEnvironmentResource.php',
         'app/Filament/Resources/PolicyResource.php',
         'app/Filament/Resources/BackupSetResource.php',
         'app/Filament/Resources/BackupScheduleResource.php',
@@ -140,7 +140,7 @@
         'app/Filament/Resources/EntraGroupResource.php',
         'app/Filament/Resources/OperationRunResource.php',
         'app/Filament/Resources/BaselineSnapshotResource.php',
-        'app/Filament/Pages/TenantRequiredPermissions.php',
+        'app/Filament/Pages/EnvironmentRequiredPermissions.php',
         'app/Filament/Pages/Monitoring/EvidenceOverview.php',
         'app/Filament/Resources/BackupSetResource/RelationManagers/BackupItemsRelationManager.php',
     ];
@@ -295,7 +295,7 @@
 
 it('uses the shared pagination profile helper on standardized surfaces', function (): void {
     $paths = [
-        'app/Filament/Resources/TenantResource.php',
+        'app/Filament/Resources/ManagedEnvironmentResource.php',
         'app/Filament/Resources/PolicyResource.php',
         'app/Filament/Resources/BackupSetResource.php',
         'app/Filament/Resources/BackupScheduleResource.php',
@@ -312,13 +312,13 @@
         'app/Filament/Resources/PolicyVersionResource.php',
         'app/Filament/Resources/ReviewPackResource.php',
         'app/Filament/Resources/Workspaces/WorkspaceResource.php',
-        'app/Filament/Resources/TenantResource/RelationManagers/TenantMembershipsRelationManager.php',
+        'app/Filament/Resources/ManagedEnvironmentResource/RelationManagers/ManagedEnvironmentMembershipsRelationManager.php',
         'app/Filament/Resources/Workspaces/RelationManagers/WorkspaceMembershipsRelationManager.php',
         'app/Filament/Resources/BaselineProfileResource/RelationManagers/BaselineTenantAssignmentsRelationManager.php',
         'app/Filament/Resources/BackupSetResource/RelationManagers/BackupItemsRelationManager.php',
         'app/Filament/Resources/PolicyResource/RelationManagers/VersionsRelationManager.php',
         'app/Filament/Resources/BackupScheduleResource/RelationManagers/BackupScheduleOperationRunsRelationManager.php',
-        'app/Filament/Pages/TenantRequiredPermissions.php',
+        'app/Filament/Pages/EnvironmentRequiredPermissions.php',
         'app/Filament/Pages/InventoryCoverage.php',
         'app/Filament/Pages/Monitoring/EvidenceOverview.php',
         'app/Filament/System/Pages/Directory/Tenants.php',
@@ -350,7 +350,7 @@
 
     it('keeps spec 196 surfaces on native table contracts without faux controls or hand-built primary tables', function (): void {
         $requiredPatterns = [
-            'app/Filament/Pages/TenantRequiredPermissions.php' => [
+            'app/Filament/Pages/EnvironmentRequiredPermissions.php' => [
                 'implements HasTable',
                 'InteractsWithTable',
             ],
@@ -364,7 +364,7 @@
             'resources/views/filament/components/dependency-edges.blade.php' => [
                 'inventory-item-dependency-edges-table',
             ],
-            'resources/views/filament/pages/tenant-required-permissions.blade.php' => [
+            'resources/views/filament/pages/environment-required-permissions.blade.php' => [
                 '$this->table',
                 'data-testid="technical-details"',
             ],
@@ -378,7 +378,7 @@
                 '<form method="GET"',
                 'request(',
             ],
-            'resources/views/filament/pages/tenant-required-permissions.blade.php' => [
+            'resources/views/filament/pages/environment-required-permissions.blade.php' => [
                 'wire:model.live="status"',
                 'wire:model.live="type"',
                 'wire:model.live="features"',
@@ -429,7 +429,7 @@
 
 it('keeps tenant-registry recovery triage columns, filters, and query hydration explicit', function (): void {
     $patternByPath = [
-        'app/Filament/Resources/TenantResource.php' => [
+        'app/Filament/Resources/ManagedEnvironmentResource.php' => [
             "TextColumn::make('backup_posture')",
             "TextColumn::make('recovery_evidence')",
             "SelectFilter::make('backup_posture')",
@@ -438,7 +438,7 @@
             'applyWorstFirstTriageOrdering',
             'postureSnapshot',
         ],
-        'app/Filament/Resources/TenantResource/Pages/ListTenants.php' => [
+        'app/Filament/Resources/ManagedEnvironmentResource/Pages/ListManagedEnvironments.php' => [
             'applyRequestedTriageIntent',
             'getTableEmptyStateHeading',
             'getTableEmptyStateDescription',
diff --git a/apps/platform/tests/Feature/Guards/HeavyGovernanceLaneContractTest.php b/apps/platform/tests/Feature/Guards/HeavyGovernanceLaneContractTest.php
index bca06756..ac9f13cd 100644
--- a/apps/platform/tests/Feature/Guards/HeavyGovernanceLaneContractTest.php
+++ b/apps/platform/tests/Feature/Guards/HeavyGovernanceLaneContractTest.php
@@ -31,7 +31,7 @@
             'tests/Feature/Rbac/BackupItemsRelationManagerUiEnforcementTest.php',
             'tests/Feature/Rbac/WorkspaceMembershipsRelationManagerUiEnforcementTest.php',
             'tests/Feature/SettingsFoundation/WorkspaceSettingsManageTest.php',
-            'tests/Feature/Filament/TenantReviewHeaderDisciplineTest.php',
+            'tests/Feature/Filament/EnvironmentReviewHeaderDisciplineTest.php',
             'tests/Feature/Filament/PanelNavigationSegregationTest.php',
         );
 });
diff --git a/apps/platform/tests/Feature/Guards/LivewireTrustedStateGuardTest.php b/apps/platform/tests/Feature/Guards/LivewireTrustedStateGuardTest.php
index 17669df0..6aa1a074 100644
--- a/apps/platform/tests/Feature/Guards/LivewireTrustedStateGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/LivewireTrustedStateGuardTest.php
@@ -10,8 +10,8 @@
 function livewireTrustedStateFirstSliceFixtures(): array
 {
     return [
-        TrustedStatePolicy::MANAGED_TENANT_ONBOARDING_WIZARD => 'app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php',
-        TrustedStatePolicy::TENANT_REQUIRED_PERMISSIONS => 'app/Filament/Pages/TenantRequiredPermissions.php',
+        TrustedStatePolicy::MANAGED_ENVIRONMENT_ONBOARDING_WIZARD => 'app/Filament/Pages/Workspaces/ManagedEnvironmentOnboardingWizard.php',
+        TrustedStatePolicy::TENANT_REQUIRED_PERMISSIONS => 'app/Filament/Pages/EnvironmentRequiredPermissions.php',
     ];
 }
 
diff --git a/apps/platform/tests/Feature/Guards/ManagedEnvironmentCanonicalRouteContractTest.php b/apps/platform/tests/Feature/Guards/ManagedEnvironmentCanonicalRouteContractTest.php
index 9aff4514..042edb83 100644
--- a/apps/platform/tests/Feature/Guards/ManagedEnvironmentCanonicalRouteContractTest.php
+++ b/apps/platform/tests/Feature/Guards/ManagedEnvironmentCanonicalRouteContractTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\OperationRun;
 use App\Support\ManagedEnvironmentLinks;
 use App\Support\OperationRunLinks;
@@ -22,10 +22,10 @@
         ManagedEnvironmentLinks::accessScopesUrl($tenant),
         ManagedEnvironmentLinks::operationsUrl($tenant),
         ManagedEnvironmentLinks::providerConnectionsUrl($tenant),
-        TenantResource::getUrl('index'),
-        TenantResource::getUrl('view', ['record' => $tenant]),
-        TenantResource::getUrl('edit', ['record' => $tenant]),
-        TenantResource::getUrl('memberships', ['record' => $tenant]),
+        ManagedEnvironmentResource::getUrl('index'),
+        ManagedEnvironmentResource::getUrl('view', ['record' => $tenant]),
+        ManagedEnvironmentResource::getUrl('edit', ['record' => $tenant]),
+        ManagedEnvironmentResource::getUrl('memberships', ['record' => $tenant]),
         OperationRunLinks::index($tenant),
     ];
 
@@ -52,12 +52,12 @@
         ->and(OperationRunLinks::tenantlessView($run))->toContain('/admin/workspaces/');
 });
 
-it('keeps the retired TenantResource out of global search', function (): void {
+it('keeps the retired ManagedEnvironmentResource out of global search', function (): void {
     [$user, $tenant] = createMinimalUserWithTenant(role: 'owner');
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id]);
 
-    expect(TenantResource::getGlobalSearchResults((string) $tenant->name))->toHaveCount(0);
+    expect(ManagedEnvironmentResource::getGlobalSearchResults((string) $tenant->name))->toHaveCount(0);
 });
 
diff --git a/apps/platform/tests/Feature/Guards/NoActiveTenantResourceRoutesTest.php b/apps/platform/tests/Feature/Guards/NoActiveTenantResourceRoutesTest.php
index b9638e14..b468b2d3 100644
--- a/apps/platform/tests/Feature/Guards/NoActiveTenantResourceRoutesTest.php
+++ b/apps/platform/tests/Feature/Guards/NoActiveTenantResourceRoutesTest.php
@@ -8,16 +8,26 @@
 it('does not register active /admin/tenants product routes', function (): void {
     $legacyRouteUris = collect(Route::getRoutes())
         ->map(fn ($route): string => ltrim((string) $route->uri(), '/'))
-        ->filter(fn (string $uri): bool => preg_match('#^admin/tenants(?:/|$)#', $uri) === 1)
+        ->filter(fn (string $uri): bool => preg_match('#^admin/(?:t|tenants)(?:/|$)#', $uri) === 1)
         ->values();
 
     expect($legacyRouteUris)->toBeEmpty();
 });
 
-it('returns 404 for retired TenantResource route shapes', function (): void {
+it('does not register active tenant resource route names', function (): void {
+    $legacyRouteNames = collect(Route::getRoutes())
+        ->map(fn ($route): ?string => $route->getName())
+        ->filter(fn (?string $name): bool => is_string($name) && str_starts_with($name, 'filament.admin.resources.tenants.'))
+        ->values();
+
+    expect($legacyRouteNames)->toBeEmpty();
+});
+
+it('returns 404 for retired ManagedEnvironmentResource route shapes', function (): void {
     [$user, $tenant] = createMinimalUserWithTenant(role: 'owner');
 
     foreach ([
+        '/admin/t/'.$tenant->external_id,
         '/admin/tenants',
         "/admin/tenants/{$tenant->external_id}",
         "/admin/tenants/{$tenant->external_id}/edit",
@@ -29,4 +39,3 @@
             ->assertNotFound();
     }
 });
-
diff --git a/apps/platform/tests/Feature/Guards/NoAdHocFilamentAuthPatternsTest.php b/apps/platform/tests/Feature/Guards/NoAdHocFilamentAuthPatternsTest.php
index 827c4d70..8c809560 100644
--- a/apps/platform/tests/Feature/Guards/NoAdHocFilamentAuthPatternsTest.php
+++ b/apps/platform/tests/Feature/Guards/NoAdHocFilamentAuthPatternsTest.php
@@ -5,8 +5,8 @@
 function trustedStateFirstSliceSurfaces(): array
 {
     return [
-        'app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php',
-        'app/Filament/Pages/TenantRequiredPermissions.php',
+        'app/Filament/Pages/Workspaces/ManagedEnvironmentOnboardingWizard.php',
+        'app/Filament/Pages/EnvironmentRequiredPermissions.php',
         'app/Filament/System/Pages/Ops/Runbooks.php',
     ];
 }
@@ -30,7 +30,7 @@ function trustedStateFirstSliceSurfaces(): array
 
     $allowlist = [
         // NOTE: Shrink this list as files are migrated to UiEnforcement (Feature 066b).
-        'app/Filament/Pages/ChooseTenant.php',
+        'app/Filament/Pages/ChooseEnvironment.php',
         'app/Filament/Pages/Tenancy/RegisterTenant.php',
         'app/Filament/Resources/BackupScheduleResource.php',
         'app/Filament/Resources/FindingResource.php',
@@ -39,7 +39,7 @@ function trustedStateFirstSliceSurfaces(): array
         'app/Filament/Resources/PolicyResource/Pages/ListPolicies.php',
         'app/Filament/Resources/PolicyResource/RelationManagers/VersionsRelationManager.php',
         'app/Filament/Resources/PolicyVersionResource.php',
-        'app/Filament/Resources/TenantResource/RelationManagers/TenantMembershipsRelationManager.php',
+        'app/Filament/Resources/ManagedEnvironmentResource/RelationManagers/ManagedEnvironmentMembershipsRelationManager.php',
         'app/Filament/System/Pages/Dashboard.php',
     ];
 
diff --git a/apps/platform/tests/Feature/Guards/NoAdHocTenantLifecycleChecksSpec143Test.php b/apps/platform/tests/Feature/Guards/NoAdHocTenantLifecycleChecksSpec143Test.php
index 033aa8d9..05927b68 100644
--- a/apps/platform/tests/Feature/Guards/NoAdHocTenantLifecycleChecksSpec143Test.php
+++ b/apps/platform/tests/Feature/Guards/NoAdHocTenantLifecycleChecksSpec143Test.php
@@ -4,13 +4,13 @@
 
 it('avoids raw tenant lifecycle string checks in the spec 143 coordination seams', function (): void {
     $files = [
-        base_path('app/Filament/Pages/ChooseTenant.php'),
-        base_path('app/Http/Controllers/SelectTenantController.php'),
+        base_path('app/Filament/Pages/ChooseEnvironment.php'),
+        base_path('app/Http/Controllers/SelectEnvironmentController.php'),
         base_path('app/Support/Workspaces/WorkspaceContext.php'),
         base_path('app/Support/OperateHub/OperateHubShell.php'),
-        base_path('app/Filament/Pages/Workspaces/ManagedTenantsLanding.php'),
-        base_path('app/Filament/Resources/TenantResource.php'),
-        base_path('app/Filament/Resources/TenantResource/Pages/ViewTenant.php'),
+        base_path('app/Filament/Pages/Workspaces/ManagedEnvironmentsLanding.php'),
+        base_path('app/Filament/Resources/ManagedEnvironmentResource.php'),
+        base_path('app/Filament/Resources/ManagedEnvironmentResource/Pages/ViewManagedEnvironment.php'),
     ];
 
     $forbiddenPatterns = [
diff --git a/apps/platform/tests/Feature/Guards/NoLegacyProviderConnectionStateFallbackTest.php b/apps/platform/tests/Feature/Guards/NoLegacyProviderConnectionStateFallbackTest.php
index 063a9db1..b65f1206 100644
--- a/apps/platform/tests/Feature/Guards/NoLegacyProviderConnectionStateFallbackTest.php
+++ b/apps/platform/tests/Feature/Guards/NoLegacyProviderConnectionStateFallbackTest.php
@@ -12,7 +12,7 @@
         'apps/platform/app/Services/Providers/ProviderConnectionStateProjector.php',
         'apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php',
         'apps/platform/app/Filament/Resources/ProviderConnectionResource.php',
-        'apps/platform/app/Filament/Resources/TenantResource.php',
+        'apps/platform/app/Filament/Resources/ManagedEnvironmentResource.php',
         'apps/platform/app/Filament/System/Pages/Directory/Tenants.php',
         'apps/platform/app/Filament/System/Pages/Directory/ViewTenant.php',
         'apps/platform/resources/views/filament/infolists/entries/provider-connection-state.blade.php',
diff --git a/apps/platform/tests/Feature/Guards/NoLegacyTenantProviderFallbackTest.php b/apps/platform/tests/Feature/Guards/NoLegacyTenantProviderFallbackTest.php
index cca357d9..54d5948e 100644
--- a/apps/platform/tests/Feature/Guards/NoLegacyTenantProviderFallbackTest.php
+++ b/apps/platform/tests/Feature/Guards/NoLegacyTenantProviderFallbackTest.php
@@ -9,8 +9,8 @@
     $self = realpath(__FILE__);
 
     $files = collect([
-        'app/Filament/Resources/TenantResource.php',
-        'app/Http/Controllers/TenantOnboardingController.php',
+        'app/Filament/Resources/ManagedEnvironmentResource.php',
+        'app/Http/Controllers/ManagedEnvironmentOnboardingController.php',
         'app/Services/Providers/AdminConsentUrlFactory.php',
         'app/Services/Providers/MicrosoftGraphOptionsResolver.php',
         'app/Services/Providers/ProviderConnectionResolver.php',
diff --git a/apps/platform/tests/Feature/Guards/NoPlatformCredentialFallbackTest.php b/apps/platform/tests/Feature/Guards/NoPlatformCredentialFallbackTest.php
index 2184e7d6..14507227 100644
--- a/apps/platform/tests/Feature/Guards/NoPlatformCredentialFallbackTest.php
+++ b/apps/platform/tests/Feature/Guards/NoPlatformCredentialFallbackTest.php
@@ -6,7 +6,7 @@
     $root = base_path();
 
     $files = [
-        'app/Filament/Resources/TenantResource.php',
+        'app/Filament/Resources/ManagedEnvironmentResource.php',
         'app/Support/Links/RequiredPermissionsLinks.php',
         'app/Services/Providers/AdminConsentUrlFactory.php',
         'app/Services/Providers/ProviderGateway.php',
@@ -33,7 +33,7 @@
             continue;
         }
 
-        if ($relativePath === 'app/Filament/Resources/TenantResource.php') {
+        if ($relativePath === 'app/Filament/Resources/ManagedEnvironmentResource.php') {
             preg_match('/public static function adminConsentUrl\(ManagedEnvironment \$tenant\): \?string\s*\{(?P<body>.*?)^    \}/ms', $contents, $matches);
             $contents = is_string($matches['body'] ?? null) ? (string) $matches['body'] : '';
         }
@@ -56,7 +56,7 @@
     $root = base_path();
 
     $files = [
-        'app/Filament/Resources/TenantResource.php',
+        'app/Filament/Resources/ManagedEnvironmentResource.php',
         'app/Support/Links/RequiredPermissionsLinks.php',
         'app/Services/Providers/AdminConsentUrlFactory.php',
         'app/Services/Providers/ProviderConnectionResolver.php',
@@ -84,7 +84,7 @@
             continue;
         }
 
-        if ($relativePath === 'app/Filament/Resources/TenantResource.php') {
+        if ($relativePath === 'app/Filament/Resources/ManagedEnvironmentResource.php') {
             preg_match('/public static function adminConsentUrl\(ManagedEnvironment \$tenant\): \?string\s*\{(?P<body>.*?)^    \}/ms', $contents, $matches);
             $contents = is_string($matches['body'] ?? null) ? (string) $matches['body'] : '';
         }
diff --git a/apps/platform/tests/Feature/Guards/NoTenantCredentialRuntimeReadsSpec081Test.php b/apps/platform/tests/Feature/Guards/NoTenantCredentialRuntimeReadsSpec081Test.php
index dc43b3f6..07730cd7 100644
--- a/apps/platform/tests/Feature/Guards/NoTenantCredentialRuntimeReadsSpec081Test.php
+++ b/apps/platform/tests/Feature/Guards/NoTenantCredentialRuntimeReadsSpec081Test.php
@@ -126,7 +126,7 @@
         // NOTE: Shrink this list while finishing Spec081 service cutovers.
         'app/Models/ManagedEnvironment.php',
         'app/Services/Intune/TenantConfigService.php',
-        'app/Services/Intune/TenantPermissionService.php',
+        'app/Services/Intune/ManagedEnvironmentPermissionService.php',
         'app/Console/Commands/ReclassifyEnrollmentConfigurations.php',
         'app/Console/Commands/TenantpilotBackfillMicrosoftDefaultProviderConnections.php',
         'app/Services/Providers/ProviderConnectionBackfillService.php',
diff --git a/apps/platform/tests/Feature/Guards/OperationLifecycleOpsUxGuardTest.php b/apps/platform/tests/Feature/Guards/OperationLifecycleOpsUxGuardTest.php
index 71ef6484..2c42e7c6 100644
--- a/apps/platform/tests/Feature/Guards/OperationLifecycleOpsUxGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/OperationLifecycleOpsUxGuardTest.php
@@ -35,7 +35,7 @@
         $root.'/app/Jobs/SyncPoliciesJob.php',
         $root.'/app/Jobs/BulkTenantSyncJob.php',
         $root.'/app/Jobs/BulkBackupSetRestoreJob.php',
-        $root.'/app/Jobs/ComposeTenantReviewJob.php',
+        $root.'/app/Jobs/ComposeEnvironmentReviewJob.php',
     ];
 
     foreach ($directBridgeJobs as $jobPath) {
diff --git a/apps/platform/tests/Feature/Guards/OperationRunLinkContractGuardTest.php b/apps/platform/tests/Feature/Guards/OperationRunLinkContractGuardTest.php
index dc5598f9..6b7c38b8 100644
--- a/apps/platform/tests/Feature/Guards/OperationRunLinkContractGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/OperationRunLinkContractGuardTest.php
@@ -13,7 +13,7 @@ function operationRunLinkContractIncludePaths(): array
     $root = SourceFileScanner::projectRoot();
 
     return [
-        'tenant_recent_operations_summary' => $root.'/app/Filament/Widgets/Tenant/RecentOperationsSummary.php',
+        'environment_recent_operations_summary' => $root.'/app/Filament/Widgets/ManagedEnvironment/RecentOperationsSummary.php',
         'inventory_coverage' => $root.'/app/Filament/Pages/InventoryCoverage.php',
         'inventory_item_resource' => $root.'/app/Filament/Resources/InventoryItemResource.php',
         'review_pack_resource' => $root.'/app/Filament/Resources/ReviewPackResource.php',
@@ -25,7 +25,7 @@ function operationRunLinkContractIncludePaths(): array
         'system_ops_view_run' => $root.'/app/Filament/System/Pages/Ops/ViewRun.php',
         'admin_panel_provider' => $root.'/app/Providers/Filament/AdminPanelProvider.php',
         'ensure_filament_tenant_selected' => $root.'/app/Support/Middleware/EnsureFilamentTenantSelected.php',
-        'clear_tenant_context_controller' => $root.'/app/Http/Controllers/ClearTenantContextController.php',
+        'clear_environment_context_controller' => $root.'/app/Http/Controllers/ClearEnvironmentContextController.php',
         'operation_run_url_delegate' => $root.'/app/Support/OpsUx/OperationRunUrl.php',
     ];
 }
diff --git a/apps/platform/tests/Feature/Guards/ProfileLaneContractTest.php b/apps/platform/tests/Feature/Guards/ProfileLaneContractTest.php
index b876ef77..b0bb0a39 100644
--- a/apps/platform/tests/Feature/Guards/ProfileLaneContractTest.php
+++ b/apps/platform/tests/Feature/Guards/ProfileLaneContractTest.php
@@ -31,7 +31,7 @@
         'tests/Feature/Filament/PolicyVersionAdminSearchParityTest.php' => 15.1,
         'tests/Feature/Rbac/BackupItemsRelationManagerUiEnforcementTest.php' => 13.7,
         'tests/Feature/Rbac/WorkspaceMembershipsRelationManagerUiEnforcementTest.php' => 12.8,
-        'tests/Feature/Filament/TenantReviewHeaderDisciplineTest.php' => 11.4,
+        'tests/Feature/Filament/EnvironmentReviewHeaderDisciplineTest.php' => 11.4,
         'tests/Feature/Filament/BackupSetAdminTenantParityTest.php' => 9.6,
     ];
 
diff --git a/apps/platform/tests/Feature/Guards/ProviderConnectionNeutralityGuardTest.php b/apps/platform/tests/Feature/Guards/ProviderConnectionNeutralityGuardTest.php
index 8b8bc04d..22f83989 100644
--- a/apps/platform/tests/Feature/Guards/ProviderConnectionNeutralityGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/ProviderConnectionNeutralityGuardTest.php
@@ -9,7 +9,7 @@
         'app/Filament/Resources/ProviderConnectionResource/Pages/CreateProviderConnection.php',
         'app/Filament/Resources/ProviderConnectionResource/Pages/EditProviderConnection.php',
         'app/Filament/Resources/ProviderConnectionResource/Pages/ListProviderConnections.php',
-        'app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php',
+        'app/Filament/Pages/Workspaces/ManagedEnvironmentOnboardingWizard.php',
         'app/Services/Providers/ProviderConnectionMutationService.php',
         'app/Services/Verification/StartVerification.php',
         'app/Jobs/ProviderConnectionHealthCheckJob.php',
diff --git a/apps/platform/tests/Feature/Guards/ProviderDispatchGateCoverageTest.php b/apps/platform/tests/Feature/Guards/ProviderDispatchGateCoverageTest.php
index f5ccee04..ffa9de1f 100644
--- a/apps/platform/tests/Feature/Guards/ProviderDispatchGateCoverageTest.php
+++ b/apps/platform/tests/Feature/Guards/ProviderDispatchGateCoverageTest.php
@@ -98,7 +98,7 @@ function providerDispatchGateSlice(string $source, string $startAnchor, ?string
             'forbidden' => ['ensureRun(', 'dispatchOrFail('],
         ],
         [
-            'file' => $root.'/app/Filament/Resources/TenantResource.php',
+            'file' => $root.'/app/Filament/Resources/ManagedEnvironmentResource.php',
             'start' => 'public static function syncRoleDefinitionsAction(): Actions\\Action',
             'end' => null,
             'required' => [
@@ -130,7 +130,7 @@ function providerDispatchGateSlice(string $source, string $startAnchor, ?string
             'forbidden' => ['ensureRun(', 'dispatchOrFail('],
         ],
         [
-            'file' => $root.'/app/Filament/Pages/Workspaces/ManagedTenantOnboardingWizard.php',
+            'file' => $root.'/app/Filament/Pages/Workspaces/ManagedEnvironmentOnboardingWizard.php',
             'start' => 'public function startBootstrap(array $operationTypes): void',
             'end' => 'private function dispatchBootstrapJob(',
             'required' => [
diff --git a/apps/platform/tests/Feature/Guards/SharedDetailFamilyContractGuardTest.php b/apps/platform/tests/Feature/Guards/SharedDetailFamilyContractGuardTest.php
index 9963d760..454fdb48 100644
--- a/apps/platform/tests/Feature/Guards/SharedDetailFamilyContractGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/SharedDetailFamilyContractGuardTest.php
@@ -12,8 +12,8 @@
         ->toContain('Verification report tabs');
 
     $hostViews = [
-        resource_path('views/filament/forms/components/managed-tenant-onboarding-verification-report.blade.php'),
-        resource_path('views/filament/widgets/tenant/tenant-verification-report.blade.php'),
+        resource_path('views/filament/forms/components/managed-environment-onboarding-verification-report.blade.php'),
+        resource_path('views/filament/widgets/managed-environment/managed-environment-verification-report.blade.php'),
     ];
 
     foreach ($hostViews as $path) {
diff --git a/apps/platform/tests/Feature/Guards/Spec192RecordPageHeaderDisciplineGuardTest.php b/apps/platform/tests/Feature/Guards/Spec192RecordPageHeaderDisciplineGuardTest.php
index 814376da..395d50c0 100644
--- a/apps/platform/tests/Feature/Guards/Spec192RecordPageHeaderDisciplineGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/Spec192RecordPageHeaderDisciplineGuardTest.php
@@ -5,10 +5,10 @@
 use App\Filament\Resources\BaselineProfileResource;
 use App\Filament\Resources\EvidenceSnapshotResource;
 use App\Filament\Resources\FindingExceptionResource;
-use App\Filament\Resources\TenantResource;
-use App\Filament\Resources\TenantReviewResource;
-use App\Filament\Resources\TenantResource\Pages\EditTenant;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Resources\EnvironmentReviewResource;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\EditManagedEnvironment;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Support\Ui\ActionSurface\ActionSurfaceExemptions;
 use App\Support\Ui\ActionSurface\ActionSurfaceValidator;
 
@@ -29,9 +29,9 @@ function spec192RecordPageSource(string $className): string
         \App\Filament\Resources\BaselineProfileResource\Pages\ViewBaselineProfile::class,
         \App\Filament\Resources\EvidenceSnapshotResource\Pages\ViewEvidenceSnapshot::class,
         \App\Filament\Resources\FindingExceptionResource\Pages\ViewFindingException::class,
-        \App\Filament\Resources\TenantReviewResource\Pages\ViewTenantReview::class,
-        EditTenant::class,
-        ViewTenant::class,
+        \App\Filament\Resources\EnvironmentReviewResource\Pages\ViewEnvironmentReview::class,
+        EditManagedEnvironment::class,
+        ViewManagedEnvironment::class,
         \App\Filament\Resources\ProviderConnectionResource\Pages\ViewProviderConnection::class,
         \App\Filament\Resources\FindingResource\Pages\ViewFinding::class,
         \App\Filament\Resources\ReviewPackResource\Pages\ViewReviewPack::class,
@@ -42,12 +42,12 @@ function spec192RecordPageSource(string $className): string
         \App\Filament\Resources\BackupSetResource\Pages\ViewBackupSet::class,
     ]);
 
-    expect(ActionSurfaceExemptions::spec192RecordPageSurface(ViewTenant::class))
+    expect(ActionSurfaceExemptions::spec192RecordPageSurface(ViewManagedEnvironment::class))
         ->not->toBeNull()
-        ->and(ActionSurfaceExemptions::spec192RecordPageSurface(ViewTenant::class)['classification'] ?? null)->toBe('workflow_heavy_special_type')
-        ->and(ActionSurfaceExemptions::spec192RecordPageSurface(ViewTenant::class)['exceptionReason'] ?? null)->toContain('workflow-heavy hub')
-        ->and(ActionSurfaceExemptions::spec192RecordPageSurface(EditTenant::class)['classification'] ?? null)->toBe('remediation_required')
-        ->and(ActionSurfaceExemptions::spec192RecordPageSurface(EditTenant::class)['allowsNoPrimaryAction'] ?? null)->toBeTrue();
+        ->and(ActionSurfaceExemptions::spec192RecordPageSurface(ViewManagedEnvironment::class)['classification'] ?? null)->toBe('workflow_heavy_special_type')
+        ->and(ActionSurfaceExemptions::spec192RecordPageSurface(ViewManagedEnvironment::class)['exceptionReason'] ?? null)->toContain('workflow-heavy hub')
+        ->and(ActionSurfaceExemptions::spec192RecordPageSurface(EditManagedEnvironment::class)['classification'] ?? null)->toBe('remediation_required')
+        ->and(ActionSurfaceExemptions::spec192RecordPageSurface(EditManagedEnvironment::class)['allowsNoPrimaryAction'] ?? null)->toBeTrue();
 });
 
 it('keeps the spec 192 inventory valid inside the action-surface validator', function (): void {
@@ -61,10 +61,10 @@ function spec192RecordPageSource(string $className): string
         BaselineProfileResource::class,
         EvidenceSnapshotResource::class,
         FindingExceptionResource::class,
-        TenantReviewResource::class,
-        TenantResource::class,
-        EditTenant::class,
-        ViewTenant::class,
+        EnvironmentReviewResource::class,
+        ManagedEnvironmentResource::class,
+        EditManagedEnvironment::class,
+        ViewManagedEnvironment::class,
     ] as $className) {
         expect(spec192RecordPageSource($className))
             ->not->toContain('EnterpriseDetail')
diff --git a/apps/platform/tests/Feature/Guards/Spec193MonitoringSurfaceHierarchyGuardTest.php b/apps/platform/tests/Feature/Guards/Spec193MonitoringSurfaceHierarchyGuardTest.php
index f8225436..c4e8cefc 100644
--- a/apps/platform/tests/Feature/Guards/Spec193MonitoringSurfaceHierarchyGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/Spec193MonitoringSurfaceHierarchyGuardTest.php
@@ -11,7 +11,7 @@
 use App\Filament\Pages\Monitoring\Operations;
 use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
 use App\Filament\Pages\Reviews\ReviewRegister;
-use App\Filament\Pages\TenantDiagnostics;
+use App\Filament\Pages\EnvironmentDiagnostics;
 use App\Filament\Resources\AlertDeliveryResource\Pages\ListAlertDeliveries;
 use App\Support\Ui\ActionSurface\ActionSurfaceExemptions;
 use App\Support\Ui\ActionSurface\ActionSurfaceValidator;
@@ -30,14 +30,14 @@
         BaselineCompareLanding::class,
         BaselineCompareMatrix::class,
         ReviewRegister::class,
-        TenantDiagnostics::class,
+        EnvironmentDiagnostics::class,
     ])
         ->and(ActionSurfaceExemptions::spec193MonitoringSurface(FindingExceptionsQueue::class)['classification'] ?? null)->toBe('remediation_required')
         ->and(ActionSurfaceExemptions::spec193MonitoringSurface(FindingExceptionsQueue::class)['surfaceKind'] ?? null)->toBe('queue_workbench')
         ->and(ActionSurfaceExemptions::spec193MonitoringSurface(FindingExceptionsQueue::class)['primaryInspectModel'] ?? null)->toBe('explicit_inspect_action')
         ->and(ActionSurfaceExemptions::spec193MonitoringSurface(Alerts::class)['classification'] ?? null)->toBe('minor_alignment_only')
         ->and(ActionSurfaceExemptions::spec193MonitoringSurface(EvidenceOverview::class)['classification'] ?? null)->toBe('compliant_no_op')
-        ->and(ActionSurfaceExemptions::spec193MonitoringSurface(TenantDiagnostics::class)['classification'] ?? null)->toBe('special_type_acceptable');
+        ->and(ActionSurfaceExemptions::spec193MonitoringSurface(EnvironmentDiagnostics::class)['classification'] ?? null)->toBe('special_type_acceptable');
 });
 
 it('keeps tenant diagnostics as the only explicit spec 193 exception surface', function (): void {
@@ -50,13 +50,13 @@
         ->all();
 
     expect($exceptionPages)->toBe([
-        TenantDiagnostics::class,
+        EnvironmentDiagnostics::class,
     ])
-        ->and(ActionSurfaceExemptions::spec193MonitoringSurface(TenantDiagnostics::class)['exceptionReason'] ?? null)->toContain('diagnostic')
-        ->and(ActionSurfaceExemptions::spec193MonitoringSurface(TenantDiagnostics::class)['surfaceKind'] ?? null)->toBe('diagnostic_exception')
-        ->and(ActionSurfaceExemptions::spec193MonitoringSurface(TenantDiagnostics::class)['primaryInspectModel'] ?? null)->toBe('singleton_detail_surface')
+        ->and(ActionSurfaceExemptions::spec193MonitoringSurface(EnvironmentDiagnostics::class)['exceptionReason'] ?? null)->toContain('diagnostic')
+        ->and(ActionSurfaceExemptions::spec193MonitoringSurface(EnvironmentDiagnostics::class)['surfaceKind'] ?? null)->toBe('diagnostic_exception')
+        ->and(ActionSurfaceExemptions::spec193MonitoringSurface(EnvironmentDiagnostics::class)['primaryInspectModel'] ?? null)->toBe('singleton_detail_surface')
         ->and(collect($inventory)
-            ->except([TenantDiagnostics::class])
+            ->except([EnvironmentDiagnostics::class])
             ->every(fn (array $surface): bool => ($surface['exceptionReason'] ?? null) === null))->toBeTrue();
 });
 
diff --git a/apps/platform/tests/Feature/Guards/Spec194GovernanceActionSemanticsGuardTest.php b/apps/platform/tests/Feature/Guards/Spec194GovernanceActionSemanticsGuardTest.php
index 0df2bc77..b7712fcd 100644
--- a/apps/platform/tests/Feature/Guards/Spec194GovernanceActionSemanticsGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/Spec194GovernanceActionSemanticsGuardTest.php
@@ -37,7 +37,7 @@
 
     expect($bindingsBySurface->get('view_evidence_snapshot', collect())->pluck('actionName')->all())
         ->toEqualCanonicalizing(['refresh_evidence', 'expire_snapshot'])
-        ->and($bindingsBySurface->get('view_tenant_review', collect())->pluck('actionName')->all())
+        ->and($bindingsBySurface->get('view_environment_review', collect())->pluck('actionName')->all())
         ->toContain('refresh_review', 'publish_review', 'archive_review');
 });
 
@@ -66,10 +66,10 @@
         'App\\Filament\\Pages\\Monitoring\\FindingExceptionsQueue',
         'App\\Filament\\Resources\\FindingExceptionResource\\Pages\\ViewFindingException',
         'App\\Filament\\Resources\\EvidenceSnapshotResource\\Pages\\ViewEvidenceSnapshot',
-        'App\\Filament\\Resources\\TenantReviewResource\\Pages\\ViewTenantReview',
+        'App\\Filament\\Resources\\EnvironmentReviewResource\\Pages\\ViewEnvironmentReview',
         'App\\Filament\\System\\Pages\\Ops\\ViewRun',
         'App\\Filament\\Resources\\FindingResource\\Pages\\ViewFinding',
-        'App\\Filament\\Resources\\TenantResource\\Pages\\ViewTenant',
-        'App\\Filament\\Resources\\TenantResource\\Pages\\EditTenant',
+        'App\\Filament\\Resources\\ManagedEnvironmentResource\\Pages\\ViewManagedEnvironment',
+        'App\\Filament\\Resources\\ManagedEnvironmentResource\\Pages\\EditManagedEnvironment',
     );
 });
diff --git a/apps/platform/tests/Feature/Guards/Spec195ResidualActionSurfaceClosureGuardTest.php b/apps/platform/tests/Feature/Guards/Spec195ResidualActionSurfaceClosureGuardTest.php
index 748767ab..a6f5cd02 100644
--- a/apps/platform/tests/Feature/Guards/Spec195ResidualActionSurfaceClosureGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/Spec195ResidualActionSurfaceClosureGuardTest.php
@@ -41,11 +41,11 @@ function spec195FormattedIssues(array $issues): string
         \App\Filament\System\Pages\Directory\ViewWorkspace::class,
         \App\Filament\Pages\BreakGlassRecovery::class,
         \App\Filament\Pages\ChooseWorkspace::class,
-        \App\Filament\Pages\ChooseTenant::class,
+        \App\Filament\Pages\ChooseEnvironment::class,
         \App\Filament\Pages\Tenancy\RegisterTenant::class,
-        \App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class,
-        \App\Filament\Pages\Workspaces\ManagedTenantsLanding::class,
-        \App\Filament\Pages\TenantDashboard::class,
+        \App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class,
+        \App\Filament\Pages\Workspaces\ManagedEnvironmentsLanding::class,
+        \App\Filament\Pages\EnvironmentDashboard::class,
     ]);
 
     $surfaceKeys = collect($inventory)->pluck('surfaceKey')->all();
@@ -115,7 +115,7 @@ function spec195FormattedIssues(array $issues): string
 
 it('fails when a discovered residual exemption loses its reason category', function (): void {
     $inventory = ActionSurfaceExemptions::spec195ResidualSurfaceInventory();
-    $inventory[\App\Filament\Pages\ChooseTenant::class]['reasonCategory'] = null;
+    $inventory[\App\Filament\Pages\ChooseEnvironment::class]['reasonCategory'] = null;
 
     $issues = ActionSurfaceValidator::validateSpec195ResidualInventoryFixture(
         inventory: $inventory,
@@ -124,7 +124,7 @@ function spec195FormattedIssues(array $issues): string
     );
 
     expect(spec195FormattedIssues($issues))
-        ->toContain(\App\Filament\Pages\ChooseTenant::class)
+        ->toContain(\App\Filament\Pages\ChooseEnvironment::class)
         ->toContain('reason category is invalid or missing');
 });
 
diff --git a/apps/platform/tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php b/apps/platform/tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php
index b3ae40f4..a00a560f 100644
--- a/apps/platform/tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php
@@ -21,7 +21,7 @@
             '/\/admin\/t\/[^\'"\n]*\/memberships(?:[\/?"\']|$)/',
             '/\/admin\/t\/t\//',
         ],
-        'app/Filament/Resources/TenantResource.php' => [
+        'app/Filament/Resources/ManagedEnvironmentResource.php' => [
             '/panel:\s*[\'\"]tenant[\'\"]/',
             '/\/admin\/tenants\/[^\'"\n]*\/provider-connections(?:[\/?"\']|$)/',
             '/\/admin\/t\/[^\'"\n]*\/provider-connections(?:[\/?"\']|$)/',
diff --git a/apps/platform/tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php b/apps/platform/tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php
index 79c185db..6925a9fc 100644
--- a/apps/platform/tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/Spec288ProviderCoreAndRoleAuthorityGuardTest.php
@@ -59,9 +59,9 @@
 });
 
 it('keeps managed-environment scope persistence narrowing-only in the role-authority seam', function (): void {
-    $tenantMembershipManager = base_path('app/Services/Auth/TenantMembershipManager.php');
+    $tenantMembershipManager = base_path('app/Services/Auth/ManagedEnvironmentMembershipManager.php');
 
-    expect(is_file($tenantMembershipManager))->toBeTrue('Expected TenantMembershipManager.php to exist for the narrowing-only role-authority guard.');
+    expect(is_file($tenantMembershipManager))->toBeTrue('Expected ManagedEnvironmentMembershipManager.php to exist for the narrowing-only role-authority guard.');
 
     $contents = (string) file_get_contents($tenantMembershipManager);
 
diff --git a/apps/platform/tests/Feature/Guards/TestTaxonomyPlacementGuardTest.php b/apps/platform/tests/Feature/Guards/TestTaxonomyPlacementGuardTest.php
index 33d5aa1d..2826f755 100644
--- a/apps/platform/tests/Feature/Guards/TestTaxonomyPlacementGuardTest.php
+++ b/apps/platform/tests/Feature/Guards/TestTaxonomyPlacementGuardTest.php
@@ -42,7 +42,7 @@
         'tests/Feature/Rbac/BackupItemsRelationManagerUiEnforcementTest.php',
         'tests/Feature/Rbac/WorkspaceMembershipsRelationManagerUiEnforcementTest.php',
         'tests/Feature/SettingsFoundation/WorkspaceSettingsManageTest.php',
-        'tests/Feature/Filament/TenantReviewHeaderDisciplineTest.php',
+        'tests/Feature/Filament/EnvironmentReviewHeaderDisciplineTest.php',
         'tests/Feature/Filament/PanelNavigationSegregationTest.php',
     )
         ->and($heavyFiles)->toContain(
@@ -62,7 +62,7 @@
             'tests/Feature/Rbac/BackupItemsRelationManagerUiEnforcementTest.php',
             'tests/Feature/Rbac/WorkspaceMembershipsRelationManagerUiEnforcementTest.php',
             'tests/Feature/SettingsFoundation/WorkspaceSettingsManageTest.php',
-            'tests/Feature/Filament/TenantReviewHeaderDisciplineTest.php',
+            'tests/Feature/Filament/EnvironmentReviewHeaderDisciplineTest.php',
             'tests/Feature/Filament/PanelNavigationSegregationTest.php',
         );
 });
diff --git a/apps/platform/tests/Feature/Hardening/TenantRbacCardRenderTest.php b/apps/platform/tests/Feature/Hardening/TenantRbacCardRenderTest.php
index 0b17c1d5..e2bdb1c0 100644
--- a/apps/platform/tests/Feature/Hardening/TenantRbacCardRenderTest.php
+++ b/apps/platform/tests/Feature/Hardening/TenantRbacCardRenderTest.php
@@ -1,6 +1,6 @@
 <?php
 
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use Filament\Facades\Filament;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Livewire\Livewire;
@@ -19,7 +19,7 @@
     $tenant->makeCurrent();
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertSee('Not configured');
 });
 
@@ -35,7 +35,7 @@
     $tenant->makeCurrent();
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertSee('healthy and up to date');
 });
 
@@ -51,7 +51,7 @@
     $tenant->makeCurrent();
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertSee('unhealthy state');
 });
 
@@ -62,6 +62,6 @@
     $tenant->makeCurrent();
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionExists('refresh_rbac');
 });
diff --git a/apps/platform/tests/Feature/Localization/CustomerReviewSurfaceLocalizationTest.php b/apps/platform/tests/Feature/Localization/CustomerReviewSurfaceLocalizationTest.php
index 6cc7bd9e..6615a697 100644
--- a/apps/platform/tests/Feature/Localization/CustomerReviewSurfaceLocalizationTest.php
+++ b/apps/platform/tests/Feature/Localization/CustomerReviewSurfaceLocalizationTest.php
@@ -3,11 +3,11 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
-use App\Filament\Resources\TenantReviewResource;
-use App\Filament\Resources\TenantReviewResource\Pages\ViewTenantReview;
+use App\Filament\Resources\EnvironmentReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource\Pages\ViewEnvironmentReview;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\App;
@@ -22,11 +22,11 @@
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
     $user->forceFill(['preferred_locale' => 'de'])->save();
 
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
@@ -58,11 +58,11 @@
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
     $user->forceFill(['preferred_locale' => 'de'])->save();
 
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
@@ -72,7 +72,7 @@
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
         'file_path' => 'review-packs/customer-review-localization-test.zip',
@@ -86,7 +86,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant).'?'.http_build_query([
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant).'?'.http_build_query([
             CustomerReviewWorkspace::DETAIL_CONTEXT_QUERY_KEY => 1,
         ]))
         ->assertOk()
@@ -96,7 +96,7 @@
         ->assertSee('Strukturierter Auditor-Anhang')
         ->assertDontSee('Released governance record');
 
-    $component = localizedTenantReviewComponent($user, $review->getKey());
+    $component = localizedEnvironmentReviewComponent($user, $review->getKey());
 
     $component->assertActionExists(
         'download_current_review_pack',
@@ -104,9 +104,9 @@
     );
 });
 
-function localizedTenantReviewComponent($user, int $reviewId): Testable
+function localizedEnvironmentReviewComponent($user, int $reviewId): Testable
 {
     return Livewire::withQueryParams([CustomerReviewWorkspace::DETAIL_CONTEXT_QUERY_KEY => 1])
         ->actingAs($user)
-        ->test(ViewTenantReview::class, ['record' => $reviewId]);
+        ->test(ViewEnvironmentReview::class, ['record' => $reviewId]);
 }
\ No newline at end of file
diff --git a/apps/platform/tests/Feature/Localization/EnvironmentContextTerminologyTest.php b/apps/platform/tests/Feature/Localization/EnvironmentContextTerminologyTest.php
index 9af3737b..a5e62c6f 100644
--- a/apps/platform/tests/Feature/Localization/EnvironmentContextTerminologyTest.php
+++ b/apps/platform/tests/Feature/Localization/EnvironmentContextTerminologyTest.php
@@ -18,7 +18,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $environment->workspace_id])
-        ->get('/admin/choose-tenant')
+        ->get('/admin/choose-environment')
         ->assertSuccessful()
         ->assertSee('Choose environment')
         ->assertSee('Select the environment for your normal active operating context.')
@@ -52,7 +52,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]))
+        ->get(route('admin.workspace.managed-environments.index', ['workspace' => $workspace]))
         ->assertSuccessful()
         ->assertSee('Managed environments')
         ->assertSee('Choose environment')
diff --git a/apps/platform/tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php b/apps/platform/tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php
index 38118e79..d65bca72 100644
--- a/apps/platform/tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php
+++ b/apps/platform/tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php
@@ -9,7 +9,49 @@
 uses(RefreshDatabase::class);
 
 it('does not keep the legacy Tenant model as active core truth', function (): void {
-    expect(file_exists(app_path('Models/Tenant.php')))->toBeFalse();
+    expect(file_exists(app_path('Models/Tenant.php')))->toBeFalse()
+        ->and(class_exists('App\\Models\\Tenant', false))->toBeFalse()
+        ->and(file_exists(base_path('database/factories/TenantFactory.php')))->toBeFalse()
+        ->and(class_exists('Database\\Factories\\TenantFactory', false))->toBeFalse();
+});
+
+it('does not keep tenant-named platform environment owners active', function (): void {
+    $legacyClasses = [
+        'App\\Filament\\Resources\\TenantResource',
+        'App\\Filament\\Resources\\TenantResource\\Pages\\ListTenants',
+        'App\\Filament\\Resources\\TenantResource\\Pages\\ViewTenant',
+        'App\\Filament\\Resources\\TenantResource\\Pages\\EditTenant',
+        'App\\Filament\\Resources\\TenantResource\\Pages\\ManageTenantMemberships',
+        'App\\Filament\\Resources\\TenantResource\\RelationManagers\\TenantMembershipsRelationManager',
+        'App\\Filament\\Pages\\TenantDashboard',
+        'App\\Filament\\Pages\\TenantDiagnostics',
+        'App\\Filament\\Pages\\TenantRequiredPermissions',
+    ];
+
+    foreach ($legacyClasses as $legacyClass) {
+        expect(class_exists($legacyClass, false))->toBeFalse($legacyClass.' must not remain active');
+    }
+
+    $legacyFiles = [
+        app_path('Filament/Resources/TenantResource.php'),
+        app_path('Filament/Resources/TenantResource/Pages/ListTenants.php'),
+        app_path('Filament/Resources/TenantResource/Pages/ViewTenant.php'),
+        app_path('Filament/Resources/TenantResource/Pages/EditTenant.php'),
+        app_path('Filament/Resources/TenantResource/Pages/ManageTenantMemberships.php'),
+        app_path('Filament/Resources/TenantResource/RelationManagers/TenantMembershipsRelationManager.php'),
+        app_path('Filament/Pages/TenantDashboard.php'),
+        app_path('Filament/Pages/TenantDiagnostics.php'),
+        app_path('Filament/Pages/TenantRequiredPermissions.php'),
+    ];
+
+    foreach ($legacyFiles as $legacyFile) {
+        expect(file_exists($legacyFile))->toBeFalse($legacyFile.' must be renamed');
+    }
+
+    expect(class_exists('App\\Filament\\Resources\\ManagedEnvironmentResource'))->toBeTrue()
+        ->and(class_exists('App\\Filament\\Pages\\EnvironmentDashboard'))->toBeTrue()
+        ->and(class_exists('App\\Filament\\Pages\\EnvironmentDiagnostics'))->toBeTrue()
+        ->and(class_exists('App\\Filament\\Pages\\EnvironmentRequiredPermissions'))->toBeTrue();
 });
 
 it('does not import App Models Tenant or bind Filament tenancy to Tenant class', function (): void {
diff --git a/apps/platform/tests/Feature/ManagedEnvironment/ManagedEnvironmentPanelContextTest.php b/apps/platform/tests/Feature/ManagedEnvironment/ManagedEnvironmentPanelContextTest.php
index a3d55fea..6456f65c 100644
--- a/apps/platform/tests/Feature/ManagedEnvironment/ManagedEnvironmentPanelContextTest.php
+++ b/apps/platform/tests/Feature/ManagedEnvironment/ManagedEnvironmentPanelContextTest.php
@@ -1,7 +1,7 @@
 <?php
 
-use App\Filament\Pages\ChooseTenant;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\ChooseEnvironment;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Models\Workspace;
 use App\Support\Workspaces\WorkspaceContext;
@@ -35,7 +35,7 @@
     ]);
 
     $tenants = Livewire::actingAs($user)
-        ->test(ChooseTenant::class)
+        ->test(ChooseEnvironment::class)
         ->instance()
         ->getTenants();
 
@@ -50,9 +50,9 @@
     ]);
 
     Livewire::actingAs($user)
-        ->test(ChooseTenant::class)
-        ->call('selectTenant', (int) $environment->getKey())
-        ->assertRedirect(TenantDashboard::getUrl(tenant: $environment));
+        ->test(ChooseEnvironment::class)
+        ->call('selectEnvironment', (int) $environment->getKey())
+        ->assertRedirect(EnvironmentDashboard::getUrl(tenant: $environment));
 
     expect(session(WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY))->toBe([
         (string) $environment->workspace_id => (int) $environment->getKey(),
@@ -66,6 +66,6 @@
         WorkspaceContext::SESSION_KEY => (int) $environment->workspace_id,
     ]);
 
-    expect(TenantDashboard::getUrl(tenant: $environment))
+    expect(EnvironmentDashboard::getUrl(tenant: $environment))
         ->toContain('/admin/workspaces/'.$environment->workspace->slug.'/environments/'.$environment->slug);
 });
diff --git a/apps/platform/tests/Feature/ManagedEnvironment/ManagedEnvironmentRouteBindingTest.php b/apps/platform/tests/Feature/ManagedEnvironment/ManagedEnvironmentRouteBindingTest.php
index 68ccc3bb..1cb1eea2 100644
--- a/apps/platform/tests/Feature/ManagedEnvironment/ManagedEnvironmentRouteBindingTest.php
+++ b/apps/platform/tests/Feature/ManagedEnvironment/ManagedEnvironmentRouteBindingTest.php
@@ -1,18 +1,19 @@
 <?php
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\Route;
 
 uses(RefreshDatabase::class);
 
 it('resolves the workspace environment shell by managed-environment slug during smoke login', function (): void {
     [$user, $environment] = createUserWithTenant(role: 'owner', workspaceRole: 'manager');
-    $redirect = (string) parse_url(TenantDashboard::getUrl(tenant: $environment), PHP_URL_PATH);
+    $redirect = (string) parse_url(EnvironmentDashboard::getUrl(tenant: $environment), PHP_URL_PATH);
 
     $this
         ->get(route('admin.local.smoke-login', [
@@ -45,13 +46,30 @@
         ->assertHeaderMissing('Location');
 });
 
+it('uses environment route parameters for canonical workspace environment routes', function (): void {
+    $routeNames = [
+        'admin.workspace.environments.show',
+        'admin.workspace.environments.diagnostics',
+        'admin.workspace.environments.access-scopes',
+        'filament.admin.pages.workspaces.{workspace}.environments.{environment}.required-permissions',
+    ];
+
+    foreach ($routeNames as $routeName) {
+        $route = Route::getRoutes()->getByName($routeName);
+
+        expect($route)->not->toBeNull($routeName.' must be registered')
+            ->and($route?->parameterNames())->toContain('environment')
+            ->and($route?->parameterNames())->not->toContain('tenant');
+    }
+});
+
 it('allows workspace members to inherit managed-environment access during smoke login', function (): void {
     $workspace = Workspace::factory()->create();
     $environment = ManagedEnvironment::factory()->create([
         'workspace_id' => (int) $workspace->getKey(),
     ]);
     $user = User::factory()->create();
-    $redirect = (string) parse_url(TenantDashboard::getUrl(tenant: $environment), PHP_URL_PATH);
+    $redirect = (string) parse_url(EnvironmentDashboard::getUrl(tenant: $environment), PHP_URL_PATH);
 
     WorkspaceMembership::factory()->create([
         'workspace_id' => (int) $workspace->getKey(),
diff --git a/apps/platform/tests/Feature/ManagedTenantOnboardingWizardTest.php b/apps/platform/tests/Feature/ManagedEnvironmentOnboardingWizardTest.php
similarity index 91%
rename from apps/platform/tests/Feature/ManagedTenantOnboardingWizardTest.php
rename to apps/platform/tests/Feature/ManagedEnvironmentOnboardingWizardTest.php
index 7d44a553..0e55033b 100644
--- a/apps/platform/tests/Feature/ManagedTenantOnboardingWizardTest.php
+++ b/apps/platform/tests/Feature/ManagedEnvironmentOnboardingWizardTest.php
@@ -2,13 +2,13 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\AuditLog;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantPermission;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentPermission;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -51,7 +51,7 @@ function seedManagedReadinessPermissions(ManagedEnvironment $tenant, ?int $stale
             continue;
         }
 
-        TenantPermission::query()->create([
+        ManagedEnvironmentPermission::query()->create([
             'managed_environment_id' => (int) $tenant->getKey(),
             'workspace_id' => (int) $tenant->workspace_id,
             'permission_key' => $key,
@@ -65,7 +65,7 @@ function seedManagedReadinessPermissions(ManagedEnvironment $tenant, ?int $stale
 }
 
 /**
- * @return array{0: User, 1: TenantOnboardingSession, 2: ProviderConnection, 3: OperationRun|null, 4: string|null}
+ * @return array{0: User, 1: ManagedEnvironmentOnboardingSession, 2: ProviderConnection, 3: OperationRun|null, 4: string|null}
  */
 function createManagedReadinessBlockerDraft(string $state): array
 {
@@ -155,7 +155,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         'current_step' => 'verify',
         'state' => array_filter([
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => $run instanceof OperationRun ? (int) $run->getKey() : null,
         ], static fn (mixed $value): bool => $value !== null),
@@ -194,14 +194,14 @@ function createManagedReadinessBlockerDraft(string $state): array
         ->assertForbidden();
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
+        ->test(ManagedEnvironmentOnboardingWizard::class)
         ->assertForbidden();
 
     expect(ManagedEnvironment::query()->count())->toBe(0);
-    expect(TenantOnboardingSession::query()->count())->toBe(0);
+    expect(ManagedEnvironmentOnboardingSession::query()->count())->toBe(0);
 });
 
-it('renders onboarding wizard for workspace owners and allows identifying a managed tenant', function (): void {
+it('renders onboarding wizard for workspace owners and allows identifying a managed environment', function (): void {
     $workspace = Workspace::factory()->create();
     $user = User::factory()->create();
 
@@ -219,8 +219,8 @@ function createManagedReadinessBlockerDraft(string $state): array
     $entraTenantId = '22222222-2222-2222-2222-222222222222';
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
-        ->call('identifyManagedTenant', [
+        ->test(ManagedEnvironmentOnboardingWizard::class)
+        ->call('identifyManagedEnvironment', [
             'entra_tenant_id' => $entraTenantId,
             'environment' => 'prod',
             'name' => 'Acme',
@@ -239,7 +239,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         'role' => 'readonly',
     ]);
 
-    $this->assertDatabaseHas('managed_tenant_onboarding_sessions', [
+    $this->assertDatabaseHas('managed_environment_onboarding_sessions', [
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => $entraTenantId,
@@ -262,7 +262,7 @@ function createManagedReadinessBlockerDraft(string $state): array
     $this->actingAs($user)
         ->get('/admin/onboarding')
         ->assertSuccessful()
-        ->assertSee('ManagedEnvironment ID (GUID)')
+        ->assertSee('Entra tenant ID (GUID)')
         ->assertSee('xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx', false);
 });
 
@@ -281,8 +281,8 @@ function createManagedReadinessBlockerDraft(string $state): array
     $entraTenantId = '34343434-3434-3434-3434-343434343434';
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
-        ->call('identifyManagedTenant', [
+        ->test(ManagedEnvironmentOnboardingWizard::class)
+        ->call('identifyManagedEnvironment', [
             'entra_tenant_id' => $entraTenantId,
             'environment' => 'prod',
             'name' => 'Target Scope ManagedEnvironment',
@@ -354,7 +354,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         ],
     ]);
 
-    TenantOnboardingSession::query()->create([
+    ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => $entraTenantId,
@@ -439,7 +439,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         ],
     ]);
 
-    $session = TenantOnboardingSession::query()->create([
+    $session = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => $entraTenantId,
@@ -454,7 +454,7 @@ function createManagedReadinessBlockerDraft(string $state): array
     ]);
 
     $component = Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()]);
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()]);
 
     $component
         ->assertDontSee('Bootstrap needs attention')
@@ -543,7 +543,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         ],
     ]);
 
-    $session = TenantOnboardingSession::query()->create([
+    $session = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => $entraTenantId,
@@ -559,7 +559,7 @@ function createManagedReadinessBlockerDraft(string $state): array
     ]);
 
     $component = Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()]);
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()]);
 
     $summaryMethod = new \ReflectionMethod($component->instance(), 'completionSummaryBootstrapSummary');
     $summaryMethod->setAccessible(true);
@@ -580,7 +580,7 @@ function createManagedReadinessBlockerDraft(string $state): array
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
+        ->test(ManagedEnvironmentOnboardingWizard::class)
         ->assertSet('data.notes', '')
         ->assertSet('data.bootstrap_operation_types', [])
         ->assertSet('data.override_blocked', false)
@@ -646,7 +646,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         ],
     ]);
 
-    $session = TenantOnboardingSession::query()->create([
+    $session = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => $entraTenantId,
@@ -660,7 +660,7 @@ function createManagedReadinessBlockerDraft(string $state): array
     ]);
 
     $component = Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()]);
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()]);
 
     $persistMethod = new \ReflectionMethod($component->instance(), 'persistBootstrapSelection');
     $persistMethod->setAccessible(true);
@@ -734,7 +734,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         ],
     ]);
 
-    $session = TenantOnboardingSession::query()->create([
+    $session = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => $tenantGuid,
@@ -755,7 +755,7 @@ function createManagedReadinessBlockerDraft(string $state): array
     ]);
 
     $component = Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()]);
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()]);
 
     $normalizeMethod = new \ReflectionMethod($component->instance(), 'normalizeBootstrapOperationTypes');
     $normalizeMethod->setAccessible(true);
@@ -793,14 +793,14 @@ function createManagedReadinessBlockerDraft(string $state): array
         $tenant->getKey() => ['role' => 'owner'],
     ]);
 
-    $draft = TenantOnboardingSession::query()->create([
+    $draft = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => 999999,
         ],
         'started_by_user_id' => (int) $user->getKey(),
@@ -810,7 +810,7 @@ function createManagedReadinessBlockerDraft(string $state): array
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $draft->getKey()])
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $draft->getKey()])
         ->assertWizardCurrentStep(2)
         ->assertSet('selectedProviderConnectionId', null)
         ->assertSet('data.provider_connection_id', null);
@@ -830,9 +830,9 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $entraTenantId = '55555555-5555-5555-5555-555555555555';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Dedicated ManagedEnvironment',
@@ -876,9 +876,9 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $entraTenantId = '66666666-6666-6666-6666-666666666666';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Managed ManagedEnvironment',
@@ -910,22 +910,22 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $entraTenantId = '33333333-3333-3333-3333-333333333333';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Acme',
     ]);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Acme',
     ]);
 
     expect(ManagedEnvironment::query()->where('slug', $entraTenantId)->count())->toBe(1);
-    expect(TenantOnboardingSession::query()
+    expect(ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('entra_tenant_id', $entraTenantId)
         ->whereNull('completed_at')
@@ -961,8 +961,8 @@ function createManagedReadinessBlockerDraft(string $state): array
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspaceB->getKey());
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
-        ->call('identifyManagedTenant', [
+        ->test(ManagedEnvironmentOnboardingWizard::class)
+        ->call('identifyManagedEnvironment', [
             'entra_tenant_id' => $entraTenantId,
             'environment' => 'prod',
             'name' => 'Other Workspace',
@@ -999,13 +999,13 @@ function createManagedReadinessBlockerDraft(string $state): array
         'current_step' => 'connection',
         'state' => [
             'entra_tenant_id' => '77777777-7777-7777-7777-777777777777',
-            'tenant_name' => 'Resume Draft',
+            'environment_name' => 'Resume Draft',
             'provider_connection_id' => 42,
         ],
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
         ->assertSuccessful()
@@ -1052,7 +1052,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
         ],
     ]);
@@ -1137,7 +1137,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         'current_step' => 'complete',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
@@ -1194,7 +1194,7 @@ function createManagedReadinessBlockerDraft(string $state): array
 it('shows permission diagnostics as a fallback when no verification report is present', function (): void {
     [$user, $draft] = createManagedReadinessBlockerDraft('missing_consent');
 
-    $tenant = $draft->tenant()->firstOrFail();
+    $tenant = $draft->managedEnvironment()->firstOrFail();
     $missingKey = seedManagedReadinessPermissions($tenant);
 
     $response = $this->actingAs($user)
@@ -1271,7 +1271,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         'current_step' => 'complete',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
@@ -1359,7 +1359,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         'current_step' => 'complete',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $selectedConnection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
@@ -1396,7 +1396,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         'entra_tenant_id' => '88888888-8888-8888-8888-888888888888',
         'state' => [
             'entra_tenant_id' => '88888888-8888-8888-8888-888888888888',
-            'tenant_name' => 'Existing Draft ManagedEnvironment',
+            'environment_name' => 'Existing Draft ManagedEnvironment',
         ],
     ]);
 
@@ -1407,20 +1407,20 @@ function createManagedReadinessBlockerDraft(string $state): array
         'entra_tenant_id' => '12121212-1212-1212-1212-121212121212',
         'state' => [
             'entra_tenant_id' => '12121212-1212-1212-1212-121212121212',
-            'tenant_name' => 'Keep Landing Stable',
+            'environment_name' => 'Keep Landing Stable',
         ],
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
-        ->call('identifyManagedTenant', [
+        ->test(ManagedEnvironmentOnboardingWizard::class)
+        ->call('identifyManagedEnvironment', [
             'entra_tenant_id' => '88888888-8888-8888-8888-888888888888',
             'environment' => 'prod',
             'name' => 'Existing Draft ManagedEnvironment',
         ])
         ->assertRedirect(route('admin.onboarding.draft', ['onboardingDraft' => $existingDraft->getKey()]));
 
-    expect(TenantOnboardingSession::query()
+    expect(ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('entra_tenant_id', '88888888-8888-8888-8888-888888888888')
         ->count())->toBe(1);
@@ -1444,7 +1444,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => '99999999-9999-9999-9999-999999999999',
-            'tenant_name' => 'Resume Me',
+            'environment_name' => 'Resume Me',
         ],
     ]);
 
@@ -1454,12 +1454,12 @@ function createManagedReadinessBlockerDraft(string $state): array
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa',
-            'tenant_name' => 'Leave Me',
+            'environment_name' => 'Leave Me',
         ],
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
+        ->test(ManagedEnvironmentOnboardingWizard::class)
         ->callAction(
             TestAction::make('resume_draft_'.$draftToResume->getKey())
                 ->schemaComponent('draft_picker_actions_'.$draftToResume->getKey())
@@ -1485,21 +1485,21 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $tenantGuid = '22222222-2222-2222-2222-222222222222';
 
-    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspace]);
+    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspace]);
 
-    $component->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
-    $component->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
+    $component->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
+    $component->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
 
     expect(ManagedEnvironment::query()->where('managed_environment_id', $tenantGuid)->count())->toBe(1);
 
     $tenant = ManagedEnvironment::query()->where('managed_environment_id', $tenantGuid)->firstOrFail();
 
-    expect(TenantOnboardingSession::query()
+    expect(ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', $workspace->getKey())
         ->where('managed_environment_id', $tenant->getKey())
         ->count())->toBe(1);
 
-    $this->assertDatabaseHas('managed_tenant_onboarding_sessions', [
+    $this->assertDatabaseHas('managed_environment_onboarding_sessions', [
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
     ]);
@@ -1528,13 +1528,13 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $this->actingAs($user);
 
-    Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspaceB])
-        ->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme'])
+    Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspaceB])
+        ->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme'])
         ->assertStatus(404);
 
     expect(ManagedEnvironment::query()->where('managed_environment_id', $tenantGuid)->count())->toBe(1);
 
-    expect(TenantOnboardingSession::query()
+    expect(ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', $workspaceB->getKey())
         ->whereIn('managed_environment_id', ManagedEnvironment::query()->where('managed_environment_id', $tenantGuid)->pluck('id'))
         ->count())->toBe(0);
@@ -1580,8 +1580,8 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $this->actingAs($user);
 
-    Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspace])
-        ->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme'])
+    Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspace])
+        ->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme'])
         ->assertOk();
 
     $this->assertDatabaseHas('tenants', [
@@ -1628,13 +1628,13 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $this->actingAs($user);
 
-    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspace]);
+    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspace]);
 
-    $component->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
+    $component->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
 
     $component->assertSet('selectedProviderConnectionId', (int) $default->getKey());
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->firstOrFail();
@@ -1664,8 +1664,8 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $tenantGuid = '77777777-7777-7777-7777-777777777777';
 
-    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspace]);
-    $component->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
+    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspace]);
+    $component->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
 
     $tenant = ManagedEnvironment::query()->where('managed_environment_id', $tenantGuid)->firstOrFail();
 
@@ -1693,11 +1693,11 @@ function createManagedReadinessBlockerDraft(string $state): array
     $this->assertDatabaseHas('audit_logs', [
         'workspace_id' => (int) $workspace->getKey(),
         'actor_id' => (int) $user->getKey(),
-        'action' => 'managed_tenant_onboarding.verification_start',
+        'action' => 'managed_environment_onboarding.verification_start',
         'resource_type' => 'operation_run',
     ]);
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->firstOrFail();
@@ -1720,10 +1720,10 @@ function createManagedReadinessBlockerDraft(string $state): array
     $tenantGuid = 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa';
     $secret = 'super-secret-123';
 
-    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspace]);
+    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspace]);
 
     $component
-        ->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme'])
+        ->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme'])
         ->call('createProviderConnection', [
             'display_name' => 'Onboarding Connection',
             'client_id' => 'client-id-1',
@@ -1743,7 +1743,7 @@ function createManagedReadinessBlockerDraft(string $state): array
     expect($connection->credential)->toBeInstanceOf(ProviderCredential::class);
     expect($connection->credential->toArray())->not->toHaveKey('payload');
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->firstOrFail();
@@ -1770,8 +1770,8 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $tenantGuid = 'bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb';
 
-    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspace]);
-    $component->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
+    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspace]);
+    $component->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
 
     $tenant = ManagedEnvironment::query()->where('managed_environment_id', $tenantGuid)->firstOrFail();
 
@@ -1822,8 +1822,8 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $this->actingAs($initiator);
 
-    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspace]);
-    $component->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
+    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspace]);
+    $component->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
 
     $tenant = ManagedEnvironment::query()->where('managed_environment_id', $tenantGuid)->firstOrFail();
 
@@ -1834,7 +1834,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         'is_default' => true,
     ]);
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->firstOrFail();
@@ -1847,7 +1847,7 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $this->actingAs($resumer);
 
-    Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspace])
+    Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspace])
         ->call('startVerification');
 
     Bus::assertDispatched(\App\Jobs\ProviderConnectionHealthCheckJob::class);
@@ -1867,8 +1867,8 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $tenantGuid = 'dddddddd-dddd-dddd-dddd-dddddddddddd';
 
-    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspace]);
-    $component->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
+    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspace]);
+    $component->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
 
     $tenant = ManagedEnvironment::query()->where('managed_environment_id', $tenantGuid)->firstOrFail();
 
@@ -1892,7 +1892,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         ],
     ]);
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->firstOrFail();
@@ -1906,7 +1906,7 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $component
         ->call('completeOnboarding')
-        ->assertRedirect(TenantDashboard::getUrl(tenant: $tenant));
+        ->assertRedirect(EnvironmentDashboard::getUrl(tenant: $tenant));
 
     $tenant->refresh();
     expect($tenant->status)->toBe('active');
@@ -1931,8 +1931,8 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $tenantGuid = 'eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee';
 
-    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspace]);
-    $component->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
+    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspace]);
+    $component->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
 
     $tenant = ManagedEnvironment::query()->where('managed_environment_id', $tenantGuid)->firstOrFail();
 
@@ -1956,7 +1956,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         ],
     ]);
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->firstOrFail();
@@ -1994,7 +1994,7 @@ function createManagedReadinessBlockerDraft(string $state): array
     expect($session->state['bootstrap_operation_types'] ?? null)->toBe(['inventory.sync', 'compliance.snapshot']);
 
     $audit = AuditLog::query()
-        ->where('action', AuditActionId::ManagedTenantOnboardingBootstrapStarted->value)
+        ->where('action', AuditActionId::ManagedEnvironmentOnboardingBootstrapStarted->value)
         ->latest('id')
         ->firstOrFail();
 
@@ -2018,8 +2018,8 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $tenantGuid = 'ffffffff-ffff-ffff-ffff-ffffffffffff';
 
-    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspace]);
-    $component->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
+    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspace]);
+    $component->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
 
     $tenant = ManagedEnvironment::query()->where('managed_environment_id', $tenantGuid)->firstOrFail();
 
@@ -2043,7 +2043,7 @@ function createManagedReadinessBlockerDraft(string $state): array
         ],
     ]);
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->firstOrFail();
@@ -2100,8 +2100,8 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $tenantGuid = '88888888-8888-8888-8888-888888888888';
 
-    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspace]);
-    $component->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
+    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspace]);
+    $component->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
 
     $tenant = ManagedEnvironment::query()->where('managed_environment_id', $tenantGuid)->firstOrFail();
 
@@ -2151,8 +2151,8 @@ function createManagedReadinessBlockerDraft(string $state): array
 
     $tenantGuid = '99999999-9999-9999-9999-999999999999';
 
-    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard::class, ['workspace' => $workspace]);
-    $component->call('identifyManagedTenant', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
+    $component = Livewire::test(\App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard::class, ['workspace' => $workspace]);
+    $component->call('identifyManagedEnvironment', ['managed_environment_id' => $tenantGuid, 'name' => 'Acme']);
 
     $tenant = ManagedEnvironment::query()->where('managed_environment_id', $tenantGuid)->firstOrFail();
 
@@ -2204,15 +2204,15 @@ function createManagedReadinessBlockerDraft(string $state): array
 });
 
 it('registers the onboarding capability in the canonical registry', function (): void {
-    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD))->toBeTrue();
+    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD))->toBeTrue();
 });
 
 it('maps onboarding capability to owner and manager workspace roles', function (): void {
-    expect(WorkspaceRoleCapabilityMap::hasCapability('owner', Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD))->toBeTrue();
-    expect(WorkspaceRoleCapabilityMap::hasCapability('manager', Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD))->toBeTrue();
+    expect(WorkspaceRoleCapabilityMap::hasCapability('owner', Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD))->toBeTrue();
+    expect(WorkspaceRoleCapabilityMap::hasCapability('manager', Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD))->toBeTrue();
 
-    expect(WorkspaceRoleCapabilityMap::hasCapability('operator', Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD))->toBeFalse();
-    expect(WorkspaceRoleCapabilityMap::hasCapability('readonly', Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD))->toBeFalse();
+    expect(WorkspaceRoleCapabilityMap::hasCapability('operator', Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD))->toBeFalse();
+    expect(WorkspaceRoleCapabilityMap::hasCapability('readonly', Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD))->toBeFalse();
 });
 
 it('authorizes onboarding via Gate for owner and manager memberships', function (): void {
@@ -2239,9 +2239,9 @@ function createManagedReadinessBlockerDraft(string $state): array
         'role' => 'readonly',
     ]);
 
-    expect(Gate::forUser($owner)->allows(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD, $workspace))->toBeTrue();
-    expect(Gate::forUser($manager)->allows(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD, $workspace))->toBeTrue();
-    expect(Gate::forUser($readonly)->allows(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD, $workspace))->toBeFalse();
+    expect(Gate::forUser($owner)->allows(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD, $workspace))->toBeTrue();
+    expect(Gate::forUser($manager)->allows(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD, $workspace))->toBeTrue();
+    expect(Gate::forUser($readonly)->allows(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD, $workspace))->toBeFalse();
 });
 
 it('keeps filament tenant routing key stable for workspace environment routes', function (): void {
@@ -2254,7 +2254,7 @@ function createManagedReadinessBlockerDraft(string $state): array
     );
 
     $this->actingAs($user)
-        ->get(TenantDashboard::getUrl(tenant: $tenant))
+        ->get(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertSuccessful();
 
     $tenant->refresh();
@@ -2262,10 +2262,10 @@ function createManagedReadinessBlockerDraft(string $state): array
     expect($tenant->external_id)->toBe($tenant->managed_environment_id);
 });
 
-it('can persist a tenant onboarding session row', function (): void {
+it('can persist a managed environment onboarding session row', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    $session = TenantOnboardingSession::query()->create([
+    $session = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $tenant->workspace_id,
         'managed_environment_id' => (int) $tenant->getKey(),
         'current_step' => 'identify',
@@ -2275,7 +2275,7 @@ function createManagedReadinessBlockerDraft(string $state): array
     ]);
 
     expect($session->exists)->toBeTrue();
-    $this->assertDatabaseHas('managed_tenant_onboarding_sessions', [
+    $this->assertDatabaseHas('managed_environment_onboarding_sessions', [
         'id' => $session->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
         'managed_environment_id' => (int) $tenant->getKey(),
diff --git a/apps/platform/tests/Feature/ManagedTenants/AuthorizationSemanticsTest.php b/apps/platform/tests/Feature/ManagedEnvironments/AuthorizationSemanticsTest.php
similarity index 92%
rename from apps/platform/tests/Feature/ManagedTenants/AuthorizationSemanticsTest.php
rename to apps/platform/tests/Feature/ManagedEnvironments/AuthorizationSemanticsTest.php
index 49f6b3cd..24829d5f 100644
--- a/apps/platform/tests/Feature/ManagedTenants/AuthorizationSemanticsTest.php
+++ b/apps/platform/tests/Feature/ManagedEnvironments/AuthorizationSemanticsTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Resources\EvidenceSnapshotResource;
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\EvidenceSnapshot;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
@@ -15,13 +15,14 @@
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Support\Facades\Gate;
 
-it('returns 403 for a member without managed-tenant manage capability when accessing edit', function (): void {
+it('routes legacy managed-environment edit helpers to the inspectable environment dashboard', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user] = createUserWithTenant($tenant, role: 'readonly');
 
     $this->actingAs($user)
-        ->get(TenantResource::getUrl('edit', ['record' => $tenant]))
-        ->assertForbidden();
+        ->get(ManagedEnvironmentResource::getUrl('edit', ['record' => $tenant]))
+        ->assertSuccessful()
+        ->assertSee('Environment governance overview');
 });
 
 it('returns 404 for a non-member attempting to access a workspace managed-tenant list', function (): void {
diff --git a/apps/platform/tests/Feature/ManagedTenants/OnboardingRedirectTest.php b/apps/platform/tests/Feature/ManagedEnvironments/OnboardingRedirectTest.php
similarity index 100%
rename from apps/platform/tests/Feature/ManagedTenants/OnboardingRedirectTest.php
rename to apps/platform/tests/Feature/ManagedEnvironments/OnboardingRedirectTest.php
diff --git a/apps/platform/tests/Feature/Monitoring/ArtifactTruthManualCasesDataset.php b/apps/platform/tests/Feature/Monitoring/ArtifactTruthManualCasesDataset.php
index 91f4ac14..498e32e2 100644
--- a/apps/platform/tests/Feature/Monitoring/ArtifactTruthManualCasesDataset.php
+++ b/apps/platform/tests/Feature/Monitoring/ArtifactTruthManualCasesDataset.php
@@ -11,9 +11,9 @@
     'healthy evidence snapshot' => [BadgeDomain::GovernanceArtifactContent, 'trusted'],
     'partial evidence snapshot' => [BadgeDomain::GovernanceArtifactContent, 'partial'],
     'stale evidence snapshot' => [BadgeDomain::GovernanceArtifactFreshness, 'stale'],
-    'internal tenant review' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'internal_only'],
-    'blocked tenant review' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'blocked'],
-    'publishable tenant review' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'publishable'],
+    'internal environment review' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'internal_only'],
+    'blocked environment review' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'blocked'],
+    'publishable environment review' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'publishable'],
     'historical review pack' => [BadgeDomain::GovernanceArtifactExistence, 'historical_only'],
     'blocked review pack' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'blocked'],
     'artifact requires action' => [BadgeDomain::GovernanceArtifactActionability, 'required'],
diff --git a/apps/platform/tests/Feature/Monitoring/ArtifactTruthRunDetailTest.php b/apps/platform/tests/Feature/Monitoring/ArtifactTruthRunDetailTest.php
index e31fc85d..3cb20db8 100644
--- a/apps/platform/tests/Feature/Monitoring/ArtifactTruthRunDetailTest.php
+++ b/apps/platform/tests/Feature/Monitoring/ArtifactTruthRunDetailTest.php
@@ -56,7 +56,7 @@
 
     $run = $this->makeArtifactTruthRun(
         tenant: $tenant,
-        type: 'tenant.review.compose',
+        type: 'environment.review.compose',
         context: [
             'managed_environment_id' => (int) $tenant->getKey(),
             'workspace_id' => (int) $tenant->workspace_id,
diff --git a/apps/platform/tests/Feature/Monitoring/AuditCoverageGovernanceTest.php b/apps/platform/tests/Feature/Monitoring/AuditCoverageGovernanceTest.php
index 9a2f9207..cbac366d 100644
--- a/apps/platform/tests/Feature/Monitoring/AuditCoverageGovernanceTest.php
+++ b/apps/platform/tests/Feature/Monitoring/AuditCoverageGovernanceTest.php
@@ -41,7 +41,7 @@
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
         ],
         initiator: $user,
@@ -102,7 +102,7 @@
         identityInputs: ['baseline_profile_id' => (int) $profile->getKey()],
         context: [
             'baseline_profile_id' => (int) $profile->getKey(),
-            'source_tenant_id' => (int) $tenant->getKey(),
+            'source_environment_id' => (int) $tenant->getKey(),
             'effective_scope' => ['policy_types' => ['deviceConfiguration'], 'foundation_types' => []],
             'baseline_capture' => [
                 'inventory_sync_run_id' => (int) $inventorySyncRun->getKey(),
diff --git a/apps/platform/tests/Feature/Monitoring/GovernanceOperationRunSummariesTest.php b/apps/platform/tests/Feature/Monitoring/GovernanceOperationRunSummariesTest.php
index 90c12091..5fb2b7b1 100644
--- a/apps/platform/tests/Feature/Monitoring/GovernanceOperationRunSummariesTest.php
+++ b/apps/platform/tests/Feature/Monitoring/GovernanceOperationRunSummariesTest.php
@@ -144,7 +144,7 @@ function governanceRunViewer(TestCase $testCase, $user, ManagedEnvironment $tena
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
 
-    $run = $this->makeArtifactTruthRun($tenant, 'tenant.review.compose');
+    $run = $this->makeArtifactTruthRun($tenant, 'environment.review.compose');
     $snapshot = $this->makeStaleArtifactTruthEvidenceSnapshot($tenant);
 
     $this->makeArtifactTruthReview(
diff --git a/apps/platform/tests/Feature/Monitoring/GovernanceRunExplanationFallbackTest.php b/apps/platform/tests/Feature/Monitoring/GovernanceRunExplanationFallbackTest.php
index 5360bfdf..742d3c98 100644
--- a/apps/platform/tests/Feature/Monitoring/GovernanceRunExplanationFallbackTest.php
+++ b/apps/platform/tests/Feature/Monitoring/GovernanceRunExplanationFallbackTest.php
@@ -18,7 +18,7 @@
 
     $run = $this->makeArtifactTruthRun(
         tenant: $tenant,
-        type: 'tenant.review.compose',
+        type: 'environment.review.compose',
         context: [
             'managed_environment_id' => (int) $tenant->getKey(),
             'workspace_id' => (int) $tenant->workspace_id,
diff --git a/apps/platform/tests/Feature/Monitoring/HeaderContextBarTest.php b/apps/platform/tests/Feature/Monitoring/HeaderContextBarTest.php
index 68bd90a6..b7ffb4f7 100644
--- a/apps/platform/tests/Feature/Monitoring/HeaderContextBarTest.php
+++ b/apps/platform/tests/Feature/Monitoring/HeaderContextBarTest.php
@@ -29,7 +29,7 @@
         ->assertSee($workspaceName ?? 'Select workspace')
             ->assertSee(__('localization.shell.search_environments'))
         ->assertSee('Switch workspace')
-        ->assertSee('admin/select-tenant')
+        ->assertSee('admin/select-environment')
         ->assertSee(__('localization.shell.clear_environment_scope'))
         ->assertSee($tenant->getFilamentName());
 
@@ -46,7 +46,7 @@
         ->withSession([
             WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
         ])
-        ->post(route('admin.select-tenant'), ['managed_environment_id' => (int) $tenant->getKey()])
+        ->post(route('admin.select-environment'), ['managed_environment_id' => (int) $tenant->getKey()])
         ->assertRedirect();
 });
 
diff --git a/apps/platform/tests/Feature/Notifications/OperationRunNotificationTest.php b/apps/platform/tests/Feature/Notifications/OperationRunNotificationTest.php
index 0abdd723..96d9fd8b 100644
--- a/apps/platform/tests/Feature/Notifications/OperationRunNotificationTest.php
+++ b/apps/platform/tests/Feature/Notifications/OperationRunNotificationTest.php
@@ -88,7 +88,7 @@ function spec230ExpectedNotificationIcon(string $status): string
     expect($user->notifications()->count())->toBe(0);
 });
 
-it('uses a tenantless view link for managed tenant onboarding wizard runs', function () {
+it('uses a tenantless view link for managed environment onboarding wizard runs', function () {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
     $this->actingAs($user);
 
@@ -101,7 +101,7 @@ function spec230ExpectedNotificationIcon(string $status): string
         'outcome' => 'pending',
         'context' => [
             'wizard' => [
-                'flow' => 'managed_tenant_onboarding',
+                'flow' => 'managed_environment_onboarding',
                 'step' => 'verification',
             ],
         ],
diff --git a/apps/platform/tests/Feature/Onboarding/TenantLifecyclePresentationCopyTest.php b/apps/platform/tests/Feature/Onboarding/EnvironmentLifecyclePresentationCopyTest.php
similarity index 79%
rename from apps/platform/tests/Feature/Onboarding/TenantLifecyclePresentationCopyTest.php
rename to apps/platform/tests/Feature/Onboarding/EnvironmentLifecyclePresentationCopyTest.php
index ac4a74d5..2efbe348 100644
--- a/apps/platform/tests/Feature/Onboarding/TenantLifecyclePresentationCopyTest.php
+++ b/apps/platform/tests/Feature/Onboarding/EnvironmentLifecyclePresentationCopyTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\Workspace;
@@ -13,7 +13,7 @@
 
 uses(RefreshDatabase::class);
 
-it('shows canonical lifecycle copy on selectable tenant cards', function (): void {
+it('shows canonical lifecycle copy on selectable environment cards', function (): void {
     $workspace = Workspace::factory()->create(['name' => 'Workspace A']);
     $user = User::factory()->create();
 
@@ -34,14 +34,14 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get('/admin/choose-tenant')
+        ->get('/admin/choose-environment')
         ->assertSuccessful()
         ->assertSee('Active Card ManagedEnvironment')
         ->assertSee('Active')
         ->assertSee('Active environment available for normal operations.');
 });
 
-it('labels the onboarding linked tenant action with the canonical lifecycle name', function (): void {
+it('labels the onboarding linked environment action with the canonical lifecycle name', function (): void {
     $workspace = Workspace::factory()->create();
     $tenant = ManagedEnvironment::factory()->onboarding()->create([
         'workspace_id' => (int) $workspace->getKey(),
@@ -58,13 +58,13 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
         ],
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
-        ->assertActionHasLabel('view_linked_tenant', 'View tenant (Onboarding)');
+        ->assertActionHasLabel('view_linked_environment', 'View environment (Onboarding)');
 });
diff --git a/apps/platform/tests/Feature/Onboarding/ManagedTenantOnboardingCapabilityAssistTest.php b/apps/platform/tests/Feature/Onboarding/ManagedEnvironmentOnboardingCapabilityAssistTest.php
similarity index 94%
rename from apps/platform/tests/Feature/Onboarding/ManagedTenantOnboardingCapabilityAssistTest.php
rename to apps/platform/tests/Feature/Onboarding/ManagedEnvironmentOnboardingCapabilityAssistTest.php
index 83559f45..305feb6b 100644
--- a/apps/platform/tests/Feature/Onboarding/ManagedTenantOnboardingCapabilityAssistTest.php
+++ b/apps/platform/tests/Feature/Onboarding/ManagedEnvironmentOnboardingCapabilityAssistTest.php
@@ -10,7 +10,7 @@
 
 uses(RefreshDatabase::class);
 
-it('adds capability-first guidance to managed tenant onboarding permission assist', function (): void {
+it('adds capability-first guidance to managed environment onboarding permission assist', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner', ensureDefaultMicrosoftProviderConnection: false);
 
     $connection = ProviderConnection::factory()->consentGranted()->create([
diff --git a/apps/platform/tests/Feature/Onboarding/ManagedTenantOnboardingEntitlementTest.php b/apps/platform/tests/Feature/Onboarding/ManagedEnvironmentOnboardingEntitlementTest.php
similarity index 93%
rename from apps/platform/tests/Feature/Onboarding/ManagedTenantOnboardingEntitlementTest.php
rename to apps/platform/tests/Feature/Onboarding/ManagedEnvironmentOnboardingEntitlementTest.php
index 44bddaf8..d280bf18 100644
--- a/apps/platform/tests/Feature/Onboarding/ManagedTenantOnboardingEntitlementTest.php
+++ b/apps/platform/tests/Feature/Onboarding/ManagedEnvironmentOnboardingEntitlementTest.php
@@ -2,13 +2,13 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\AuditLog;
 use App\Models\OperationRun;
 use App\Models\PlatformUser;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Services\Entitlements\WorkspaceCommercialLifecycleResolver;
@@ -22,7 +22,7 @@
 use Livewire\Livewire;
 
 /**
- * @return array{workspace: Workspace, user: User, tenant: ManagedEnvironment, draft: TenantOnboardingSession, component: \Livewire\Features\SupportTesting\Testable}
+ * @return array{workspace: Workspace, user: User, tenant: ManagedEnvironment, draft: ManagedEnvironmentOnboardingSession, component: \Livewire\Features\SupportTesting\Testable}
  */
 function readyOnboardingEntitlementContext(
     int $activeTenantCount = 0,
@@ -92,7 +92,7 @@ function readyOnboardingEntitlementContext(
         'current_step' => 'bootstrap',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
@@ -152,14 +152,14 @@ function readyOnboardingEntitlementContext(
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class, [
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class, [
         'onboardingDraft' => (int) $draft->getKey(),
     ]);
 
     return compact('workspace', 'user', 'tenant', 'draft', 'component');
 }
 
-it('allows onboarding activation when the workspace is within its managed tenant limit', function (): void {
+it('allows onboarding activation when the workspace is within its managed environment limit', function (): void {
     $context = readyOnboardingEntitlementContext(activeTenantCount: 0);
 
     $context['component']->call('completeOnboarding');
@@ -169,7 +169,7 @@ function readyOnboardingEntitlementContext(
     expect($context['tenant']->status)->toBe(ManagedEnvironment::STATUS_ACTIVE)
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $context['workspace']->getKey())
-            ->where('action', 'managed_tenant_onboarding.activation')
+            ->where('action', 'managed_environment_onboarding.activation')
             ->exists())->toBeTrue();
 });
 
@@ -197,7 +197,7 @@ function readyOnboardingEntitlementContext(
     expect($context['tenant']->status)->toBe(ManagedEnvironment::STATUS_ONBOARDING)
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $context['workspace']->getKey())
-            ->where('action', 'managed_tenant_onboarding.activation')
+            ->where('action', 'managed_environment_onboarding.activation')
             ->exists())->toBeFalse();
 });
 
@@ -245,7 +245,7 @@ function readyOnboardingEntitlementContext(
     expect($context['tenant']->status)->toBe(ManagedEnvironment::STATUS_ACTIVE)
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $context['workspace']->getKey())
-            ->where('action', 'managed_tenant_onboarding.activation')
+            ->where('action', 'managed_environment_onboarding.activation')
             ->exists())->toBeTrue();
 });
 
@@ -289,7 +289,7 @@ function readyOnboardingEntitlementContext(
     expect($context['tenant']->status)->toBe(ManagedEnvironment::STATUS_ONBOARDING)
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $context['workspace']->getKey())
-            ->where('action', 'managed_tenant_onboarding.activation')
+            ->where('action', 'managed_environment_onboarding.activation')
             ->exists())->toBeFalse();
 });
 
@@ -310,6 +310,6 @@ function readyOnboardingEntitlementContext(
     expect($context['tenant']->status)->toBe(ManagedEnvironment::STATUS_ONBOARDING)
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $context['workspace']->getKey())
-            ->where('action', 'managed_tenant_onboarding.activation')
+            ->where('action', 'managed_environment_onboarding.activation')
             ->exists())->toBeFalse();
 });
diff --git a/apps/platform/tests/Feature/Onboarding/ManagedTenantOnboardingProviderConnectionScopeTest.php b/apps/platform/tests/Feature/Onboarding/ManagedEnvironmentOnboardingProviderConnectionScopeTest.php
similarity index 88%
rename from apps/platform/tests/Feature/Onboarding/ManagedTenantOnboardingProviderConnectionScopeTest.php
rename to apps/platform/tests/Feature/Onboarding/ManagedEnvironmentOnboardingProviderConnectionScopeTest.php
index 7c173cbb..85e3e01c 100644
--- a/apps/platform/tests/Feature/Onboarding/ManagedTenantOnboardingProviderConnectionScopeTest.php
+++ b/apps/platform/tests/Feature/Onboarding/ManagedEnvironmentOnboardingProviderConnectionScopeTest.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\ProviderConnection;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Livewire\Livewire;
@@ -24,7 +24,7 @@
         'verification_status' => 'healthy',
     ]);
 
-    $draft = TenantOnboardingSession::query()->create([
+    $draft = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $tenant->workspace_id,
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => '77777777-7777-7777-7777-777777777777',
@@ -39,7 +39,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
     $component = Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $draft->getKey()]);
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $draft->getKey()]);
 
     $method = new ReflectionMethod($component->instance(), 'readinessProviderSummary');
     $method->setAccessible(true);
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingActivationTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingActivationTest.php
index 7d37d53c..cc0995bb 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingActivationTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingActivationTest.php
@@ -2,12 +2,12 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\AuditLog;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -34,9 +34,9 @@
 
     $entraTenantId = '88888888-8888-8888-8888-888888888888';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Acme',
@@ -70,7 +70,7 @@
         ],
     ]);
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('entra_tenant_id', $entraTenantId)
         ->firstOrFail();
@@ -109,9 +109,9 @@
 
     $entraTenantId = '99999999-9999-9999-9999-999999999999';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Acme',
@@ -154,11 +154,11 @@
 
     expect(AuditLog::query()
         ->where('workspace_id', (int) $workspace->getKey())
-        ->where('action', 'managed_tenant_onboarding.activation')
+        ->where('action', 'managed_environment_onboarding.activation')
         ->exists())->toBeTrue()
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $workspace->getKey())
-            ->where('action', 'managed_tenant_onboarding.activation_override_used')
+            ->where('action', 'managed_environment_onboarding.activation_override_used')
             ->exists())->toBeTrue();
 });
 
@@ -178,9 +178,9 @@
 
     $entraTenantId = '12121212-3434-5656-7878-909090909090';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Blocked By Report',
@@ -228,7 +228,7 @@
         ],
     ]);
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('entra_tenant_id', $entraTenantId)
         ->firstOrFail();
@@ -318,7 +318,7 @@
         'current_step' => 'bootstrap',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
@@ -326,7 +326,7 @@
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspaceA->getKey());
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class, [
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class, [
         'onboardingDraft' => (int) $draft->getKey(),
     ]);
 
@@ -340,8 +340,8 @@
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $workspaceA->getKey())
             ->whereIn('action', [
-                'managed_tenant_onboarding.activation',
-                'managed_tenant_onboarding.activation_override_used',
+                'managed_environment_onboarding.activation',
+                'managed_environment_onboarding.activation_override_used',
             ])
             ->exists())->toBeFalse();
 });
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingDraftAccessTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingDraftAccessTest.php
index 0d1788af..cf353ea8 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingDraftAccessTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingDraftAccessTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
@@ -212,7 +212,7 @@
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
@@ -282,7 +282,7 @@
         'current_step' => 'bootstrap',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'environment' => 'prod',
             'notes' => 'Canonical persisted note',
             'provider_connection_id' => (int) $connection->getKey(),
@@ -293,7 +293,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
         ->assertSet('onboardingSessionId', (int) $draft->getKey())
@@ -359,7 +359,7 @@
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
         ],
     ]);
@@ -372,7 +372,7 @@
         'current_step' => 'connection',
         'state' => [
             'entra_tenant_id' => (string) $otherTenant->managed_environment_id,
-            'tenant_name' => (string) $otherTenant->name,
+            'environment_name' => (string) $otherTenant->name,
             'provider_connection_id' => (int) $otherConnection->getKey(),
         ],
     ]);
@@ -380,14 +380,14 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
         ->set('onboardingSession', $otherDraft)
-        ->set('managedTenant', $otherTenant)
+        ->set('managedEnvironment', $otherTenant)
         ->call('refreshCheckpointLifecycle')
         ->assertSet('onboardingSessionId', (int) $draft->getKey())
-        ->assertSet('managedTenantId', (int) $tenant->getKey())
+        ->assertSet('managedEnvironmentId', (int) $tenant->getKey())
         ->assertSet('selectedProviderConnectionId', (int) $connection->getKey())
         ->assertSet('data.provider_connection_id', (int) $connection->getKey())
         ->assertSet('data.name', (string) $tenant->name);
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingDraftAuthorizationTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingDraftAuthorizationTest.php
index 36693781..d8a41e47 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingDraftAuthorizationTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingDraftAuthorizationTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\EnvironmentDashboard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
@@ -48,7 +48,7 @@
         'updated_by' => $manager,
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
         ],
     ]);
 
@@ -97,7 +97,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
     Livewire::actingAs($manager)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
         ->mountAction('cancel_onboarding_draft')
@@ -148,11 +148,11 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $primaryDraft->getKey(),
         ])
         ->set('onboardingSession', $secondaryDraft)
-        ->set('managedTenant', $secondaryTenant)
+        ->set('managedEnvironment', $secondaryTenant)
         ->mountAction('cancel_onboarding_draft')
         ->callMountedAction()
         ->assertNotified('Onboarding draft cancelled');
@@ -196,7 +196,7 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => (string) $primaryTenant->managed_environment_id,
-            'tenant_name' => (string) $primaryTenant->name,
+            'environment_name' => (string) $primaryTenant->name,
         ],
     ]);
 
@@ -207,21 +207,21 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => (string) $secondaryTenant->managed_environment_id,
-            'tenant_name' => (string) $secondaryTenant->name,
+            'environment_name' => (string) $secondaryTenant->name,
         ],
     ]);
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $primaryDraft->getKey(),
         ])
         ->set('onboardingSession', $secondaryDraft)
-        ->set('managedTenant', $secondaryTenant)
+        ->set('managedEnvironment', $secondaryTenant)
         ->call('refreshCheckpointLifecycle')
         ->assertSet('onboardingSessionId', (int) $primaryDraft->getKey())
-        ->assertSet('managedTenantId', (int) $primaryTenant->getKey())
+        ->assertSet('managedEnvironmentId', (int) $primaryTenant->getKey())
         ->assertSee('Primary Continuity ManagedEnvironment')
         ->assertDontSee('Secondary Continuity ManagedEnvironment');
 });
@@ -252,7 +252,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
         ->assertActionVisible('cancel_onboarding_draft')
@@ -292,14 +292,14 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
     Livewire::actingAs($manager)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $resumableDraft->getKey(),
         ])
         ->assertActionExists('cancel_onboarding_draft', fn (\Filament\Actions\Action $action): bool => $action->isConfirmationRequired())
         ->assertActionEnabled('cancel_onboarding_draft');
 
     Livewire::actingAs($manager)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $cancelledDraft->getKey(),
         ])
         ->assertActionExists('delete_onboarding_draft_header', fn (\Filament\Actions\Action $action): bool => $action->isConfirmationRequired())
@@ -409,7 +409,7 @@
         'updated_by' => $owner,
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
         ],
     ]);
 
@@ -497,7 +497,7 @@
         'updated_by' => $creator,
         'state' => [
             'entra_tenant_id' => (string) $archivedTenant->managed_environment_id,
-            'tenant_name' => (string) $archivedTenant->name,
+            'environment_name' => (string) $archivedTenant->name,
         ],
     ]);
 
@@ -508,7 +508,7 @@
         ->assertNotFound();
 });
 
-it('shows a non-editable summary for entitled operators when the linked tenant is already archived', function (): void {
+it('shows a non-editable summary for entitled operators when the linked environment is already archived', function (): void {
     $workspace = Workspace::factory()->create();
     $archivedTenant = ManagedEnvironment::factory()->archived()->create([
         'workspace_id' => (int) $workspace->getKey(),
@@ -531,7 +531,7 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => (string) $archivedTenant->managed_environment_id,
-            'tenant_name' => (string) $archivedTenant->name,
+            'environment_name' => (string) $archivedTenant->name,
         ],
     ]);
 
@@ -543,7 +543,7 @@
         ->assertSee('This onboarding draft is Draft.')
         ->assertSee('Completed, cancelled, and lifecycle-locked drafts remain viewable, but they cannot return to editable wizard mode.')
         ->assertDontSee('Cancel draft')
-        ->assertSee('View tenant');
+        ->assertSee('View environment');
 });
 
 it('keeps complete onboarding disabled for managers without activation capability', function (): void {
@@ -609,14 +609,14 @@
         'current_step' => 'bootstrap',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
         ->assertSee('Complete onboarding')
@@ -687,19 +687,19 @@
         'current_step' => 'bootstrap',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
         ->assertSee('Complete onboarding')
         ->call('completeOnboarding')
-        ->assertRedirect(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant));
+        ->assertRedirect(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant));
 
     $tenant->refresh();
 
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingDraftLifecycleTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingDraftLifecycleTest.php
index eb4588ae..bf662ef6 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingDraftLifecycleTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingDraftLifecycleTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\AuditLog;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
@@ -36,7 +36,7 @@
         'status' => 'completed',
         'state' => [
             'entra_tenant_id' => '11111111-1111-1111-1111-111111111111',
-            'tenant_name' => 'Completed Contoso',
+            'environment_name' => 'Completed Contoso',
             'environment' => 'prod',
         ],
     ]);
@@ -71,7 +71,7 @@
         'status' => 'cancelled',
         'state' => [
             'entra_tenant_id' => '22222222-2222-2222-2222-222222222222',
-            'tenant_name' => 'Cancelled Contoso',
+            'environment_name' => 'Cancelled Contoso',
             'environment' => 'prod',
         ],
     ]);
@@ -87,7 +87,7 @@
         ->assertDontSee('Cancel draft');
 });
 
-it('shows a linked tenant action when the onboarding draft has a viewable tenant record', function (): void {
+it('shows a linked environment action when the onboarding draft has a viewable tenant record', function (): void {
     $tenant = ManagedEnvironment::factory()->onboarding()->create([
         'name' => 'Linked Onboarding ManagedEnvironment',
     ]);
@@ -100,18 +100,18 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
         ],
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
-        ->assertActionVisible('view_linked_tenant');
+        ->assertActionVisible('view_linked_environment');
 });
 
-it('keeps the linked tenant action visible for entitled operators on archived tenant summaries', function (): void {
+it('keeps the linked environment action visible for entitled operators on archived environment summaries', function (): void {
     $tenant = ManagedEnvironment::factory()->archived()->create([
         'name' => 'Archived Summary ManagedEnvironment',
     ]);
@@ -124,16 +124,16 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
         ],
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
-        ->assertActionVisible('view_linked_tenant')
-        ->assertActionHasLabel('view_linked_tenant', 'View tenant (Archived)');
+        ->assertActionVisible('view_linked_environment')
+        ->assertActionHasLabel('view_linked_environment', 'View environment (Archived)');
 });
 
 it('cancels a resumable onboarding draft through the confirmed header action', function (): void {
@@ -154,12 +154,12 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => '33333333-3333-3333-3333-333333333333',
-            'tenant_name' => 'Draft To Cancel',
+            'environment_name' => 'Draft To Cancel',
         ],
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
         ->mountAction('cancel_onboarding_draft')
@@ -181,7 +181,7 @@
 
     expect(AuditLog::query()
         ->where('workspace_id', (int) $workspace->getKey())
-        ->where('action', AuditActionId::ManagedTenantOnboardingCancelled->value)
+        ->where('action', AuditActionId::ManagedEnvironmentOnboardingCancelled->value)
         ->where('resource_id', (string) $draft->getKey())
         ->exists())->toBeTrue();
 });
@@ -205,12 +205,12 @@
         'status' => 'cancelled',
         'state' => [
             'entra_tenant_id' => '66666666-6666-6666-6666-666666666666',
-            'tenant_name' => 'Draft To Delete',
+            'environment_name' => 'Draft To Delete',
         ],
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
         ->assertActionVisible('back_to_workspace')
@@ -222,11 +222,11 @@
 
     expect(AuditLog::query()
         ->where('workspace_id', (int) $workspace->getKey())
-        ->where('action', AuditActionId::ManagedTenantOnboardingDeleted->value)
+        ->where('action', AuditActionId::ManagedEnvironmentOnboardingDeleted->value)
         ->where('resource_id', (string) $draft->getKey())
         ->exists())->toBeTrue();
 
-    $this->assertDatabaseMissing('managed_tenant_onboarding_sessions', [
+    $this->assertDatabaseMissing('managed_environment_onboarding_sessions', [
         'id' => (int) $draft->getKey(),
     ]);
 
@@ -253,7 +253,7 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => '44444444-4444-4444-4444-444444444444',
-            'tenant_name' => 'Active Draft',
+            'environment_name' => 'Active Draft',
         ],
     ]);
 
@@ -264,7 +264,7 @@
         'status' => 'cancelled',
         'state' => [
             'entra_tenant_id' => '55555555-5555-5555-5555-555555555555',
-            'tenant_name' => 'Cancelled Draft',
+            'environment_name' => 'Cancelled Draft',
         ],
     ]);
 
@@ -291,7 +291,7 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => '44444444-1111-1111-1111-111111111111',
-            'tenant_name' => 'First Draft',
+            'environment_name' => 'First Draft',
         ],
     ]);
 
@@ -301,7 +301,7 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => '55555555-1111-1111-1111-111111111111',
-            'tenant_name' => 'Second Draft',
+            'environment_name' => 'Second Draft',
         ],
     ]);
 
@@ -385,7 +385,7 @@
         'current_step' => 'bootstrap',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
@@ -416,12 +416,12 @@
         'current_step' => 'connection',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
         ],
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
         ->call('completeOnboarding')
@@ -448,13 +448,13 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'environment' => 'dev',
         ],
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, [
+        ->test(ManagedEnvironmentOnboardingWizard::class, [
             'onboardingDraft' => (int) $draft->getKey(),
         ])
         ->mountAction('cancel_onboarding_draft')
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingDraftMultiTabTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingDraftMultiTabTest.php
index 7a126fe1..d3944903 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingDraftMultiTabTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingDraftMultiTabTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
@@ -52,18 +52,18 @@
         'current_step' => 'connection',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $firstConnection->getKey(),
         ],
     ]);
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
-    $firstTab = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class, [
+    $firstTab = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class, [
         'onboardingDraft' => (int) $draft->getKey(),
     ]);
 
-    $secondTab = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class, [
+    $secondTab = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class, [
         'onboardingDraft' => (int) $draft->getKey(),
     ]);
 
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingDraftPickerTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingDraftPickerTest.php
index f046794f..136ffa6a 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingDraftPickerTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingDraftPickerTest.php
@@ -5,7 +5,7 @@
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -32,7 +32,7 @@ function seedPickerReadinessPermissions(ManagedEnvironment $tenant, ?int $staleD
             continue;
         }
 
-        TenantPermission::query()->create([
+        ManagedEnvironmentPermission::query()->create([
             'managed_environment_id' => (int) $tenant->getKey(),
             'workspace_id' => (int) $tenant->workspace_id,
             'permission_key' => trim($key),
@@ -65,7 +65,7 @@ function seedPickerReadinessPermissions(ManagedEnvironment $tenant, ?int $staleD
         'updated_by' => $updatedBy,
         'state' => [
             'entra_tenant_id' => '11111111-1111-1111-1111-111111111111',
-            'tenant_name' => 'Contoso',
+            'environment_name' => 'Contoso',
             'environment' => 'prod',
             'primary_domain' => 'contoso.example',
         ],
@@ -78,7 +78,7 @@ function seedPickerReadinessPermissions(ManagedEnvironment $tenant, ?int $staleD
         'current_step' => 'connection',
         'state' => [
             'entra_tenant_id' => '22222222-2222-2222-2222-222222222222',
-            'tenant_name' => 'Fabrikam',
+            'environment_name' => 'Fabrikam',
             'environment' => 'staging',
         ],
     ]);
@@ -116,7 +116,7 @@ function seedPickerReadinessPermissions(ManagedEnvironment $tenant, ?int $staleD
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => '33333333-3333-3333-3333-333333333333',
-            'tenant_name' => 'Visible Draft A',
+            'environment_name' => 'Visible Draft A',
         ],
     ]);
 
@@ -126,7 +126,7 @@ function seedPickerReadinessPermissions(ManagedEnvironment $tenant, ?int $staleD
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => '44444444-4444-4444-4444-444444444444',
-            'tenant_name' => 'Visible Draft B',
+            'environment_name' => 'Visible Draft B',
         ],
     ]);
 
@@ -137,7 +137,7 @@ function seedPickerReadinessPermissions(ManagedEnvironment $tenant, ?int $staleD
         'status' => 'completed',
         'state' => [
             'entra_tenant_id' => '55555555-5555-5555-5555-555555555555',
-            'tenant_name' => 'Completed Draft',
+            'environment_name' => 'Completed Draft',
         ],
     ]);
 
@@ -148,7 +148,7 @@ function seedPickerReadinessPermissions(ManagedEnvironment $tenant, ?int $staleD
         'status' => 'cancelled',
         'state' => [
             'entra_tenant_id' => '66666666-6666-6666-6666-666666666666',
-            'tenant_name' => 'Cancelled Draft',
+            'environment_name' => 'Cancelled Draft',
         ],
     ]);
 
@@ -230,7 +230,7 @@ function seedPickerReadinessPermissions(ManagedEnvironment $tenant, ?int $staleD
         'current_step' => 'connection',
         'state' => [
             'entra_tenant_id' => (string) $blockedTenant->managed_environment_id,
-            'tenant_name' => (string) $blockedTenant->name,
+            'environment_name' => (string) $blockedTenant->name,
         ],
     ]);
 
@@ -242,7 +242,7 @@ function seedPickerReadinessPermissions(ManagedEnvironment $tenant, ?int $staleD
         'current_step' => 'complete',
         'state' => [
             'entra_tenant_id' => (string) $readyTenant->managed_environment_id,
-            'tenant_name' => (string) $readyTenant->name,
+            'environment_name' => (string) $readyTenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
@@ -372,7 +372,7 @@ function seedPickerReadinessPermissions(ManagedEnvironment $tenant, ?int $staleD
         'current_step' => 'complete',
         'state' => [
             'entra_tenant_id' => (string) $staleTenant->managed_environment_id,
-            'tenant_name' => (string) $staleTenant->name,
+            'environment_name' => (string) $staleTenant->name,
             'provider_connection_id' => (int) $staleConnection->getKey(),
             'verification_operation_run_id' => (int) $staleRun->getKey(),
         ],
@@ -386,7 +386,7 @@ function seedPickerReadinessPermissions(ManagedEnvironment $tenant, ?int $staleD
         'current_step' => 'complete',
         'state' => [
             'entra_tenant_id' => (string) $mismatchTenant->managed_environment_id,
-            'tenant_name' => (string) $mismatchTenant->name,
+            'environment_name' => (string) $mismatchTenant->name,
             'provider_connection_id' => (int) $selectedMismatchConnection->getKey(),
             'verification_operation_run_id' => (int) $mismatchRun->getKey(),
         ],
@@ -420,7 +420,7 @@ function seedPickerReadinessPermissions(ManagedEnvironment $tenant, ?int $staleD
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => '43434343-4343-4343-4343-434343434343',
-            'tenant_name' => 'Single Redirect ManagedEnvironment',
+            'environment_name' => 'Single Redirect ManagedEnvironment',
         ],
     ]);
 
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingDraftRoutingTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingDraftRoutingTest.php
index a44ae114..5b746748 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingDraftRoutingTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingDraftRoutingTest.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -26,7 +26,7 @@
     $this->actingAs($user)
         ->get(route('admin.onboarding'))
         ->assertSuccessful()
-        ->assertSee('Create or resume a managed tenant in this workspace.')
+        ->assertSee('Create or resume a managed environment in this workspace.')
         ->assertDontSee('Multiple onboarding drafts are available.');
 });
 
@@ -48,7 +48,7 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => '11111111-1111-1111-1111-111111111111',
-            'tenant_name' => 'Contoso',
+            'environment_name' => 'Contoso',
             'environment' => 'prod',
         ],
     ]);
@@ -84,7 +84,7 @@
         'current_step' => 'connection',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'environment' => 'prod',
             'primary_domain' => 'contoso.example',
             'notes' => 'Confirmed draft state',
@@ -119,7 +119,7 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => '77777777-7777-7777-7777-777777777777',
-            'tenant_name' => 'Single Draft ManagedEnvironment',
+            'environment_name' => 'Single Draft ManagedEnvironment',
             'environment' => 'prod',
         ],
     ]);
@@ -148,7 +148,7 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => '88888888-8888-8888-8888-888888888888',
-            'tenant_name' => 'First Draft ManagedEnvironment',
+            'environment_name' => 'First Draft ManagedEnvironment',
             'environment' => 'prod',
         ],
     ]);
@@ -159,7 +159,7 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => '99999999-9999-9999-9999-999999999999',
-            'tenant_name' => 'Second Draft ManagedEnvironment',
+            'environment_name' => 'Second Draft ManagedEnvironment',
             'environment' => 'staging',
         ],
     ]);
@@ -183,14 +183,14 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
-        ->call('identifyManagedTenant', [
+        ->test(ManagedEnvironmentOnboardingWizard::class)
+        ->call('identifyManagedEnvironment', [
             'entra_tenant_id' => '33333333-3333-3333-3333-333333333333',
             'environment' => 'prod',
             'name' => 'Canonical Draft ManagedEnvironment',
         ])
         ->assertRedirect(route('admin.onboarding.draft', [
-            'onboardingDraft' => TenantOnboardingSession::query()
+            'onboardingDraft' => ManagedEnvironmentOnboardingSession::query()
                 ->where('workspace_id', (int) $workspace->getKey())
                 ->where('entra_tenant_id', '33333333-3333-3333-3333-333333333333')
                 ->value('id'),
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingFoundationsTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingFoundationsTest.php
index 337fee61..a8dbf434 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingFoundationsTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingFoundationsTest.php
@@ -6,28 +6,28 @@
 use App\Services\Auth\WorkspaceRoleCapabilityMap;
 use App\Support\Auth\Capabilities;
 
-it('registers managed tenant onboarding wizard capabilities in the canonical registry', function (): void {
-    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_IDENTIFY))->toBeTrue();
-    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_VIEW))->toBeTrue();
-    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_CONNECTION_MANAGE))->toBeTrue();
-    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_VERIFICATION_START))->toBeTrue();
-    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC))->toBeTrue();
-    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_POLICY_SYNC))->toBeTrue();
-    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_BACKUP_BOOTSTRAP))->toBeTrue();
-    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_ACTIVATE))->toBeTrue();
+it('registers managed environment onboarding wizard capabilities in the canonical registry', function (): void {
+    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_IDENTIFY))->toBeTrue();
+    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_VIEW))->toBeTrue();
+    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE))->toBeTrue();
+    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_VERIFICATION_START))->toBeTrue();
+    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC))->toBeTrue();
+    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_POLICY_SYNC))->toBeTrue();
+    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_BACKUP_BOOTSTRAP))->toBeTrue();
+    expect(Capabilities::isKnown(Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_ACTIVATE))->toBeTrue();
 });
 
 it('maps onboarding wizard capabilities to workspace roles (least privilege)', function (): void {
-    expect(WorkspaceRoleCapabilityMap::hasCapability('owner', Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_IDENTIFY))->toBeTrue();
-    expect(WorkspaceRoleCapabilityMap::hasCapability('manager', Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_IDENTIFY))->toBeTrue();
-    expect(WorkspaceRoleCapabilityMap::hasCapability('operator', Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_IDENTIFY))->toBeFalse();
-    expect(WorkspaceRoleCapabilityMap::hasCapability('readonly', Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_IDENTIFY))->toBeFalse();
+    expect(WorkspaceRoleCapabilityMap::hasCapability('owner', Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_IDENTIFY))->toBeTrue();
+    expect(WorkspaceRoleCapabilityMap::hasCapability('manager', Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_IDENTIFY))->toBeTrue();
+    expect(WorkspaceRoleCapabilityMap::hasCapability('operator', Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_IDENTIFY))->toBeFalse();
+    expect(WorkspaceRoleCapabilityMap::hasCapability('readonly', Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_IDENTIFY))->toBeFalse();
 
-    expect(WorkspaceRoleCapabilityMap::hasCapability('owner', Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_ACTIVATE))->toBeTrue();
-    expect(WorkspaceRoleCapabilityMap::hasCapability('manager', Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_ACTIVATE))->toBeFalse();
+    expect(WorkspaceRoleCapabilityMap::hasCapability('owner', Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_ACTIVATE))->toBeTrue();
+    expect(WorkspaceRoleCapabilityMap::hasCapability('manager', Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_ACTIVATE))->toBeFalse();
 });
 
-it('supports the v1 managed tenant lifecycle statuses', function (): void {
+it('supports the v1 managed environment lifecycle statuses', function (): void {
     $draft = ManagedEnvironment::factory()->create(['status' => ManagedEnvironment::STATUS_DRAFT]);
     $onboarding = ManagedEnvironment::factory()->create(['status' => ManagedEnvironment::STATUS_ONBOARDING]);
     $active = ManagedEnvironment::factory()->create(['status' => ManagedEnvironment::STATUS_ACTIVE]);
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingIdentifyTenantTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingIdentifyEnvironmentTest.php
similarity index 85%
rename from apps/platform/tests/Feature/Onboarding/OnboardingIdentifyTenantTest.php
rename to apps/platform/tests/Feature/Onboarding/OnboardingIdentifyEnvironmentTest.php
index 9a0b4d88..7f67f7d8 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingIdentifyTenantTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingIdentifyEnvironmentTest.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -27,9 +27,9 @@
 
     $entraTenantId = '11111111-1111-1111-1111-111111111111';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Acme',
@@ -37,7 +37,7 @@
         'notes' => 'Initial onboarding',
     ]);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Acme',
@@ -51,7 +51,7 @@
 
     expect((int) $tenant->workspace_id)->toBe((int) $workspace->getKey());
 
-    expect(TenantOnboardingSession::query()
+    expect(ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('entra_tenant_id', $entraTenantId)
         ->whereNull('completed_at')
@@ -89,8 +89,8 @@
     $this->actingAs($user);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
-        ->call('identifyManagedTenant', [
+        ->test(ManagedEnvironmentOnboardingWizard::class)
+        ->call('identifyManagedEnvironment', [
             'entra_tenant_id' => $entraTenantId,
             'environment' => 'prod',
             'name' => 'Other Workspace',
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingInlineConnectionEditTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingInlineConnectionEditTest.php
index cf495f1f..b81ea177 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingInlineConnectionEditTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingInlineConnectionEditTest.php
@@ -2,13 +2,13 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\AuditLog;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ProviderCredential;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -55,7 +55,7 @@
         ],
     ]);
 
-    $session = TenantOnboardingSession::create([
+    $session = ManagedEnvironmentOnboardingSession::create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -68,7 +68,7 @@
     ]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
         ->assertStatus(403);
 });
 
@@ -101,7 +101,7 @@
         ],
     ]);
 
-    $session = TenantOnboardingSession::create([
+    $session = ManagedEnvironmentOnboardingSession::create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -116,7 +116,7 @@
     $this->actingAs($user);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
         ->assertStatus(404);
 });
 
@@ -167,7 +167,7 @@
         'type' => 'provider.connection.check',
     ]);
 
-    $session = TenantOnboardingSession::create([
+    $session = ManagedEnvironmentOnboardingSession::create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -185,7 +185,7 @@
     $this->actingAs($user);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
         ->call('updateSelectedProviderConnectionInline', (int) $connection->getKey(), [
             'display_name' => 'Updated name',
             'client_id' => 'old-client-id',
@@ -259,7 +259,7 @@
         ],
     ]);
 
-    $session = TenantOnboardingSession::create([
+    $session = ManagedEnvironmentOnboardingSession::create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -274,7 +274,7 @@
     $this->actingAs($user);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
         ->call('updateSelectedProviderConnectionInline', (int) $connection->getKey(), [
             'display_name' => 'Updated name',
             'client_id' => 'new-client-id',
@@ -332,7 +332,7 @@
         ],
     ]);
 
-    $session = TenantOnboardingSession::create([
+    $session = ManagedEnvironmentOnboardingSession::create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -347,7 +347,7 @@
     $this->actingAs($user);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
         ->call('updateSelectedProviderConnectionInline', (int) $connection->getKey(), [
             'display_name' => 'Updated name',
             'client_id' => 'new-client-id',
@@ -405,7 +405,7 @@
         'is_default' => true,
     ]);
 
-    $session = TenantOnboardingSession::create([
+    $session = ManagedEnvironmentOnboardingSession::create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -420,7 +420,7 @@
     $this->actingAs($user);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
         ->call('updateSelectedProviderConnectionInline', (int) $connection->getKey(), [
             'display_name' => 'Dedicated connection',
             'connection_type' => ProviderConnectionType::Dedicated->value,
@@ -467,7 +467,7 @@
         'is_default' => true,
     ]);
 
-    $session = TenantOnboardingSession::create([
+    $session = ManagedEnvironmentOnboardingSession::create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -482,7 +482,7 @@
     $this->actingAs($user);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
         ->call('updateSelectedProviderConnectionInline', (int) $connection->getKey(), [
             'display_name' => 'Dedicated connection',
             'connection_type' => ProviderConnectionType::Dedicated->value,
@@ -537,7 +537,7 @@
         ],
     ]);
 
-    $session = TenantOnboardingSession::create([
+    $session = ManagedEnvironmentOnboardingSession::create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -552,7 +552,7 @@
     $this->actingAs($user);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $session->getKey()])
         ->call('updateSelectedProviderConnectionInline', (int) $connection->getKey(), [
             'display_name' => 'Updated name',
             'client_id' => 'new-client-id',
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingProviderConnectionPlatformDefaultTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingProviderConnectionPlatformDefaultTest.php
index bef8b2c6..a78c176e 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingProviderConnectionPlatformDefaultTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingProviderConnectionPlatformDefaultTest.php
@@ -2,10 +2,10 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -33,9 +33,9 @@
 
     $entraTenantId = '77777777-7777-7777-7777-777777777777';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Acme Platform',
@@ -67,7 +67,7 @@
         ->and($connection->verification_status)->toBe(ProviderVerificationStatus::Unknown)
         ->and($connection->credential()->exists())->toBeFalse();
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->whereNull('completed_at')
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingProviderConnectionTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingProviderConnectionTest.php
index c4fabbc3..3dcebc75 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingProviderConnectionTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingProviderConnectionTest.php
@@ -2,10 +2,10 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -28,9 +28,9 @@
 
     $entraTenantId = '33333333-3333-3333-3333-333333333333';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Acme',
@@ -49,7 +49,7 @@
 
     $component->call('selectProviderConnection', (int) $connection->getKey());
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('entra_tenant_id', $entraTenantId)
         ->whereNull('completed_at')
@@ -58,7 +58,7 @@
     expect($session->state['provider_connection_id'] ?? null)->toBe((int) $connection->getKey());
 });
 
-it('prevents selecting a provider connection bound to a different managed tenant', function (): void {
+it('prevents selecting a provider connection bound to a different managed environment', function (): void {
     $workspace = Workspace::factory()->create();
     $user = User::factory()->create();
 
@@ -74,9 +74,9 @@
 
     $entraTenantId = '44444444-4444-4444-4444-444444444444';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Primary ManagedEnvironment',
@@ -106,7 +106,7 @@
         ->assertStatus(404);
 });
 
-it('ignores forged onboarding session and managed tenant state when selecting a provider connection', function (): void {
+it('ignores forged onboarding session and managed environment state when selecting a provider connection', function (): void {
     $workspace = Workspace::factory()->create();
     $user = User::factory()->create();
 
@@ -122,15 +122,15 @@
 
     $entraTenantId = '64646464-6464-6464-6464-646464646464';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Primary ManagedEnvironment',
     ]);
 
-    $primarySession = TenantOnboardingSession::query()
+    $primarySession = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('entra_tenant_id', $entraTenantId)
         ->firstOrFail();
@@ -141,7 +141,7 @@
         'status' => ManagedEnvironment::STATUS_ONBOARDING,
     ]);
 
-    $otherDraft = TenantOnboardingSession::query()->create([
+    $otherDraft = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $otherTenant->getKey(),
         'entra_tenant_id' => (string) $otherTenant->managed_environment_id,
@@ -162,7 +162,7 @@
 
     $component
         ->set('onboardingSession', $otherDraft)
-        ->set('managedTenant', $otherTenant)
+        ->set('managedEnvironment', $otherTenant)
         ->call('selectProviderConnection', (int) $otherConnection->getKey())
         ->assertStatus(404);
 
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingRbacSemanticsTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingRbacSemanticsTest.php
index 4ce9a247..f21e805e 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingRbacSemanticsTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingRbacSemanticsTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
@@ -39,7 +39,7 @@
         ->assertForbidden();
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
+        ->test(ManagedEnvironmentOnboardingWizard::class)
         ->assertForbidden();
 });
 
@@ -93,14 +93,14 @@
         'current_step' => 'connection',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $firstConnection->getKey(),
         ],
     ]);
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspaceA->getKey());
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class, [
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class, [
         'onboardingDraft' => (int) $draft->getKey(),
     ]);
 
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingSecretSafetyTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingSecretSafetyTest.php
index e2ce9d46..fb4d7cdd 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingSecretSafetyTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingSecretSafetyTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
-use App\Models\TenantOnboardingSession;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -28,8 +28,8 @@
     $secret = 'super-secret-client-secret';
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class)
-        ->call('identifyManagedTenant', [
+        ->test(ManagedEnvironmentOnboardingWizard::class)
+        ->call('identifyManagedEnvironment', [
             'entra_tenant_id' => $entraTenantId,
             'environment' => 'prod',
             'name' => 'Acme',
@@ -41,7 +41,7 @@
             'is_default' => true,
         ]);
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('entra_tenant_id', $entraTenantId)
         ->whereNull('completed_at')
@@ -53,7 +53,7 @@
     expect($session->state)->not->toHaveKey('client_secret');
     expect($session->state)->not->toHaveKey('new_connection');
 
-    $resumed = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $resumed = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
     $data = $resumed->get('data');
 
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingVerificationAssistTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingVerificationAssistTest.php
index d41cb6b9..3eb0123d 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingVerificationAssistTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingVerificationAssistTest.php
@@ -2,12 +2,12 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\AuditLog;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Models\User;
 use App\Models\WorkspaceMembership;
 use App\Support\OperationRunOutcome;
@@ -46,7 +46,7 @@ function seedAssistPermissionInventory(
             continue;
         }
 
-        TenantPermission::query()->create([
+        ManagedEnvironmentPermission::query()->create([
             'managed_environment_id' => (int) $tenant->getKey(),
             'workspace_id' => (int) $tenant->workspace_id,
             'permission_key' => $key,
@@ -58,7 +58,7 @@ function seedAssistPermissionInventory(
 }
 
 /**
- * @return array{0:User,1:ManagedEnvironment,2:\App\Models\TenantOnboardingSession,3:ProviderConnection,4:OperationRun,5:?string}
+ * @return array{0:User,1:ManagedEnvironment,2:\App\Models\ManagedEnvironmentOnboardingSession,3:ProviderConnection,4:OperationRun,5:?string}
  */
 function createVerificationAssistDraft(
     string $state = 'blocked',
@@ -190,7 +190,7 @@ function createVerificationAssistDraft(
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $selectedConnection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
@@ -205,7 +205,7 @@ function createVerificationAssistDraft(
     [$user, , $draft] = createVerificationAssistDraft($state);
 
     $component = Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $draft->getKey()]);
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $draft->getKey()]);
 
     if ($shouldSeeTrigger) {
         $component->assertActionVisible('wizardVerificationRequiredPermissionsAssist');
@@ -229,7 +229,7 @@ function createVerificationAssistDraft(
     session()->put(WorkspaceContext::SESSION_KEY, (int) $user->last_workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $draft->getKey()])
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $draft->getKey()])
         ->mountAction('wizardVerificationRequiredPermissionsAssist')
         ->assertMountedActionModalSee('Required permissions assist')
         ->assertMountedActionModalSee('Open full page')
@@ -246,7 +246,7 @@ function createVerificationAssistDraft(
     session()->put(WorkspaceContext::SESSION_KEY, (int) $user->last_workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $draft->getKey()])
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $draft->getKey()])
         ->mountAction('wizardVerificationRequiredPermissionsAssist')
         ->assertMountedActionModalSee('Missing application permissions')
         ->assertMountedActionModalSee('Copy missing application permissions')
@@ -260,7 +260,7 @@ function createVerificationAssistDraft(
     session()->put(WorkspaceContext::SESSION_KEY, (int) $user->last_workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantOnboardingWizard::class, ['onboardingDraft' => (int) $draft->getKey()])
+        ->test(ManagedEnvironmentOnboardingWizard::class, ['onboardingDraft' => (int) $draft->getKey()])
         ->mountAction('wizardVerificationRequiredPermissionsAssist')
         ->assertMountedActionModalSee('Verification result is stale')
         ->assertMountedActionModalSee('Stored permission data needs refresh')
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingVerificationClustersTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingVerificationClustersTest.php
index 96c78777..1dbea5d1 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingVerificationClustersTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingVerificationClustersTest.php
@@ -2,12 +2,12 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Filament\Resources\ProviderConnectionResource;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -102,7 +102,7 @@
         ],
     ]);
 
-    TenantOnboardingSession::query()->create([
+    ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => $entraTenantId,
@@ -170,7 +170,7 @@
         ],
     ]);
 
-    $session = TenantOnboardingSession::query()->create([
+    $session = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => $entraTenantId,
@@ -184,7 +184,7 @@
 
     $this->actingAs($user);
 
-    Livewire::test(ManagedTenantOnboardingWizard::class, [
+    Livewire::test(ManagedEnvironmentOnboardingWizard::class, [
         'onboardingDraft' => (int) $session->getKey(),
     ])
         ->mountAction('wizardVerificationTechnicalDetails')
@@ -251,7 +251,7 @@
         ],
     ]);
 
-    $session = TenantOnboardingSession::query()->create([
+    $session = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => $entraTenantId,
@@ -271,7 +271,7 @@
         ->assertDontSee('Open previous operation')
         ->assertDontSee(OperationRunLinks::advancedMonitoringLabel());
 
-    Livewire::test(ManagedTenantOnboardingWizard::class, [
+    Livewire::test(ManagedEnvironmentOnboardingWizard::class, [
         'onboardingDraft' => (int) $session->getKey(),
     ])
         ->mountAction('wizardVerificationTechnicalDetails')
@@ -351,7 +351,7 @@
         ],
     ]);
 
-    TenantOnboardingSession::query()->create([
+    ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingVerificationTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingVerificationTest.php
index 92b0f6fc..db563dc6 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingVerificationTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingVerificationTest.php
@@ -2,12 +2,12 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\AuditLog;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -39,9 +39,9 @@
 
     $entraTenantId = '77777777-7777-7777-7777-777777777777';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Acme',
@@ -91,7 +91,7 @@
 
     expect($notificationActionUrls)->toContain(OperationRunLinks::tenantlessView($runId));
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('entra_tenant_id', $entraTenantId)
         ->whereNull('completed_at')
@@ -101,11 +101,11 @@
 
     expect(AuditLog::query()
         ->where('workspace_id', (int) $workspace->getKey())
-        ->where('action', 'managed_tenant_onboarding.verification_start')
+        ->where('action', 'managed_environment_onboarding.verification_start')
         ->exists())->toBeTrue()
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $workspace->getKey())
-            ->where('action', 'managed_tenant_onboarding.verification_persisted')
+            ->where('action', 'managed_environment_onboarding.verification_persisted')
             ->exists())->toBeTrue();
 });
 
@@ -125,9 +125,9 @@
 
     $entraTenantId = '72727272-7272-7272-7272-727272727272';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Blocked ManagedEnvironment',
@@ -222,14 +222,14 @@
         'current_step' => 'connection',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
         ],
     ]);
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $workspaceA->getKey());
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class, [
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class, [
         'onboardingDraft' => (int) $draft->getKey(),
     ]);
 
@@ -244,8 +244,8 @@
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $workspaceA->getKey())
             ->whereIn('action', [
-                'managed_tenant_onboarding.verification_start',
-                'managed_tenant_onboarding.verification_persisted',
+                'managed_environment_onboarding.verification_start',
+                'managed_environment_onboarding.verification_persisted',
             ])
             ->exists())->toBeFalse();
 });
@@ -311,7 +311,7 @@
         ],
     ]);
 
-    TenantOnboardingSession::query()->create([
+    ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => $entraTenantId,
@@ -428,7 +428,7 @@
 
     app(OperationRunService::class)->finalizeExecutionLegitimacyBlockedRun($run, $decision);
 
-    TenantOnboardingSession::query()->create([
+    ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => $entraTenantId,
@@ -478,7 +478,7 @@
         'consent_status' => 'granted',
     ]);
 
-    $session = TenantOnboardingSession::query()->create([
+    $session = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -495,7 +495,7 @@
         ->get('/admin/onboarding')
         ->assertSuccessful()
         ->assertSee('Start verification')
-        ->assertSee('Use the workflow action above to start verification for this tenant.')
+        ->assertSee('Use the workflow action above to start verification for this environment.')
         ->assertDontSee(OperationRunLinks::openLabel())
         ->assertDontSee('Refresh');
 
@@ -568,9 +568,9 @@
 
     $entraTenantId = '12121212-1212-1212-1212-121212121212';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Acme',
@@ -596,7 +596,7 @@
 
     $component->call('startVerification');
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('entra_tenant_id', $entraTenantId)
         ->whereNull('completed_at')
@@ -611,7 +611,7 @@
     expect($session->state['verification_operation_run_id'] ?? null)->toBeNull();
 });
 
-it('ignores forged onboarding session and managed tenant state when starting verification', function (): void {
+it('ignores forged onboarding session and managed environment state when starting verification', function (): void {
     Queue::fake();
 
     $workspace = Workspace::factory()->create();
@@ -627,9 +627,9 @@
 
     $entraTenantId = '17171717-1717-1717-1717-171717171717';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
 
-    $component->call('identifyManagedTenant', [
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $entraTenantId,
         'environment' => 'prod',
         'name' => 'Primary ManagedEnvironment',
@@ -652,7 +652,7 @@
         'is_default' => true,
     ]);
 
-    $otherDraft = TenantOnboardingSession::query()->create([
+    $otherDraft = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $otherTenant->getKey(),
         'entra_tenant_id' => (string) $otherTenant->managed_environment_id,
@@ -666,7 +666,7 @@
 
     $component
         ->set('onboardingSession', $otherDraft)
-        ->set('managedTenant', $otherTenant)
+        ->set('managedEnvironment', $otherTenant)
         ->set('selectedProviderConnectionId', (int) $otherConnection->getKey())
         ->call('startVerification');
 
@@ -736,7 +736,7 @@
         ],
     ]);
 
-    $session = TenantOnboardingSession::query()->create([
+    $session = ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => $entraTenantId,
@@ -749,7 +749,7 @@
         'updated_by_user_id' => (int) $user->getKey(),
     ]);
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class, [
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class, [
         'onboardingDraft' => (int) $session->getKey(),
     ]);
 
diff --git a/apps/platform/tests/Feature/Onboarding/OnboardingVerificationV1_5UxTest.php b/apps/platform/tests/Feature/Onboarding/OnboardingVerificationV1_5UxTest.php
index 0eca9d0e..eccc93d6 100644
--- a/apps/platform/tests/Feature/Onboarding/OnboardingVerificationV1_5UxTest.php
+++ b/apps/platform/tests/Feature/Onboarding/OnboardingVerificationV1_5UxTest.php
@@ -5,7 +5,7 @@
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\VerificationCheckAcknowledgement;
 use App\Models\Workspace;
@@ -41,7 +41,7 @@
         'is_default' => true,
     ]);
 
-    TenantOnboardingSession::query()->create([
+    ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -72,7 +72,7 @@
         ],
     ]);
 
-    TenantOnboardingSession::query()
+    ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->update([
@@ -102,7 +102,7 @@
         ],
     ]);
 
-    TenantOnboardingSession::query()
+    ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->update([
@@ -233,7 +233,7 @@
         'acknowledged_at' => now(),
     ]);
 
-    TenantOnboardingSession::query()->create([
+    ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
diff --git a/apps/platform/tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php b/apps/platform/tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php
index cd77b51d..60299cda 100644
--- a/apps/platform/tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php
+++ b/apps/platform/tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php
@@ -5,7 +5,7 @@
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\WorkspaceMembership;
 use App\Support\OperationRunOutcome;
@@ -19,7 +19,7 @@
 uses(RefreshDatabase::class);
 
 /**
- * @return array{0: User, 1: ManagedEnvironment, 2: TenantOnboardingSession}
+ * @return array{0: User, 1: ManagedEnvironment, 2: ManagedEnvironmentOnboardingSession}
  */
 function createProductKnowledgeOnboardingDraft(string $state, string $workspaceRole = 'owner', string $tenantRole = 'owner'): array
 {
@@ -149,7 +149,7 @@ function createProductKnowledgeOnboardingDraft(string $state, string $workspaceR
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $selectedConnection->getKey(),
             'verification_operation_run_id' => (int) $run->getKey(),
         ],
diff --git a/apps/platform/tests/Feature/Onboarding/ProductTelemetryOnboardingCaptureTest.php b/apps/platform/tests/Feature/Onboarding/ProductTelemetryOnboardingCaptureTest.php
index f35a4278..10f747ca 100644
--- a/apps/platform/tests/Feature/Onboarding/ProductTelemetryOnboardingCaptureTest.php
+++ b/apps/platform/tests/Feature/Onboarding/ProductTelemetryOnboardingCaptureTest.php
@@ -45,7 +45,7 @@
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $verificationRun->getKey(),
         ],
@@ -64,14 +64,14 @@
         ->and($event->workspace_id)->toBe((int) $tenant->workspace_id)
         ->and($event->managed_environment_id)->toBe((int) $tenant->getKey())
         ->and($event->user_id)->toBe((int) $user->getKey())
-        ->and($event->subject_type)->toBe('tenant_onboarding_session')
+        ->and($event->subject_type)->toBe('managed_environment_onboarding_session')
         ->and($event->subject_id)->toBe((string) $draft->getKey())
         ->and($event->metadata['checkpoint_key'] ?? null)->toBe(OnboardingCheckpoint::VerifyAccess->value)
         ->and($event->metadata['lifecycle_state'] ?? null)->toBe(OnboardingLifecycleState::ReadyForActivation->value)
         ->and($event->metadata['completed_at'] ?? null)->not->toBeNull()
         ->and($serializedEvent)->not->toContain('@')
         ->and($serializedEvent)->not->toContain((string) $tenant->name)
-        ->and($serializedEvent)->not->toContain((string) ($draft->state['tenant_name'] ?? ''));
+        ->and($serializedEvent)->not->toContain((string) ($draft->state['environment_name'] ?? ''));
 });
 
 it('does not record onboarding telemetry for pre-tenant drafts', function (): void {
@@ -85,7 +85,7 @@
         'current_step' => 'identify',
         'state' => [
             'entra_tenant_id' => fake()->uuid(),
-            'tenant_name' => 'Pre ManagedEnvironment Draft',
+            'environment_name' => 'Pre ManagedEnvironment Draft',
         ],
     ]);
 
diff --git a/apps/platform/tests/Feature/OpsUx/ActivityFeedbackSurfaceTest.php b/apps/platform/tests/Feature/OpsUx/ActivityFeedbackSurfaceTest.php
index 8f7f795f..803a1a8f 100644
--- a/apps/platform/tests/Feature/OpsUx/ActivityFeedbackSurfaceTest.php
+++ b/apps/platform/tests/Feature/OpsUx/ActivityFeedbackSurfaceTest.php
@@ -407,7 +407,7 @@
         ->and(strip_tags($html))->not->toContain('processed (');
 })->group('ops-ux');
 
-it('renders tenant review composite progress from canonical composite metadata without inventing a counted percentage', function (): void {
+it('renders environment review composite progress from canonical composite metadata without inventing a counted percentage', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
     $this->actingAs($user);
@@ -417,7 +417,7 @@
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
         'user_id' => (int) $user->getKey(),
-        'type' => 'tenant.review.compose',
+        'type' => 'environment.review.compose',
         'status' => 'running',
         'outcome' => 'pending',
         'context' => [
diff --git a/apps/platform/tests/Feature/OpsUx/OperateHubShellTest.php b/apps/platform/tests/Feature/OpsUx/OperateHubShellTest.php
index 6f627bdb..34f766cd 100644
--- a/apps/platform/tests/Feature/OpsUx/OperateHubShellTest.php
+++ b/apps/platform/tests/Feature/OpsUx/OperateHubShellTest.php
@@ -3,8 +3,8 @@
 declare(strict_types=1);
 
 use App\Filament\Clusters\Monitoring\AlertsCluster;
-use App\Filament\Pages\TenantDashboard;
-use App\Filament\Pages\TenantRequiredPermissions;
+use App\Filament\Pages\EnvironmentDashboard;
+use App\Filament\Pages\EnvironmentRequiredPermissions;
 use App\Filament\Resources\AlertDestinationResource;
 use App\Filament\Resources\AlertRuleResource;
 use App\Filament\Resources\RestoreRunResource;
@@ -102,7 +102,7 @@
     $response
         ->assertOk()
         ->assertSee('← Back to '.$tenant->name)
-        ->assertSee(TenantDashboard::getUrl(tenant: $tenant), false)
+        ->assertSee(EnvironmentDashboard::getUrl(tenant: $tenant), false)
         ->assertDontSee('Back to Operations');
 
     $this->withSession([
@@ -143,7 +143,7 @@
     $response
         ->assertOk()
         ->assertSee('← Back to '.$tenant->name)
-        ->assertSee(TenantDashboard::getUrl(tenant: $tenant), false)
+        ->assertSee(EnvironmentDashboard::getUrl(tenant: $tenant), false)
         ->assertSee('Show all operations')
         ->assertDontSee('Back to Operations');
 })->group('ops-ux');
@@ -240,7 +240,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
-        ->get(TenantDashboard::getUrl(tenant: $tenant))
+        ->get(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertOk();
 })->group('ops-ux');
 
@@ -443,9 +443,9 @@
         (string) $workspaceId => (int) $rememberedTenant->getKey(),
     ]);
 
-    $request = Request::create(TenantRequiredPermissions::getUrl([
+    $request = Request::create(EnvironmentRequiredPermissions::getUrl([
         'workspace' => (int) $routedTenant->workspace_id,
-        'tenant' => $routedTenant,
+        'environment' => $routedTenant,
     ], panel: 'admin'));
     $request->setLaravelSession(app('session.store'));
 
@@ -484,7 +484,7 @@
         (string) $workspaceId => (int) $rememberedTenant->getKey(),
     ]);
 
-    $request = Request::create(TenantDashboard::getUrl(tenant: $routedTenant));
+    $request = Request::create(EnvironmentDashboard::getUrl(tenant: $routedTenant));
     $request->setLaravelSession(app('session.store'));
 
     $route = app('router')->getRoutes()->match($request);
diff --git a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantCompareAuthorizationTest.php b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentCompareAuthorizationTest.php
similarity index 73%
rename from apps/platform/tests/Feature/PortfolioCompare/CrossTenantCompareAuthorizationTest.php
rename to apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentCompareAuthorizationTest.php
index 1fee2f38..b26f632a 100644
--- a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantCompareAuthorizationTest.php
+++ b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentCompareAuthorizationTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\CrossTenantComparePage;
+use App\Filament\Pages\CrossEnvironmentComparePage;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\Workspace;
@@ -16,13 +16,13 @@
 
 uses(RefreshDatabase::class, BuildsPortfolioCompareFixtures::class);
 
-it('returns 404 for non-members on the cross-tenant compare route', function (): void {
+it('returns 404 for non-members on the cross-environment compare route', function (): void {
     $workspace = Workspace::factory()->create();
     $user = User::factory()->create();
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get(CrossTenantComparePage::getUrl(panel: 'admin'))
+        ->get(CrossEnvironmentComparePage::getUrl(panel: 'admin'))
         ->assertNotFound();
 });
 
@@ -43,12 +43,12 @@
 
     $this->actingAs($viewer)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get(CrossTenantComparePage::getUrl(panel: 'admin'))
+        ->get(CrossEnvironmentComparePage::getUrl(panel: 'admin'))
         ->assertForbidden();
 });
 
-it('returns 404 when the requested target tenant is outside the actor scope', function (): void {
-    $fixture = $this->makeCrossTenantCompareFixture();
+it('returns 404 when the requested target environment is outside the actor scope', function (): void {
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
     $hiddenTarget = ManagedEnvironment::factory()->create([
         'workspace_id' => (int) $fixture['workspace']->getKey(),
         'name' => 'Hidden Target',
@@ -57,23 +57,23 @@
     $session = $this->setAdminWorkspaceContext($fixture['user'], $fixture['workspace']);
 
     $this->withSession($session)
-        ->get(CrossTenantComparePage::getUrl(parameters: [
-            'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-            'target_tenant_id' => (int) $hiddenTarget->getKey(),
+        ->get(CrossEnvironmentComparePage::getUrl(parameters: [
+            'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+            'target_environment_id' => (int) $hiddenTarget->getKey(),
         ], panel: 'admin'))
         ->assertNotFound();
 });
 
 it('keeps promotion preflight visible but disabled for readonly members and forbids forced execution', function (): void {
-    $fixture = $this->makeCrossTenantCompareFixture(workspaceRole: 'readonly', tenantRole: 'readonly');
+    $fixture = $this->makeCrossEnvironmentCompareFixture(workspaceRole: 'readonly', tenantRole: 'readonly');
 
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Readonly Policy',
         snapshot: ['settings' => [['key' => 'readonly', 'value' => 1]]],
     );
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'Readonly Policy',
         snapshot: ['settings' => [['key' => 'readonly', 'value' => 1]]],
     );
@@ -81,14 +81,14 @@
     $this->setAdminWorkspaceContext($fixture['user'], $fixture['workspace']);
 
     $query = [
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ];
 
     Livewire::withQueryParams($query)
         ->actingAs($fixture['user'])
-        ->test(CrossTenantComparePage::class)
+        ->test(CrossEnvironmentComparePage::class)
         ->assertActionVisible('generatePromotionPreflight')
         ->assertActionDisabled('generatePromotionPreflight')
         ->assertActionExists('generatePromotionPreflight', fn (Action $action): bool => $action->getTooltip() === 'You need workspace baseline manage access to generate a promotion preflight.')
diff --git a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantCompareLaunchContextTest.php b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentCompareLaunchContextTest.php
similarity index 63%
rename from apps/platform/tests/Feature/PortfolioCompare/CrossTenantCompareLaunchContextTest.php
rename to apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentCompareLaunchContextTest.php
index 7e01caa1..89dba7a9 100644
--- a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantCompareLaunchContextTest.php
+++ b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentCompareLaunchContextTest.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\CrossTenantComparePage;
-use App\Filament\Resources\TenantResource;
-use App\Jobs\Operations\CrossTenantPromotionExecutionJob;
+use App\Filament\Pages\CrossEnvironmentComparePage;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Jobs\Operations\CrossEnvironmentPromotionExecutionJob;
 use App\Models\OperationRun;
 use App\Models\ManagedEnvironment;
 use App\Services\Auth\CapabilityResolver;
@@ -23,19 +23,19 @@
 
 uses(RefreshDatabase::class, BuildsPortfolioTriageFixtures::class, BuildsPortfolioCompareFixtures::class);
 
-function crossTenantCompareLaunchQuery(string $url): array
+function crossEnvironmentCompareLaunchQuery(string $url): array
 {
     parse_str((string) parse_url($url, PHP_URL_QUERY), $query);
 
     return $query;
 }
 
-it('launches cross-tenant compare from the tenant registry with target prefill and return context', function (): void {
+it('launches cross-environment compare from the tenant registry with target prefill and return context', function (): void {
     [$user, $anchorTenant] = $this->makePortfolioTriageActor('Anchor ManagedEnvironment');
-    $targetTenant = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Target ManagedEnvironment');
+    $targetEnvironment = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Target ManagedEnvironment');
 
-    $backupSet = $this->seedPortfolioBackupConcern($targetTenant, TenantBackupHealthAssessment::POSTURE_STALE);
-    $this->seedPortfolioRecoveryConcern($targetTenant, RestoreResultAttention::STATE_COMPLETED_WITH_FOLLOW_UP, $backupSet);
+    $backupSet = $this->seedPortfolioBackupConcern($targetEnvironment, TenantBackupHealthAssessment::POSTURE_STALE);
+    $this->seedPortfolioRecoveryConcern($targetEnvironment, RestoreResultAttention::STATE_COMPLETED_WITH_FOLLOW_UP, $backupSet);
 
     $triageState = $this->portfolioReturnFilters(
         [TenantBackupHealthAssessment::POSTURE_STALE],
@@ -44,20 +44,20 @@ function crossTenantCompareLaunchQuery(string $url): array
         TenantRecoveryTriagePresentation::TRIAGE_SORT_WORST_FIRST,
     );
 
-    $expectedUrl = TenantResource::crossTenantCompareOpenUrl($targetTenant, $triageState);
+    $expectedUrl = ManagedEnvironmentResource::crossEnvironmentCompareOpenUrl($targetEnvironment, $triageState);
 
     $this->portfolioTriageRegistryList($user, $anchorTenant, $triageState)
-        ->assertTableActionVisible('compareTenants', $targetTenant)
-        ->assertTableActionHasUrl('compareTenants', $expectedUrl, $targetTenant);
+        ->assertTableActionVisible('compareEnvironments', $targetEnvironment)
+        ->assertTableActionHasUrl('compareEnvironments', $expectedUrl, $targetEnvironment);
 
-    $query = crossTenantCompareLaunchQuery($expectedUrl);
+    $query = crossEnvironmentCompareLaunchQuery($expectedUrl);
     $backUrl = urldecode((string) data_get($query, 'nav.back_url'));
 
     expect($query)->toMatchArray([
-        'target_tenant_id' => (string) $targetTenant->getKey(),
+        'target_environment_id' => (string) $targetEnvironment->getKey(),
     ])
         ->and(data_get($query, 'nav.source_surface'))->toBe('tenant_registry')
-        ->and(data_get($query, 'nav.managed_environment_id'))->toBe((string) $targetTenant->getKey())
+        ->and(data_get($query, 'nav.managed_environment_id'))->toBe((string) $targetEnvironment->getKey())
         ->and(data_get($query, 'nav.back_label'))->toBe(__('localization.shell.back_to_environment_registry'))
         ->and($backUrl)->toContain('backup_posture[0]='.TenantBackupHealthAssessment::POSTURE_STALE)
         ->and($backUrl)->toContain('recovery_evidence[0]='.TenantRecoveryTriagePresentation::RECOVERY_EVIDENCE_WEAKENED)
@@ -65,23 +65,23 @@ function crossTenantCompareLaunchQuery(string $url): array
 
     Livewire::withQueryParams($query)
         ->actingAs($user)
-        ->test(CrossTenantComparePage::class)
-        ->assertSet('sourceTenantId', null)
-        ->assertSet('targetTenantId', (string) $targetTenant->getKey())
+        ->test(CrossEnvironmentComparePage::class)
+        ->assertSet('sourceEnvironmentId', null)
+        ->assertSet('targetEnvironmentId', (string) $targetEnvironment->getKey())
         ->assertActionVisible('return_to_origin')
         ->assertActionExists('return_to_origin', fn (Action $action): bool => $action->getLabel() === __('localization.shell.back_to_environment_registry')
-            && $action->getUrl() === TenantResource::getUrl(panel: 'admin', parameters: $triageState));
+            && $action->getUrl() === ManagedEnvironmentResource::getUrl(panel: 'admin', parameters: $triageState));
 });
 
-it('launches cross-tenant compare from an exact-two bulk selection with both tenants prefilled', function (): void {
+it('launches cross-environment compare from an exact-two bulk selection with both tenants prefilled', function (): void {
     [$user, $anchorTenant] = $this->makePortfolioTriageActor('Anchor ManagedEnvironment');
-    $targetTenant = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Target ManagedEnvironment');
+    $targetEnvironment = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Target ManagedEnvironment');
 
     $anchorBackupSet = $this->seedPortfolioBackupConcern($anchorTenant, TenantBackupHealthAssessment::POSTURE_STALE);
     $this->seedPortfolioRecoveryConcern($anchorTenant, RestoreResultAttention::STATE_COMPLETED_WITH_FOLLOW_UP, $anchorBackupSet);
 
-    $backupSet = $this->seedPortfolioBackupConcern($targetTenant, TenantBackupHealthAssessment::POSTURE_STALE);
-    $this->seedPortfolioRecoveryConcern($targetTenant, RestoreResultAttention::STATE_COMPLETED_WITH_FOLLOW_UP, $backupSet);
+    $backupSet = $this->seedPortfolioBackupConcern($targetEnvironment, TenantBackupHealthAssessment::POSTURE_STALE);
+    $this->seedPortfolioRecoveryConcern($targetEnvironment, RestoreResultAttention::STATE_COMPLETED_WITH_FOLLOW_UP, $backupSet);
 
     $triageState = $this->portfolioReturnFilters(
         [TenantBackupHealthAssessment::POSTURE_STALE],
@@ -90,24 +90,24 @@ function crossTenantCompareLaunchQuery(string $url): array
         TenantRecoveryTriagePresentation::TRIAGE_SORT_WORST_FIRST,
     );
 
-    $expectedUrl = TenantResource::crossTenantCompareOpenUrlForSelection(
-        targetTenant: $targetTenant,
+    $expectedUrl = ManagedEnvironmentResource::crossEnvironmentCompareOpenUrlForSelection(
+        targetEnvironment: $targetEnvironment,
         triageState: $triageState,
-        sourceTenant: $anchorTenant,
+        sourceEnvironment: $anchorTenant,
     );
 
     $this->portfolioTriageRegistryList($user, $anchorTenant, $triageState)
-        ->selectTableRecords([$anchorTenant, $targetTenant])
+        ->selectTableRecords([$anchorTenant, $targetEnvironment])
         ->assertTableBulkActionVisible('compareSelected')
-        ->callTableBulkAction('compareSelected', [$anchorTenant, $targetTenant])
+        ->callTableBulkAction('compareSelected', [$anchorTenant, $targetEnvironment])
         ->assertRedirect($expectedUrl);
 
-    $query = crossTenantCompareLaunchQuery($expectedUrl);
+    $query = crossEnvironmentCompareLaunchQuery($expectedUrl);
     $backUrl = urldecode((string) data_get($query, 'nav.back_url'));
 
     expect($query)->toMatchArray([
-        'source_tenant_id' => (string) $anchorTenant->getKey(),
-        'target_tenant_id' => (string) $targetTenant->getKey(),
+        'source_environment_id' => (string) $anchorTenant->getKey(),
+        'target_environment_id' => (string) $targetEnvironment->getKey(),
     ])
         ->and(data_get($query, 'nav.source_surface'))->toBe('tenant_registry')
         ->and(data_get($query, 'nav.back_label'))->toBe(__('localization.shell.back_to_environment_registry'))
@@ -118,9 +118,9 @@ function crossTenantCompareLaunchQuery(string $url): array
 
     Livewire::withQueryParams($query)
         ->actingAs($user)
-        ->test(CrossTenantComparePage::class)
-        ->assertSet('sourceTenantId', (string) $anchorTenant->getKey())
-        ->assertSet('targetTenantId', (string) $targetTenant->getKey())
+        ->test(CrossEnvironmentComparePage::class)
+        ->assertSet('sourceEnvironmentId', (string) $anchorTenant->getKey())
+        ->assertSet('targetEnvironmentId', (string) $targetEnvironment->getKey())
         ->assertActionVisible('return_to_origin');
 });
 
@@ -131,9 +131,9 @@ function crossTenantCompareLaunchQuery(string $url): array
         tenantName: 'Anchor ManagedEnvironment',
         workspaceRole: 'owner',
     );
-    $targetTenant = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Target ManagedEnvironment');
+    $targetEnvironment = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Target ManagedEnvironment');
     createMinimalUserWithTenant(
-        tenant: $targetTenant,
+        tenant: $targetEnvironment,
         user: $user,
         role: 'owner',
         workspaceRole: 'owner',
@@ -152,22 +152,22 @@ function crossTenantCompareLaunchQuery(string $url): array
         TenantRecoveryTriagePresentation::TRIAGE_SORT_WORST_FIRST,
     );
 
-    $expectedUrl = TenantResource::crossTenantCompareOpenUrlForSelection(
-        targetTenant: $targetTenant,
+    $expectedUrl = ManagedEnvironmentResource::crossEnvironmentCompareOpenUrlForSelection(
+        targetEnvironment: $targetEnvironment,
         triageState: $triageState,
-        sourceTenant: $anchorTenant,
+        sourceEnvironment: $anchorTenant,
     );
-    $expectedBackUrl = TenantResource::getUrl(panel: 'admin', parameters: $triageState);
-    $query = crossTenantCompareLaunchQuery($expectedUrl);
+    $expectedBackUrl = ManagedEnvironmentResource::getUrl(panel: 'admin', parameters: $triageState);
+    $query = crossEnvironmentCompareLaunchQuery($expectedUrl);
     $query['policy_type'] = ['deviceConfiguration'];
 
     $this->usePortfolioTriageWorkspace($user, $anchorTenant);
 
     $component = Livewire::withQueryParams($query)
         ->actingAs($user)
-        ->test(CrossTenantComparePage::class)
-        ->assertSet('sourceTenantId', (string) $anchorTenant->getKey())
-        ->assertSet('targetTenantId', (string) $targetTenant->getKey())
+        ->test(CrossEnvironmentComparePage::class)
+        ->assertSet('sourceEnvironmentId', (string) $anchorTenant->getKey())
+        ->assertSet('targetEnvironmentId', (string) $targetEnvironment->getKey())
         ->assertSet('selectedPolicyTypes', ['deviceConfiguration'])
         ->assertActionVisible('return_to_origin')
         ->assertActionExists('return_to_origin', fn (Action $action): bool => $action->getLabel() === __('localization.shell.back_to_environment_registry')
@@ -183,40 +183,40 @@ function crossTenantCompareLaunchQuery(string $url): array
     expect($run)
         ->not->toBeNull()
         ->and($run?->type)->toBe('promotion.execute')
-        ->and(data_get($run?->context, 'selection.sourceTenantId'))->toBe((int) $anchorTenant->getKey())
-        ->and(data_get($run?->context, 'selection.targetTenantId'))->toBe((int) $targetTenant->getKey())
+        ->and(data_get($run?->context, 'selection.sourceEnvironmentId'))->toBe((int) $anchorTenant->getKey())
+        ->and(data_get($run?->context, 'selection.targetEnvironmentId'))->toBe((int) $targetEnvironment->getKey())
         ->and(data_get($run?->context, 'selection.policyTypes'))->toBe(['deviceConfiguration'])
-        ->and($page->sourceTenantId)->toBe((string) $anchorTenant->getKey())
-        ->and($page->targetTenantId)->toBe((string) $targetTenant->getKey())
+        ->and($page->sourceEnvironmentId)->toBe((string) $anchorTenant->getKey())
+        ->and($page->targetEnvironmentId)->toBe((string) $targetEnvironment->getKey())
         ->and($page->selectedPolicyTypes)->toBe(['deviceConfiguration'])
         ->and($page->navigationContextPayload)->toBe($query['nav'])
         ->and($navigationContext?->backLinkLabel)->toBe(__('localization.shell.back_to_environment_registry'))
         ->and($navigationContext?->backLinkUrl)->toBe($expectedBackUrl);
 
-    Queue::assertPushed(CrossTenantPromotionExecutionJob::class, function (CrossTenantPromotionExecutionJob $job) use ($run): bool {
+    Queue::assertPushed(CrossEnvironmentPromotionExecutionJob::class, function (CrossEnvironmentPromotionExecutionJob $job) use ($run): bool {
         return $job->getOperationRun()?->is($run);
     });
 });
 
-it('rejects the bulk compare action until exactly two active tenants are selected', function (): void {
+it('rejects the bulk compare action until exactly two active environments are selected', function (): void {
     [$user, $anchorTenant] = $this->makePortfolioTriageActor('Anchor ManagedEnvironment');
-    $targetTenant = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Target ManagedEnvironment');
+    $targetEnvironment = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Target ManagedEnvironment');
     $thirdTenant = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Third ManagedEnvironment');
 
     $this->portfolioTriageRegistryList($user, $anchorTenant)
         ->selectTableRecords([$anchorTenant])
         ->assertTableBulkActionVisible('compareSelected')
         ->callTableBulkAction('compareSelected', [$anchorTenant])
-        ->assertNotified('Select exactly two tenants to compare.');
+        ->assertNotified('Select exactly two environments to compare.');
 
     $this->portfolioTriageRegistryList($user, $anchorTenant)
-        ->selectTableRecords([$anchorTenant, $targetTenant, $thirdTenant])
+        ->selectTableRecords([$anchorTenant, $targetEnvironment, $thirdTenant])
         ->assertTableBulkActionVisible('compareSelected')
-        ->callTableBulkAction('compareSelected', [$anchorTenant, $targetTenant, $thirdTenant])
-        ->assertNotified('Select exactly two tenants to compare.');
+        ->callTableBulkAction('compareSelected', [$anchorTenant, $targetEnvironment, $thirdTenant])
+        ->assertNotified('Select exactly two environments to compare.');
 });
 
-it('rejects the bulk compare action when a selected tenant is not active', function (): void {
+it('rejects the bulk compare action when a selected environment is not active', function (): void {
     [$user, $anchorTenant] = $this->makePortfolioTriageActor('Anchor ManagedEnvironment');
     $onboardingTenant = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Onboarding ManagedEnvironment');
 
@@ -228,12 +228,12 @@ function crossTenantCompareLaunchQuery(string $url): array
         ->selectTableRecords([$anchorTenant, $onboardingTenant])
         ->assertTableBulkActionVisible('compareSelected')
         ->callTableBulkAction('compareSelected', [$anchorTenant, $onboardingTenant])
-        ->assertNotified('Only active tenants can be compared.');
+        ->assertNotified('Only active environments can be compared.');
 });
 
 it('hides the compare launch action when workspace baseline view capability is missing', function (): void {
     [$user, $anchorTenant] = $this->makePortfolioTriageActor('Anchor ManagedEnvironment');
-    $targetTenant = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Target ManagedEnvironment');
+    $targetEnvironment = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Target ManagedEnvironment');
 
     $resolver = \Mockery::mock(WorkspaceCapabilityResolver::class);
     $resolver->shouldReceive('isMember')->andReturnTrue();
@@ -241,19 +241,19 @@ function crossTenantCompareLaunchQuery(string $url): array
     app()->instance(WorkspaceCapabilityResolver::class, $resolver);
 
     $this->portfolioTriageRegistryList($user, $anchorTenant)
-        ->assertTableActionHidden('compareTenants', $targetTenant);
+        ->assertTableActionHidden('compareEnvironments', $targetEnvironment);
 });
 
 it('hides the compare launch action when the actor lacks tenant view on the launched tenant', function (): void {
     [$user, $anchorTenant] = $this->makePortfolioTriageActor('Anchor ManagedEnvironment');
-    $targetTenant = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Target ManagedEnvironment');
+    $targetEnvironment = $this->makePortfolioTriagePeer($user, $anchorTenant, 'Target ManagedEnvironment');
 
     $resolver = \Mockery::mock(CapabilityResolver::class);
     $resolver->shouldReceive('primeMemberships')->andReturnNull();
     $resolver->shouldReceive('isMember')->andReturnTrue();
-    $resolver->shouldReceive('can')->andReturnUsing(function (mixed $actor, mixed $tenant, string $capability) use ($targetTenant): bool {
+    $resolver->shouldReceive('can')->andReturnUsing(function (mixed $actor, mixed $tenant, string $capability) use ($targetEnvironment): bool {
         if ($tenant instanceof ManagedEnvironment
-            && (int) $tenant->getKey() === (int) $targetTenant->getKey()
+            && (int) $tenant->getKey() === (int) $targetEnvironment->getKey()
             && $capability === Capabilities::TENANT_VIEW) {
             return false;
         }
@@ -263,5 +263,5 @@ function crossTenantCompareLaunchQuery(string $url): array
     app()->instance(CapabilityResolver::class, $resolver);
 
     $this->portfolioTriageRegistryList($user, $anchorTenant)
-        ->assertTableActionHidden('compareTenants', $targetTenant);
-});
\ No newline at end of file
+        ->assertTableActionHidden('compareEnvironments', $targetEnvironment);
+});
diff --git a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantComparePageTest.php b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentComparePageTest.php
similarity index 59%
rename from apps/platform/tests/Feature/PortfolioCompare/CrossTenantComparePageTest.php
rename to apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentComparePageTest.php
index f4a8629a..35ecf375 100644
--- a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantComparePageTest.php
+++ b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentComparePageTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\CrossTenantComparePage;
-use App\Filament\Resources\TenantResource;
+use App\Filament\Pages\CrossEnvironmentComparePage;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Livewire\Livewire;
 use Tests\Feature\Concerns\BuildsPortfolioCompareFixtures;
@@ -11,51 +11,51 @@
 uses(RefreshDatabase::class, BuildsPortfolioCompareFixtures::class);
 
 it('renders a reproducible compare preview and promotion preflight for two authorized tenants', function (): void {
-    $fixture = $this->makeCrossTenantCompareFixture();
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
 
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'WiFi Corp',
         snapshot: ['settings' => [['key' => 'wifi', 'value' => 1]]],
     );
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'WiFi Corp',
         snapshot: ['settings' => [['key' => 'wifi', 'value' => 1]]],
     );
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Windows Compliance',
         snapshot: ['settings' => [['key' => 'compliance', 'value' => 1]]],
     );
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'Windows Compliance',
         snapshot: ['settings' => [['key' => 'compliance', 'value' => 2]]],
     );
 
     $session = $this->setAdminWorkspaceContext($fixture['user'], $fixture['workspace']);
     $query = [
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ];
 
     $this->withSession($session)
-        ->get(CrossTenantComparePage::getUrl(parameters: $query, panel: 'admin'))
+        ->get(CrossEnvironmentComparePage::getUrl(parameters: $query, panel: 'admin'))
         ->assertOk()
-        ->assertSee('Cross-tenant compare')
+        ->assertSee('Cross-environment compare')
         ->assertSee('Compare preview')
         ->assertSee('WiFi Corp')
         ->assertSee('Windows Compliance')
-        ->assertSee('Source tenant: '.$fixture['sourceTenant']->name)
-        ->assertSee('Target tenant: '.$fixture['targetTenant']->name)
-        ->assertSee(TenantResource::getUrl('view', ['record' => $fixture['sourceTenant']], panel: 'admin'), false)
-        ->assertSee(TenantResource::getUrl('view', ['record' => $fixture['targetTenant']], panel: 'admin'), false);
+        ->assertSee('Source environment: '.$fixture['sourceEnvironment']->name)
+        ->assertSee('Target environment: '.$fixture['targetEnvironment']->name)
+        ->assertSee(ManagedEnvironmentResource::getUrl('view', ['record' => $fixture['sourceEnvironment']], panel: 'admin'), false)
+        ->assertSee(ManagedEnvironmentResource::getUrl('view', ['record' => $fixture['targetEnvironment']], panel: 'admin'), false);
 
     Livewire::withQueryParams($query)
         ->actingAs($fixture['user'])
-        ->test(CrossTenantComparePage::class)
+        ->test(CrossEnvironmentComparePage::class)
         ->assertActionVisible('generatePromotionPreflight')
         ->assertActionEnabled('generatePromotionPreflight')
         ->call('generatePromotionPreflight')
@@ -66,10 +66,10 @@
 });
 
 it('shows only one dominant promotion action at a time on the compare page', function (): void {
-    $fixture = $this->makeCrossTenantCompareFixture();
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
 
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Promotable Policy',
         snapshot: ['settings' => [['key' => 'wifi', 'value' => 1]]],
     );
@@ -77,12 +77,12 @@
     $this->setAdminWorkspaceContext($fixture['user'], $fixture['workspace']);
 
     Livewire::withQueryParams([
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ])
         ->actingAs($fixture['user'])
-        ->test(CrossTenantComparePage::class)
+        ->test(CrossEnvironmentComparePage::class)
         ->assertActionVisible('generatePromotionPreflight')
         ->assertActionHidden('executePromotion')
         ->call('generatePromotionPreflight')
@@ -92,17 +92,17 @@
 });
 
 it('rejects the same tenant as source and target without rendering compare results', function (): void {
-    $fixture = $this->makeCrossTenantCompareFixture();
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
 
     $session = $this->setAdminWorkspaceContext($fixture['user'], $fixture['workspace']);
 
     $this->withSession($session)
-        ->get(CrossTenantComparePage::getUrl(parameters: [
-            'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-            'target_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
+        ->get(CrossEnvironmentComparePage::getUrl(parameters: [
+            'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+            'target_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
         ], panel: 'admin'))
         ->assertOk()
-        ->assertSee('Choose two different tenants.')
-        ->assertDontSee('data-testid="cross-tenant-compare-preview"', false)
+        ->assertSee('Choose two different environments.')
+        ->assertDontSee('data-testid="cross-environment-compare-preview"', false)
         ->assertDontSee('Promotion preflight');
 });
\ No newline at end of file
diff --git a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionExecutionActionTest.php b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionExecutionActionTest.php
similarity index 77%
rename from apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionExecutionActionTest.php
rename to apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionExecutionActionTest.php
index f6c1648b..1e679e45 100644
--- a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionExecutionActionTest.php
+++ b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionExecutionActionTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\CrossTenantComparePage;
-use App\Jobs\Operations\CrossTenantPromotionExecutionJob;
+use App\Filament\Pages\CrossEnvironmentComparePage;
+use App\Jobs\Operations\CrossEnvironmentPromotionExecutionJob;
 use App\Models\OperationRun;
 use Filament\Actions\Action;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -16,31 +16,31 @@
 it('requires a current preflight and queues only ready subjects into the promotion run', function (): void {
     Queue::fake();
 
-    $fixture = $this->makeCrossTenantCompareFixture();
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
 
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Promotable Policy',
         snapshot: ['settings' => [['key' => 'wifi', 'value' => 1]]],
     );
     $blocked = $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Blocked Policy',
         snapshot: ['settings' => [['key' => 'blocked', 'value' => 1]]],
     );
     $blocked['version']->delete();
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Manual Policy',
         snapshot: ['settings' => [['key' => 'manual', 'value' => 1]]],
     );
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'Manual Policy',
         snapshot: ['settings' => [['key' => 'manual', 'value' => 1]]],
     );
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'Manual Policy',
         snapshot: ['settings' => [['key' => 'manual', 'value' => 2]]],
     );
@@ -48,14 +48,14 @@
     $this->setAdminWorkspaceContext($fixture['user'], $fixture['workspace']);
 
     $query = [
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ];
 
     $component = Livewire::withQueryParams($query)
         ->actingAs($fixture['user'])
-        ->test(CrossTenantComparePage::class)
+        ->test(CrossEnvironmentComparePage::class)
         ->call('executePromotion')
         ->assertNotified('Promotion execution unavailable');
 
@@ -80,7 +80,7 @@
         ->and(collect(data_get($run?->context, 'promotion_execution.plan.excluded', []))->pluck('excluded_reason')->all())
             ->toEqualCanonicalizing(['blocked', 'manual_mapping_required']);
 
-    Queue::assertPushed(CrossTenantPromotionExecutionJob::class, function (CrossTenantPromotionExecutionJob $job) use ($run): bool {
+    Queue::assertPushed(CrossEnvironmentPromotionExecutionJob::class, function (CrossEnvironmentPromotionExecutionJob $job) use ($run): bool {
         return $job->getOperationRun()?->is($run);
     });
 });
@@ -88,10 +88,10 @@
 it('does not queue a promotion run when the current preflight has no ready governed subjects', function (): void {
     Queue::fake();
 
-    $fixture = $this->makeCrossTenantCompareFixture();
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
 
     $blocked = $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Blocked Policy',
         snapshot: ['settings' => [['key' => 'blocked', 'value' => 1]]],
     );
@@ -100,12 +100,12 @@
     $this->setAdminWorkspaceContext($fixture['user'], $fixture['workspace']);
 
     Livewire::withQueryParams([
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ])
         ->actingAs($fixture['user'])
-        ->test(CrossTenantComparePage::class)
+        ->test(CrossEnvironmentComparePage::class)
         ->call('generatePromotionPreflight')
         ->assertActionVisible('executePromotion')
         ->assertActionDisabled('executePromotion')
diff --git a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionExecutionAuditTest.php b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionExecutionAuditTest.php
similarity index 77%
rename from apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionExecutionAuditTest.php
rename to apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionExecutionAuditTest.php
index 7acd6b3f..d990277b 100644
--- a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionExecutionAuditTest.php
+++ b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionExecutionAuditTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\CrossTenantComparePage;
-use App\Jobs\Operations\CrossTenantPromotionExecutionJob;
+use App\Filament\Pages\CrossEnvironmentComparePage;
+use App\Jobs\Operations\CrossEnvironmentPromotionExecutionJob;
 use App\Models\AuditLog;
 use App\Models\BackupSet;
 use App\Models\OperationRun;
@@ -24,10 +24,10 @@
 it('audits queued promotion execution without creating restore-side writes before the worker starts', function (): void {
     Queue::fake();
 
-    $fixture = $this->makeCrossTenantCompareFixture();
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
 
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Audit Queue Policy',
         snapshot: ['settings' => [['key' => 'audit-queue', 'value' => 1]]],
     );
@@ -37,12 +37,12 @@
     $policyVersionCount = PolicyVersion::query()->count();
 
     Livewire::withQueryParams([
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ])
         ->actingAs($fixture['user'])
-        ->test(CrossTenantComparePage::class)
+        ->test(CrossEnvironmentComparePage::class)
         ->call('generatePromotionPreflight')
         ->mountAction('executePromotion')
         ->callMountedAction()
@@ -52,7 +52,7 @@
 
     $audit = AuditLog::query()
         ->where('workspace_id', (int) $fixture['workspace']->getKey())
-        ->where('action', AuditActionId::CrossTenantPromotionExecutionQueued->value)
+        ->where('action', AuditActionId::CrossEnvironmentPromotionExecutionQueued->value)
         ->latest('id')
         ->first();
 
@@ -61,8 +61,8 @@
         ->and($audit?->status)->toBe('info')
         ->and($audit?->resource_type)->toBe('operation_run')
         ->and((int) ($audit?->operation_run_id ?? 0))->toBe((int) $run?->getKey())
-        ->and(data_get($audit?->metadata, 'source_tenant_id'))->toBe((int) $fixture['sourceTenant']->getKey())
-        ->and(data_get($audit?->metadata, 'target_tenant_id'))->toBe((int) $fixture['targetTenant']->getKey())
+        ->and(data_get($audit?->metadata, 'source_environment_id'))->toBe((int) $fixture['sourceEnvironment']->getKey())
+        ->and(data_get($audit?->metadata, 'target_environment_id'))->toBe((int) $fixture['targetEnvironment']->getKey())
         ->and(data_get($audit?->metadata, 'ready_count'))->toBe(1)
         ->and(data_get($audit?->metadata, 'excluded_count'))->toBe(0)
         ->and(BackupSet::query()->count())->toBe(0)
@@ -73,10 +73,10 @@
 it('audits terminal promotion execution truth after the queued worker completes', function (): void {
     Queue::fake();
 
-    $fixture = $this->makeCrossTenantCompareFixture();
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
 
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Audit Completion Policy',
         snapshot: ['settings' => [['key' => 'audit-complete', 'value' => 1]]],
     );
@@ -84,12 +84,12 @@
     $this->setAdminWorkspaceContext($fixture['user'], $fixture['workspace']);
 
     Livewire::withQueryParams([
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ])
         ->actingAs($fixture['user'])
-        ->test(CrossTenantComparePage::class)
+        ->test(CrossEnvironmentComparePage::class)
         ->call('generatePromotionPreflight')
         ->mountAction('executePromotion')
         ->callMountedAction()
@@ -122,7 +122,7 @@
 
     app()->instance(RestoreService::class, $restoreService);
 
-    $job = new CrossTenantPromotionExecutionJob($run);
+    $job = new CrossEnvironmentPromotionExecutionJob($run);
     $job->handle(
         app(OperationRunService::class),
         $restoreService,
@@ -132,7 +132,7 @@
 
     $completedAudit = AuditLog::query()
         ->where('workspace_id', (int) $fixture['workspace']->getKey())
-        ->where('action', AuditActionId::CrossTenantPromotionExecutionCompleted->value)
+        ->where('action', AuditActionId::CrossEnvironmentPromotionExecutionCompleted->value)
         ->latest('id')
         ->first();
 
@@ -146,8 +146,8 @@
         ->and($completedAudit?->status)->toBe('success')
         ->and($completedAudit?->resource_type)->toBe('operation_run')
         ->and((int) ($completedAudit?->operation_run_id ?? 0))->toBe((int) $completedRun?->getKey())
-        ->and(data_get($completedAudit?->metadata, 'source_tenant_id'))->toBe((int) $fixture['sourceTenant']->getKey())
-        ->and(data_get($completedAudit?->metadata, 'target_tenant_id'))->toBe((int) $fixture['targetTenant']->getKey())
+        ->and(data_get($completedAudit?->metadata, 'source_environment_id'))->toBe((int) $fixture['sourceEnvironment']->getKey())
+        ->and(data_get($completedAudit?->metadata, 'target_environment_id'))->toBe((int) $fixture['targetEnvironment']->getKey())
         ->and(data_get($completedAudit?->metadata, 'summary_counts.created'))->toBe(1)
         ->and(data_get($completedAudit?->metadata, 'summary_counts.succeeded'))->toBe(1)
         ->and(data_get($completedAudit?->metadata, 'restore_run_id'))->toBe((int) $restoreRun?->getKey())
diff --git a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionExecutionAuthorizationTest.php b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionExecutionAuthorizationTest.php
similarity index 63%
rename from apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionExecutionAuthorizationTest.php
rename to apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionExecutionAuthorizationTest.php
index 263d5e34..54606de0 100644
--- a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionExecutionAuthorizationTest.php
+++ b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionExecutionAuthorizationTest.php
@@ -2,16 +2,16 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\CrossTenantComparePage;
+use App\Filament\Pages\CrossEnvironmentComparePage;
 use App\Models\OperationRun;
 use App\Models\OperationalControlActivation;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Services\Auth\CapabilityResolver;
 use App\Support\Auth\Capabilities;
-use App\Support\PortfolioCompare\CrossTenantComparePreviewBuilder;
-use App\Support\PortfolioCompare\CrossTenantCompareSelection;
-use App\Support\PortfolioCompare\CrossTenantPromotionPreflight;
+use App\Support\PortfolioCompare\CrossEnvironmentComparePreviewBuilder;
+use App\Support\PortfolioCompare\CrossEnvironmentCompareSelection;
+use App\Support\PortfolioCompare\CrossEnvironmentPromotionPreflight;
 use Filament\Actions\Action;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Livewire\Livewire;
@@ -20,10 +20,10 @@
 uses(RefreshDatabase::class, BuildsPortfolioCompareFixtures::class);
 
 it('keeps execute promotion visible but disabled for compare-only actors without target manage access', function (): void {
-    $fixture = $this->makeCrossTenantCompareFixture(workspaceRole: 'owner', tenantRole: 'readonly');
+    $fixture = $this->makeCrossEnvironmentCompareFixture(workspaceRole: 'owner', tenantRole: 'readonly');
 
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Compare Only Policy',
         snapshot: ['settings' => [['key' => 'readonly', 'value' => 1]]],
     );
@@ -31,14 +31,14 @@
     $this->setAdminWorkspaceContext($fixture['user'], $fixture['workspace']);
 
     $query = [
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ];
 
     $component = Livewire::withQueryParams($query)
         ->actingAs($fixture['user'])
-        ->test(CrossTenantComparePage::class)
+        ->test(CrossEnvironmentComparePage::class)
         ->call('generatePromotionPreflight');
 
     $realResolver = app(CapabilityResolver::class);
@@ -47,7 +47,7 @@
         ->andReturnUsing(fn (User $user, ManagedEnvironment $tenant): bool => $realResolver->isMember($user, $tenant));
     $resolver->shouldReceive('can')
         ->andReturnUsing(function (User $user, ManagedEnvironment $tenant, string $capability) use ($fixture, $realResolver): bool {
-            if ($tenant->is($fixture['targetTenant']) && $capability === Capabilities::TENANT_MANAGE) {
+            if ($tenant->is($fixture['targetEnvironment']) && $capability === Capabilities::TENANT_MANAGE) {
                 return false;
             }
 
@@ -59,37 +59,37 @@
     $component
         ->assertActionVisible('executePromotion')
         ->assertActionDisabled('executePromotion')
-        ->assertActionExists('executePromotion', fn (Action $action): bool => $action->getTooltip() === 'You need target tenant manage access to execute promotion.')
+        ->assertActionExists('executePromotion', fn (Action $action): bool => $action->getTooltip() === 'You need target environment manage access to execute promotion.')
         ->call('executePromotion')
         ->assertForbidden();
 });
 
 it('keeps execute promotion visible but disabled without workspace baseline manage access and forbids forced execution', function (): void {
-    $fixture = $this->makeCrossTenantCompareFixture(workspaceRole: 'readonly', tenantRole: 'owner');
+    $fixture = $this->makeCrossEnvironmentCompareFixture(workspaceRole: 'readonly', tenantRole: 'owner');
 
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Workspace Gate Policy',
         snapshot: ['settings' => [['key' => 'workspace', 'value' => 1]]],
     );
 
     $this->setAdminWorkspaceContext($fixture['user'], $fixture['workspace']);
 
-    $selection = new CrossTenantCompareSelection(
-        $fixture['sourceTenant'],
-        $fixture['targetTenant'],
+    $selection = new CrossEnvironmentCompareSelection(
+        $fixture['sourceEnvironment'],
+        $fixture['targetEnvironment'],
         ['deviceConfiguration'],
     );
-    $preview = app(CrossTenantComparePreviewBuilder::class)->build($selection);
-    $preflight = app(CrossTenantPromotionPreflight::class)->build($preview);
+    $preview = app(CrossEnvironmentComparePreviewBuilder::class)->build($selection);
+    $preflight = app(CrossEnvironmentPromotionPreflight::class)->build($preview);
 
     Livewire::withQueryParams([
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ])
         ->actingAs($fixture['user'])
-        ->test(CrossTenantComparePage::class)
+        ->test(CrossEnvironmentComparePage::class)
         ->set('preview', $preview)
         ->set('preflight', $preflight)
         ->assertActionVisible('executePromotion')
@@ -99,11 +99,11 @@
         ->assertForbidden();
 });
 
-it('does not queue a promotion run when the current preflight is stale for the selected target tenant', function (): void {
-    $fixture = $this->makeCrossTenantCompareFixture();
+it('does not queue a promotion run when the current preflight is stale for the selected target environment', function (): void {
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
 
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Stale Policy',
         snapshot: ['settings' => [['key' => 'stale', 'value' => 1]]],
     );
@@ -120,27 +120,27 @@
 
     $this->setAdminWorkspaceContext($fixture['user'], $fixture['workspace']);
 
-    $staleSelection = new CrossTenantCompareSelection(
-        $fixture['sourceTenant'],
+    $staleSelection = new CrossEnvironmentCompareSelection(
+        $fixture['sourceEnvironment'],
         $staleTarget,
         ['deviceConfiguration'],
     );
-    $currentSelection = new CrossTenantCompareSelection(
-        $fixture['sourceTenant'],
-        $fixture['targetTenant'],
+    $currentSelection = new CrossEnvironmentCompareSelection(
+        $fixture['sourceEnvironment'],
+        $fixture['targetEnvironment'],
         ['deviceConfiguration'],
     );
-    $currentPreview = app(CrossTenantComparePreviewBuilder::class)->build($currentSelection);
-    $stalePreview = app(CrossTenantComparePreviewBuilder::class)->build($staleSelection);
-    $stalePreflight = app(CrossTenantPromotionPreflight::class)->build($stalePreview);
+    $currentPreview = app(CrossEnvironmentComparePreviewBuilder::class)->build($currentSelection);
+    $stalePreview = app(CrossEnvironmentComparePreviewBuilder::class)->build($staleSelection);
+    $stalePreflight = app(CrossEnvironmentPromotionPreflight::class)->build($stalePreview);
 
     Livewire::withQueryParams([
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ])
         ->actingAs($fixture['user'])
-        ->test(CrossTenantComparePage::class)
+        ->test(CrossEnvironmentComparePage::class)
         ->set('preview', $currentPreview)
         ->set('preflight', $stalePreflight)
         ->call('executePromotion')
@@ -150,10 +150,10 @@
 });
 
 it('does not queue a promotion run when promotion execution is paused by operational control', function (): void {
-    $fixture = $this->makeCrossTenantCompareFixture();
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
 
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Paused Policy',
         snapshot: ['settings' => [['key' => 'paused', 'value' => 1]]],
     );
@@ -167,12 +167,12 @@
     ]);
 
     Livewire::withQueryParams([
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ])
         ->actingAs($fixture['user'])
-        ->test(CrossTenantComparePage::class)
+        ->test(CrossEnvironmentComparePage::class)
         ->call('generatePromotionPreflight')
         ->call('executePromotion')
         ->assertNotified('Promotion execution paused');
@@ -180,8 +180,8 @@
     expect(OperationRun::query()->count())->toBe(0);
 });
 
-it('returns 404 and does not queue a promotion run when the requested target tenant is outside the actor scope', function (): void {
-    $fixture = $this->makeCrossTenantCompareFixture();
+it('returns 404 and does not queue a promotion run when the requested target environment is outside the actor scope', function (): void {
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
     $hiddenTarget = ManagedEnvironment::factory()->create([
         'workspace_id' => (int) $fixture['workspace']->getKey(),
         'name' => 'Hidden Promotion Target',
@@ -190,9 +190,9 @@
     $session = $this->setAdminWorkspaceContext($fixture['user'], $fixture['workspace']);
 
     $this->withSession($session)
-        ->get(CrossTenantComparePage::getUrl(parameters: [
-            'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-            'target_tenant_id' => (int) $hiddenTarget->getKey(),
+        ->get(CrossEnvironmentComparePage::getUrl(parameters: [
+            'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+            'target_environment_id' => (int) $hiddenTarget->getKey(),
             'policy_type' => ['deviceConfiguration'],
         ], panel: 'admin'))
         ->assertNotFound();
diff --git a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionExecutionRunUxTest.php b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionExecutionRunUxTest.php
similarity index 72%
rename from apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionExecutionRunUxTest.php
rename to apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionExecutionRunUxTest.php
index f8e98af8..c4d01217 100644
--- a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionExecutionRunUxTest.php
+++ b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionExecutionRunUxTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\CrossTenantComparePage;
-use App\Jobs\Operations\CrossTenantPromotionExecutionJob;
+use App\Filament\Pages\CrossEnvironmentComparePage;
+use App\Jobs\Operations\CrossEnvironmentPromotionExecutionJob;
 use App\Models\OperationRun;
 use App\Support\OperationRunLinks;
 use App\Support\Workspaces\WorkspaceContext;
@@ -17,10 +17,10 @@
 it('uses the shared queued and deduped start-result ux for promotion execution', function (): void {
     Queue::fake();
 
-    $fixture = $this->makeCrossTenantCompareFixture();
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
 
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Run UX Policy',
         snapshot: ['settings' => [['key' => 'ux', 'value' => 1]]],
     );
@@ -28,14 +28,14 @@
     $this->setAdminWorkspaceContext($fixture['user'], $fixture['workspace']);
 
     $query = [
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ];
 
     $component = Livewire::withQueryParams($query)
         ->actingAs($fixture['user'])
-        ->test(CrossTenantComparePage::class)
+        ->test(CrossEnvironmentComparePage::class)
         ->call('generatePromotionPreflight')
         ->mountAction('executePromotion')
         ->callMountedAction()
@@ -49,8 +49,8 @@
         ->and(data_get($run?->context, 'required_capability'))->toBe('tenant.manage')
         ->and(data_get($run?->context, 'workspace_required_capability'))->toBe('workspace_baselines.manage')
         ->and(data_get($run?->context, 'target_scope.workspace_id'))->toBe((int) $fixture['workspace']->getKey())
-        ->and(data_get($run?->context, 'selection.sourceTenantId'))->toBe((int) $fixture['sourceTenant']->getKey())
-        ->and(data_get($run?->context, 'selection.targetTenantId'))->toBe((int) $fixture['targetTenant']->getKey());
+        ->and(data_get($run?->context, 'selection.sourceEnvironmentId'))->toBe((int) $fixture['sourceEnvironment']->getKey())
+        ->and(data_get($run?->context, 'selection.targetEnvironmentId'))->toBe((int) $fixture['targetEnvironment']->getKey());
 
     $component
         ->mountAction('executePromotion')
@@ -60,7 +60,7 @@
 
     expect(OperationRun::query()->where('type', 'promotion.execute')->count())->toBe(1);
 
-    Queue::assertPushed(CrossTenantPromotionExecutionJob::class, 1);
+    Queue::assertPushed(CrossEnvironmentPromotionExecutionJob::class, 1);
 
     $this->actingAs($fixture['user'])
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $fixture['workspace']->getKey()])
diff --git a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionPreflightAuditTest.php b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionPreflightAuditTest.php
similarity index 67%
rename from apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionPreflightAuditTest.php
rename to apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionPreflightAuditTest.php
index 87b85cb3..0b9cf30e 100644
--- a/apps/platform/tests/Feature/PortfolioCompare/CrossTenantPromotionPreflightAuditTest.php
+++ b/apps/platform/tests/Feature/PortfolioCompare/CrossEnvironmentPromotionPreflightAuditTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\CrossTenantComparePage;
+use App\Filament\Pages\CrossEnvironmentComparePage;
 use App\Models\AuditLog;
 use App\Models\OperationRun;
 use App\Models\PolicyVersion;
@@ -14,15 +14,15 @@
 uses(RefreshDatabase::class, BuildsPortfolioCompareFixtures::class);
 
 it('audits promotion preflight generation without creating writes or operation runs', function (): void {
-    $fixture = $this->makeCrossTenantCompareFixture();
+    $fixture = $this->makeCrossEnvironmentCompareFixture();
 
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Audit Policy',
         snapshot: ['settings' => [['key' => 'audit', 'value' => 1]]],
     );
     $this->createPortfolioCompareSubject(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'Audit Policy',
         snapshot: ['settings' => [['key' => 'audit', 'value' => 2]]],
     );
@@ -33,26 +33,26 @@
     $policyVersionCount = PolicyVersion::query()->count();
 
     Livewire::withQueryParams([
-        'source_tenant_id' => (int) $fixture['sourceTenant']->getKey(),
-        'target_tenant_id' => (int) $fixture['targetTenant']->getKey(),
+        'source_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
+        'target_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => ['deviceConfiguration'],
     ])
         ->actingAs($fixture['user'])
-        ->test(CrossTenantComparePage::class)
+        ->test(CrossEnvironmentComparePage::class)
         ->call('generatePromotionPreflight')
         ->assertHasNoErrors();
 
     $audit = AuditLog::query()
         ->where('workspace_id', (int) $fixture['workspace']->getKey())
-        ->where('action', AuditActionId::CrossTenantPromotionPreflightGenerated->value)
+        ->where('action', AuditActionId::CrossEnvironmentPromotionPreflightGenerated->value)
         ->latest('id')
         ->first();
 
     expect($audit)->not->toBeNull()
         ->and($audit?->status)->toBe('success')
-        ->and($audit?->resource_type)->toBe('cross_tenant_promotion_preflight')
-        ->and(data_get($audit?->metadata, 'source_tenant_id'))->toBe((int) $fixture['sourceTenant']->getKey())
-        ->and(data_get($audit?->metadata, 'target_tenant_id'))->toBe((int) $fixture['targetTenant']->getKey())
+        ->and($audit?->resource_type)->toBe('cross_environment_promotion_preflight')
+        ->and(data_get($audit?->metadata, 'source_environment_id'))->toBe((int) $fixture['sourceEnvironment']->getKey())
+        ->and(data_get($audit?->metadata, 'target_environment_id'))->toBe((int) $fixture['targetEnvironment']->getKey())
         ->and(data_get($audit?->metadata, 'ready_count'))->toBe(1)
         ->and(data_get($audit?->metadata, 'blocked_count'))->toBe(0)
         ->and(data_get($audit?->metadata, 'manual_mapping_required_count'))->toBe(0);
diff --git a/apps/platform/tests/Feature/ProviderConnections/ProviderConnectionViewsDbOnlyRenderingSpec081Test.php b/apps/platform/tests/Feature/ProviderConnections/ProviderConnectionViewsDbOnlyRenderingSpec081Test.php
index b0f09310..98b7a137 100644
--- a/apps/platform/tests/Feature/ProviderConnections/ProviderConnectionViewsDbOnlyRenderingSpec081Test.php
+++ b/apps/platform/tests/Feature/ProviderConnections/ProviderConnectionViewsDbOnlyRenderingSpec081Test.php
@@ -4,7 +4,7 @@
 
 use App\Filament\Resources\ProviderConnectionResource;
 use App\Models\ProviderConnection;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Support\Links\RequiredPermissionsLinks;
 use Illuminate\Support\Facades\Bus;
 
@@ -56,7 +56,7 @@
 it('Spec081 renders required-permissions page DB-only', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    TenantPermission::query()->create([
+    ManagedEnvironmentPermission::query()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'permission_key' => 'DeviceManagementConfiguration.ReadWrite.All',
         'status' => 'granted',
diff --git a/apps/platform/tests/Feature/ProviderConnections/ProviderOperationBlockedGuidanceSpec081Test.php b/apps/platform/tests/Feature/ProviderConnections/ProviderOperationBlockedGuidanceSpec081Test.php
index 2e120f9f..f7b59f83 100644
--- a/apps/platform/tests/Feature/ProviderConnections/ProviderOperationBlockedGuidanceSpec081Test.php
+++ b/apps/platform/tests/Feature/ProviderConnections/ProviderOperationBlockedGuidanceSpec081Test.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Resources\ProviderConnectionResource\Pages\ListProviderConnections;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Jobs\ProviderConnectionHealthCheckJob;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
@@ -68,7 +68,7 @@
     $tenant->makeCurrent();
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->callAction('verify');
 
     $run = OperationRun::query()
diff --git a/apps/platform/tests/Feature/Providers/ProviderCapabilityEvaluationTest.php b/apps/platform/tests/Feature/Providers/ProviderCapabilityEvaluationTest.php
index ba43a8b2..9b5a2356 100644
--- a/apps/platform/tests/Feature/Providers/ProviderCapabilityEvaluationTest.php
+++ b/apps/platform/tests/Feature/Providers/ProviderCapabilityEvaluationTest.php
@@ -4,11 +4,11 @@
 
 use App\Models\ManagedEnvironment;
 use App\Models\ProviderConnection;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Support\Providers\Capabilities\ProviderCapabilityEvaluator;
 use App\Support\Providers\Capabilities\ProviderCapabilityStatus;
 use App\Support\Providers\ProviderReasonCodes;
-use App\Support\Verification\TenantPermissionCheckClusters;
+use App\Support\Verification\ManagedEnvironmentPermissionCheckClusters;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
 uses(RefreshDatabase::class);
@@ -31,7 +31,7 @@ function spec283SeedRequirementRows(ManagedEnvironment $tenant, array $requireme
                 continue;
             }
 
-            $mappedRequirementKeys = TenantPermissionCheckClusters::requirementKeysForPermissionRow($permission);
+            $mappedRequirementKeys = ManagedEnvironmentPermissionCheckClusters::requirementKeysForPermissionRow($permission);
 
             if (array_intersect($requirementKeys, $mappedRequirementKeys) === []) {
                 continue;
@@ -39,7 +39,7 @@ function spec283SeedRequirementRows(ManagedEnvironment $tenant, array $requireme
 
             $permissionKey = (string) ($permission['key'] ?? '');
 
-            TenantPermission::query()->updateOrCreate(
+            ManagedEnvironmentPermission::query()->updateOrCreate(
                 [
                     'managed_environment_id' => (int) $tenant->getKey(),
                     'permission_key' => $permissionKey,
diff --git a/apps/platform/tests/Feature/Rbac/AdminGlobalSearchContextSafetyTest.php b/apps/platform/tests/Feature/Rbac/AdminGlobalSearchContextSafetyTest.php
index c5b25b0f..3bd90489 100644
--- a/apps/platform/tests/Feature/Rbac/AdminGlobalSearchContextSafetyTest.php
+++ b/apps/platform/tests/Feature/Rbac/AdminGlobalSearchContextSafetyTest.php
@@ -7,7 +7,7 @@
 use App\Filament\Resources\PolicyResource;
 use App\Filament\Resources\PolicyVersionResource;
 use App\Filament\Resources\ProviderConnectionResource;
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\EntraGroup;
 use App\Models\Policy;
 use App\Models\PolicyVersion;
@@ -24,7 +24,7 @@ function adminGlobalSearchTitles($results): array
     return collect($results)->map(fn ($result): string => (string) $result->title)->all();
 }
 
-it('does not collapse administratively discoverable tenant results because remembered tenant context is selector-ineligible', function (): void {
+it('keeps managed environment registry results out of global search regardless of remembered context', function (): void {
     $activeTenant = ManagedEnvironment::factory()->active()->create(['name' => 'Search Safety Active']);
     [$user, $activeTenant] = createUserWithTenant(tenant: $activeTenant, role: 'owner');
 
@@ -46,11 +46,9 @@ function adminGlobalSearchTitles($results): array
         (string) $activeTenant->workspace_id => (int) $onboardingTenant->getKey(),
     ]);
 
-    expect(adminGlobalSearchTitles(TenantResource::getGlobalSearchResults('Search Safety')))
-        ->toEqualCanonicalizing([
-            'Search Safety Active',
-            'Search Safety Onboarding',
-        ]);
+    expect(adminGlobalSearchTitles(ManagedEnvironmentResource::getGlobalSearchResults('Search Safety')))
+        ->toBeEmpty()
+        ->and(ManagedEnvironmentResource::canGloballySearch())->toBeFalse();
 });
 
 it('keeps operation runs out of admin global search regardless of remembered context state', function (): void {
diff --git a/apps/platform/tests/Feature/Rbac/DashboardRecoveryPostureVisibilityTest.php b/apps/platform/tests/Feature/Rbac/DashboardRecoveryPostureVisibilityTest.php
index b384272b..6bd0fabf 100644
--- a/apps/platform/tests/Feature/Rbac/DashboardRecoveryPostureVisibilityTest.php
+++ b/apps/platform/tests/Feature/Rbac/DashboardRecoveryPostureVisibilityTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Filament\Resources\RestoreRunResource;
 use App\Filament\Widgets\Dashboard\NeedsAttention;
 use App\Filament\Widgets\Dashboard\RecoveryReadiness;
@@ -57,7 +57,7 @@ function seedRecoveryVisibilityScenario(ManagedEnvironment $tenant): RestoreRun
         ->assertSee('Recovery evidence')
         ->assertSee('Weakened');
 
-    $this->get(TenantDashboard::getUrl(tenant: $tenant))
+    $this->get(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertOk();
 
     $this->get(RestoreRunResource::getUrl('index', tenant: $tenant))
@@ -122,7 +122,7 @@ function seedRecoveryVisibilityScenario(ManagedEnvironment $tenant): RestoreRun
 
     $this->actingAs($user);
 
-    $this->get(TenantDashboard::getUrl(tenant: $tenant))
+    $this->get(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertNotFound();
 
     $this->get(RestoreRunResource::getUrl('index', tenant: $tenant))
diff --git a/apps/platform/tests/Feature/Rbac/EditTenantArchiveUiEnforcementTest.php b/apps/platform/tests/Feature/Rbac/EditTenantArchiveUiEnforcementTest.php
index c8a770cc..b813d7bb 100644
--- a/apps/platform/tests/Feature/Rbac/EditTenantArchiveUiEnforcementTest.php
+++ b/apps/platform/tests/Feature/Rbac/EditTenantArchiveUiEnforcementTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\EditTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\EditManagedEnvironment;
 use App\Models\ManagedEnvironment;
 use Filament\Actions\Action;
 use Filament\Actions\ActionGroup;
@@ -31,7 +31,7 @@ function editTenantUiHeaderActions(Testable $component): array
         $tenant->makeCurrent();
         Filament::setTenant($tenant, true);
 
-        $component = Livewire::test(EditTenant::class, ['record' => $tenant->getRouteKey()])
+        $component = Livewire::test(EditManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
             ->assertActionVisible('archive')
             ->assertActionDisabled('archive')
             ->assertActionExists('archive', function (Action $action): bool {
@@ -65,7 +65,7 @@ function editTenantUiHeaderActions(Testable $component): array
         $tenant->makeCurrent();
         Filament::setTenant($tenant, true);
 
-        $component = Livewire::test(EditTenant::class, ['record' => $tenant->getRouteKey()])
+        $component = Livewire::test(EditManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
             ->assertActionVisible('archive')
             ->assertActionEnabled('archive')
             ->assertActionExists('archive', fn (Action $action): bool => $action->getLabel() === 'Archive' && $action->isConfirmationRequired())
@@ -97,7 +97,7 @@ function editTenantUiHeaderActions(Testable $component): array
 
         Filament::setTenant($tenant, true);
 
-        Livewire::test(EditTenant::class, ['record' => $tenant->getRouteKey()])
+        Livewire::test(EditManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
             ->assertActionHidden('archive');
     });
 
@@ -109,7 +109,7 @@ function editTenantUiHeaderActions(Testable $component): array
 
         Filament::setTenant($tenant, true);
 
-        $component = Livewire::test(EditTenant::class, ['record' => $tenant->getRouteKey()])
+        $component = Livewire::test(EditManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
             ->assertActionVisible('restore')
             ->assertActionEnabled('restore')
             ->assertActionExists('restore', fn (Action $action): bool => $action->getLabel() === 'Restore' && $action->isConfirmationRequired())
diff --git a/apps/platform/tests/Feature/Rbac/GovernanceArtifactsWorkspaceFirstAuthorizationTest.php b/apps/platform/tests/Feature/Rbac/GovernanceArtifactsWorkspaceFirstAuthorizationTest.php
index 1362e579..cae516e8 100644
--- a/apps/platform/tests/Feature/Rbac/GovernanceArtifactsWorkspaceFirstAuthorizationTest.php
+++ b/apps/platform/tests/Feature/Rbac/GovernanceArtifactsWorkspaceFirstAuthorizationTest.php
@@ -7,7 +7,7 @@
 use App\Models\ManagedEnvironment;
 use App\Models\ManagedEnvironmentMembership;
 use App\Models\ReviewPack;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -41,7 +41,7 @@
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
     ]);
-    $tenantReview = TenantReview::factory()->ready()->create([
+    $environmentReview = EnvironmentReview::factory()->ready()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
@@ -51,7 +51,7 @@
     expect(Gate::forUser($user)->allows('view', $finding))->toBeTrue()
         ->and(Gate::forUser($user)->allows('view', $snapshot))->toBeTrue()
         ->and(Gate::forUser($user)->allows('view', $reviewPack))->toBeTrue()
-        ->and(Gate::forUser($user)->allows('view', $tenantReview))->toBeTrue();
+        ->and(Gate::forUser($user)->allows('view', $environmentReview))->toBeTrue();
 });
 
 it('denies out-of-scope governance artifacts as not found before capability checks', function (): void {
@@ -89,7 +89,7 @@
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
     ]);
-    $tenantReview = TenantReview::factory()->ready()->create([
+    $environmentReview = EnvironmentReview::factory()->ready()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $deniedTenant->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
@@ -99,7 +99,7 @@
     expect(Gate::forUser($user)->inspect('view', $finding)->status())->toBe(404)
         ->and(Gate::forUser($user)->inspect('view', $snapshot)->status())->toBe(404)
         ->and(Gate::forUser($user)->inspect('view', $reviewPack)->status())->toBe(404)
-        ->and(Gate::forUser($user)->inspect('view', $tenantReview)->status())->toBe(404);
+        ->and(Gate::forUser($user)->inspect('view', $environmentReview)->status())->toBe(404);
 });
 
 function spec285EvidenceSnapshot(ManagedEnvironment $tenant): EvidenceSnapshot
diff --git a/apps/platform/tests/Feature/Rbac/OnboardingWizardUiEnforcementTest.php b/apps/platform/tests/Feature/Rbac/OnboardingWizardUiEnforcementTest.php
index eb0b6652..22321239 100644
--- a/apps/platform/tests/Feature/Rbac/OnboardingWizardUiEnforcementTest.php
+++ b/apps/platform/tests/Feature/Rbac/OnboardingWizardUiEnforcementTest.php
@@ -2,12 +2,12 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentOnboardingSession;
+use App\Models\ManagedEnvironmentPermission;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -20,7 +20,7 @@
 use Livewire\Livewire;
 
 describe('Onboarding wizard UI enforcement', function () {
-    it('denies identifyManagedTenant for readonly workspace members', function (): void {
+    it('denies identifyManagedEnvironment for readonly workspace members', function (): void {
         $workspace = Workspace::factory()->create();
         $user = User::factory()->create();
 
@@ -33,7 +33,7 @@
         session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
         Livewire::actingAs($user)
-            ->test(ManagedTenantOnboardingWizard::class)
+            ->test(ManagedEnvironmentOnboardingWizard::class)
             ->assertForbidden();
     });
 
@@ -68,7 +68,7 @@
         session()->put(WorkspaceContext::SESSION_KEY, (int) $workspace->getKey());
 
         Livewire::actingAs($user)
-            ->test(ManagedTenantOnboardingWizard::class, [
+            ->test(ManagedEnvironmentOnboardingWizard::class, [
                 'onboardingDraft' => (int) $draft->getKey(),
             ])
             ->call('createProviderConnection', [
@@ -107,7 +107,7 @@
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
         ]);
 
-        TenantOnboardingSession::query()->create([
+        ManagedEnvironmentOnboardingSession::query()->create([
             'workspace_id' => (int) $workspace->getKey(),
             'managed_environment_id' => (int) $tenant->getKey(),
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -119,13 +119,13 @@
             'updated_by_user_id' => (int) $user->getKey(),
         ]);
 
-        $draft = TenantOnboardingSession::query()
+        $draft = ManagedEnvironmentOnboardingSession::query()
             ->where('workspace_id', (int) $workspace->getKey())
             ->where('managed_environment_id', (int) $tenant->getKey())
             ->firstOrFail();
 
         Livewire::actingAs($user)
-            ->test(ManagedTenantOnboardingWizard::class, [
+            ->test(ManagedEnvironmentOnboardingWizard::class, [
                 'onboardingDraft' => (int) $draft->getKey(),
             ])
             ->call('startVerification');
@@ -170,7 +170,7 @@
         $workspace = $tenant->workspace()->firstOrFail();
 
         foreach ($permissionKeys as $key) {
-            TenantPermission::query()->create([
+            ManagedEnvironmentPermission::query()->create([
                 'managed_environment_id' => (int) $tenant->getKey(),
                 'workspace_id' => (int) $workspace->getKey(),
                 'permission_key' => $key,
@@ -217,7 +217,7 @@
             ],
         ]);
 
-        $draft = TenantOnboardingSession::query()->create([
+        $draft = ManagedEnvironmentOnboardingSession::query()->create([
             'workspace_id' => (int) $workspace->getKey(),
             'managed_environment_id' => (int) $tenant->getKey(),
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
@@ -306,7 +306,7 @@
         ]);
 
         Livewire::actingAs($user)
-            ->test(ManagedTenantOnboardingWizard::class, [
+            ->test(ManagedEnvironmentOnboardingWizard::class, [
                 'onboardingDraft' => (int) $draft->getKey(),
             ])
             ->call('completeOnboarding')
diff --git a/apps/platform/tests/Feature/Rbac/OperationRunWorkspaceFirstAuthorizationTest.php b/apps/platform/tests/Feature/Rbac/OperationRunWorkspaceFirstAuthorizationTest.php
index 9716d959..027be993 100644
--- a/apps/platform/tests/Feature/Rbac/OperationRunWorkspaceFirstAuthorizationTest.php
+++ b/apps/platform/tests/Feature/Rbac/OperationRunWorkspaceFirstAuthorizationTest.php
@@ -22,7 +22,7 @@
     ]);
 
     $run = OperationRun::factory()->tenantlessForWorkspace($workspace)->create([
-        'type' => 'tenant.review.compose',
+        'type' => 'environment.review.compose',
     ]);
 
     expect(Gate::forUser($user)->allows('view', $run))->toBeTrue();
diff --git a/apps/platform/tests/Feature/Rbac/TenantActionSurfaceConsistencyTest.php b/apps/platform/tests/Feature/Rbac/TenantActionSurfaceConsistencyTest.php
index 55f2bc96..0a1447b4 100644
--- a/apps/platform/tests/Feature/Rbac/TenantActionSurfaceConsistencyTest.php
+++ b/apps/platform/tests/Feature/Rbac/TenantActionSurfaceConsistencyTest.php
@@ -2,10 +2,10 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
-use App\Filament\Resources\TenantResource\Pages\EditTenant;
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\EditManagedEnvironment;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\ManagedEnvironment;
 use App\Support\Ui\ActionSurface\Enums\ActionSurfaceSlot;
 use App\Support\Workspaces\WorkspaceContext;
@@ -39,7 +39,7 @@ function tenantActionSurfaceSearchTitles($results): array
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionVisible('related_onboarding', $tenant)
         ->assertTableActionHidden('archive', $tenant)
         ->assertTableActionHidden('restore', $tenant);
@@ -47,19 +47,19 @@ function tenantActionSurfaceSearchTitles($results): array
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionHidden('archive')
         ->assertActionHidden('restore');
 
-    expect(collect(TenantResource::tenantViewContextEntries($tenant))->pluck('key')->all())
+    expect(collect(ManagedEnvironmentResource::tenantViewContextEntries($tenant))->pluck('key')->all())
         ->toContain('related_onboarding');
 
     Livewire::actingAs($user)
-        ->test(EditTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(EditManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionHidden('archive')
         ->assertActionHidden('restore');
 
-    expect(collect(TenantResource::tenantEditContextEntries($tenant))->pluck('key')->all())
+    expect(collect(ManagedEnvironmentResource::tenantEditContextEntries($tenant))->pluck('key')->all())
         ->toContain('related_onboarding');
 });
 
@@ -70,7 +70,7 @@ function tenantActionSurfaceSearchTitles($results): array
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionVisible('archive', $tenant)
         ->assertTableActionHidden('restore', $tenant)
         ->assertTableActionHidden('related_onboarding', $tenant);
@@ -78,19 +78,19 @@ function tenantActionSurfaceSearchTitles($results): array
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionVisible('archive')
         ->assertActionHidden('restore');
 
-    expect(collect(TenantResource::tenantViewContextEntries($tenant))->pluck('key')->all())
+    expect(collect(ManagedEnvironmentResource::tenantViewContextEntries($tenant))->pluck('key')->all())
         ->not->toContain('related_onboarding');
 
     Livewire::actingAs($user)
-        ->test(EditTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(EditManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionVisible('archive')
         ->assertActionHidden('restore');
 
-    expect(collect(TenantResource::tenantEditContextEntries($tenant))->pluck('key')->all())
+    expect(collect(ManagedEnvironmentResource::tenantEditContextEntries($tenant))->pluck('key')->all())
         ->not->toContain('related_onboarding');
 });
 
@@ -112,7 +112,7 @@ function tenantActionSurfaceSearchTitles($results): array
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionVisible('related_onboarding', $tenant)
         ->assertTableActionHidden('archive', $tenant)
         ->assertTableActionHidden('restore', $tenant);
@@ -120,19 +120,19 @@ function tenantActionSurfaceSearchTitles($results): array
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionHidden('archive')
         ->assertActionHidden('restore');
 
-    expect(collect(TenantResource::tenantViewContextEntries($tenant))->pluck('key')->all())
+    expect(collect(ManagedEnvironmentResource::tenantViewContextEntries($tenant))->pluck('key')->all())
         ->toContain('related_onboarding');
 
     Livewire::actingAs($user)
-        ->test(EditTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(EditManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionHidden('archive')
         ->assertActionHidden('restore');
 
-    expect(collect(TenantResource::tenantEditContextEntries($tenant))->pluck('key')->all())
+    expect(collect(ManagedEnvironmentResource::tenantEditContextEntries($tenant))->pluck('key')->all())
         ->toContain('related_onboarding');
 });
 
@@ -143,24 +143,24 @@ function tenantActionSurfaceSearchTitles($results): array
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionVisible('restore', $tenant)
         ->assertTableActionHidden('archive', $tenant);
 
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionVisible('restore')
         ->assertActionHidden('archive');
 
     Livewire::actingAs($user)
-        ->test(EditTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(EditManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionVisible('restore')
         ->assertActionHidden('archive');
 });
 
-it('keeps tenant global search aligned with administrative discoverability across lifecycles', function (): void {
+it('keeps managed environment registry out of global search across lifecycles', function (): void {
     $active = ManagedEnvironment::factory()->active()->create(['name' => 'Surface Search Active']);
     [$user, $active] = createUserWithTenant(tenant: $active, role: 'owner', ensureDefaultMicrosoftProviderConnection: false);
 
@@ -189,13 +189,9 @@ function tenantActionSurfaceSearchTitles($results): array
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $active->workspace_id);
 
-    expect(tenantActionSurfaceSearchTitles(TenantResource::getGlobalSearchResults('Surface Search')))
-        ->toEqualCanonicalizing([
-            'Surface Search Active',
-            'Surface Search Draft',
-            'Surface Search Onboarding',
-            'Surface Search Archived',
-        ]);
+    expect(tenantActionSurfaceSearchTitles(ManagedEnvironmentResource::getGlobalSearchResults('Surface Search')))
+        ->toBeEmpty()
+        ->and(ManagedEnvironmentResource::canGloballySearch())->toBeFalse();
 });
 
 it('keeps list-row lifecycle actions independent from the selected header tenant context', function (): void {
@@ -229,7 +225,7 @@ function tenantActionSurfaceSearchTitles($results): array
     Filament::setTenant($selectedTenant, true);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionVisible('archive', $selectedTenant)
         ->assertTableActionVisible('related_onboarding', $onboardingTenant)
         ->assertTableActionHidden('archive', $onboardingTenant)
@@ -253,7 +249,7 @@ function tenantActionSurfaceSearchTitles($results): array
         ],
     ]);
 
-    $declaration = TenantResource::actionSurfaceDeclaration();
+    $declaration = ManagedEnvironmentResource::actionSurfaceDeclaration();
 
     expect($declaration->listRowPrimaryActionLimit())->toBe(1)
         ->and((string) ($declaration->slot(ActionSurfaceSlot::ListRowMoreMenu)?->details ?? ''))->toContain('one');
@@ -262,7 +258,7 @@ function tenantActionSurfaceSearchTitles($results): array
     Filament::setTenant(null, true);
 
     $component = Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionVisible('archive', $tenant)
         ->assertTableActionHidden('related_onboarding', $tenant)
         ->assertTableActionVisible('related_onboarding_overflow', $tenant)
@@ -287,7 +283,7 @@ function tenantActionSurfaceSearchTitles($results): array
     $archiveIndex = array_search('archive', $moreActionNames, true);
 
     expect($primaryRowActionNames)->not->toContain('view')
-        ->and($table->getRecordUrl($tenant))->toBe(TenantResource::getUrl('view', ['record' => $tenant]))
+        ->and($table->getRecordUrl($tenant))->toBe(ManagedEnvironmentResource::getUrl('view', ['record' => $tenant]))
         ->and($moreActionNames)->toContain('archive')
         ->and($moreActionNames)->toContain('related_onboarding_overflow')
         ->and($relatedOnboardingIndex)->toBe(0)
diff --git a/apps/platform/tests/Feature/Rbac/TenantAdminAuthorizationTest.php b/apps/platform/tests/Feature/Rbac/TenantAdminAuthorizationTest.php
index 993275c4..6a08f165 100644
--- a/apps/platform/tests/Feature/Rbac/TenantAdminAuthorizationTest.php
+++ b/apps/platform/tests/Feature/Rbac/TenantAdminAuthorizationTest.php
@@ -1,7 +1,7 @@
 <?php
 
 use App\Filament\Pages\Tenancy\RegisterTenant;
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use Filament\Facades\Filament;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Livewire\Livewire;
@@ -29,5 +29,5 @@
 
     $this->actingAs($user);
 
-    expect(TenantResource::canCreate())->toBeFalse();
+    expect(ManagedEnvironmentResource::canCreate())->toBeFalse();
 });
diff --git a/apps/platform/tests/Feature/Rbac/TenantDashboardArrivalContextVisibilityTest.php b/apps/platform/tests/Feature/Rbac/TenantDashboardArrivalContextVisibilityTest.php
index 80cfce6b..ff42ea48 100644
--- a/apps/platform/tests/Feature/Rbac/TenantDashboardArrivalContextVisibilityTest.php
+++ b/apps/platform/tests/Feature/Rbac/TenantDashboardArrivalContextVisibilityTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Filament\Resources\RestoreRunResource;
 use App\Models\ManagedEnvironment;
 use App\Services\Auth\CapabilityResolver;
@@ -19,7 +19,7 @@
 
 function tenantDashboardVisibilityArrivalUrl(\App\Models\ManagedEnvironment $tenant): string
 {
-    return TenantDashboard::getUrl([
+    return EnvironmentDashboard::getUrl([
         PortfolioArrivalContextToken::QUERY_PARAMETER => PortfolioArrivalContextToken::encode([
             'sourceSurface' => PortfolioArrivalContextToken::SOURCE_TENANT_REGISTRY,
             'tenantRouteKey' => (string) $tenant->external_id,
diff --git a/apps/platform/tests/Feature/Rbac/TenantLifecycleActionNamingTest.php b/apps/platform/tests/Feature/Rbac/TenantLifecycleActionNamingTest.php
index b5cc155c..514941cc 100644
--- a/apps/platform/tests/Feature/Rbac/TenantLifecycleActionNamingTest.php
+++ b/apps/platform/tests/Feature/Rbac/TenantLifecycleActionNamingTest.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\EditTenant;
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\EditManagedEnvironment;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\ManagedEnvironment;
 use App\Support\Workspaces\WorkspaceContext;
 use Filament\Actions\Action;
@@ -32,7 +32,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertActionExists('add_tenant', fn (Action $action): bool => $action->getLabel() === 'Resume onboarding');
 });
 
@@ -43,17 +43,17 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionExists('archive', fn (Action $action): bool => $action->getLabel() === 'Archive' && $action->isConfirmationRequired(), $tenant);
 
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionExists('archive', fn (Action $action): bool => $action->getLabel() === 'Archive' && $action->isConfirmationRequired());
 
     Livewire::actingAs($user)
-        ->test(EditTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(EditManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionExists('archive', fn (Action $action): bool => $action->getLabel() === 'Archive' && $action->isConfirmationRequired());
 });
 
@@ -64,17 +64,17 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionExists('restore', fn (Action $action): bool => $action->getLabel() === 'Restore' && $action->isConfirmationRequired(), $tenant);
 
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionExists('restore', fn (Action $action): bool => $action->getLabel() === 'Restore' && $action->isConfirmationRequired());
 
     Livewire::actingAs($user)
-        ->test(EditTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(EditManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionExists('restore', fn (Action $action): bool => $action->getLabel() === 'Restore' && $action->isConfirmationRequired());
 });
 
@@ -85,12 +85,12 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionExists('archive', fn (Action $action): bool => $action->getLabel() !== 'Deactivate', $tenant);
 
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionExists('archive', fn (Action $action): bool => $action->getLabel() !== 'Deactivate');
 });
diff --git a/apps/platform/tests/Feature/Rbac/TenantLifecycleActionVisibilityTest.php b/apps/platform/tests/Feature/Rbac/TenantLifecycleActionVisibilityTest.php
index ded08a81..a4ce597e 100644
--- a/apps/platform/tests/Feature/Rbac/TenantLifecycleActionVisibilityTest.php
+++ b/apps/platform/tests/Feature/Rbac/TenantLifecycleActionVisibilityTest.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\AuditLog;
 use App\Models\ManagedEnvironment;
 use App\Services\Audit\WorkspaceAuditLogger;
@@ -35,7 +35,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionVisible('related_onboarding', $tenant)
         ->assertTableActionExists('related_onboarding', fn (Action $action): bool => $action->getLabel() === 'Resume onboarding', $tenant)
         ->assertTableActionHidden('archive', $tenant)
@@ -44,11 +44,11 @@
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionHidden('archive')
         ->assertActionHidden('restore');
 
-    expect(collect(TenantResource::tenantViewContextEntries($tenant))
+    expect(collect(ManagedEnvironmentResource::tenantViewContextEntries($tenant))
         ->firstWhere('key', 'related_onboarding')['value'] ?? null)
         ->toBe('Resume onboarding');
 })->with([
@@ -63,7 +63,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionVisible('archive', $tenant)
         ->assertTableActionHidden('restore', $tenant)
         ->assertTableActionHidden('related_onboarding', $tenant);
@@ -71,7 +71,7 @@
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionVisible('archive')
         ->assertActionHidden('restore');
 });
@@ -83,7 +83,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionVisible('restore', $tenant)
         ->assertTableActionHidden('archive', $tenant)
         ->assertTableActionHidden('related_onboarding', $tenant);
@@ -91,11 +91,11 @@
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionVisible('restore')
         ->assertActionHidden('archive');
 
-    expect(collect(TenantResource::tenantViewContextEntries($tenant))->pluck('key')->all())
+    expect(collect(ManagedEnvironmentResource::tenantViewContextEntries($tenant))->pluck('key')->all())
         ->not->toContain('related_onboarding');
 });
 
@@ -108,7 +108,7 @@
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
-    $list = Livewire::actingAs($user)->test(ListTenants::class);
+    $list = Livewire::actingAs($user)->test(ListManagedEnvironments::class);
 
     if ($shouldBeVisible) {
         $list->assertTableActionVisible('verify', $tenant);
@@ -119,7 +119,7 @@
     Filament::setTenant(null, true);
 
     $view = Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()]);
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()]);
 
     if ($shouldBeVisible) {
         $view->assertActionVisible('verify');
@@ -140,7 +140,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionVisible('archive', $tenant)
         ->assertTableActionDisabled('archive', $tenant);
 });
@@ -178,7 +178,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $activeTenant->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ListTenants::class)
+        ->test(ListManagedEnvironments::class)
         ->assertTableActionVisible('archive', $activeTenant)
         ->assertTableActionDisabled('archive', $activeTenant)
         ->assertTableActionHidden('archive', $onboardingTenant)
@@ -187,16 +187,16 @@
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $activeTenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $activeTenant->getRouteKey()])
         ->assertActionVisible('archive')
         ->assertActionDisabled('archive');
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $onboardingTenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $onboardingTenant->getRouteKey()])
         ->assertActionHidden('archive')
         ->assertActionHidden('restore');
 
-    expect(collect(TenantResource::tenantViewContextEntries($onboardingTenant))->pluck('key')->all())
+    expect(collect(ManagedEnvironmentResource::tenantViewContextEntries($onboardingTenant))->pluck('key')->all())
         ->toContain('related_onboarding');
 });
 
@@ -205,7 +205,7 @@
     [$user] = createUserWithTenant(role: 'owner', ensureDefaultMicrosoftProviderConnection: false);
 
     $this->actingAs($user)
-        ->get(TenantResource::getUrl('view', ['record' => $tenant]))
+        ->get(ManagedEnvironmentResource::getUrl('view', ['record' => $tenant]))
         ->assertNotFound();
 })->with([
     'draft' => [fn (): ManagedEnvironment => ManagedEnvironment::factory()->draft()->create()],
@@ -233,11 +233,11 @@
     Filament::setTenant($selectedTenant, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $archivedTenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $archivedTenant->getRouteKey()])
         ->assertActionVisible('restore')
         ->assertActionHidden('archive');
 
-    expect(collect(TenantResource::tenantViewContextEntries($archivedTenant))->pluck('key')->all())
+    expect(collect(ManagedEnvironmentResource::tenantViewContextEntries($archivedTenant))->pluck('key')->all())
         ->not->toContain('related_onboarding');
 });
 
@@ -261,8 +261,8 @@
 
     $auditLogger = app(WorkspaceAuditLogger::class);
 
-    TenantResource::restoreTenant($activeTenant, $auditLogger);
-    TenantResource::archiveTenant($onboardingTenant, $auditLogger, 'Trying to archive an onboarding tenant should be rejected.');
+    ManagedEnvironmentResource::restoreTenant($activeTenant, $auditLogger);
+    ManagedEnvironmentResource::archiveTenant($onboardingTenant, $auditLogger, 'Trying to archive an onboarding tenant should be rejected.');
 
     $activeTenant->refresh();
     $onboardingTenant->refresh();
diff --git a/apps/platform/tests/Feature/Rbac/TenantMembershipsRelationManagerUiEnforcementTest.php b/apps/platform/tests/Feature/Rbac/TenantMembershipsRelationManagerUiEnforcementTest.php
index 26d49a61..29e1fb33 100644
--- a/apps/platform/tests/Feature/Rbac/TenantMembershipsRelationManagerUiEnforcementTest.php
+++ b/apps/platform/tests/Feature/Rbac/TenantMembershipsRelationManagerUiEnforcementTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\EditTenant;
-use App\Filament\Resources\TenantResource\RelationManagers\TenantMembershipsRelationManager;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\EditManagedEnvironment;
+use App\Filament\Resources\ManagedEnvironmentResource\RelationManagers\ManagedEnvironmentMembershipsRelationManager;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use Filament\Actions\Action;
@@ -25,9 +25,9 @@
         $otherUser = User::factory()->create();
         createUserWithTenant(tenant: $tenant, user: $otherUser, role: 'readonly');
 
-        Livewire::test(TenantMembershipsRelationManager::class, [
+        Livewire::test(ManagedEnvironmentMembershipsRelationManager::class, [
             'ownerRecord' => $tenant,
-            'pageClass' => EditTenant::class,
+            'pageClass' => EditManagedEnvironment::class,
         ])
             ->assertTableActionVisible('add_member')
             ->assertTableActionDisabled('add_member')
diff --git a/apps/platform/tests/Feature/Rbac/TenantRequiredPermissionsTrustedStateTest.php b/apps/platform/tests/Feature/Rbac/TenantRequiredPermissionsTrustedStateTest.php
index 72d2c5c6..52058eea 100644
--- a/apps/platform/tests/Feature/Rbac/TenantRequiredPermissionsTrustedStateTest.php
+++ b/apps/platform/tests/Feature/Rbac/TenantRequiredPermissionsTrustedStateTest.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantRequiredPermissions;
+use App\Filament\Pages\EnvironmentRequiredPermissions;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -48,7 +48,7 @@
     ]);
     config()->set('entra_permissions.permissions', []);
 
-    TenantPermission::create([
+    ManagedEnvironmentPermission::create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'permission_key' => 'ManagedEnvironment.Read.All',
         'status' => 'granted',
@@ -119,7 +119,7 @@
     ]);
     config()->set('entra_permissions.permissions', []);
 
-    TenantPermission::query()->create([
+    ManagedEnvironmentPermission::query()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'permission_key' => 'ManagedEnvironment.Read.All',
         'status' => 'granted',
@@ -138,7 +138,7 @@
         'type' => 'application',
         'features' => ['backup'],
         'search' => 'ManagedEnvironment',
-    ])->test(TenantRequiredPermissions::class);
+    ])->test(EnvironmentRequiredPermissions::class);
 
     $component
         ->assertSet('tableFilters.status.value', 'present')
diff --git a/apps/platform/tests/Feature/Rbac/TenantResourceAuthorizationTest.php b/apps/platform/tests/Feature/Rbac/TenantResourceAuthorizationTest.php
index 358fddc6..58ef5735 100644
--- a/apps/platform/tests/Feature/Rbac/TenantResourceAuthorizationTest.php
+++ b/apps/platform/tests/Feature/Rbac/TenantResourceAuthorizationTest.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
-use App\Filament\Resources\TenantResource\Pages\ListTenants;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Support\Workspaces\WorkspaceContext;
@@ -17,7 +17,7 @@
 
         $this->actingAs($user);
 
-        expect(TenantResource::canCreate())->toBeFalse();
+        expect(ManagedEnvironmentResource::canCreate())->toBeFalse();
     });
 
     it('cannot be created via CRUD (onboarding wizard is the only path)', function () {
@@ -25,7 +25,7 @@
 
         $this->actingAs($user);
 
-        expect(TenantResource::canCreate())->toBeFalse();
+        expect(ManagedEnvironmentResource::canCreate())->toBeFalse();
     });
 
     it('can be edited by managers (TENANT_MANAGE)', function () {
@@ -33,7 +33,7 @@
 
         $this->actingAs($user);
 
-        expect(TenantResource::canEdit($tenant))->toBeTrue();
+        expect(ManagedEnvironmentResource::canEdit($tenant))->toBeTrue();
     });
 
     it('cannot be deleted by managers (TENANT_DELETE)', function () {
@@ -41,7 +41,7 @@
 
         $this->actingAs($user);
 
-        expect(TenantResource::canDelete($tenant))->toBeFalse();
+        expect(ManagedEnvironmentResource::canDelete($tenant))->toBeFalse();
     });
 
     it('can be deleted by owners (TENANT_DELETE)', function () {
@@ -49,7 +49,7 @@
 
         $this->actingAs($user);
 
-        expect(TenantResource::canDelete($tenant))->toBeTrue();
+        expect(ManagedEnvironmentResource::canDelete($tenant))->toBeTrue();
     });
 
     it('cannot edit tenants it cannot access', function () {
@@ -58,7 +58,7 @@
 
         $this->actingAs($user);
 
-        expect(TenantResource::canEdit($otherTenant))->toBeFalse();
+        expect(ManagedEnvironmentResource::canEdit($otherTenant))->toBeFalse();
     });
 
     it('returns not found for tenant detail pages outside the actor tenant scope', function (): void {
@@ -67,7 +67,7 @@
 
         $this->actingAs($user)
             ->withSession([WorkspaceContext::SESSION_KEY => (int) $otherTenant->workspace_id])
-            ->get(TenantResource::getUrl('view', ['record' => $otherTenant], panel: 'admin'))
+            ->get(ManagedEnvironmentResource::getUrl('view', ['record' => $otherTenant], panel: 'admin'))
             ->assertNotFound();
     });
 
@@ -77,7 +77,7 @@
 
         $this->actingAs($user)
             ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
-            ->get(TenantResource::getUrl('view', ['record' => (string) $otherTenant->getKey()], panel: 'admin'))
+            ->get(ManagedEnvironmentResource::getUrl('view', ['record' => (string) $otherTenant->getKey()], panel: 'admin'))
             ->assertNotFound();
     });
 
@@ -87,8 +87,8 @@
 
         $this->actingAs($user);
 
-        expect(TenantResource::canEdit($otherTenant))->toBeFalse()
-            ->and(TenantResource::canDelete($otherTenant))->toBeFalse();
+        expect(ManagedEnvironmentResource::canEdit($otherTenant))->toBeFalse()
+            ->and(ManagedEnvironmentResource::canDelete($otherTenant))->toBeFalse();
     })->with([
         'draft' => [fn (): ManagedEnvironment => ManagedEnvironment::factory()->draft()->create()],
         'onboarding' => [fn (): ManagedEnvironment => ManagedEnvironment::factory()->onboarding()->create()],
@@ -120,10 +120,10 @@
 
         $this->actingAs($user);
 
-        expect(TenantResource::canEdit($onboardingTenant))->toBeTrue()
-            ->and(TenantResource::canEdit($archivedTenant))->toBeTrue()
-            ->and(TenantResource::canDelete($onboardingTenant))->toBeFalse()
-            ->and(TenantResource::canDelete($archivedTenant))->toBeFalse();
+        expect(ManagedEnvironmentResource::canEdit($onboardingTenant))->toBeTrue()
+            ->and(ManagedEnvironmentResource::canEdit($archivedTenant))->toBeTrue()
+            ->and(ManagedEnvironmentResource::canDelete($onboardingTenant))->toBeFalse()
+            ->and(ManagedEnvironmentResource::canDelete($archivedTenant))->toBeFalse();
     });
 
     it('keeps mutation capability checks separate from lifecycle-specific action visibility', function (): void {
@@ -150,8 +150,8 @@
 
         $this->actingAs($user);
 
-        expect(TenantResource::canDelete($onboardingTenant))->toBeTrue()
-            ->and(TenantResource::canDelete($archivedTenant))->toBeTrue();
+        expect(ManagedEnvironmentResource::canDelete($onboardingTenant))->toBeTrue()
+            ->and(ManagedEnvironmentResource::canDelete($archivedTenant))->toBeTrue();
     });
 
     it('keeps the tenant resource index usable with no selected tenant context', function () {
@@ -159,7 +159,7 @@
 
         $this->actingAs($user)
             ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
-            ->get(TenantResource::getUrl(panel: 'admin'))
+            ->get(ManagedEnvironmentResource::getUrl(panel: 'admin'))
             ->assertSuccessful()
             ->assertSee((string) $tenant->name);
     });
@@ -171,7 +171,7 @@
         session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
         Livewire::actingAs($user)
-            ->test(ListTenants::class)
+            ->test(ListManagedEnvironments::class)
             ->assertTableActionVisible('archive', $tenant)
             ->assertTableActionEnabled('archive', $tenant)
             ->assertTableActionVisible('syncTenant', $tenant)
@@ -182,7 +182,7 @@
         Filament::setTenant(null, true);
 
         Livewire::actingAs($user)
-            ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+            ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
             ->assertActionVisible('archive')
             ->assertActionEnabled('archive')
             ->assertActionVisible('syncTenant')
@@ -198,14 +198,14 @@
         session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
         Livewire::actingAs($user)
-            ->test(ListTenants::class)
+            ->test(ListManagedEnvironments::class)
             ->assertTableActionVisible('archive', $tenant)
             ->assertTableActionDisabled('archive', $tenant);
 
         Filament::setTenant(null, true);
 
         Livewire::actingAs($user)
-            ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+            ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
             ->assertActionVisible('archive')
             ->assertActionDisabled('archive');
     });
diff --git a/apps/platform/tests/Feature/Rbac/TriageReviewStateAuthorizationTest.php b/apps/platform/tests/Feature/Rbac/TriageReviewStateAuthorizationTest.php
index f9fd64a8..5a6ee1f4 100644
--- a/apps/platform/tests/Feature/Rbac/TriageReviewStateAuthorizationTest.php
+++ b/apps/platform/tests/Feature/Rbac/TriageReviewStateAuthorizationTest.php
@@ -2,11 +2,11 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
-use App\Filament\Widgets\Tenant\TenantTriageArrivalContinuity;
+use App\Filament\Pages\EnvironmentDashboard;
+use App\Filament\Widgets\ManagedEnvironment\ManagedEnvironmentTriageArrivalContinuity;
 use App\Models\AuditLog;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Models\User;
 use App\Support\Audit\AuditActionId;
 use App\Support\BackupHealth\TenantBackupHealthAssessment;
@@ -45,7 +45,7 @@ function triageReviewDashboardWidget(User $user, ManagedEnvironment $tenant, arr
     return Livewire::withQueryParams([
         PortfolioArrivalContextToken::QUERY_PARAMETER => PortfolioArrivalContextToken::encode($state),
         'tenant' => (string) $tenant->slug,
-    ])->actingAs($user)->test(TenantTriageArrivalContinuity::class);
+    ])->actingAs($user)->test(ManagedEnvironmentTriageArrivalContinuity::class);
 }
 
 it('returns 404 for non-members on the tenant dashboard triage route', function (): void {
@@ -61,7 +61,7 @@ function triageReviewDashboardWidget(User $user, ManagedEnvironment $tenant, arr
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
-        ->get(TenantDashboard::getUrl([
+        ->get(EnvironmentDashboard::getUrl([
             PortfolioArrivalContextToken::QUERY_PARAMETER => PortfolioArrivalContextToken::encode(triageReviewArrivalState($foreignTenant)),
         ], panel: 'admin', tenant: $foreignTenant))
         ->assertNotFound();
@@ -108,7 +108,7 @@ function triageReviewDashboardWidget(User $user, ManagedEnvironment $tenant, arr
         expect($exception->getStatusCode())->toBe(403);
     }
 
-    expect(TenantTriageReview::query()->count())->toBe(0);
+    expect(ManagedEnvironmentTriageReview::query()->count())->toBe(0);
 });
 
 it('writes review progress and audit state only after the preview-confirmed action executes', function (): void {
@@ -121,7 +121,7 @@ function triageReviewDashboardWidget(User $user, ManagedEnvironment $tenant, arr
             && str_contains((string) $action->getModalDescription(), 'TenantPilot only'))
         ->mountAction('markFollowUpNeeded');
 
-    expect(TenantTriageReview::query()->count())->toBe(0);
+    expect(ManagedEnvironmentTriageReview::query()->count())->toBe(0);
 
     $instance = $component->instance();
 
@@ -129,15 +129,15 @@ function triageReviewDashboardWidget(User $user, ManagedEnvironment $tenant, arr
 
     $instance->callMountedAction();
 
-    expect(TenantTriageReview::query()
+    expect(ManagedEnvironmentTriageReview::query()
         ->where('managed_environment_id', (int) $tenant->getKey())
-        ->where('current_state', TenantTriageReview::STATE_FOLLOW_UP_NEEDED)
+        ->where('current_state', ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED)
         ->whereNull('resolved_at')
         ->exists())->toBeTrue()
         ->and(AuditLog::query()
             ->where('workspace_id', (int) $tenant->workspace_id)
             ->where('managed_environment_id', (int) $tenant->getKey())
-            ->where('action', AuditActionId::TenantTriageReviewMarkedFollowUpNeeded->value)
+            ->where('action', AuditActionId::ManagedEnvironmentTriageReviewMarkedFollowUpNeeded->value)
             ->exists())->toBeTrue();
 
     Filament::setTenant(null, true);
diff --git a/apps/platform/tests/Feature/Rbac/UiEnforcementNonMemberHiddenTest.php b/apps/platform/tests/Feature/Rbac/UiEnforcementNonMemberHiddenTest.php
index 3546feeb..9b145970 100644
--- a/apps/platform/tests/Feature/Rbac/UiEnforcementNonMemberHiddenTest.php
+++ b/apps/platform/tests/Feature/Rbac/UiEnforcementNonMemberHiddenTest.php
@@ -2,7 +2,7 @@
 
 use App\Filament\Resources\PolicyResource;
 use App\Filament\Resources\PolicyResource\Pages\ListPolicies;
-use App\Filament\Resources\TenantResource\Pages\ListTenants as ListTenantsPage;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ListManagedEnvironments as ListManagedEnvironmentsPage;
 use App\Models\OperationRun;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
@@ -44,7 +44,7 @@
         Filament::setTenant($visibleTenant, true);
 
         Livewire::actingAs($user)
-            ->test(ListTenantsPage::class)
+            ->test(ListManagedEnvironmentsPage::class)
             ->assertCanSeeTableRecords([$visibleTenant])
             ->assertCanNotSeeTableRecords([$hiddenTenant]);
 
diff --git a/apps/platform/tests/Feature/ReasonTranslation/GovernanceReasonPresentationTest.php b/apps/platform/tests/Feature/ReasonTranslation/GovernanceReasonPresentationTest.php
index 60a005eb..421fbf70 100644
--- a/apps/platform/tests/Feature/ReasonTranslation/GovernanceReasonPresentationTest.php
+++ b/apps/platform/tests/Feature/ReasonTranslation/GovernanceReasonPresentationTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use Livewire\Livewire;
 
 it('renders humanized RBAC reasons while keeping the diagnostic code in tenant governance details', function (): void {
@@ -14,7 +14,7 @@
     ])->save();
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertSee('Manual role assignment required')
         ->assertSee('This tenant requires a manual Intune RBAC role assignment outside the automated API path.')
         ->assertSee('manual_assignment_required');
diff --git a/apps/platform/tests/Feature/Reports/ProductTelemetryReportCaptureTest.php b/apps/platform/tests/Feature/Reports/ProductTelemetryReportCaptureTest.php
index adc872a6..5e10787e 100644
--- a/apps/platform/tests/Feature/Reports/ProductTelemetryReportCaptureTest.php
+++ b/apps/platform/tests/Feature/Reports/ProductTelemetryReportCaptureTest.php
@@ -169,7 +169,7 @@ function buildTelemetryReportService(): EntraAdminRolesReportService
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'operator');
 
-    seedTenantReviewEvidence($tenant);
+    seedEnvironmentReviewEvidence($tenant);
     Notification::fake();
 
     $pack = app(ReviewPackService::class)->generate($tenant, $user, [
diff --git a/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsEmptyStateTest.php b/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsEmptyStateTest.php
index 8a3293f9..c6662091 100644
--- a/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsEmptyStateTest.php
+++ b/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsEmptyStateTest.php
@@ -2,13 +2,13 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Support\Links\RequiredPermissionsLinks;
 
 it('renders the no-data state with a canonical start verification link when no stored permission data exists', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'readonly');
 
-    $expectedUrl = TenantResource::getUrl('view', ['record' => $tenant]);
+    $expectedUrl = ManagedEnvironmentResource::getUrl('view', ['record' => $tenant]);
 
     $this->actingAs($user)
         ->get(RequiredPermissionsLinks::requiredPermissions($tenant))
diff --git a/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsFiltersTest.php b/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsFiltersTest.php
index 84b6308f..9d8c7dea 100644
--- a/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsFiltersTest.php
+++ b/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsFiltersTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantRequiredPermissions;
-use App\Models\TenantPermission;
+use App\Filament\Pages\EnvironmentRequiredPermissions;
+use App\Models\ManagedEnvironmentPermission;
 use App\Support\Workspaces\WorkspaceContext;
 use Livewire\Livewire;
 
@@ -32,7 +32,7 @@
     ]);
     config()->set('entra_permissions.permissions', []);
 
-    TenantPermission::create([
+    ManagedEnvironmentPermission::create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'permission_key' => 'Alpha.Read.All',
         'status' => 'granted',
@@ -40,7 +40,7 @@
         'last_checked_at' => now(),
     ]);
 
-    TenantPermission::create([
+    ManagedEnvironmentPermission::create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'permission_key' => 'Beta.Read.All',
         'status' => 'granted',
@@ -48,7 +48,7 @@
         'last_checked_at' => now(),
     ]);
 
-    TenantPermission::create([
+    ManagedEnvironmentPermission::create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'permission_key' => 'Gamma.Manage.All',
         'status' => 'granted',
@@ -63,7 +63,7 @@
     Livewire::withQueryParams([
         'tenant' => (string) $tenant->external_id,
     ])
-        ->test(TenantRequiredPermissions::class)
+        ->test(EnvironmentRequiredPermissions::class)
         ->assertSet('tableFilters.status.value', 'missing')
         ->assertSee('All required permissions are present')
         ->assertCanNotSeeTableRecords([
@@ -76,7 +76,7 @@
         'tenant' => (string) $tenant->external_id,
         'status' => 'present',
     ])
-        ->test(TenantRequiredPermissions::class)
+        ->test(EnvironmentRequiredPermissions::class)
         ->assertSet('tableFilters.status.value', 'present')
         ->assertCanSeeTableRecords([
             'Alpha.Read.All',
@@ -89,7 +89,7 @@
         'status' => 'present',
         'type' => 'delegated',
     ])
-        ->test(TenantRequiredPermissions::class)
+        ->test(EnvironmentRequiredPermissions::class)
         ->assertSet('tableFilters.status.value', 'present')
         ->assertSet('tableFilters.type.value', 'delegated')
         ->assertCanSeeTableRecords(['Beta.Read.All'])
@@ -103,7 +103,7 @@
         'status' => 'all',
         'features' => ['backup'],
     ])
-        ->test(TenantRequiredPermissions::class)
+        ->test(EnvironmentRequiredPermissions::class)
         ->assertSet('tableFilters.features.values', ['backup'])
         ->assertCanSeeTableRecords([
             'Alpha.Read.All',
@@ -116,7 +116,7 @@
         'status' => 'all',
         'search' => 'delegated',
     ])
-        ->test(TenantRequiredPermissions::class)
+        ->test(EnvironmentRequiredPermissions::class)
         ->assertSet('tableSearch', 'delegated')
         ->assertCanSeeTableRecords(['Beta.Read.All'])
         ->assertCanNotSeeTableRecords([
diff --git a/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsLinksTest.php b/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsLinksTest.php
index bc859bcf..7292af22 100644
--- a/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsLinksTest.php
+++ b/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsLinksTest.php
@@ -2,13 +2,13 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Support\Links\RequiredPermissionsLinks;
 
 it('renders re-run verification and next-step links using canonical manage surfaces only', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'readonly');
 
-    $expectedUrl = TenantResource::getUrl('view', ['record' => $tenant]);
+    $expectedUrl = ManagedEnvironmentResource::getUrl('view', ['record' => $tenant]);
 
     $this->actingAs($user)
         ->get(RequiredPermissionsLinks::requiredPermissions($tenant))
diff --git a/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsOverviewTest.php b/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsOverviewTest.php
index c6dba916..f5883abf 100644
--- a/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsOverviewTest.php
+++ b/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsOverviewTest.php
@@ -1,6 +1,6 @@
 <?php
 
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Support\Links\RequiredPermissionsLinks;
 
 it('renders required permissions overview with missing-first ordering and feature cards', function (): void {
@@ -18,7 +18,7 @@
         test()->markTestSkipped('Configured permission keys missing.');
     }
 
-    TenantPermission::create([
+    ManagedEnvironmentPermission::create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'permission_key' => $grantedKey,
         'status' => 'granted',
diff --git a/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsSidebarTest.php b/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsSidebarTest.php
index 2dda2c90..241f0e97 100644
--- a/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsSidebarTest.php
+++ b/apps/platform/tests/Feature/RequiredPermissions/RequiredPermissionsSidebarTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\Workspace;
@@ -123,7 +123,7 @@
 
     // Use the managed-environment dashboard — a known environment-scoped URL
     $response = $this->actingAs($user)
-        ->get(TenantDashboard::getUrl(tenant: $tenant));
+        ->get(EnvironmentDashboard::getUrl(tenant: $tenant));
 
     $response->assertOk();
 
@@ -156,7 +156,7 @@
     $response->assertSee($tenant->getFilamentName(), false);
     $response->assertSee('Required permissions', false);
 
-    // The page uses $scopedTenant for links (e.g., "Re-run verification" links back to TenantResource)
+    // The page uses $scopedTenant for links (e.g., "Re-run verification" links back to ManagedEnvironmentResource)
     // If $scopedTenant were null, the page would abort(404) in mount().
     // The fact that we get 200 proves $scopedTenant resolved correctly despite setTenant() being skipped.
 
diff --git a/apps/platform/tests/Feature/ReviewPack/TenantReviewDerivedReviewPackTest.php b/apps/platform/tests/Feature/ReviewPack/EnvironmentReviewDerivedReviewPackTest.php
similarity index 88%
rename from apps/platform/tests/Feature/ReviewPack/TenantReviewDerivedReviewPackTest.php
rename to apps/platform/tests/Feature/ReviewPack/EnvironmentReviewDerivedReviewPackTest.php
index b064a1b0..7babcab5 100644
--- a/apps/platform/tests/Feature/ReviewPack/TenantReviewDerivedReviewPackTest.php
+++ b/apps/platform/tests/Feature/ReviewPack/EnvironmentReviewDerivedReviewPackTest.php
@@ -12,9 +12,9 @@
     Storage::fake('exports');
 });
 
-it('generates a review-derived executive pack with tenant-review metadata and filtered sections', function (): void {
+it('generates a review-derived executive pack with environment-review metadata and filtered sections', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $review = composeTenantReviewForTest($tenant, $user);
+    $review = composeEnvironmentReviewForTest($tenant, $user);
 
     $pack = app(ReviewPackService::class)->generateFromReview($review, $user, [
         'include_pii' => false,
@@ -30,9 +30,9 @@
     $pack->refresh();
     $review->refresh()->load('evidenceSnapshot');
 
-    expect($pack->tenant_review_id)->toBe((int) $review->getKey())
+    expect($pack->environment_review_id)->toBe((int) $review->getKey())
         ->and($pack->status)->toBe(ReviewPackStatus::Ready->value)
-        ->and($pack->summary['tenant_review_id'] ?? null)->toBe((int) $review->getKey())
+        ->and($pack->summary['environment_review_id'] ?? null)->toBe((int) $review->getKey())
         ->and($pack->summary['review_status'] ?? null)->toBe((string) $review->status)
         ->and($review->current_export_review_pack_id)->toBe((int) $pack->getKey())
         ->and(data_get($review->summary, 'has_ready_export'))->toBeTrue();
@@ -57,7 +57,7 @@
         ->and(data_get($metadata, 'delivery_bundle.appendix.2.file'))->toBe('sections.json')
         ->and(data_get($metadata, 'options.include_operations'))->toBeFalse()
         ->and(data_get($summary, 'delivery_bundle.executive_entrypoint_file'))->toBe(ReviewPackService::EXECUTIVE_ENTRYPOINT_FILENAME)
-        ->and(data_get($summary, 'tenant_review_id'))->toBe((int) $review->getKey())
+        ->and(data_get($summary, 'environment_review_id'))->toBe((int) $review->getKey())
         ->and(collect($sections)->pluck('section_key')->all())->not->toContain('operations_health')
         ->and($executiveEntrypoint)->toContain('ManagedEnvironment: [REDACTED]')
         ->and($executiveEntrypoint)->toContain('This executive entrypoint is the first file to read')
diff --git a/apps/platform/tests/Feature/ReviewPack/ReviewPackEntitlementEnforcementTest.php b/apps/platform/tests/Feature/ReviewPack/ReviewPackEntitlementEnforcementTest.php
index cc5eb7c8..985b9a6a 100644
--- a/apps/platform/tests/Feature/ReviewPack/ReviewPackEntitlementEnforcementTest.php
+++ b/apps/platform/tests/Feature/ReviewPack/ReviewPackEntitlementEnforcementTest.php
@@ -4,7 +4,7 @@
 
 use App\Exceptions\Entitlements\WorkspaceEntitlementBlockedException;
 use App\Filament\Resources\ReviewPackResource;
-use App\Filament\Widgets\Tenant\TenantReviewPackCard;
+use App\Filament\Widgets\ManagedEnvironment\ManagedEnvironmentReviewPackCard;
 use App\Models\EvidenceSnapshot;
 use App\Models\Finding;
 use App\Models\OperationRun;
@@ -54,7 +54,9 @@ function seedEntitlementReviewPackSnapshot(ManagedEnvironment $tenant): Evidence
         'finding_type' => Finding::FINDING_TYPE_DRIFT,
     ]);
 
-    OperationRun::factory()->forTenant($tenant)->create();
+    OperationRun::factory()->forTenant($tenant)->create([
+        'type' => OperationRunType::PolicySync->value,
+    ]);
 
     /** @var EvidenceSnapshotService $service */
     $service = app(EvidenceSnapshotService::class);
@@ -167,7 +169,7 @@ function setReviewPackSubscriptionState(ManagedEnvironment $tenant, array $attri
 it('blocks executive pack export before creating a review pack or operation run when the workspace is not entitled', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
     $snapshot = seedEntitlementReviewPackSnapshot($tenant);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     disableReviewPackGenerationForWorkspace($tenant, $user, 'Workspace is temporarily limited to manual reporting only');
     $initialRunCount = OperationRun::query()
         ->where('managed_environment_id', (int) $tenant->getKey())
@@ -197,7 +199,7 @@ function setReviewPackSubscriptionState(ManagedEnvironment $tenant, array $attri
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(TenantReviewPackCard::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentReviewPackCard::class, ['record' => $tenant])
         ->assertSee('Workspace is temporarily limited to manual reporting only')
         ->assertSee('Generate pack')
         ->call('generatePack', true, true)
@@ -260,7 +262,7 @@ function setReviewPackSubscriptionState(ManagedEnvironment $tenant, array $attri
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(TenantReviewPackCard::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentReviewPackCard::class, ['record' => $tenant])
         ->assertSee('Workspace is in grace. Review-pack starts remain available')
         ->assertSee('Commercial source: fallback-backed.');
 
@@ -299,7 +301,7 @@ function setReviewPackSubscriptionState(ManagedEnvironment $tenant, array $attri
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(TenantReviewPackCard::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentReviewPackCard::class, ['record' => $tenant])
         ->assertSee('Commercial source: subscription-backed.');
 });
 
diff --git a/apps/platform/tests/Feature/ReviewPack/ReviewPackGenerationTest.php b/apps/platform/tests/Feature/ReviewPack/ReviewPackGenerationTest.php
index be52c487..3974f3e0 100644
--- a/apps/platform/tests/Feature/ReviewPack/ReviewPackGenerationTest.php
+++ b/apps/platform/tests/Feature/ReviewPack/ReviewPackGenerationTest.php
@@ -4,7 +4,7 @@
 
 use App\Exceptions\ReviewPackEvidenceResolutionException;
 use App\Exceptions\Entitlements\WorkspaceEntitlementBlockedException;
-use App\Filament\Widgets\Tenant\TenantReviewPackCard;
+use App\Filament\Widgets\ManagedEnvironment\ManagedEnvironmentReviewPackCard;
 use App\Jobs\GenerateReviewPackJob;
 use App\Models\EvidenceSnapshot;
 use App\Models\Finding;
@@ -68,7 +68,7 @@
         ]),
     };
 
-    expect(TenantReviewPackCard::resolvePollingInterval($pack))->toBe($expectedInterval);
+    expect(ManagedEnvironmentReviewPackCard::resolvePollingInterval($pack))->toBe($expectedInterval);
 })->with([
     'queued pack' => [ReviewPackStatus::Queued->value, '10s'],
     'generating pack' => [ReviewPackStatus::Generating->value, '10s'],
@@ -79,7 +79,7 @@
 ]);
 
 it('does not poll the review pack card when no pack exists', function (): void {
-    expect(TenantReviewPackCard::resolvePollingInterval(null))->toBeNull();
+    expect(ManagedEnvironmentReviewPackCard::resolvePollingInterval(null))->toBeNull();
 });
 
 // ─── Helper ──────────────────────────────────────────────────
@@ -123,7 +123,9 @@ function seedTenantWithData(ManagedEnvironment $tenant): void
         'finding_type' => Finding::FINDING_TYPE_DRIFT,
     ]);
 
-    OperationRun::factory()->forTenant($tenant)->create();
+    OperationRun::factory()->forTenant($tenant)->create([
+        'type' => OperationRunType::PolicySync->value,
+    ]);
 }
 
 function createEvidenceSnapshotForReviewPack(ManagedEnvironment $tenant): EvidenceSnapshot
diff --git a/apps/platform/tests/Feature/ReviewPack/ReviewPackRedactionIntegrityTest.php b/apps/platform/tests/Feature/ReviewPack/ReviewPackRedactionIntegrityTest.php
index 41040382..9cfe8f1e 100644
--- a/apps/platform/tests/Feature/ReviewPack/ReviewPackRedactionIntegrityTest.php
+++ b/apps/platform/tests/Feature/ReviewPack/ReviewPackRedactionIntegrityTest.php
@@ -10,6 +10,7 @@
 use App\Services\Evidence\EvidenceSnapshotService;
 use App\Services\ReviewPackService;
 use App\Support\Evidence\EvidenceSnapshotStatus;
+use App\Support\OperationRunType;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\Notification;
 use Illuminate\Support\Facades\Storage;
@@ -43,7 +44,9 @@ function createRedactionReviewPackSnapshot($tenant): EvidenceSnapshot
         'finding_type' => Finding::FINDING_TYPE_DRIFT,
     ]);
 
-    OperationRun::factory()->forTenant($tenant)->create();
+    OperationRun::factory()->forTenant($tenant)->create([
+        'type' => OperationRunType::PolicySync->value,
+    ]);
 
     /** @var EvidenceSnapshotService $service */
     $service = app(EvidenceSnapshotService::class);
diff --git a/apps/platform/tests/Feature/ReviewPack/ReviewPackResourceTest.php b/apps/platform/tests/Feature/ReviewPack/ReviewPackResourceTest.php
index a7dc43e8..ecd2bb77 100644
--- a/apps/platform/tests/Feature/ReviewPack/ReviewPackResourceTest.php
+++ b/apps/platform/tests/Feature/ReviewPack/ReviewPackResourceTest.php
@@ -17,6 +17,7 @@
 use App\Services\Settings\SettingsWriter;
 use App\Support\Auth\UiTooltips;
 use App\Support\Evidence\EvidenceSnapshotStatus;
+use App\Support\OperationRunType;
 use App\Support\OperationRunLinks;
 use App\Support\ReviewPackStatus;
 use Filament\Actions\Action;
@@ -95,7 +96,9 @@ function seedReviewPackEvidence(ManagedEnvironment $tenant): EvidenceSnapshot
         'finding_type' => Finding::FINDING_TYPE_DRIFT,
     ]);
 
-    OperationRun::factory()->forTenant($tenant)->create();
+    OperationRun::factory()->forTenant($tenant)->create([
+        'type' => OperationRunType::PolicySync->value,
+    ]);
 
     /** @var EvidenceSnapshotService $service */
     $service = app(EvidenceSnapshotService::class);
@@ -436,7 +439,7 @@ function seedReviewPackEvidence(ManagedEnvironment $tenant): EvidenceSnapshot
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
     $snapshot = seedReviewPackEvidence($tenant);
     $run = OperationRun::factory()->forTenant($tenant)->create([
-        'type' => 'tenant.review_pack.generate',
+        'type' => 'environment.review_pack.generate',
     ]);
 
     $pack = ReviewPack::factory()->ready()->create([
@@ -485,7 +488,7 @@ function seedReviewPackEvidence(ManagedEnvironment $tenant): EvidenceSnapshot
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
     $snapshot = seedReviewPackEvidence($tenant);
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
 
     $review->update([
         'status' => 'draft',
@@ -497,7 +500,7 @@ function seedReviewPackEvidence(ManagedEnvironment $tenant): EvidenceSnapshot
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
         'summary' => [
@@ -522,7 +525,7 @@ function seedReviewPackEvidence(ManagedEnvironment $tenant): EvidenceSnapshot
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
 
-    $snapshot = seedStaleTenantReviewEvidence($tenant);
+    $snapshot = seedStaleEnvironmentReviewEvidence($tenant);
     $review = $this->makeArtifactTruthReview(
         tenant: $tenant,
         user: $user,
@@ -576,7 +579,7 @@ function seedReviewPackEvidence(ManagedEnvironment $tenant): EvidenceSnapshot
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
 
-    $snapshot = seedPartialTenantReviewEvidence($tenant);
+    $snapshot = seedPartialEnvironmentReviewEvidence($tenant);
     $review = $this->makeArtifactTruthReview(
         tenant: $tenant,
         user: $user,
diff --git a/apps/platform/tests/Feature/ReviewPack/ReviewPackValidRiskAcceptanceTest.php b/apps/platform/tests/Feature/ReviewPack/ReviewPackValidRiskAcceptanceTest.php
index 177c56fe..cb5f9edd 100644
--- a/apps/platform/tests/Feature/ReviewPack/ReviewPackValidRiskAcceptanceTest.php
+++ b/apps/platform/tests/Feature/ReviewPack/ReviewPackValidRiskAcceptanceTest.php
@@ -14,6 +14,7 @@
 use App\Services\Findings\FindingRiskGovernanceResolver;
 use App\Services\ReviewPackService;
 use App\Support\Evidence\EvidenceSnapshotStatus;
+use App\Support\OperationRunType;
 use App\Support\ReviewPackStatus;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\Storage;
@@ -39,7 +40,9 @@
         'report_type' => StoredReport::REPORT_TYPE_ENTRA_ADMIN_ROLES,
     ]);
 
-    OperationRun::factory()->forTenant($tenant)->create();
+    OperationRun::factory()->forTenant($tenant)->create([
+        'type' => OperationRunType::PolicySync->value,
+    ]);
 
     /** @var FindingExceptionService $exceptionService */
     $exceptionService = app(FindingExceptionService::class);
diff --git a/apps/platform/tests/Feature/ReviewPack/ReviewPackWidgetTest.php b/apps/platform/tests/Feature/ReviewPack/ReviewPackWidgetTest.php
index 4b4dea00..68b485a6 100644
--- a/apps/platform/tests/Feature/ReviewPack/ReviewPackWidgetTest.php
+++ b/apps/platform/tests/Feature/ReviewPack/ReviewPackWidgetTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Widgets\Tenant\TenantReviewPackCard;
+use App\Filament\Widgets\ManagedEnvironment\ManagedEnvironmentReviewPackCard;
 use App\Models\EvidenceSnapshot;
 use App\Models\Finding;
 use App\Models\OperationRun;
@@ -52,7 +52,7 @@ function seedWidgetReviewPackSnapshot(ManagedEnvironment $tenant): EvidenceSnaps
     ]);
 
     OperationRun::factory()->forTenant($tenant)->create([
-        'type' => OperationRunType::TenantReviewCompose->value,
+        'type' => OperationRunType::EnvironmentReviewCompose->value,
         'status' => OperationRunStatus::Completed->value,
         'outcome' => OperationRunOutcome::Succeeded->value,
         'started_at' => now()->subMinute(),
@@ -103,7 +103,7 @@ function seedWidgetReviewPackSnapshot(ManagedEnvironment $tenant): EvidenceSnaps
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(TenantReviewPackCard::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentReviewPackCard::class, ['record' => $tenant])
         ->assertSee('No review pack generated yet')
         ->assertSee('Generate')
         ->assertDontSee('wire:poll.10s', escape: false);
@@ -129,7 +129,7 @@ function seedWidgetReviewPackSnapshot(ManagedEnvironment $tenant): EvidenceSnaps
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(TenantReviewPackCard::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentReviewPackCard::class, ['record' => $tenant])
         ->assertSee('Download')
         ->assertSee('Generate new')
         ->assertDontSee('wire:poll.10s', escape: false);
@@ -150,7 +150,7 @@ function seedWidgetReviewPackSnapshot(ManagedEnvironment $tenant): EvidenceSnaps
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(TenantReviewPackCard::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentReviewPackCard::class, ['record' => $tenant])
         ->assertSee('Generation in progress')
         ->assertSee('wire:poll.10s', escape: false);
 });
@@ -170,7 +170,7 @@ function seedWidgetReviewPackSnapshot(ManagedEnvironment $tenant): EvidenceSnaps
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(TenantReviewPackCard::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentReviewPackCard::class, ['record' => $tenant])
         ->assertSee('Generation in progress')
         ->assertSee('wire:poll.10s', escape: false);
 });
@@ -190,7 +190,7 @@ function seedWidgetReviewPackSnapshot(ManagedEnvironment $tenant): EvidenceSnaps
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(TenantReviewPackCard::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentReviewPackCard::class, ['record' => $tenant])
         ->assertSee('Retry')
         ->assertDontSee('wire:poll.10s', escape: false);
 });
@@ -202,7 +202,7 @@ function seedWidgetReviewPackSnapshot(ManagedEnvironment $tenant): EvidenceSnaps
     $run = OperationRun::factory()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'type' => 'tenant.review_pack.generate',
+        'type' => 'environment.review_pack.generate',
         'status' => 'completed',
         'outcome' => 'failed',
         'context' => [
@@ -233,7 +233,7 @@ function seedWidgetReviewPackSnapshot(ManagedEnvironment $tenant): EvidenceSnaps
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(TenantReviewPackCard::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentReviewPackCard::class, ['record' => $tenant])
         ->assertSee($reasonEnvelope->operatorLabel)
         ->assertSee($reasonEnvelope->shortExplanation)
         ->assertSee($reasonSemantics['owner_label'])
@@ -255,7 +255,7 @@ function seedWidgetReviewPackSnapshot(ManagedEnvironment $tenant): EvidenceSnaps
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(TenantReviewPackCard::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentReviewPackCard::class, ['record' => $tenant])
         ->assertSee('Generate new')
         ->assertDontSee('wire:poll.10s', escape: false);
 });
@@ -270,7 +270,7 @@ function seedWidgetReviewPackSnapshot(ManagedEnvironment $tenant): EvidenceSnaps
     setAdminEnvironmentContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(TenantReviewPackCard::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentReviewPackCard::class, ['record' => $tenant])
         ->call('generatePack', true, true)
         ->assertHasNoErrors();
 
diff --git a/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceAuthorizationTest.php b/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceAuthorizationTest.php
index 7d4d1f58..32f96252 100644
--- a/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceAuthorizationTest.php
+++ b/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceAuthorizationTest.php
@@ -24,7 +24,7 @@
         ->assertNotFound();
 });
 
-it('returns 404 for workspace members that have no tenant review visibility in the active workspace', function (): void {
+it('returns 404 for workspace members that have no environment review visibility in the active workspace', function (): void {
     $workspace = Workspace::factory()->create();
     $user = User::factory()->create();
 
diff --git a/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php b/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php
index 707f3091..739359f9 100644
--- a/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php
+++ b/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php
@@ -5,17 +5,17 @@
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
 use App\Filament\Resources\EvidenceSnapshotResource;
 use App\Filament\Resources\ReviewPackResource;
-use App\Filament\Resources\TenantReviewResource\Pages\ViewTenantReview;
-use App\Filament\Resources\TenantReviewResource;
-use App\Filament\Widgets\Tenant\TenantReviewPackCard;
+use App\Filament\Resources\EnvironmentReviewResource\Pages\ViewEnvironmentReview;
+use App\Filament\Resources\EnvironmentReviewResource;
+use App\Filament\Widgets\ManagedEnvironment\ManagedEnvironmentReviewPackCard;
 use App\Models\AuditLog;
 use App\Models\EvidenceSnapshot;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Support\Audit\AuditActionId;
 use App\Support\Evidence\EvidenceSnapshotStatus;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewStatus;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\Storage;
 use Livewire\Livewire;
@@ -26,20 +26,20 @@
     Storage::fake('exports');
 });
 
-it('renders a customer workspace link from tenant review detail context', function (): void {
+it('renders a customer workspace link from environment review detail context', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
 
     $this->actingAs($user)
-        ->get(TenantReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
+        ->get(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review], $tenant))
         ->assertOk()
         ->assertSee(CustomerReviewWorkspace::tenantPrefilterUrl($tenant), false);
 });
@@ -65,11 +65,11 @@
 it('renders a customer workspace link from review pack detail context', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
@@ -79,7 +79,7 @@
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
         'file_path' => 'review-packs/customer-workspace-link.zip',
@@ -92,14 +92,14 @@
         ->assertSee(CustomerReviewWorkspace::tenantPrefilterUrl($tenant), false);
 });
 
-it('renders a customer workspace launch button on the tenant review pack widget', function (): void {
+it('renders a customer workspace launch button on the environment review pack widget', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
@@ -109,7 +109,7 @@
     ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
         'file_path' => 'review-packs/widget-customer-workspace.zip',
@@ -119,19 +119,19 @@
     setAdminPanelContext($tenant);
 
     Livewire::actingAs($user)
-        ->test(TenantReviewPackCard::class, ['record' => $tenant])
+        ->test(ManagedEnvironmentReviewPackCard::class, ['record' => $tenant])
         ->assertSee('Customer workspace')
         ->assertSee(CustomerReviewWorkspace::tenantPrefilterUrl($tenant), false);
 });
 
-it('keeps the linked tenant review detail read-only for a readonly-capable actor', function (): void {
+it('keeps the linked environment review detail read-only for a readonly-capable actor', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
@@ -141,7 +141,7 @@
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
         'file_path' => 'review-packs/customer-workspace-detail-download.zip',
@@ -159,7 +159,7 @@
         'interpretation_version' => $review->controlInterpretationVersion(),
     ])
         ->actingAs($user)
-        ->test(ViewTenantReview::class, ['record' => $review->getKey()])
+        ->test(ViewEnvironmentReview::class, ['record' => $review->getKey()])
         ->assertSee('Outcome summary')
         ->assertActionVisible('download_current_review_pack')
         ->assertActionDoesNotExist('publish_review')
@@ -169,12 +169,12 @@
         ->assertActionDoesNotExist('archive_review');
 
     $audit = AuditLog::query()
-        ->where('action', AuditActionId::TenantReviewOpened->value)
+        ->where('action', AuditActionId::EnvironmentReviewOpened->value)
         ->latest('id')
         ->first();
 
     expect($audit)->not->toBeNull()
-        ->and($audit?->resource_type)->toBe('tenant_review')
+        ->and($audit?->resource_type)->toBe('environment_review')
         ->and(data_get($audit?->metadata, 'review_id'))->toBe((int) $review->getKey())
         ->and(data_get($audit?->metadata, 'source_surface'))->toBe(CustomerReviewWorkspace::SOURCE_SURFACE)
         ->and(data_get($audit?->metadata, 'tenant_filter_id'))->toBe((string) $tenant->getKey())
diff --git a/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceNavigationContextTest.php b/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceNavigationContextTest.php
index 40d647da..52732296 100644
--- a/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceNavigationContextTest.php
+++ b/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceNavigationContextTest.php
@@ -4,10 +4,10 @@
 
 use App\Filament\Pages\Governance\GovernanceInbox;
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\ManagedEnvironment;
 use App\Support\Navigation\CanonicalNavigationContext;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Workspaces\WorkspaceContext;
 use Filament\Facades\Filament;
 use Livewire\Livewire;
@@ -19,11 +19,11 @@
         'external_id' => 'alpha-tenant',
     ]);
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'generated_at' => now(),
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
@@ -53,7 +53,7 @@
         ->assertSet('tableFilters.managed_environment_id.value', (string) $tenant->getKey())
         ->assertActionVisible('return_to_governance_inbox')
         ->assertCanSeeTableRecords([$tenant->fresh()])
-        ->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $review->fresh()], $tenant), false)
+        ->assertSee(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review->fresh()], $tenant), false)
         ->assertSee(CustomerReviewWorkspace::DETAIL_CONTEXT_QUERY_KEY.'=1', false)
         ->assertSee('nav%5Bsource_surface%5D=governance.inbox', false)
         ->assertSee('nav%5Bfamily_key%5D=review_follow_up', false)
diff --git a/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php b/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php
index 98462362..db92336d 100644
--- a/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php
+++ b/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\PlatformUser;
 use App\Models\ReviewPack;
 use App\Models\ManagedEnvironment;
@@ -12,7 +12,7 @@
 use App\Services\Settings\SettingsWriter;
 use App\Support\Auth\Capabilities;
 use App\Support\Auth\PlatformCapabilities;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\Gate;
@@ -40,11 +40,11 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
 it('keeps the latest released review as the only row action when a ready review pack exists', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
@@ -52,7 +52,7 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
         'expires_at' => now()->addDay(),
@@ -68,7 +68,7 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
 
     Livewire::actingAs($user)
         ->test(CustomerReviewWorkspace::class)
-        ->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $review->fresh()], $tenant), false)
+        ->assertSee(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review->fresh()], $tenant), false)
         ->assertSee('Governance package')
         ->assertSee('Open review')
         ->assertDontSee('Download review pack')
@@ -78,11 +78,11 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
 it('keeps the customer review workspace row action visible while suspended read-only', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
@@ -90,7 +90,7 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
         'expires_at' => now()->addDay(),
@@ -108,7 +108,7 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
 
     Livewire::actingAs($user)
         ->test(CustomerReviewWorkspace::class)
-        ->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $review->fresh()], $tenant), false)
+        ->assertSee(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review->fresh()], $tenant), false)
         ->assertSee('Open review')
         ->assertDontSee('Download review pack')
         ->assertDontSee('Current review pack available');
@@ -117,11 +117,11 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
 it('does not expose review-pack availability as a workspace row peer action', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
         'current_export_review_pack_id' => null,
@@ -133,7 +133,7 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
 
     Livewire::actingAs($user)
         ->test(CustomerReviewWorkspace::class)
-        ->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $review->fresh()], $tenant), false)
+        ->assertSee(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review->fresh()], $tenant), false)
         ->assertSee('Unavailable')
         ->assertDontSee('No current review pack available yet')
         ->assertDontSee('Download review pack');
@@ -142,11 +142,11 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
 it('shows a partial governance-package state when the released review basis is limitation-aware', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
-    $snapshot = seedPartialTenantReviewEvidence($tenant);
+    $snapshot = seedPartialEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
@@ -154,7 +154,7 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'evidence_snapshot_id' => (int) $snapshot->getKey(),
         'initiated_by_user_id' => (int) $user->getKey(),
         'expires_at' => now()->addDay(),
@@ -170,7 +170,7 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
 
     Livewire::actingAs($user)
         ->test(CustomerReviewWorkspace::class)
-        ->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $review->fresh()], $tenant), false)
+        ->assertSee(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $review->fresh()], $tenant), false)
         ->assertSee('Partial')
         ->assertDontSee('Download review pack');
 });
@@ -185,10 +185,10 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
     createUserWithTenant(tenant: $blockedTenant, user: $user, role: 'readonly');
 
     foreach ([$expiredTenant, $blockedTenant] as $tenant) {
-        $snapshot = seedTenantReviewEvidence($tenant);
-        $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+        $snapshot = seedEnvironmentReviewEvidence($tenant);
+        $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
         $review->forceFill([
-            'status' => TenantReviewStatus::Published->value,
+            'status' => EnvironmentReviewStatus::Published->value,
             'published_at' => now(),
             'published_by_user_id' => (int) $user->getKey(),
         ])->save();
@@ -196,7 +196,7 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
         $pack = ReviewPack::factory()->ready()->create([
             'managed_environment_id' => (int) $tenant->getKey(),
             'workspace_id' => (int) $tenant->workspace_id,
-            'tenant_review_id' => (int) $review->getKey(),
+            'environment_review_id' => (int) $review->getKey(),
             'evidence_snapshot_id' => (int) $snapshot->getKey(),
             'initiated_by_user_id' => (int) $user->getKey(),
             'expires_at' => $tenant->is($expiredTenant) ? now()->subDay() : now()->addDay(),
@@ -222,11 +222,11 @@ function suspendCustomerReviewWorkspacePackAccessWorkspace(ManagedEnvironment $t
 it('hides tenants without a published review from the workspace rows', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Ready->value,
+        'status' => EnvironmentReviewStatus::Ready->value,
         'published_at' => null,
         'published_by_user_id' => null,
         'current_export_review_pack_id' => null,
diff --git a/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php b/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php
index 210859a9..4d46e4f7 100644
--- a/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php
+++ b/apps/platform/tests/Feature/Reviews/CustomerReviewWorkspacePageTest.php
@@ -3,13 +3,13 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Reviews\CustomerReviewWorkspace;
-use App\Filament\Resources\TenantReviewResource;
+use App\Filament\Resources\EnvironmentReviewResource;
 use App\Models\Finding;
 use App\Models\FindingException;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Support\Governance\Controls\ComplianceEvidenceMappingV1;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Livewire\Livewire;
@@ -33,13 +33,13 @@
     $otherOwner = User::factory()->create();
     createUserWithTenant(tenant: $tenantDenied, user: $otherOwner, role: 'owner');
 
-    $tenantASnapshot = seedTenantReviewEvidence($tenantA);
-    $tenantBSnapshot = seedTenantReviewEvidence($tenantB);
-    $tenantDeniedSnapshot = seedTenantReviewEvidence($tenantDenied);
+    $tenantASnapshot = seedEnvironmentReviewEvidence($tenantA);
+    $tenantBSnapshot = seedEnvironmentReviewEvidence($tenantB);
+    $tenantDeniedSnapshot = seedEnvironmentReviewEvidence($tenantDenied);
 
-    $olderPublishedReview = composeTenantReviewForTest($tenantA, $user, $tenantASnapshot);
+    $olderPublishedReview = composeEnvironmentReviewForTest($tenantA, $user, $tenantASnapshot);
     $olderPublishedReview->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'generated_at' => now()->subDays(3),
         'published_at' => now()->subDays(3),
         'published_by_user_id' => (int) $user->getKey(),
@@ -50,7 +50,7 @@
         'managed_environment_id' => (int) $tenantA->getKey(),
         'workspace_id' => (int) $tenantA->workspace_id,
         'evidence_snapshot_id' => (int) $tenantASnapshot->getKey(),
-        'status' => TenantReviewStatus::Ready->value,
+        'status' => EnvironmentReviewStatus::Ready->value,
         'generated_at' => now()->subDay(),
         'published_at' => null,
         'published_by_user_id' => null,
@@ -61,23 +61,23 @@
         'managed_environment_id' => (int) $tenantA->getKey(),
         'workspace_id' => (int) $tenantA->workspace_id,
         'evidence_snapshot_id' => (int) $tenantASnapshot->getKey(),
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'generated_at' => now(),
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
 
-    $betaPublishedReview = composeTenantReviewForTest($tenantB, $user, $tenantBSnapshot);
+    $betaPublishedReview = composeEnvironmentReviewForTest($tenantB, $user, $tenantBSnapshot);
     $betaPublishedReview->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'generated_at' => now()->subHours(2),
         'published_at' => now()->subHours(2),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
 
-    $deniedPublishedReview = composeTenantReviewForTest($tenantDenied, $otherOwner, $tenantDeniedSnapshot);
+    $deniedPublishedReview = composeEnvironmentReviewForTest($tenantDenied, $otherOwner, $tenantDeniedSnapshot);
     $deniedPublishedReview->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'generated_at' => now()->subHours(3),
         'published_at' => now()->subHours(3),
         'published_by_user_id' => (int) $otherOwner->getKey(),
@@ -91,7 +91,7 @@
         ->test(CustomerReviewWorkspace::class)
         ->assertCanSeeTableRecords([$tenantA->fresh(), $tenantB->fresh()])
         ->assertCanNotSeeTableRecords([$tenantDenied->fresh()])
-        ->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $latestPublishedReview->fresh()], $tenantA), false)
+        ->assertSee(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $latestPublishedReview->fresh()], $tenantA), false)
         ->assertSee('Review the executive-ready governance package status for each entitled tenant and open the customer-safe detail when follow-up is needed.')
         ->assertSee('Each row is an index entry: open the review detail to inspect package status, the executive entrypoint, supporting evidence, current risks, and the next customer-safe action.')
         ->assertSee('This workspace summarizes current review evidence for service delivery. It does not replace a formal audit opinion, certification, or legal attestation.')
@@ -106,15 +106,15 @@
         ->assertDontSee('No mapped controls')
         ->assertDontSee('Compliance evidence mapping v1')
         ->assertDontSee(ComplianceEvidenceMappingV1::VERSION_KEY)
-        ->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $betaPublishedReview->fresh()], $tenantB), false)
-        ->assertDontSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $olderPublishedReview->fresh()], $tenantA), false)
-        ->assertDontSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $newerInternalReview->fresh()], $tenantA), false)
+        ->assertSee(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $betaPublishedReview->fresh()], $tenantB), false)
+        ->assertDontSee(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $olderPublishedReview->fresh()], $tenantA), false)
+        ->assertDontSee(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $newerInternalReview->fresh()], $tenantA), false)
         ->assertDontSee('Publish review')
         ->assertDontSee('Refresh review')
         ->assertDontSee('Create next review')
         ->assertDontSee('Regenerate')
         ->assertDontSee('Expire snapshot')
-        ->assertDontSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $deniedPublishedReview->fresh()], $tenantDenied), false);
+        ->assertDontSee(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $deniedPublishedReview->fresh()], $tenantDenied), false);
 });
 
 it('excludes entitled tenants without a published review from customer workspace rows', function (): void {
@@ -127,19 +127,19 @@
     ]);
     createUserWithTenant(tenant: $tenantWithoutPublished, user: $user, role: 'readonly');
 
-    $publishedSnapshot = seedTenantReviewEvidence($tenantPublished);
-    $noPublishedSnapshot = seedTenantReviewEvidence($tenantWithoutPublished);
+    $publishedSnapshot = seedEnvironmentReviewEvidence($tenantPublished);
+    $noPublishedSnapshot = seedEnvironmentReviewEvidence($tenantWithoutPublished);
 
-    $publishedReview = composeTenantReviewForTest($tenantPublished, $user, $publishedSnapshot);
+    $publishedReview = composeEnvironmentReviewForTest($tenantPublished, $user, $publishedSnapshot);
     $publishedReview->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now()->subHour(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
 
-    $internalOnlyReview = composeTenantReviewForTest($tenantWithoutPublished, $user, $noPublishedSnapshot);
+    $internalOnlyReview = composeEnvironmentReviewForTest($tenantWithoutPublished, $user, $noPublishedSnapshot);
     $internalOnlyReview->forceFill([
-        'status' => TenantReviewStatus::Ready->value,
+        'status' => EnvironmentReviewStatus::Ready->value,
         'published_at' => null,
         'published_by_user_id' => null,
     ])->save();
@@ -154,18 +154,18 @@
         ->assertCanNotSeeTableRecords([$tenantWithoutPublished->fresh()])
         ->assertDontSee('No published review')
         ->assertDontSee('No published review available yet')
-        ->assertDontSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $internalOnlyReview->fresh()], $tenantWithoutPublished), false)
-        ->assertSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $publishedReview->fresh()], $tenantPublished), false);
+        ->assertDontSee(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $internalOnlyReview->fresh()], $tenantWithoutPublished), false)
+        ->assertSee(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $publishedReview->fresh()], $tenantPublished), false);
 });
 
 it('uses a page-level empty state when no entitled tenant has a released review', function (): void {
     $tenant = ManagedEnvironment::factory()->create(['name' => 'Internal Only ManagedEnvironment']);
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'readonly');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $internalOnlyReview = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $internalOnlyReview = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $internalOnlyReview->forceFill([
-        'status' => TenantReviewStatus::Ready->value,
+        'status' => EnvironmentReviewStatus::Ready->value,
         'published_at' => null,
         'published_by_user_id' => null,
     ])->save();
@@ -178,8 +178,8 @@
         ->test(CustomerReviewWorkspace::class)
         ->assertCanNotSeeTableRecords([$tenant->fresh()])
         ->assertSee('No released customer reviews match this view')
-        ->assertSee('Publish a tenant review before it appears in the customer-safe workspace.')
-        ->assertDontSee(TenantReviewResource::tenantScopedUrl('view', ['record' => $internalOnlyReview->fresh()], $tenant), false);
+        ->assertSee('Publish an environment review before it appears in the customer-safe workspace.')
+        ->assertDontSee(EnvironmentReviewResource::tenantScopedUrl('view', ['record' => $internalOnlyReview->fresh()], $tenant), false);
 });
 
 it('summarizes accepted-risk control interpretation and evidence proof availability in customer-safe workspace rows', function (): void {
@@ -208,11 +208,11 @@
         'review_due_at' => now()->addDays(14),
     ]);
 
-    $snapshot = seedTenantReviewEvidence($tenant, findingCount: 0, driftCount: 0);
+    $snapshot = seedEnvironmentReviewEvidence($tenant, findingCount: 0, driftCount: 0);
 
-    $review = composeTenantReviewForTest($tenant, $user, $snapshot);
+    $review = composeEnvironmentReviewForTest($tenant, $user, $snapshot);
     $review->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
@@ -242,19 +242,19 @@
     ]);
     createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly');
 
-    $snapshotA = seedTenantReviewEvidence($tenantA);
-    $snapshotB = seedTenantReviewEvidence($tenantB);
+    $snapshotA = seedEnvironmentReviewEvidence($tenantA);
+    $snapshotB = seedEnvironmentReviewEvidence($tenantB);
 
-    $reviewA = composeTenantReviewForTest($tenantA, $user, $snapshotA);
+    $reviewA = composeEnvironmentReviewForTest($tenantA, $user, $snapshotA);
     $reviewA->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now()->subDay(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
 
-    $reviewB = composeTenantReviewForTest($tenantB, $user, $snapshotB);
+    $reviewB = composeEnvironmentReviewForTest($tenantB, $user, $snapshotB);
     $reviewB->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
@@ -284,19 +284,19 @@
     ]);
     createUserWithTenant(tenant: $tenantB, user: $user, role: 'readonly');
 
-    $snapshotA = seedTenantReviewEvidence($tenantA);
-    $snapshotB = seedTenantReviewEvidence($tenantB);
+    $snapshotA = seedEnvironmentReviewEvidence($tenantA);
+    $snapshotB = seedEnvironmentReviewEvidence($tenantB);
 
-    $reviewA = composeTenantReviewForTest($tenantA, $user, $snapshotA);
+    $reviewA = composeEnvironmentReviewForTest($tenantA, $user, $snapshotA);
     $reviewA->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
 
-    $reviewB = composeTenantReviewForTest($tenantB, $user, $snapshotB);
+    $reviewB = composeEnvironmentReviewForTest($tenantB, $user, $snapshotB);
     $reviewB->forceFill([
-        'status' => TenantReviewStatus::Published->value,
+        'status' => EnvironmentReviewStatus::Published->value,
         'published_at' => now()->subDay(),
         'published_by_user_id' => (int) $user->getKey(),
     ])->save();
diff --git a/apps/platform/tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php b/apps/platform/tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php
index 3e7ac330..17a032a3 100644
--- a/apps/platform/tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php
+++ b/apps/platform/tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php
@@ -8,7 +8,7 @@
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
-use App\Services\Auth\TenantMembershipManager;
+use App\Services\Auth\ManagedEnvironmentMembershipManager;
 use App\Support\Audit\AuditActionId;
 use App\Support\ManagedEnvironmentLinks;
 use App\Support\Workspaces\WorkspaceContext;
@@ -201,8 +201,8 @@
         'role' => 'readonly',
     ]);
 
-    /** @var TenantMembershipManager $manager */
-    $manager = app(TenantMembershipManager::class);
+    /** @var ManagedEnvironmentMembershipManager $manager */
+    $manager = app(ManagedEnvironmentMembershipManager::class);
 
     $membership = $manager->addMember(
         tenant: $tenant,
@@ -257,7 +257,7 @@
         ->assertDontSee("/admin/t/{$tenant->external_id}/tenants", false);
 });
 
-it('disables global search on the retired TenantResource product route owner', function (): void {
+it('disables global search on the retired ManagedEnvironmentResource product route owner', function (): void {
     [$workspaceUser, $tenant] = createMinimalUserWithTenant(role: 'owner');
 
     Filament::setCurrentPanel('admin');
@@ -265,7 +265,7 @@
 
     $this->actingAs($workspaceUser);
 
-    expect(\App\Filament\Resources\TenantResource::getGlobalSearchResults((string) $tenant->name))->toHaveCount(0);
+    expect(\App\Filament\Resources\ManagedEnvironmentResource::getGlobalSearchResults((string) $tenant->name))->toHaveCount(0);
 
     $nonMember = User::factory()->create();
 
@@ -274,5 +274,5 @@
 
     $this->actingAs($nonMember);
 
-    expect(\App\Filament\Resources\TenantResource::getGlobalSearchResults((string) $tenant->name))->toHaveCount(0);
+    expect(\App\Filament\Resources\ManagedEnvironmentResource::getGlobalSearchResults((string) $tenant->name))->toHaveCount(0);
 });
diff --git a/apps/platform/tests/Feature/Spec085/DenyAsNotFoundSemanticsTest.php b/apps/platform/tests/Feature/Spec085/DenyAsNotFoundSemanticsTest.php
index cfe00a4c..04d53990 100644
--- a/apps/platform/tests/Feature/Spec085/DenyAsNotFoundSemanticsTest.php
+++ b/apps/platform/tests/Feature/Spec085/DenyAsNotFoundSemanticsTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\OperationRun;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
@@ -72,6 +72,6 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenantA->workspace_id])
-        ->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenantB))
+        ->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenantB))
         ->assertNotFound();
 });
diff --git a/apps/platform/tests/Feature/Spec085/OperationsIndexHeaderTest.php b/apps/platform/tests/Feature/Spec085/OperationsIndexHeaderTest.php
index b776dbde..704d22eb 100644
--- a/apps/platform/tests/Feature/Spec085/OperationsIndexHeaderTest.php
+++ b/apps/platform/tests/Feature/Spec085/OperationsIndexHeaderTest.php
@@ -49,7 +49,7 @@
         ->assertDontSee(__('localization.shell.show_all_environments'));
 });
 
-it('clears filament tenant context and last-tenant session state via clear-tenant-context endpoint', function (): void {
+it('clears filament tenant context and last-tenant session state via clear-environment-context endpoint', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant($tenant, role: 'owner');
 
@@ -66,7 +66,7 @@
             WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY => $lastTenantIds,
         ])
         ->from('/admin/alerts')
-        ->post('/admin/clear-tenant-context')
+        ->post('/admin/clear-environment-context')
         ->assertRedirect('/admin/alerts');
 
     expect(Filament::getTenant())->toBeNull();
@@ -108,7 +108,7 @@
             ],
         ])
         ->from(route('admin.operations.index', ['workspace' => $activeTenant->workspace]))
-        ->post('/admin/clear-tenant-context')
+        ->post('/admin/clear-environment-context')
         ->assertRedirect(route('admin.operations.index', ['workspace' => $activeTenant->workspace]));
 
     expect(session()->get(WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY, []))
diff --git a/apps/platform/tests/Feature/Spec085/TenantNavigationMonitoringShortcutsTest.php b/apps/platform/tests/Feature/Spec085/TenantNavigationMonitoringShortcutsTest.php
index e775199d..fa390237 100644
--- a/apps/platform/tests/Feature/Spec085/TenantNavigationMonitoringShortcutsTest.php
+++ b/apps/platform/tests/Feature/Spec085/TenantNavigationMonitoringShortcutsTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Support\Workspaces\WorkspaceContext;
 use Filament\Facades\Filament;
@@ -21,7 +21,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
-        ->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+        ->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertOk();
 
     $panel = Filament::getCurrentOrDefaultPanel();
diff --git a/apps/platform/tests/Feature/SupportDiagnostics/OperationRunSupportDiagnosticActionTest.php b/apps/platform/tests/Feature/SupportDiagnostics/OperationRunSupportDiagnosticActionTest.php
index 0acbab4f..d93c59f6 100644
--- a/apps/platform/tests/Feature/SupportDiagnostics/OperationRunSupportDiagnosticActionTest.php
+++ b/apps/platform/tests/Feature/SupportDiagnostics/OperationRunSupportDiagnosticActionTest.php
@@ -12,7 +12,7 @@
 use App\Models\ReviewPack;
 use App\Models\StoredReport;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -106,7 +106,7 @@ function operationSupportDiagnosticsComponent(User $user, OperationRun $run): \L
         'generated_at' => now()->subMinutes(7),
     ]);
 
-    $review = TenantReview::factory()->ready()->create([
+    $review = EnvironmentReview::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
         'evidence_snapshot_id' => (int) $evidenceSnapshot->getKey(),
@@ -117,7 +117,7 @@ function operationSupportDiagnosticsComponent(User $user, OperationRun $run): \L
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'operation_run_id' => (int) $run->getKey(),
         'generated_at' => now()->subMinutes(6),
     ]);
diff --git a/apps/platform/tests/Feature/SupportDiagnostics/ProductKnowledgeAuthorizationTest.php b/apps/platform/tests/Feature/SupportDiagnostics/ProductKnowledgeAuthorizationTest.php
index 0494a5fc..d115e503 100644
--- a/apps/platform/tests/Feature/SupportDiagnostics/ProductKnowledgeAuthorizationTest.php
+++ b/apps/platform/tests/Feature/SupportDiagnostics/ProductKnowledgeAuthorizationTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
@@ -23,7 +23,7 @@ function productKnowledgeSupportDiagnosticsTenantAuthorizationComponent(User $us
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     setAdminEnvironmentContext($tenant);
 
-    return Livewire::actingAs($user)->test(TenantDashboard::class);
+    return Livewire::actingAs($user)->test(EnvironmentDashboard::class);
 }
 
 function productKnowledgeSupportDiagnosticsOperationAuthorizationComponent(User $user, OperationRun $run): \Livewire\Features\SupportTesting\Testable
@@ -52,7 +52,7 @@ function productKnowledgeSupportDiagnosticsOperationAuthorizationComponent(User
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
-        ->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+        ->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertNotFound();
 });
 
diff --git a/apps/platform/tests/Feature/SupportDiagnostics/ProductKnowledgeSupportDiagnosticHelpTest.php b/apps/platform/tests/Feature/SupportDiagnostics/ProductKnowledgeSupportDiagnosticHelpTest.php
index e0fcb746..9da3f8c1 100644
--- a/apps/platform/tests/Feature/SupportDiagnostics/ProductKnowledgeSupportDiagnosticHelpTest.php
+++ b/apps/platform/tests/Feature/SupportDiagnostics/ProductKnowledgeSupportDiagnosticHelpTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
@@ -23,7 +23,7 @@ function productKnowledgeTenantSupportDiagnosticsComponent(User $user, ManagedEn
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     setAdminEnvironmentContext($tenant);
 
-    return Livewire::actingAs($user)->test(TenantDashboard::class);
+    return Livewire::actingAs($user)->test(EnvironmentDashboard::class);
 }
 
 function productKnowledgeOperationSupportDiagnosticsComponent(User $user, OperationRun $run): \Livewire\Features\SupportTesting\Testable
diff --git a/apps/platform/tests/Feature/SupportDiagnostics/ProductTelemetrySupportDiagnosticsCaptureTest.php b/apps/platform/tests/Feature/SupportDiagnostics/ProductTelemetrySupportDiagnosticsCaptureTest.php
index bd8604a0..80f95941 100644
--- a/apps/platform/tests/Feature/SupportDiagnostics/ProductTelemetrySupportDiagnosticsCaptureTest.php
+++ b/apps/platform/tests/Feature/SupportDiagnostics/ProductTelemetrySupportDiagnosticsCaptureTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\OperationRun;
 use App\Models\ProductUsageEvent;
 use App\Models\ManagedEnvironment;
@@ -25,7 +25,7 @@ function tenantDiagnosticsTelemetryComponent(User $user, ManagedEnvironment $ten
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     setAdminEnvironmentContext($tenant);
 
-    return Livewire::actingAs($user)->test(TenantDashboard::class);
+    return Livewire::actingAs($user)->test(EnvironmentDashboard::class);
 }
 
 function operationDiagnosticsTelemetryComponent(User $user, OperationRun $run): \Livewire\Features\SupportTesting\Testable
diff --git a/apps/platform/tests/Feature/SupportDiagnostics/SupportDiagnosticAuditTest.php b/apps/platform/tests/Feature/SupportDiagnostics/SupportDiagnosticAuditTest.php
index 6f465db8..f983230b 100644
--- a/apps/platform/tests/Feature/SupportDiagnostics/SupportDiagnosticAuditTest.php
+++ b/apps/platform/tests/Feature/SupportDiagnostics/SupportDiagnosticAuditTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\AuditLog;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
@@ -28,7 +28,7 @@ function supportDiagnosticsTenantAuditComponent(User $user, ManagedEnvironment $
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     setAdminEnvironmentContext($tenant);
 
-    return Livewire::actingAs($user)->test(TenantDashboard::class);
+    return Livewire::actingAs($user)->test(EnvironmentDashboard::class);
 }
 
 function supportDiagnosticsOperationAuditComponent(User $user, OperationRun $run): \Livewire\Features\SupportTesting\Testable
diff --git a/apps/platform/tests/Feature/SupportDiagnostics/SupportDiagnosticAuthorizationTest.php b/apps/platform/tests/Feature/SupportDiagnostics/SupportDiagnosticAuthorizationTest.php
index 7da08582..4e5568fb 100644
--- a/apps/platform/tests/Feature/SupportDiagnostics/SupportDiagnosticAuthorizationTest.php
+++ b/apps/platform/tests/Feature/SupportDiagnostics/SupportDiagnosticAuthorizationTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\OperationRun;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
@@ -22,7 +22,7 @@ function supportDiagnosticsTenantAuthorizationComponent(User $user, ManagedEnvir
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     setAdminEnvironmentContext($tenant);
 
-    return Livewire::actingAs($user)->test(TenantDashboard::class);
+    return Livewire::actingAs($user)->test(EnvironmentDashboard::class);
 }
 
 function supportDiagnosticsOperationAuthorizationComponent(User $user, OperationRun $run): \Livewire\Features\SupportTesting\Testable
@@ -51,7 +51,7 @@ function supportDiagnosticsOperationAuthorizationComponent(User $user, Operation
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
-        ->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+        ->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertNotFound();
 });
 
diff --git a/apps/platform/tests/Feature/SupportDiagnostics/TenantSupportDiagnosticActionTest.php b/apps/platform/tests/Feature/SupportDiagnostics/TenantSupportDiagnosticActionTest.php
index 7ebc36c5..f6644e82 100644
--- a/apps/platform/tests/Feature/SupportDiagnostics/TenantSupportDiagnosticActionTest.php
+++ b/apps/platform/tests/Feature/SupportDiagnostics/TenantSupportDiagnosticActionTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\AuditLog;
 use App\Models\EvidenceSnapshot;
 use App\Models\Finding;
@@ -12,7 +12,7 @@
 use App\Models\ReviewPack;
 use App\Models\StoredReport;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantReview;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Models\WorkspaceMembership;
 use App\Support\Auth\UiTooltips;
@@ -21,7 +21,7 @@
 use App\Support\OperationRunType;
 use App\Support\Providers\ProviderReasonCodes;
 use App\Support\Providers\ProviderVerificationStatus;
-use App\Support\TenantReviewStatus;
+use App\Support\EnvironmentReviewStatus;
 use App\Support\Workspaces\WorkspaceContext;
 use Filament\Actions\Action;
 use Livewire\Livewire;
@@ -32,7 +32,7 @@ function tenantSupportDiagnosticsComponent(User $user, ManagedEnvironment $tenan
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     setAdminEnvironmentContext($tenant);
 
-    return Livewire::actingAs($user)->test(TenantDashboard::class);
+    return Livewire::actingAs($user)->test(EnvironmentDashboard::class);
 }
 
 it('opens a redacted tenant support diagnostic bundle from the tenant dashboard', function (): void {
@@ -101,19 +101,19 @@ function tenantSupportDiagnosticsComponent(User $user, ManagedEnvironment $tenan
         'generated_at' => now()->subMinutes(7),
     ]);
 
-    $review = TenantReview::factory()->ready()->create([
+    $review = EnvironmentReview::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
         'evidence_snapshot_id' => (int) $evidenceSnapshot->getKey(),
         'operation_run_id' => (int) $run->getKey(),
-        'status' => TenantReviewStatus::Ready->value,
+        'status' => EnvironmentReviewStatus::Ready->value,
         'generated_at' => now()->subMinutes(7),
     ]);
 
     $pack = ReviewPack::factory()->ready()->create([
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
-        'tenant_review_id' => (int) $review->getKey(),
+        'environment_review_id' => (int) $review->getKey(),
         'operation_run_id' => (int) $run->getKey(),
         'generated_at' => now()->subMinutes(6),
     ]);
@@ -184,7 +184,7 @@ function tenantSupportDiagnosticsComponent(User $user, ManagedEnvironment $tenan
     $this
         ->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
-        ->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+        ->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertNotFound();
 });
 
diff --git a/apps/platform/tests/Feature/SupportRequests/SupportRequestAuditTest.php b/apps/platform/tests/Feature/SupportRequests/SupportRequestAuditTest.php
index 06eb5266..b0fdffa6 100644
--- a/apps/platform/tests/Feature/SupportRequests/SupportRequestAuditTest.php
+++ b/apps/platform/tests/Feature/SupportRequests/SupportRequestAuditTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\AuditLog;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
@@ -28,7 +28,7 @@ function supportRequestAuditTenantComponent(User $user, ManagedEnvironment $tena
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     setAdminEnvironmentContext($tenant);
 
-    return Livewire::actingAs($user)->test(TenantDashboard::class);
+    return Livewire::actingAs($user)->test(EnvironmentDashboard::class);
 }
 
 function supportRequestAuditOperationComponent(User $user, OperationRun $run): \Livewire\Features\SupportTesting\Testable
diff --git a/apps/platform/tests/Feature/SupportRequests/SupportRequestAuthorizationTest.php b/apps/platform/tests/Feature/SupportRequests/SupportRequestAuthorizationTest.php
index 473e9667..172928fa 100644
--- a/apps/platform/tests/Feature/SupportRequests/SupportRequestAuthorizationTest.php
+++ b/apps/platform/tests/Feature/SupportRequests/SupportRequestAuthorizationTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\OperationRun;
 use App\Models\SupportRequest;
 use App\Models\ManagedEnvironment;
@@ -23,7 +23,7 @@ function supportRequestAuthorizationTenantComponent(User $user, ManagedEnvironme
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     setAdminEnvironmentContext($tenant);
 
-    return Livewire::actingAs($user)->test(TenantDashboard::class);
+    return Livewire::actingAs($user)->test(EnvironmentDashboard::class);
 }
 
 function supportRequestAuthorizationOperationComponent(User $user, OperationRun $run): \Livewire\Features\SupportTesting\Testable
diff --git a/apps/platform/tests/Feature/SupportRequests/SupportRequestExternalHandoffAuditTest.php b/apps/platform/tests/Feature/SupportRequests/SupportRequestExternalHandoffAuditTest.php
index 5049c250..ad0acd20 100644
--- a/apps/platform/tests/Feature/SupportRequests/SupportRequestExternalHandoffAuditTest.php
+++ b/apps/platform/tests/Feature/SupportRequests/SupportRequestExternalHandoffAuditTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\AuditLog;
 use App\Models\SupportRequest;
 use App\Models\ManagedEnvironment;
@@ -34,7 +34,7 @@ function spec256AuditTenantComponent(User $user, ManagedEnvironment $tenant): \L
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     setAdminEnvironmentContext($tenant);
 
-    return Livewire::actingAs($user)->test(TenantDashboard::class);
+    return Livewire::actingAs($user)->test(EnvironmentDashboard::class);
 }
 
 it('preserves support request created audit and records external ticket created audit', function (): void {
diff --git a/apps/platform/tests/Feature/SupportRequests/SupportRequestExternalHandoffAuthorizationTest.php b/apps/platform/tests/Feature/SupportRequests/SupportRequestExternalHandoffAuthorizationTest.php
index 89dcf7df..f75a29b8 100644
--- a/apps/platform/tests/Feature/SupportRequests/SupportRequestExternalHandoffAuthorizationTest.php
+++ b/apps/platform/tests/Feature/SupportRequests/SupportRequestExternalHandoffAuthorizationTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\OperationRun;
 use App\Models\SupportRequest;
 use App\Models\ManagedEnvironment;
@@ -26,7 +26,7 @@ function spec256AuthorizationTenantComponent(User $user, ManagedEnvironment $ten
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     setAdminEnvironmentContext($tenant);
 
-    return Livewire::actingAs($user)->test(TenantDashboard::class);
+    return Livewire::actingAs($user)->test(EnvironmentDashboard::class);
 }
 
 function spec256AuthorizationOperationComponent(User $user, OperationRun $run): \Livewire\Features\SupportTesting\Testable
diff --git a/apps/platform/tests/Feature/SupportRequests/TenantSupportRequestActionTest.php b/apps/platform/tests/Feature/SupportRequests/TenantSupportRequestActionTest.php
index 80d8d037..a5e9f985 100644
--- a/apps/platform/tests/Feature/SupportRequests/TenantSupportRequestActionTest.php
+++ b/apps/platform/tests/Feature/SupportRequests/TenantSupportRequestActionTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\SupportRequest;
 use App\Models\ManagedEnvironment;
 use App\Models\ManagedEnvironmentMembership;
@@ -24,7 +24,7 @@ function tenantSupportRequestComponent(User $user, ManagedEnvironment $tenant):
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     setAdminEnvironmentContext($tenant);
 
-    return Livewire::actingAs($user)->test(TenantDashboard::class);
+    return Livewire::actingAs($user)->test(EnvironmentDashboard::class);
 }
 
 it('creates a tenant support request from the dashboard', function (): void {
@@ -132,7 +132,7 @@ function tenantSupportRequestComponent(User $user, ManagedEnvironment $tenant):
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
-        ->get(TenantDashboard::getUrl(panel: 'admin', tenant: $tenant))
+        ->get(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $tenant))
         ->assertNotFound();
 });
 
diff --git a/apps/platform/tests/Feature/SupportRequests/TenantSupportRequestExternalHandoffTest.php b/apps/platform/tests/Feature/SupportRequests/TenantSupportRequestExternalHandoffTest.php
index b436afa1..ae0e7652 100644
--- a/apps/platform/tests/Feature/SupportRequests/TenantSupportRequestExternalHandoffTest.php
+++ b/apps/platform/tests/Feature/SupportRequests/TenantSupportRequestExternalHandoffTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\SupportRequest;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
@@ -33,7 +33,7 @@ function spec256TenantHandoffComponent(User $user, ManagedEnvironment $tenant):
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     setAdminEnvironmentContext($tenant);
 
-    return Livewire::actingAs($user)->test(TenantDashboard::class);
+    return Livewire::actingAs($user)->test(EnvironmentDashboard::class);
 }
 
 it('creates an external ticket from the tenant dashboard support action', function (): void {
diff --git a/apps/platform/tests/Feature/System/ProductTelemetry/NoAdHocTelemetryBypassTest.php b/apps/platform/tests/Feature/System/ProductTelemetry/NoAdHocTelemetryBypassTest.php
index fecf76a6..8633e482 100644
--- a/apps/platform/tests/Feature/System/ProductTelemetry/NoAdHocTelemetryBypassTest.php
+++ b/apps/platform/tests/Feature/System/ProductTelemetry/NoAdHocTelemetryBypassTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\Operations\TenantlessOperationRunViewer;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Filament\System\Widgets\ProductTelemetryKpis;
 use App\Models\AuditLog;
 use App\Models\OperationRun;
@@ -52,7 +52,7 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
     setAdminEnvironmentContext($tenant);
 
-    Livewire::actingAs($user)->test(TenantDashboard::class);
+    Livewire::actingAs($user)->test(EnvironmentDashboard::class);
 
     Filament::setTenant(null, true);
     session()->put(WorkspaceContext::SESSION_KEY, (int) $run->workspace_id);
diff --git a/apps/platform/tests/Feature/System/ProductTelemetry/ProductTelemetryDashboardWidgetTest.php b/apps/platform/tests/Feature/System/ProductTelemetry/ProductTelemetryDashboardWidgetTest.php
index 3fe2d169..eead71ac 100644
--- a/apps/platform/tests/Feature/System/ProductTelemetry/ProductTelemetryDashboardWidgetTest.php
+++ b/apps/platform/tests/Feature/System/ProductTelemetry/ProductTelemetryDashboardWidgetTest.php
@@ -97,7 +97,7 @@ function seedProductTelemetryEvent(
             'lifecycle_state' => 'ready',
             'completed_at' => CarbonImmutable::now()->subHour(),
         ],
-        subjectType: 'tenant_onboarding_session',
+        subjectType: 'managed_environment_onboarding_session',
         subjectId: 101,
         occurredAt: CarbonImmutable::now()->subHour(),
     );
@@ -210,7 +210,7 @@ function seedProductTelemetryEvent(
             'lifecycle_state' => 'ready',
             'completed_at' => CarbonImmutable::now()->subDays(3),
         ],
-        subjectType: 'tenant_onboarding_session',
+        subjectType: 'managed_environment_onboarding_session',
         subjectId: 909,
         occurredAt: CarbonImmutable::now()->subDays(3),
     );
diff --git a/apps/platform/tests/Feature/System/Spec114/OpsFailuresViewTest.php b/apps/platform/tests/Feature/System/Spec114/OpsFailuresViewTest.php
index 1eeb2ca9..1d8a1fc9 100644
--- a/apps/platform/tests/Feature/System/Spec114/OpsFailuresViewTest.php
+++ b/apps/platform/tests/Feature/System/Spec114/OpsFailuresViewTest.php
@@ -89,7 +89,7 @@
 
     $reviewRun = $this->makeArtifactTruthRun(
         tenant: $tenant,
-        type: 'tenant.review.compose',
+        type: 'environment.review.compose',
         attributes: [
             'status' => OperationRunStatus::Completed->value,
             'outcome' => OperationRunOutcome::Failed->value,
@@ -110,7 +110,7 @@
 
     $packRun = $this->makeArtifactTruthRun(
         tenant: $tenant,
-        type: 'tenant.review_pack.generate',
+        type: 'environment.review_pack.generate',
         attributes: [
             'status' => OperationRunStatus::Completed->value,
             'outcome' => OperationRunOutcome::Failed->value,
diff --git a/apps/platform/tests/Feature/TenantRBAC/ArchivedTenantRouteAccessTest.php b/apps/platform/tests/Feature/TenantRBAC/ArchivedTenantRouteAccessTest.php
index f7c4ea65..1f59aa39 100644
--- a/apps/platform/tests/Feature/TenantRBAC/ArchivedTenantRouteAccessTest.php
+++ b/apps/platform/tests/Feature/TenantRBAC/ArchivedTenantRouteAccessTest.php
@@ -1,7 +1,7 @@
 <?php
 
-use App\Filament\Resources\TenantResource;
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Support\Workspaces\WorkspaceContext;
@@ -39,9 +39,10 @@
     $tenant->delete();
 
     $this->actingAs($user)
-        ->get(TenantResource::getUrl('view', ['record' => $tenant]))
+        ->get(ManagedEnvironmentResource::getUrl('view', ['record' => $tenant]))
         ->assertSuccessful()
-        ->assertSee('Archived');
+        ->assertSee('Environment governance overview')
+        ->assertSee($tenant->name);
 });
 
 it('shows only restore as the lifecycle mutation on archived tenant detail for owners', function (): void {
@@ -52,7 +53,7 @@
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionVisible('restore')
         ->assertActionEnabled('restore')
         ->assertActionExists('restore', fn (Action $action): bool => $action->getLabel() === 'Restore')
@@ -68,7 +69,7 @@
     Filament::setTenant(null, true);
 
     Livewire::actingAs($user)
-        ->test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+        ->test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->assertActionVisible('restore')
         ->assertActionDisabled('restore')
         ->assertActionHidden('archive')
@@ -94,9 +95,10 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $selectedTenant->workspace_id])
-        ->get(TenantResource::getUrl('view', ['record' => $archivedTenant]))
+        ->get(ManagedEnvironmentResource::getUrl('view', ['record' => $archivedTenant]))
         ->assertSuccessful()
-        ->assertSee('Archived');
+        ->assertSee('Environment governance overview')
+        ->assertSee($archivedTenant->name);
 });
 
 it('keeps onboarding admin tenant routes authoritative when another tenant is currently selected', function (): void {
@@ -118,7 +120,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $selectedTenant->workspace_id])
-        ->get(TenantResource::getUrl('view', ['record' => $onboardingTenant]))
+        ->get(ManagedEnvironmentResource::getUrl('view', ['record' => $onboardingTenant]))
         ->assertSuccessful()
         ->assertSee($onboardingTenant->name);
 });
diff --git a/apps/platform/tests/Feature/TenantRBAC/LastOwnerGuardTest.php b/apps/platform/tests/Feature/TenantRBAC/LastOwnerGuardTest.php
index 826053c2..b65ae2e1 100644
--- a/apps/platform/tests/Feature/TenantRBAC/LastOwnerGuardTest.php
+++ b/apps/platform/tests/Feature/TenantRBAC/LastOwnerGuardTest.php
@@ -2,7 +2,7 @@
 
 use App\Models\ManagedEnvironmentMembership;
 use App\Models\WorkspaceMembership;
-use App\Services\Auth\TenantMembershipManager;
+use App\Services\Auth\ManagedEnvironmentMembershipManager;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
 uses(RefreshDatabase::class);
@@ -15,7 +15,7 @@
         ->where('user_id', $actor->getKey())
         ->firstOrFail();
 
-    $manager = app(TenantMembershipManager::class);
+    $manager = app(ManagedEnvironmentMembershipManager::class);
 
     $callback = fn () => $manager->changeRole($tenant, $actor, $membership, 'readonly');
 
@@ -33,7 +33,7 @@
         ->where('user_id', $actor->getKey())
         ->firstOrFail();
 
-    $manager = app(TenantMembershipManager::class);
+    $manager = app(ManagedEnvironmentMembershipManager::class);
 
     $manager->removeMember($tenant, $actor, $membership);
 
diff --git a/apps/platform/tests/Feature/TenantRBAC/MembershipAuditLogTest.php b/apps/platform/tests/Feature/TenantRBAC/MembershipAuditLogTest.php
index 906e8644..57a907bd 100644
--- a/apps/platform/tests/Feature/TenantRBAC/MembershipAuditLogTest.php
+++ b/apps/platform/tests/Feature/TenantRBAC/MembershipAuditLogTest.php
@@ -3,7 +3,7 @@
 use App\Models\AuditLog;
 use App\Models\User;
 use App\Models\WorkspaceMembership;
-use App\Services\Auth\TenantMembershipManager;
+use App\Services\Auth\ManagedEnvironmentMembershipManager;
 use App\Support\Audit\AuditActionId;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
@@ -18,7 +18,7 @@
         'role' => 'readonly',
     ]);
 
-    $manager = app(TenantMembershipManager::class);
+    $manager = app(ManagedEnvironmentMembershipManager::class);
 
     $membership = $manager->addMember($tenant, $actor, $member, 'readonly');
     $manager->removeMember($tenant, $actor, $membership);
diff --git a/apps/platform/tests/Feature/TenantRBAC/TenantDiagnosticsAccessTest.php b/apps/platform/tests/Feature/TenantRBAC/TenantDiagnosticsAccessTest.php
index f81890cc..ccda5534 100644
--- a/apps/platform/tests/Feature/TenantRBAC/TenantDiagnosticsAccessTest.php
+++ b/apps/platform/tests/Feature/TenantRBAC/TenantDiagnosticsAccessTest.php
@@ -1,6 +1,6 @@
 <?php
 
-use App\Filament\Pages\TenantDiagnostics;
+use App\Filament\Pages\EnvironmentDiagnostics;
 use App\Models\ManagedEnvironmentMembership;
 use App\Support\Rbac\UiTooltips;
 use Filament\Actions\Action;
@@ -49,7 +49,7 @@
         'created_by_user_id' => (int) $user->getKey(),
     ]);
 
-    Livewire::test(TenantDiagnostics::class)
+    Livewire::test(EnvironmentDiagnostics::class)
         ->assertActionVisible('mergeDuplicateMemberships')
         ->assertActionDisabled('mergeDuplicateMemberships')
         ->assertActionExists('mergeDuplicateMemberships', function (Action $action): bool {
diff --git a/apps/platform/tests/Feature/TenantRBAC/TenantGuidVsBigintGuardTest.php b/apps/platform/tests/Feature/TenantRBAC/TenantGuidVsBigintGuardTest.php
index 2ae5c0c7..703b73e2 100644
--- a/apps/platform/tests/Feature/TenantRBAC/TenantGuidVsBigintGuardTest.php
+++ b/apps/platform/tests/Feature/TenantRBAC/TenantGuidVsBigintGuardTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDiagnostics;
+use App\Filament\Pages\EnvironmentDiagnostics;
 use App\Models\ManagedEnvironment;
 use Filament\Facades\Filament;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -23,6 +23,6 @@
 
     Filament::setTenant($tenant, true);
 
-    Livewire::test(TenantDiagnostics::class)
+    Livewire::test(EnvironmentDiagnostics::class)
         ->assertSuccessful();
 });
diff --git a/apps/platform/tests/Feature/TenantRBAC/TenantMembershipCrudTest.php b/apps/platform/tests/Feature/TenantRBAC/TenantMembershipCrudTest.php
index b2f87165..f30b2c24 100644
--- a/apps/platform/tests/Feature/TenantRBAC/TenantMembershipCrudTest.php
+++ b/apps/platform/tests/Feature/TenantRBAC/TenantMembershipCrudTest.php
@@ -2,7 +2,7 @@
 
 use App\Models\User;
 use App\Models\WorkspaceMembership;
-use App\Services\Auth\TenantMembershipManager;
+use App\Services\Auth\ManagedEnvironmentMembershipManager;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
 uses(RefreshDatabase::class);
@@ -16,7 +16,7 @@
         'role' => 'readonly',
     ]);
 
-    $manager = app(TenantMembershipManager::class);
+    $manager = app(ManagedEnvironmentMembershipManager::class);
 
     $membership = $manager->addMember($tenant, $actor, $member, 'readonly');
 
diff --git a/apps/platform/tests/Feature/TenantRBAC/TenantRouteDenyAsNotFoundTest.php b/apps/platform/tests/Feature/TenantRBAC/TenantRouteDenyAsNotFoundTest.php
index 0f954db9..e773543e 100644
--- a/apps/platform/tests/Feature/TenantRBAC/TenantRouteDenyAsNotFoundTest.php
+++ b/apps/platform/tests/Feature/TenantRBAC/TenantRouteDenyAsNotFoundTest.php
@@ -25,7 +25,7 @@
         ->assertNotFound();
 });
 
-it('enforces panel boundary semantics between workspace routes and tenant routes', function () {
+it('keeps retired tenant routes outside the active workspace route boundary', function () {
     [$user, $tenant] = createUserWithTenant(role: 'readonly');
     $otherTenant = ManagedEnvironment::factory()->create([
         'workspace_id' => (int) $tenant->workspace_id,
@@ -35,7 +35,7 @@
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
         ->get("/admin/tenants/{$tenant->external_id}")
-        ->assertSuccessful();
+        ->assertNotFound();
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id])
diff --git a/apps/platform/tests/Feature/TenantRBAC/TenantSwitcherScopeTest.php b/apps/platform/tests/Feature/TenantRBAC/TenantSwitcherScopeTest.php
index 10324470..0809ad75 100644
--- a/apps/platform/tests/Feature/TenantRBAC/TenantSwitcherScopeTest.php
+++ b/apps/platform/tests/Feature/TenantRBAC/TenantSwitcherScopeTest.php
@@ -2,8 +2,8 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\ChooseTenant;
-use App\Filament\Resources\TenantResource;
+use App\Filament\Pages\ChooseEnvironment;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\WorkspaceMembership;
@@ -83,17 +83,17 @@
     session()->put(WorkspaceContext::SESSION_KEY, (int) $active->workspace_id);
 
     Livewire::actingAs($user)
-        ->test(ChooseTenant::class)
-        ->call('selectTenant', $onboarding->getKey())
+        ->test(ChooseEnvironment::class)
+        ->call('selectEnvironment', $onboarding->getKey())
         ->assertStatus(404);
 
     Livewire::actingAs($user)
-        ->test(ChooseTenant::class)
-        ->call('selectTenant', $archived->getKey())
+        ->test(ChooseEnvironment::class)
+        ->call('selectEnvironment', $archived->getKey())
         ->assertStatus(404);
 });
 
-it('keeps tenant global-search broader than selector eligibility when the user only has administratively discoverable memberships', function (): void {
+it('keeps managed-environment global search disabled while selector eligibility stays narrow', function (): void {
     $user = User::factory()->create();
 
     $draft = ManagedEnvironment::factory()->draft()->create(['name' => 'Search Draft']);
@@ -120,13 +120,7 @@
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $draft->workspace_id);
 
-    expect(TenantResource::getGlobalSearchResults('Search'))
-        ->toHaveCount(3)
-        ->sequence(
-            fn ($result) => $result->title->toContain('Search'),
-            fn ($result) => $result->title->toContain('Search'),
-            fn ($result) => $result->title->toContain('Search'),
-        );
+    expect(ManagedEnvironmentResource::getGlobalSearchResults('Search'))->toHaveCount(0);
 });
 
 it('does not render onboarding or archived tenants in the header selector on workspace pages', function (): void {
diff --git a/apps/platform/tests/Feature/Tenants/TenantProviderBackedActionStartTest.php b/apps/platform/tests/Feature/Tenants/TenantProviderBackedActionStartTest.php
index a20d7758..7f9a37eb 100644
--- a/apps/platform/tests/Feature/Tenants/TenantProviderBackedActionStartTest.php
+++ b/apps/platform/tests/Feature/Tenants/TenantProviderBackedActionStartTest.php
@@ -1,6 +1,6 @@
 <?php
 
-use App\Filament\Resources\TenantResource\Pages\ViewTenant;
+use App\Filament\Resources\ManagedEnvironmentResource\Pages\ViewManagedEnvironment;
 use App\Jobs\ProviderConnectionHealthCheckJob;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
@@ -27,7 +27,7 @@
         ->where('is_default', true)
         ->firstOrFail();
 
-    $component = Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()]);
+    $component = Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()]);
 
     $component->callAction('verify');
     $component->callAction('verify');
@@ -69,7 +69,7 @@
     $tenant->makeCurrent();
     Filament::setTenant($tenant, true);
 
-    Livewire::test(ViewTenant::class, ['record' => $tenant->getRouteKey()])
+    Livewire::test(ViewManagedEnvironment::class, ['record' => $tenant->getRouteKey()])
         ->callAction('verify');
 
     $run = OperationRun::query()
diff --git a/apps/platform/tests/Feature/Tenants/TenantProviderConnectionsCtaTest.php b/apps/platform/tests/Feature/Tenants/TenantProviderConnectionsCtaTest.php
index 68ae0937..9a778bdf 100644
--- a/apps/platform/tests/Feature/Tenants/TenantProviderConnectionsCtaTest.php
+++ b/apps/platform/tests/Feature/Tenants/TenantProviderConnectionsCtaTest.php
@@ -2,21 +2,22 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\ProviderConnection;
 use App\Support\Providers\ProviderConsentStatus;
 use App\Support\Providers\ProviderVerificationStatus;
 
-it('renders provider connections CTA with canonical tenantless URL on tenant detail page', function (): void {
+it('renders provider health context on the canonical environment dashboard', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
     $this->actingAs($user)
-        ->get(TenantResource::getUrl('view', ['record' => $tenant], tenant: $tenant))
+        ->get(ManagedEnvironmentResource::getUrl('view', ['record' => $tenant], tenant: $tenant))
         ->assertOk()
-        ->assertSee('/admin/provider-connections?managed_environment_id='.(string) $tenant->external_id, false);
+        ->assertSee('Environment governance overview')
+        ->assertSee('Provider Health');
 });
 
-it('keeps the canonical provider connections CTA when the tenant needs a default microsoft connection', function (): void {
+it('keeps provider health context when the environment needs a default microsoft connection', function (): void {
     $tenant = \App\Models\ManagedEnvironment::factory()->active()->create();
     [$user, $tenant] = createUserWithTenant(
         tenant: $tenant,
@@ -33,12 +34,13 @@
     ]);
 
     $this->actingAs($user)
-        ->get(TenantResource::getUrl('view', ['record' => $tenant], tenant: $tenant))
+        ->get(ManagedEnvironmentResource::getUrl('view', ['record' => $tenant], tenant: $tenant))
         ->assertOk()
-        ->assertSee('/admin/provider-connections?managed_environment_id='.(string) $tenant->external_id, false);
+        ->assertSee('Environment governance overview')
+        ->assertSee('Provider Health');
 });
 
-it('renders the tenant provider summary with lifecycle, consent, and verification only', function (): void {
+it('renders the environment dashboard provider health summary from the default connection', function (): void {
     $tenant = \App\Models\ManagedEnvironment::factory()->active()->create();
     [$user, $tenant] = createUserWithTenant(
         tenant: $tenant,
@@ -58,15 +60,11 @@
     ]);
 
     $this->actingAs($user)
-        ->get(TenantResource::getUrl('view', ['record' => $tenant], tenant: $tenant))
+        ->get(ManagedEnvironmentResource::getUrl('view', ['record' => $tenant], tenant: $tenant))
         ->assertOk()
-        ->assertSee('Provider connection')
+        ->assertSee('Provider Health')
         ->assertSee('Canonical Summary Connection')
-        ->assertSee('Lifecycle')
         ->assertSee('Disabled')
-        ->assertSee('Consent')
-        ->assertSee('Granted')
-        ->assertSee('Verification')
         ->assertSee('Healthy')
         ->assertDontSee('Connected')
         ->assertDontSee('Legacy health');
diff --git a/apps/platform/tests/Feature/Verification/IntuneRbacPermissionCoverageTest.php b/apps/platform/tests/Feature/Verification/IntuneRbacPermissionCoverageTest.php
index 730711b1..5919f32e 100644
--- a/apps/platform/tests/Feature/Verification/IntuneRbacPermissionCoverageTest.php
+++ b/apps/platform/tests/Feature/Verification/IntuneRbacPermissionCoverageTest.php
@@ -5,7 +5,7 @@
 use App\Models\ManagedEnvironment;
 use App\Support\Links\RequiredPermissionsLinks;
 use App\Support\Providers\ProviderReasonCodes;
-use App\Support\Verification\TenantPermissionCheckClusters;
+use App\Support\Verification\ManagedEnvironmentPermissionCheckClusters;
 use App\Support\Verification\VerificationCheckStatus;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
@@ -14,7 +14,7 @@
 it('surfaces a dedicated RBAC permission reason when DeviceManagementRBAC.Read.All is missing', function (): void {
     $tenant = ManagedEnvironment::factory()->create(['external_id' => 'tenant-rbac-check']);
 
-    $checks = TenantPermissionCheckClusters::buildChecks($tenant, [
+    $checks = ManagedEnvironmentPermissionCheckClusters::buildChecks($tenant, [
         [
             'key' => 'DeviceManagementRBAC.Read.All',
             'type' => 'application',
diff --git a/apps/platform/tests/Feature/Verification/ProviderConnectionHealthCheckWritesReportTest.php b/apps/platform/tests/Feature/Verification/ProviderConnectionHealthCheckWritesReportTest.php
index 80793e64..42a9bf3a 100644
--- a/apps/platform/tests/Feature/Verification/ProviderConnectionHealthCheckWritesReportTest.php
+++ b/apps/platform/tests/Feature/Verification/ProviderConnectionHealthCheckWritesReportTest.php
@@ -7,7 +7,7 @@
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ProviderCredential;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Services\Graph\GraphClientInterface;
 use App\Services\Graph\GraphResponse;
 use App\Services\OperationRunService;
@@ -263,7 +263,7 @@
     expect($adminConsentCheck['reason_code'] ?? null)->toBe('rate_limited');
     expect((string) ($adminConsentCheck['message'] ?? ''))->toContain('Unable to refresh observed permissions inventory');
 
-    expect(TenantPermission::query()->where('managed_environment_id', (int) $tenant->getKey())->count())->toBe(0);
+    expect(ManagedEnvironmentPermission::query()->where('managed_environment_id', (int) $tenant->getKey())->count())->toBe(0);
 });
 
 it('degrades permission clusters to warnings when live permissions refresh cannot map assignments', function (): void {
@@ -333,7 +333,7 @@
 
     $payload = is_array($credential?->payload) ? $credential->payload : [];
 
-    $comparison = app(\App\Services\Intune\TenantPermissionService::class)->compare(
+    $comparison = app(\App\Services\Intune\ManagedEnvironmentPermissionService::class)->compare(
         $tenant,
         persist: true,
         liveCheck: true,
@@ -367,5 +367,5 @@
     expect($adminConsentCheck['reason_code'] ?? null)->toBeIn(['provider_permission_denied', 'unknown_error']);
     expect((string) ($adminConsentCheck['message'] ?? ''))->toContain('Unable to refresh observed permissions inventory');
 
-    expect(TenantPermission::query()->where('managed_environment_id', (int) $tenant->getKey())->count())->toBe(0);
+    expect(ManagedEnvironmentPermission::query()->where('managed_environment_id', (int) $tenant->getKey())->count())->toBe(0);
 });
diff --git a/apps/platform/tests/Feature/Verification/VerificationReportViewerDbOnlyTest.php b/apps/platform/tests/Feature/Verification/VerificationReportViewerDbOnlyTest.php
index 0fd30164..5cc12329 100644
--- a/apps/platform/tests/Feature/Verification/VerificationReportViewerDbOnlyTest.php
+++ b/apps/platform/tests/Feature/Verification/VerificationReportViewerDbOnlyTest.php
@@ -6,7 +6,7 @@
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -177,7 +177,7 @@
         ],
     ]);
 
-    TenantOnboardingSession::query()->create([
+    ManagedEnvironmentOnboardingSession::query()->create([
         'workspace_id' => (int) $workspace->getKey(),
         'managed_environment_id' => (int) $tenant->getKey(),
         'entra_tenant_id' => (string) $tenant->managed_environment_id,
diff --git a/apps/platform/tests/Feature/Verification/VerificationStartDedupeTest.php b/apps/platform/tests/Feature/Verification/VerificationStartDedupeTest.php
index 51ef0322..970e6156 100644
--- a/apps/platform/tests/Feature/Verification/VerificationStartDedupeTest.php
+++ b/apps/platform/tests/Feature/Verification/VerificationStartDedupeTest.php
@@ -30,14 +30,14 @@
         tenant: $tenant,
         connection: $connection,
         initiator: $user,
-        extraContext: ['wizard' => ['flow' => 'managed_tenant_onboarding']],
+        extraContext: ['wizard' => ['flow' => 'managed_environment_onboarding']],
     );
 
     $second = $starter->providerConnectionCheck(
         tenant: $tenant,
         connection: $connection,
         initiator: $user,
-        extraContext: ['wizard' => ['flow' => 'managed_tenant_onboarding']],
+        extraContext: ['wizard' => ['flow' => 'managed_environment_onboarding']],
     );
 
     expect($first->run->getKey())->toBe($second->run->getKey());
diff --git a/apps/platform/tests/Feature/WorkspaceIsolation/TenantOwnedWorkspaceInvariantTest.php b/apps/platform/tests/Feature/WorkspaceIsolation/TenantOwnedWorkspaceInvariantTest.php
index 3c13e120..5f0fe70b 100644
--- a/apps/platform/tests/Feature/WorkspaceIsolation/TenantOwnedWorkspaceInvariantTest.php
+++ b/apps/platform/tests/Feature/WorkspaceIsolation/TenantOwnedWorkspaceInvariantTest.php
@@ -12,7 +12,7 @@
 use App\Models\PolicyVersion;
 use App\Models\RestoreRun;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Models\Workspace;
 use App\Support\WorkspaceIsolation\WorkspaceIsolationViolation;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -95,7 +95,7 @@
             'managed_environment_id' => $tenant->getKey(),
             'workspace_id' => $workspaceId,
         ]),
-        'tenant_permissions' => fn (int $workspaceId) => TenantPermission::make([
+        'managed_environment_permissions' => fn (int $workspaceId) => ManagedEnvironmentPermission::make([
             'managed_environment_id' => $tenant->getKey(),
             'workspace_id' => $workspaceId,
             'permission_key' => 'test.permission.'.uniqid(),
diff --git a/apps/platform/tests/Feature/WorkspaceIsolation/WorkspaceIdForeignKeyConstraintTest.php b/apps/platform/tests/Feature/WorkspaceIsolation/WorkspaceIdForeignKeyConstraintTest.php
index ac440347..520a76f0 100644
--- a/apps/platform/tests/Feature/WorkspaceIsolation/WorkspaceIdForeignKeyConstraintTest.php
+++ b/apps/platform/tests/Feature/WorkspaceIsolation/WorkspaceIdForeignKeyConstraintTest.php
@@ -19,7 +19,7 @@
         'entra_groups',
         'findings',
         'entra_role_definitions',
-        'tenant_permissions',
+        'managed_environment_permissions',
     ];
 
     foreach ($tables as $table) {
diff --git a/apps/platform/tests/Feature/Workspaces/ChooseTenantPageTest.php b/apps/platform/tests/Feature/Workspaces/ChooseEnvironmentPageTest.php
similarity index 91%
rename from apps/platform/tests/Feature/Workspaces/ChooseTenantPageTest.php
rename to apps/platform/tests/Feature/Workspaces/ChooseEnvironmentPageTest.php
index 46f8cc23..c02027b1 100644
--- a/apps/platform/tests/Feature/Workspaces/ChooseTenantPageTest.php
+++ b/apps/platform/tests/Feature/Workspaces/ChooseEnvironmentPageTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Support\Workspaces\WorkspaceContext;
 use Filament\Facades\Filament;
@@ -10,7 +10,7 @@
 
 uses(RefreshDatabase::class);
 
-it('shows only active tenants and no-tenant helper copy on the choose-tenant page', function (): void {
+it('shows only active tenants and no-tenant helper copy on the choose-environment page', function (): void {
     $activeTenant = ManagedEnvironment::factory()->active()->create(['name' => 'Choose Active ManagedEnvironment']);
     [$user, $activeTenant] = createUserWithTenant(tenant: $activeTenant, role: 'owner');
 
@@ -35,7 +35,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $activeTenant->workspace_id])
-        ->get('/admin/choose-tenant')
+        ->get('/admin/choose-environment')
         ->assertSuccessful()
         ->assertSee('Choose Active ManagedEnvironment')
         ->assertSee('Choose Other Active ManagedEnvironment')
@@ -57,7 +57,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $onboardingTenant->workspace_id])
-        ->get('/admin/choose-tenant')
+        ->get('/admin/choose-environment')
         ->assertSuccessful()
         ->assertSee(__('localization.shell.no_active_environments'))
         ->assertSee(__('localization.shell.no_active_environments_description'))
@@ -84,7 +84,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $activeTenant->workspace_id])
-        ->get('/admin/choose-tenant')
+        ->get('/admin/choose-environment')
         ->assertSuccessful()
         ->assertSee('Selector Active ManagedEnvironment')
         ->assertDontSee('Selector Onboarding ManagedEnvironment')
@@ -92,7 +92,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $activeTenant->workspace_id])
-        ->get(route('admin.workspace.managed-tenants.index', ['workspace' => $activeTenant->workspace]))
+        ->get(route('admin.workspace.managed-environments.index', ['workspace' => $activeTenant->workspace]))
         ->assertSuccessful()
         ->assertSee('Selector Active ManagedEnvironment')
         ->assertSee('Selector Onboarding ManagedEnvironment')
@@ -111,9 +111,9 @@
                 (string) $tenant->workspace_id => (int) $tenant->getKey(),
             ],
         ])
-        ->from(TenantDashboard::getUrl(tenant: $tenant))
-        ->post(route('admin.clear-tenant-context'))
-        ->assertRedirect(route('admin.workspace.managed-tenants.index', ['workspace' => $tenant->workspace]));
+        ->from(EnvironmentDashboard::getUrl(tenant: $tenant))
+        ->post(route('admin.clear-environment-context'))
+        ->assertRedirect(route('admin.workspace.managed-environments.index', ['workspace' => $tenant->workspace]));
 
     $this->withSession([
         WorkspaceContext::SESSION_KEY => (int) $tenant->workspace_id,
@@ -135,7 +135,7 @@
             ],
         ])
         ->from('/admin/evidence')
-        ->post(route('admin.clear-tenant-context'))
+        ->post(route('admin.clear-environment-context'))
         ->assertRedirect(route('admin.evidence.overview'));
 
     $this->withSession([
diff --git a/apps/platform/tests/Feature/Workspaces/ChooseWorkspaceRedirectsToChooseTenantTest.php b/apps/platform/tests/Feature/Workspaces/ChooseWorkspaceRedirectsToChooseEnvironmentTest.php
similarity index 87%
rename from apps/platform/tests/Feature/Workspaces/ChooseWorkspaceRedirectsToChooseTenantTest.php
rename to apps/platform/tests/Feature/Workspaces/ChooseWorkspaceRedirectsToChooseEnvironmentTest.php
index 7ff2ebbd..652859a7 100644
--- a/apps/platform/tests/Feature/Workspaces/ChooseWorkspaceRedirectsToChooseTenantTest.php
+++ b/apps/platform/tests/Feature/Workspaces/ChooseWorkspaceRedirectsToChooseEnvironmentTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Filament\Pages\ChooseWorkspace;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Models\ManagedEnvironmentMembership;
 use App\Models\User;
@@ -29,7 +29,7 @@
     Livewire::actingAs($user)
         ->test(ChooseWorkspace::class)
         ->call('selectWorkspace', $workspace->getKey())
-        ->assertRedirect(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace->slug ?? $workspace->getKey()]));
+        ->assertRedirect(route('admin.workspace.managed-environments.index', ['workspace' => $workspace->slug ?? $workspace->getKey()]));
 });
 
 it('redirects to the tenant dashboard after selecting a workspace with exactly one tenant', function (): void {
@@ -59,10 +59,10 @@
     Livewire::actingAs($user)
         ->test(ChooseWorkspace::class)
         ->call('selectWorkspace', $workspace->getKey())
-        ->assertRedirect(TenantDashboard::getUrl(tenant: $tenant));
+        ->assertRedirect(EnvironmentDashboard::getUrl(tenant: $tenant));
 });
 
-it('redirects to choose-tenant after selecting a workspace with multiple tenants', function (): void {
+it('redirects to choose-environment after selecting a workspace with multiple tenants', function (): void {
     $user = User::factory()->create();
 
     $workspace = Workspace::factory()->create();
@@ -91,7 +91,7 @@
     Livewire::actingAs($user)
         ->test(ChooseWorkspace::class)
         ->call('selectWorkspace', $workspace->getKey())
-        ->assertRedirect(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace->slug ?? $workspace->getKey()]));
+        ->assertRedirect(route('admin.workspace.managed-environments.index', ['workspace' => $workspace->slug ?? $workspace->getKey()]));
 });
 
 it('prefers the stored intended url after selecting a workspace', function (): void {
@@ -135,7 +135,7 @@
             ],
         ])
         ->post(route('admin.switch-workspace'), ['workspace_id' => (int) $workspaceB->getKey()])
-        ->assertRedirect(route('admin.workspace.managed-tenants.index', ['workspace' => $workspaceB->slug ?? $workspaceB->getKey()]));
+        ->assertRedirect(route('admin.workspace.managed-environments.index', ['workspace' => $workspaceB->slug ?? $workspaceB->getKey()]));
 
     expect(Filament::getTenant())->toBeNull();
     expect(session(WorkspaceContext::SESSION_KEY))->toBe((int) $workspaceB->getKey());
diff --git a/apps/platform/tests/Feature/Workspaces/EnsureWorkspaceSelectedMiddlewareTest.php b/apps/platform/tests/Feature/Workspaces/EnsureWorkspaceSelectedMiddlewareTest.php
index ad148ab1..8f5820f3 100644
--- a/apps/platform/tests/Feature/Workspaces/EnsureWorkspaceSelectedMiddlewareTest.php
+++ b/apps/platform/tests/Feature/Workspaces/EnsureWorkspaceSelectedMiddlewareTest.php
@@ -7,7 +7,7 @@
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Support\Audit\AuditActionId;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -77,7 +77,7 @@
 
     $response = $this->actingAs($user)->get('/admin/_test/workspace-context');
 
-    $expectedRoute = route('admin.workspace.managed-tenants.index', [
+    $expectedRoute = route('admin.workspace.managed-environments.index', [
         'workspace' => $workspace->slug ?? $workspace->getKey(),
     ]);
 
@@ -108,7 +108,7 @@
 
     $response = $this->actingAs($user)->get('/admin/_test/workspace-context');
 
-    $expectedRoute = route('admin.workspace.managed-tenants.index', [
+    $expectedRoute = route('admin.workspace.managed-environments.index', [
         'workspace' => $workspace->slug ?? $workspace->getKey(),
     ]);
 
@@ -138,7 +138,7 @@
 
     $response->assertRedirect();
     $location = $response->headers->get('Location');
-    expect($location)->toBe(TenantDashboard::getUrl(tenant: $tenant));
+    expect($location)->toBe(EnvironmentDashboard::getUrl(tenant: $tenant));
 });
 
 // --- T008: it_allows_request_when_session_workspace_is_valid ---
diff --git a/apps/platform/tests/Feature/Workspaces/GlobalContextShellContractTest.php b/apps/platform/tests/Feature/Workspaces/GlobalContextShellContractTest.php
index b3c8314c..12ba3476 100644
--- a/apps/platform/tests/Feature/Workspaces/GlobalContextShellContractTest.php
+++ b/apps/platform/tests/Feature/Workspaces/GlobalContextShellContractTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Support\Workspaces\WorkspaceContext;
@@ -17,14 +17,14 @@
     session()->forget(WorkspaceContext::SESSION_KEY);
 
     $this->actingAs($user)
-        ->get(TenantDashboard::getUrl(tenant: $tenant))
+        ->get(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertOk()
         ->assertSee($tenant->workspace()->firstOrFail()->name)
         ->assertSee('ManagedEnvironment Panel Entry')
         ->assertSee(__('localization.shell.switch_environment'))
         ->assertSee(__('localization.shell.clear_environment_scope'))
             ->assertDontSee(__('localization.shell.search_environments'))
-        ->assertDontSee('admin/select-tenant');
+        ->assertDontSee('admin/select-environment');
 });
 
 it('keeps workspace-scoped routes tenantless when a cross-workspace tenant hint is rejected', function (): void {
diff --git a/apps/platform/tests/Feature/Workspaces/ManagedTenantOnboardingProviderStartTest.php b/apps/platform/tests/Feature/Workspaces/ManagedEnvironmentOnboardingProviderStartTest.php
similarity index 92%
rename from apps/platform/tests/Feature/Workspaces/ManagedTenantOnboardingProviderStartTest.php
rename to apps/platform/tests/Feature/Workspaces/ManagedEnvironmentOnboardingProviderStartTest.php
index 6bb311c4..9b64b1f4 100644
--- a/apps/platform/tests/Feature/Workspaces/ManagedTenantOnboardingProviderStartTest.php
+++ b/apps/platform/tests/Feature/Workspaces/ManagedEnvironmentOnboardingProviderStartTest.php
@@ -1,13 +1,13 @@
 <?php
 
-use App\Filament\Pages\Workspaces\ManagedTenantOnboardingWizard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentOnboardingWizard;
 use App\Jobs\ProviderComplianceSnapshotJob;
 use App\Jobs\ProviderConnectionHealthCheckJob;
 use App\Jobs\ProviderInventorySyncJob;
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -35,8 +35,8 @@
 
     $tenantGuid = '10101010-1010-1010-1010-101010101010';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
-    $component->call('identifyManagedTenant', [
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $tenantGuid,
         'environment' => 'prod',
         'name' => 'Acme',
@@ -94,8 +94,8 @@
 
     $tenantGuid = '20202020-2020-2020-2020-202020202020';
 
-    $component = Livewire::actingAs($user)->test(ManagedTenantOnboardingWizard::class);
-    $component->call('identifyManagedTenant', [
+    $component = Livewire::actingAs($user)->test(ManagedEnvironmentOnboardingWizard::class);
+    $component->call('identifyManagedEnvironment', [
         'entra_tenant_id' => $tenantGuid,
         'environment' => 'prod',
         'name' => 'Acme',
@@ -127,7 +127,7 @@
         ],
     ]);
 
-    $session = TenantOnboardingSession::query()
+    $session = ManagedEnvironmentOnboardingSession::query()
         ->where('workspace_id', (int) $workspace->getKey())
         ->where('managed_environment_id', (int) $tenant->getKey())
         ->firstOrFail();
diff --git a/apps/platform/tests/Feature/Workspaces/ManagedTenantsLivewireUpdateTest.php b/apps/platform/tests/Feature/Workspaces/ManagedEnvironmentsLivewireUpdateTest.php
similarity index 96%
rename from apps/platform/tests/Feature/Workspaces/ManagedTenantsLivewireUpdateTest.php
rename to apps/platform/tests/Feature/Workspaces/ManagedEnvironmentsLivewireUpdateTest.php
index dc7ecd37..37a3ec20 100644
--- a/apps/platform/tests/Feature/Workspaces/ManagedTenantsLivewireUpdateTest.php
+++ b/apps/platform/tests/Feature/Workspaces/ManagedEnvironmentsLivewireUpdateTest.php
@@ -28,7 +28,7 @@
     // 1. Load the page
     $response = $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]));
+        ->get(route('admin.workspace.managed-environments.index', ['workspace' => $workspace]));
 
     $response->assertSuccessful();
 
diff --git a/apps/platform/tests/Feature/Workspaces/ManagedTenantsWorkspaceRoutingTest.php b/apps/platform/tests/Feature/Workspaces/ManagedEnvironmentsWorkspaceRoutingTest.php
similarity index 94%
rename from apps/platform/tests/Feature/Workspaces/ManagedTenantsWorkspaceRoutingTest.php
rename to apps/platform/tests/Feature/Workspaces/ManagedEnvironmentsWorkspaceRoutingTest.php
index 70ad17db..b456d518 100644
--- a/apps/platform/tests/Feature/Workspaces/ManagedTenantsWorkspaceRoutingTest.php
+++ b/apps/platform/tests/Feature/Workspaces/ManagedEnvironmentsWorkspaceRoutingTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\Workspace;
@@ -66,7 +66,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspaceEmpty->getKey()])
-        ->get(route('admin.workspace.managed-tenants.index', ['workspace' => $workspaceEmpty]))
+        ->get(route('admin.workspace.managed-environments.index', ['workspace' => $workspaceEmpty]))
         ->assertSuccessful()
         ->assertDontSee('/admin/t/'.$tenantInOther->external_id, false);
 });
@@ -92,7 +92,7 @@
     ]);
 
     $this->actingAs($user)
-        ->get(TenantDashboard::getUrl(tenant: $tenant))
+        ->get(EnvironmentDashboard::getUrl(tenant: $tenant))
         ->assertSuccessful();
 });
 
@@ -126,7 +126,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspaceB->getKey()])
-        ->get(TenantDashboard::getUrl(tenant: $tenantInA))
+        ->get(EnvironmentDashboard::getUrl(tenant: $tenantInA))
         ->assertSuccessful()
         ->assertSessionHas(WorkspaceContext::SESSION_KEY, (int) $workspaceA->getKey());
 });
diff --git a/apps/platform/tests/Feature/Workspaces/SelectTenantControllerTest.php b/apps/platform/tests/Feature/Workspaces/SelectEnvironmentControllerTest.php
similarity index 92%
rename from apps/platform/tests/Feature/Workspaces/SelectTenantControllerTest.php
rename to apps/platform/tests/Feature/Workspaces/SelectEnvironmentControllerTest.php
index e11107bd..a37aa6df 100644
--- a/apps/platform/tests/Feature/Workspaces/SelectTenantControllerTest.php
+++ b/apps/platform/tests/Feature/Workspaces/SelectEnvironmentControllerTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\Workspace;
@@ -18,11 +18,11 @@
 
     $response = $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $activeTenant->workspace_id])
-        ->post(route('admin.select-tenant'), [
+        ->post(route('admin.select-environment'), [
             'managed_environment_id' => (int) $activeTenant->getKey(),
         ]);
 
-    $response->assertRedirect(TenantDashboard::getUrl(panel: 'admin', tenant: $activeTenant));
+    $response->assertRedirect(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $activeTenant));
 
     expect(session()->get(WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY, []))
         ->toHaveKey((string) $activeTenant->workspace_id, (int) $activeTenant->getKey());
@@ -46,7 +46,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $activeTenant->workspace_id])
-        ->post(route('admin.select-tenant'), [
+        ->post(route('admin.select-environment'), [
             'managed_environment_id' => (int) $onboardingTenant->getKey(),
         ])
         ->assertNotFound();
@@ -82,7 +82,7 @@
     ]);
 
     $this->actingAs($user)
-        ->post(route('admin.select-tenant'), [
+        ->post(route('admin.select-environment'), [
             'managed_environment_id' => (int) $tenant->getKey(),
         ])
         ->assertRedirect('/admin/choose-workspace');
@@ -97,7 +97,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $activeTenant->workspace_id])
-        ->post(route('admin.select-tenant'), [
+        ->post(route('admin.select-environment'), [
             'managed_environment_id' => (int) $foreignTenant->getKey(),
         ])
         ->assertNotFound();
@@ -130,7 +130,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->post(route('admin.select-tenant'), [
+        ->post(route('admin.select-environment'), [
             'managed_environment_id' => (int) $tenant->getKey(),
         ])
         ->assertNotFound();
diff --git a/apps/platform/tests/Feature/Workspaces/Spec195ManagedTenantsLandingTest.php b/apps/platform/tests/Feature/Workspaces/Spec195ManagedEnvironmentsLandingTest.php
similarity index 80%
rename from apps/platform/tests/Feature/Workspaces/Spec195ManagedTenantsLandingTest.php
rename to apps/platform/tests/Feature/Workspaces/Spec195ManagedEnvironmentsLandingTest.php
index 3c6c2fd3..7de3467f 100644
--- a/apps/platform/tests/Feature/Workspaces/Spec195ManagedTenantsLandingTest.php
+++ b/apps/platform/tests/Feature/Workspaces/Spec195ManagedEnvironmentsLandingTest.php
@@ -2,10 +2,10 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\ChooseTenant;
-use App\Filament\Pages\TenantDashboard;
-use App\Filament\Pages\Workspaces\ManagedTenantsLanding;
-use App\Filament\Resources\TenantResource;
+use App\Filament\Pages\ChooseEnvironment;
+use App\Filament\Pages\EnvironmentDashboard;
+use App\Filament\Pages\Workspaces\ManagedEnvironmentsLanding;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\Workspace;
@@ -37,7 +37,7 @@
 
     $this->actingAs($user)
         ->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()])
-        ->get(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]))
+        ->get(route('admin.workspace.managed-environments.index', ['workspace' => $workspace]))
         ->assertSuccessful()
         ->assertSee('Spec195 Landing ManagedEnvironment')
         ->assertSee(__('localization.shell.managed_environments_title'))
@@ -67,19 +67,19 @@
     session([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()]);
 
     $component = Livewire::actingAs($user)
-        ->test(ManagedTenantsLanding::class, ['workspace' => $workspace]);
+        ->test(ManagedEnvironmentsLanding::class, ['workspace' => $workspace]);
 
     $component
-        ->call('goToChooseTenant')
-        ->assertRedirect(route('admin.workspace.managed-tenants.index', ['workspace' => $workspace]));
+        ->call('goToChooseEnvironment')
+        ->assertRedirect(route('admin.workspace.managed-environments.index', ['workspace' => $workspace]));
 
     $this->withSession([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()]);
     session([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantsLanding::class, ['workspace' => $workspace])
+        ->test(ManagedEnvironmentsLanding::class, ['workspace' => $workspace])
         ->call('openTenant', $tenant->getKey())
-        ->assertRedirect(TenantDashboard::getUrl(tenant: $tenant));
+        ->assertRedirect(EnvironmentDashboard::getUrl(tenant: $tenant));
 });
 
 it('allows workspace-scoped access to open an environment from the landing without explicit membership', function (): void {
@@ -101,7 +101,7 @@
     session([WorkspaceContext::SESSION_KEY => (int) $workspace->getKey()]);
 
     Livewire::actingAs($user)
-        ->test(ManagedTenantsLanding::class, ['workspace' => $workspace])
+        ->test(ManagedEnvironmentsLanding::class, ['workspace' => $workspace])
         ->call('openTenant', $tenant->getKey())
-        ->assertRedirect(TenantDashboard::getUrl(tenant: $tenant));
+        ->assertRedirect(EnvironmentDashboard::getUrl(tenant: $tenant));
 });
diff --git a/apps/platform/tests/Feature/Workspaces/SwitchWorkspaceControllerTest.php b/apps/platform/tests/Feature/Workspaces/SwitchWorkspaceControllerTest.php
index 994a4282..8e0d174a 100644
--- a/apps/platform/tests/Feature/Workspaces/SwitchWorkspaceControllerTest.php
+++ b/apps/platform/tests/Feature/Workspaces/SwitchWorkspaceControllerTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -29,6 +29,6 @@
             'workspace_id' => (int) $targetWorkspace->getKey(),
         ]);
 
-    $response->assertRedirect(TenantDashboard::getUrl(panel: 'admin', tenant: $targetWorkspaceTenant));
+    $response->assertRedirect(EnvironmentDashboard::getUrl(panel: 'admin', tenant: $targetWorkspaceTenant));
     expect(session(WorkspaceContext::SESSION_KEY))->toBe((int) $targetWorkspace->getKey());
 });
diff --git a/apps/platform/tests/Feature/Workspaces/WorkspaceRedirectResolverTest.php b/apps/platform/tests/Feature/Workspaces/WorkspaceRedirectResolverTest.php
index 982de132..cf7fc5b6 100644
--- a/apps/platform/tests/Feature/Workspaces/WorkspaceRedirectResolverTest.php
+++ b/apps/platform/tests/Feature/Workspaces/WorkspaceRedirectResolverTest.php
@@ -2,9 +2,9 @@
 
 declare(strict_types=1);
 
-use App\Filament\Pages\ChooseTenant;
+use App\Filament\Pages\ChooseEnvironment;
 use App\Filament\Pages\ChooseWorkspace;
-use App\Filament\Pages\TenantDashboard;
+use App\Filament\Pages\EnvironmentDashboard;
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\Workspace;
diff --git a/apps/platform/tests/Pest.php b/apps/platform/tests/Pest.php
index 5d002d9c..40fc2681 100644
--- a/apps/platform/tests/Pest.php
+++ b/apps/platform/tests/Pest.php
@@ -13,8 +13,8 @@
 use App\Models\RestoreRun;
 use App\Models\StoredReport;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
-use App\Models\TenantReview;
+use App\Models\ManagedEnvironmentOnboardingSession;
+use App\Models\EnvironmentReview;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Models\WorkspaceMembership;
@@ -22,7 +22,7 @@
 use App\Services\Graph\GraphClientInterface;
 use App\Services\Auth\CapabilityResolver;
 use App\Services\Auth\WorkspaceCapabilityResolver;
-use App\Services\TenantReviews\TenantReviewService;
+use App\Services\EnvironmentReviews\EnvironmentReviewService;
 use App\Services\Tenants\TenantActionPolicySurface;
 use App\Support\Evidence\EvidenceCompletenessState;
 use App\Support\Evidence\EvidenceSnapshotStatus;
@@ -105,7 +105,7 @@
         'Feature/OpsUx',
         'Feature/Filament/Alerts/AlertsKpiHeaderTest.php',
         'Feature/Filament/PanelNavigationSegregationTest.php',
-        'Feature/Filament/TenantReviewHeaderDisciplineTest.php',
+        'Feature/Filament/EnvironmentReviewHeaderDisciplineTest.php',
         'Feature/Filament/WorkspaceOnlySurfaceTenantIndependenceTest.php',
         'Feature/Guards/ActionSurfaceContractTest.php',
         'Feature/Guards/OperationLifecycleOpsUxGuardTest.php',
@@ -1108,7 +1108,7 @@ function spec283SeedRequirementRows(ManagedEnvironment $tenant, array $requireme
                 continue;
             }
 
-            $mappedRequirementKeys = \App\Support\Verification\TenantPermissionCheckClusters::requirementKeysForPermissionRow($permission);
+            $mappedRequirementKeys = \App\Support\Verification\ManagedEnvironmentPermissionCheckClusters::requirementKeysForPermissionRow($permission);
 
             if (array_intersect($requirementKeys, $mappedRequirementKeys) === []) {
                 continue;
@@ -1116,7 +1116,7 @@ function spec283SeedRequirementRows(ManagedEnvironment $tenant, array $requireme
 
             $permissionKey = (string) ($permission['key'] ?? '');
 
-            \App\Models\TenantPermission::query()->updateOrCreate(
+            \App\Models\ManagedEnvironmentPermission::query()->updateOrCreate(
                 [
                     'managed_environment_id' => (int) $tenant->getKey(),
                     'permission_key' => $permissionKey,
@@ -1138,7 +1138,7 @@ function spec283SeedRequirementRows(ManagedEnvironment $tenant, array $requireme
  * @param  array<string, mixed>  $permissionPayload
  * @param  array<string, mixed>  $rolePayload
  */
-function seedTenantReviewEvidence(
+function seedEnvironmentReviewEvidence(
     ManagedEnvironment $tenant,
     array $permissionPayload = [],
     array $rolePayload = [],
@@ -1190,7 +1190,9 @@ function seedTenantReviewEvidence(
     OperationRun::factory()
         ->count($operationRunCount)
         ->forTenant($tenant)
-        ->create();
+        ->create([
+            'type' => OperationRunType::PolicySync->value,
+        ]);
 
     /** @var EvidenceSnapshotService $service */
     $service = app(EvidenceSnapshotService::class);
@@ -1231,7 +1233,7 @@ function seedTenantReviewEvidence(
  * @param  array<string, mixed>  $permissionPayload
  * @param  array<string, mixed>  $rolePayload
  */
-function seedStaleTenantReviewEvidence(
+function seedStaleEnvironmentReviewEvidence(
     ManagedEnvironment $tenant,
     array $permissionPayload = [],
     array $rolePayload = [],
@@ -1240,7 +1242,7 @@ function seedStaleTenantReviewEvidence(
     int $operationRunCount = 1,
     array $summaryOverrides = [],
 ): EvidenceSnapshot {
-    $snapshot = seedTenantReviewEvidence(
+    $snapshot = seedEnvironmentReviewEvidence(
         tenant: $tenant,
         permissionPayload: $permissionPayload,
         rolePayload: $rolePayload,
@@ -1249,7 +1251,7 @@ function seedStaleTenantReviewEvidence(
         operationRunCount: $operationRunCount,
     );
 
-    return restateTenantReviewEvidenceSnapshot(
+    return restateEnvironmentReviewEvidenceSnapshot(
         $snapshot,
         EvidenceCompletenessState::Stale,
         array_replace([
@@ -1263,7 +1265,7 @@ function seedStaleTenantReviewEvidence(
  * @param  array<string, mixed>  $permissionPayload
  * @param  array<string, mixed>  $rolePayload
  */
-function seedPartialTenantReviewEvidence(
+function seedPartialEnvironmentReviewEvidence(
     ManagedEnvironment $tenant,
     array $permissionPayload = [],
     array $rolePayload = [],
@@ -1272,7 +1274,7 @@ function seedPartialTenantReviewEvidence(
     int $operationRunCount = 1,
     array $summaryOverrides = [],
 ): EvidenceSnapshot {
-    $snapshot = seedTenantReviewEvidence(
+    $snapshot = seedEnvironmentReviewEvidence(
         tenant: $tenant,
         permissionPayload: $permissionPayload,
         rolePayload: $rolePayload,
@@ -1281,7 +1283,7 @@ function seedPartialTenantReviewEvidence(
         operationRunCount: $operationRunCount,
     );
 
-    return restateTenantReviewEvidenceSnapshot(
+    return restateEnvironmentReviewEvidenceSnapshot(
         $snapshot,
         EvidenceCompletenessState::Partial,
         array_replace([
@@ -1291,12 +1293,12 @@ function seedPartialTenantReviewEvidence(
     );
 }
 
-function composeTenantReviewForTest(ManagedEnvironment $tenant, User $user, ?EvidenceSnapshot $snapshot = null): TenantReview
+function composeEnvironmentReviewForTest(ManagedEnvironment $tenant, User $user, ?EvidenceSnapshot $snapshot = null): EnvironmentReview
 {
-    $snapshot ??= seedTenantReviewEvidence($tenant);
+    $snapshot ??= seedEnvironmentReviewEvidence($tenant);
 
-    /** @var TenantReviewService $service */
-    $service = app(TenantReviewService::class);
+    /** @var EnvironmentReviewService $service */
+    $service = app(EnvironmentReviewService::class);
     $review = $service->create($tenant, $snapshot, $user);
 
     $review = $review->refresh();
@@ -1311,7 +1313,7 @@ function composeTenantReviewForTest(ManagedEnvironment $tenant, User $user, ?Evi
 /**
  * @param  array<string, mixed>  $summaryOverrides
  */
-function restateTenantReviewEvidenceSnapshot(
+function restateEnvironmentReviewEvidenceSnapshot(
     EvidenceSnapshot $snapshot,
     EvidenceCompletenessState $completenessState,
     array $summaryOverrides = [],
@@ -1387,7 +1389,7 @@ function setAdminPanelContext(?ManagedEnvironment $tenant = null): void
 /**
  * @param  array<string, mixed>  $attributes
  */
-function createOnboardingDraft(array $attributes = []): TenantOnboardingSession
+function createOnboardingDraft(array $attributes = []): ManagedEnvironmentOnboardingSession
 {
     $workspace = $attributes['workspace'] ?? Workspace::factory()->create();
     $tenant = $attributes['tenant'] ?? null;
@@ -1407,7 +1409,7 @@ function createOnboardingDraft(array $attributes = []): TenantOnboardingSession
         ]);
     }
 
-    $factory = TenantOnboardingSession::factory()
+    $factory = ManagedEnvironmentOnboardingSession::factory()
         ->forWorkspace($workspace)
         ->startedBy($startedBy)
         ->updatedBy($updatedBy);
diff --git a/apps/platform/tests/Support/TestLaneManifest.php b/apps/platform/tests/Support/TestLaneManifest.php
index 7d114023..e2819a86 100644
--- a/apps/platform/tests/Support/TestLaneManifest.php
+++ b/apps/platform/tests/Support/TestLaneManifest.php
@@ -273,7 +273,7 @@ public static function families(): array
             [
                 'familyId' => 'onboarding-wizard-enforcement',
                 'classificationId' => 'ui-workflow',
-                'purpose' => 'Preserve the managed tenant onboarding wizard capability flow as an intentional retained workflow check.',
+                'purpose' => 'Preserve the managed environment onboarding wizard capability flow as an intentional retained workflow check.',
                 'currentLaneId' => 'confidence',
                 'targetLaneId' => 'confidence',
                 'selectors' => [
@@ -676,9 +676,9 @@ public static function families(): array
                 'validationStatus' => 'guarded',
             ],
             [
-                'familyId' => 'tenant-review-header-discipline',
+                'familyId' => 'environment-review-header-discipline',
                 'classificationId' => 'surface-guard',
-                'purpose' => 'Enforce primary and grouped header action discipline for tenant review pages.',
+                'purpose' => 'Enforce primary and grouped header action discipline for environment review pages.',
                 'currentLaneId' => 'confidence',
                 'targetLaneId' => 'heavy-governance',
                 'selectors' => [
@@ -691,14 +691,14 @@ public static function families(): array
                     ],
                     [
                         'selectorType' => 'file',
-                        'selectorValue' => 'tests/Feature/Filament/TenantReviewHeaderDisciplineTest.php',
+                        'selectorValue' => 'tests/Feature/Filament/EnvironmentReviewHeaderDisciplineTest.php',
                         'selectorRole' => 'inventory-only',
                         'sourceOfTruth' => 'manifest',
                         'rationale' => 'Seeded header discipline hotspot.',
                     ],
                 ],
                 'hotspotFiles' => [
-                    'tests/Feature/Filament/TenantReviewHeaderDisciplineTest.php',
+                    'tests/Feature/Filament/EnvironmentReviewHeaderDisciplineTest.php',
                 ],
                 'costSignals' => ['header action discipline', 'grouped action inventory', 'multi-state surface assertions'],
                 'validationStatus' => 'guarded',
@@ -1299,9 +1299,9 @@ public static function budgetTargets(): array
                 'reviewCadence' => 'tighten after two stable heavy-governance runs',
             ],
             [
-                'budgetId' => 'family-tenant-review-header-discipline',
+                'budgetId' => 'family-environment-review-header-discipline',
                 'targetType' => 'family',
-                'targetId' => 'tenant-review-header-discipline',
+                'targetId' => 'environment-review-header-discipline',
                 'thresholdSeconds' => 20,
                 'baselineSource' => 'measured-post-spec-207',
                 'enforcement' => 'warn',
@@ -2923,7 +2923,7 @@ private static function seededHeavyGovernanceBaselineSnapshot(): array
                 ['familyId' => 'panel-navigation-segregation', 'totalWallClockSeconds' => 11.022529],
                 ['familyId' => 'drift-bulk-triage-all-matching', 'totalWallClockSeconds' => 7.80246],
                 ['familyId' => 'backup-items-relation-manager-enforcement', 'totalWallClockSeconds' => 2.280078],
-                ['familyId' => 'tenant-review-header-discipline', 'totalWallClockSeconds' => 1.257656],
+                ['familyId' => 'environment-review-header-discipline', 'totalWallClockSeconds' => 1.257656],
                 ['familyId' => 'workspace-memberships-relation-manager-enforcement', 'totalWallClockSeconds' => 1.010134],
                 ['familyId' => 'policy-resource-admin-search-parity', 'totalWallClockSeconds' => 0.439257],
                 ['familyId' => 'policy-version-admin-search-parity', 'totalWallClockSeconds' => 0.423746],
diff --git a/apps/platform/tests/Unit/Auth/NoRoleStringChecksTest.php b/apps/platform/tests/Unit/Auth/NoRoleStringChecksTest.php
index ce55b0b3..1ce3f060 100644
--- a/apps/platform/tests/Unit/Auth/NoRoleStringChecksTest.php
+++ b/apps/platform/tests/Unit/Auth/NoRoleStringChecksTest.php
@@ -10,7 +10,7 @@
      */
     $allowedFiles = collect([
         app_path('Services/Auth/RoleCapabilityMap.php'),
-        app_path('Services/Auth/TenantMembershipManager.php'),
+        app_path('Services/Auth/ManagedEnvironmentMembershipManager.php'),
     ])->map(fn (string $path) => realpath($path) ?: $path)->all();
 
     $roleValuePattern = '(owner|manager|operator|readonly)';
@@ -55,7 +55,7 @@
     }
 
     if ($violations !== []) {
-        throw new RuntimeException('Role-string checks must live in RoleCapabilityMap / TenantMembershipManager only. Offenders: '.implode(', ', $violations));
+        throw new RuntimeException('Role-string checks must live in RoleCapabilityMap / ManagedEnvironmentMembershipManager only. Offenders: '.implode(', ', $violations));
     }
 
     expect($violations)->toBeEmpty();
diff --git a/apps/platform/tests/Unit/Badges/BadgeCatalogTest.php b/apps/platform/tests/Unit/Badges/BadgeCatalogTest.php
index 09dda093..a97bd2c7 100644
--- a/apps/platform/tests/Unit/Badges/BadgeCatalogTest.php
+++ b/apps/platform/tests/Unit/Badges/BadgeCatalogTest.php
@@ -57,5 +57,5 @@
     expect($domainValues)->not->toContain('tenant_app_status')
         ->and(BadgeCatalog::mapper(BadgeDomain::TenantStatus))->not->toBeNull()
         ->and(BadgeCatalog::mapper(BadgeDomain::TenantRbacStatus))->not->toBeNull()
-        ->and(BadgeCatalog::mapper(BadgeDomain::TenantPermissionStatus))->not->toBeNull();
+        ->and(BadgeCatalog::mapper(BadgeDomain::ManagedEnvironmentPermissionStatus))->not->toBeNull();
 });
diff --git a/apps/platform/tests/Unit/Badges/GovernanceArtifactTruthTest.php b/apps/platform/tests/Unit/Badges/GovernanceArtifactTruthTest.php
index ab52aab2..b1ae639b 100644
--- a/apps/platform/tests/Unit/Badges/GovernanceArtifactTruthTest.php
+++ b/apps/platform/tests/Unit/Badges/GovernanceArtifactTruthTest.php
@@ -27,9 +27,9 @@
     'healthy evidence snapshot' => [BadgeDomain::GovernanceArtifactContent, 'trusted'],
     'partial evidence snapshot' => [BadgeDomain::GovernanceArtifactContent, 'partial'],
     'stale evidence snapshot' => [BadgeDomain::GovernanceArtifactFreshness, 'stale'],
-    'internal tenant review' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'internal_only'],
-    'blocked tenant review' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'blocked'],
-    'publishable tenant review' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'publishable'],
+    'internal environment review' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'internal_only'],
+    'blocked environment review' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'blocked'],
+    'publishable environment review' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'publishable'],
     'historical review pack' => [BadgeDomain::GovernanceArtifactExistence, 'historical_only'],
     'blocked review pack' => [BadgeDomain::GovernanceArtifactPublicationReadiness, 'blocked'],
     'artifact requires action' => [BadgeDomain::GovernanceArtifactActionability, 'required'],
@@ -52,7 +52,7 @@
         ],
     );
 
-    $truth = app(ArtifactTruthPresenter::class)->forTenantReview($review);
+    $truth = app(ArtifactTruthPresenter::class)->forEnvironmentReview($review);
 
     expect($truth->artifactExistence)->toBe('created')
         ->and($truth->publicationReadiness)->toBe('blocked')
@@ -114,7 +114,7 @@
         ->and($incompleteTruth->reason?->reasonCode)->toBe(BaselineReasonCodes::SNAPSHOT_CAPTURE_FAILED);
 });
 
-it('maps shared operator explanations onto blocked tenant-review and incomplete baseline-snapshot truth envelopes', function (): void {
+it('maps shared operator explanations onto blocked environment-review and incomplete baseline-snapshot truth envelopes', function (): void {
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
     $snapshot = $this->makeArtifactTruthEvidenceSnapshot($tenant);
@@ -131,7 +131,7 @@
         ],
     );
 
-    $reviewTruth = app(ArtifactTruthPresenter::class)->forTenantReview($review);
+    $reviewTruth = app(ArtifactTruthPresenter::class)->forEnvironmentReview($review);
 
     expect($reviewTruth->operatorExplanation)->not->toBeNull()
         ->and($reviewTruth->operatorExplanation?->nextActionText)->toBe('Resolve the review blockers before publication')
diff --git a/apps/platform/tests/Unit/Badges/TenantTriageReviewStateBadgesTest.php b/apps/platform/tests/Unit/Badges/ManagedEnvironmentTriageReviewStateBadgesTest.php
similarity index 52%
rename from apps/platform/tests/Unit/Badges/TenantTriageReviewStateBadgesTest.php
rename to apps/platform/tests/Unit/Badges/ManagedEnvironmentTriageReviewStateBadgesTest.php
index 96577fab..9a7592f9 100644
--- a/apps/platform/tests/Unit/Badges/TenantTriageReviewStateBadgesTest.php
+++ b/apps/platform/tests/Unit/Badges/ManagedEnvironmentTriageReviewStateBadgesTest.php
@@ -2,15 +2,15 @@
 
 declare(strict_types=1);
 
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Support\Badges\BadgeCatalog;
 use App\Support\Badges\BadgeDomain;
 
 it('maps triage review states to centralized badge semantics', function (): void {
-    $notReviewed = BadgeCatalog::spec(BadgeDomain::TenantTriageReviewState, TenantTriageReview::DERIVED_STATE_NOT_REVIEWED);
-    $reviewed = BadgeCatalog::spec(BadgeDomain::TenantTriageReviewState, TenantTriageReview::STATE_REVIEWED);
-    $followUpNeeded = BadgeCatalog::spec(BadgeDomain::TenantTriageReviewState, TenantTriageReview::STATE_FOLLOW_UP_NEEDED);
-    $changedSinceReview = BadgeCatalog::spec(BadgeDomain::TenantTriageReviewState, TenantTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW);
+    $notReviewed = BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentTriageReviewState, ManagedEnvironmentTriageReview::DERIVED_STATE_NOT_REVIEWED);
+    $reviewed = BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentTriageReviewState, ManagedEnvironmentTriageReview::STATE_REVIEWED);
+    $followUpNeeded = BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentTriageReviewState, ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED);
+    $changedSinceReview = BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentTriageReviewState, ManagedEnvironmentTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW);
 
     expect($notReviewed->label)->toBe('Not reviewed')
         ->and($notReviewed->color)->toBe('gray')
@@ -23,7 +23,7 @@
 });
 
 it('falls back to the unknown badge semantics for invalid review states', function (): void {
-    $unknown = BadgeCatalog::spec(BadgeDomain::TenantTriageReviewState, 'invalid_state');
+    $unknown = BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentTriageReviewState, 'invalid_state');
 
     expect($unknown->label)->toBe('Unknown')
         ->and($unknown->color)->toBe('gray');
diff --git a/apps/platform/tests/Unit/Badges/OperatorOutcomeTaxonomyTest.php b/apps/platform/tests/Unit/Badges/OperatorOutcomeTaxonomyTest.php
index 8e64a7b9..cab8ee56 100644
--- a/apps/platform/tests/Unit/Badges/OperatorOutcomeTaxonomyTest.php
+++ b/apps/platform/tests/Unit/Badges/OperatorOutcomeTaxonomyTest.php
@@ -30,7 +30,7 @@
     expect(BadgeCatalog::spec(BadgeDomain::OperationRunStatus, 'queued')->label)->toBe('Queued for execution')
         ->and(BadgeCatalog::spec(BadgeDomain::OperationRunOutcome, 'blocked')->label)->toBe('Blocked by prerequisite')
         ->and(BadgeCatalog::spec(BadgeDomain::EvidenceCompleteness, 'missing')->label)->toBe('Not collected yet')
-        ->and(BadgeCatalog::spec(BadgeDomain::TenantReviewCompleteness, 'stale')->label)->toBe('Refresh review inputs')
+        ->and(BadgeCatalog::spec(BadgeDomain::EnvironmentReviewCompleteness, 'stale')->label)->toBe('Refresh review inputs')
         ->and(BadgeCatalog::spec(BadgeDomain::BaselineSnapshotFidelity, 'unsupported')->label)->toBe('Support limited')
         ->and(BadgeCatalog::spec(BadgeDomain::BaselineSnapshotLifecycle, 'building')->label)->toBe('Building')
         ->and(BadgeCatalog::spec(BadgeDomain::BaselineSnapshotLifecycle, 'superseded')->label)->toBe('Superseded')
diff --git a/apps/platform/tests/Unit/Badges/TenantBadgesTest.php b/apps/platform/tests/Unit/Badges/TenantBadgesTest.php
index 13436561..0697ca73 100644
--- a/apps/platform/tests/Unit/Badges/TenantBadgesTest.php
+++ b/apps/platform/tests/Unit/Badges/TenantBadgesTest.php
@@ -31,7 +31,7 @@
     expect($domainValues)->not->toContain('tenant_app_status')
         ->and(BadgeCatalog::mapper(BadgeDomain::TenantStatus))->not->toBeNull()
         ->and(BadgeCatalog::mapper(BadgeDomain::TenantRbacStatus))->not->toBeNull()
-        ->and(BadgeCatalog::mapper(BadgeDomain::TenantPermissionStatus))->not->toBeNull();
+        ->and(BadgeCatalog::mapper(BadgeDomain::ManagedEnvironmentPermissionStatus))->not->toBeNull();
 });
 
 it('maps tenant RBAC status values to canonical badge semantics', function (): void {
@@ -48,16 +48,16 @@
     expect($notConfigured->color)->toBe('gray');
 });
 
-it('maps tenant permission status values to canonical badge semantics', function (): void {
-    $granted = BadgeCatalog::spec(BadgeDomain::TenantPermissionStatus, 'granted');
+it('maps managed environment permission status values to canonical badge semantics', function (): void {
+    $granted = BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentPermissionStatus, 'granted');
     expect($granted->label)->toBe('Granted');
     expect($granted->color)->toBe('success');
 
-    $missing = BadgeCatalog::spec(BadgeDomain::TenantPermissionStatus, 'missing');
+    $missing = BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentPermissionStatus, 'missing');
     expect($missing->label)->toBe('Missing');
     expect($missing->color)->toBe('warning');
 
-    $error = BadgeCatalog::spec(BadgeDomain::TenantPermissionStatus, 'error');
+    $error = BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentPermissionStatus, 'error');
     expect($error->label)->toBe('Error');
     expect($error->color)->toBe('danger');
 });
diff --git a/apps/platform/tests/Unit/EnvironmentReview/EnvironmentReviewBadgeTest.php b/apps/platform/tests/Unit/EnvironmentReview/EnvironmentReviewBadgeTest.php
new file mode 100644
index 00000000..2f1e6604
--- /dev/null
+++ b/apps/platform/tests/Unit/EnvironmentReview/EnvironmentReviewBadgeTest.php
@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+use App\Support\Badges\BadgeCatalog;
+use App\Support\Badges\BadgeDomain;
+
+it('maps environment review lifecycle values to canonical badge semantics', function (): void {
+    expect(BadgeCatalog::spec(BadgeDomain::EnvironmentReviewStatus, 'draft')->label)->toBe('Draft')
+        ->and(BadgeCatalog::spec(BadgeDomain::EnvironmentReviewStatus, 'ready')->color)->toBe('info')
+        ->and(BadgeCatalog::spec(BadgeDomain::EnvironmentReviewStatus, 'published')->color)->toBe('success')
+        ->and(BadgeCatalog::spec(BadgeDomain::EnvironmentReviewStatus, 'archived')->color)->toBe('gray')
+        ->and(BadgeCatalog::spec(BadgeDomain::EnvironmentReviewStatus, 'failed')->color)->toBe('danger');
+});
+
+it('maps environment review completeness values to canonical badge semantics', function (): void {
+    expect(BadgeCatalog::spec(BadgeDomain::EnvironmentReviewCompleteness, 'complete')->label)->toBe('Review inputs ready')
+        ->and(BadgeCatalog::spec(BadgeDomain::EnvironmentReviewCompleteness, 'partial')->color)->toBe('warning')
+        ->and(BadgeCatalog::spec(BadgeDomain::EnvironmentReviewCompleteness, 'missing')->label)->toBe('Review input pending')
+        ->and(BadgeCatalog::spec(BadgeDomain::EnvironmentReviewCompleteness, 'missing')->color)->toBe('info')
+        ->and(BadgeCatalog::spec(BadgeDomain::EnvironmentReviewCompleteness, 'stale')->label)->toBe('Refresh review inputs');
+});
+
+it('maps publication-readiness truth badges for environment reviews', function (): void {
+    expect(BadgeCatalog::spec(BadgeDomain::GovernanceArtifactPublicationReadiness, 'internal_only')->label)->toBe('Internal only')
+        ->and(BadgeCatalog::spec(BadgeDomain::GovernanceArtifactPublicationReadiness, 'blocked')->label)->toBe('Publication blocked')
+        ->and(BadgeCatalog::spec(BadgeDomain::GovernanceArtifactPublicationReadiness, 'publishable')->label)->toBe('Publishable');
+});
diff --git a/apps/platform/tests/Unit/TenantReview/TenantReviewComposerTest.php b/apps/platform/tests/Unit/EnvironmentReview/EnvironmentReviewComposerTest.php
similarity index 75%
rename from apps/platform/tests/Unit/TenantReview/TenantReviewComposerTest.php
rename to apps/platform/tests/Unit/EnvironmentReview/EnvironmentReviewComposerTest.php
index 086b33c7..81b064ca 100644
--- a/apps/platform/tests/Unit/TenantReview/TenantReviewComposerTest.php
+++ b/apps/platform/tests/Unit/EnvironmentReview/EnvironmentReviewComposerTest.php
@@ -5,18 +5,18 @@
 use App\Models\Finding;
 use App\Models\User;
 use App\Services\Findings\FindingExceptionService;
-use App\Services\TenantReviews\TenantReviewComposer;
-use App\Support\TenantReviewCompletenessState;
-use App\Support\TenantReviewStatus;
+use App\Services\EnvironmentReviews\EnvironmentReviewComposer;
+use App\Support\EnvironmentReviewCompletenessState;
+use App\Support\EnvironmentReviewStatus;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
 uses(RefreshDatabase::class);
 
-it('builds the first-slice tenant review sections in a stable order', function (): void {
+it('builds the first-slice environment review sections in a stable order', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $payload = app(TenantReviewComposer::class)->compose($snapshot);
+    $payload = app(EnvironmentReviewComposer::class)->compose($snapshot);
 
     expect(array_column($payload['sections'], 'section_key'))->toBe([
         'executive_summary',
@@ -28,29 +28,29 @@
         'operations_health',
     ])->and($payload['summary']['section_count'])->toBe(7)
         ->and($payload['summary']['control_interpretation']['version_key'] ?? null)->toBe('compliance_evidence_mapping.v1')
-        ->and($payload['status'])->toBe(TenantReviewStatus::Ready->value);
+        ->and($payload['status'])->toBe(EnvironmentReviewStatus::Ready->value);
 });
 
 it('marks reviews as ready when evidence is partial but required sections are still present', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
 
-    $snapshot = seedTenantReviewEvidence($tenant, permissionPayload: [
+    $snapshot = seedEnvironmentReviewEvidence($tenant, permissionPayload: [
         'required_count' => 12,
         'granted_count' => 9,
     ]);
 
-    $payload = app(TenantReviewComposer::class)->compose($snapshot);
+    $payload = app(EnvironmentReviewComposer::class)->compose($snapshot);
 
-    expect($payload['completeness_state'])->toBe(TenantReviewCompletenessState::Partial->value)
-        ->and($payload['status'])->toBe(TenantReviewStatus::Ready->value)
+    expect($payload['completeness_state'])->toBe(EnvironmentReviewCompletenessState::Partial->value)
+        ->and($payload['status'])->toBe(EnvironmentReviewStatus::Ready->value)
         ->and($payload['summary']['publish_blockers'])->toBe([]);
 });
 
 it('derives a governance package summary from existing review and interpretation truth', function (): void {
     [$user, $tenant] = createUserWithTenant(role: 'owner');
-    $snapshot = seedTenantReviewEvidence($tenant);
+    $snapshot = seedEnvironmentReviewEvidence($tenant);
 
-    $payload = app(TenantReviewComposer::class)->compose($snapshot);
+    $payload = app(EnvironmentReviewComposer::class)->compose($snapshot);
     $package = $payload['summary']['governance_package'] ?? null;
 
     expect($package)->toBeArray()
@@ -93,8 +93,8 @@
         'status' => Finding::STATUS_RISK_ACCEPTED,
     ]);
 
-    $snapshot = seedTenantReviewEvidence($tenant, findingCount: 0, driftCount: 0);
-    $package = app(TenantReviewComposer::class)->compose($snapshot)['summary']['governance_package'] ?? [];
+    $snapshot = seedEnvironmentReviewEvidence($tenant, findingCount: 0, driftCount: 0);
+    $package = app(EnvironmentReviewComposer::class)->compose($snapshot)['summary']['governance_package'] ?? [];
 
     expect(collect($package['accepted_risks'] ?? [])->pluck('finding_id')->all())
         ->toBe([(int) $validFinding->getKey()])
diff --git a/apps/platform/tests/Unit/TenantPermissionCheckClustersTest.php b/apps/platform/tests/Unit/ManagedEnvironmentPermissionCheckClustersTest.php
similarity index 90%
rename from apps/platform/tests/Unit/TenantPermissionCheckClustersTest.php
rename to apps/platform/tests/Unit/ManagedEnvironmentPermissionCheckClustersTest.php
index 23b288f7..514b38fb 100644
--- a/apps/platform/tests/Unit/TenantPermissionCheckClustersTest.php
+++ b/apps/platform/tests/Unit/ManagedEnvironmentPermissionCheckClustersTest.php
@@ -2,7 +2,7 @@
 
 use App\Models\ManagedEnvironment;
 use App\Support\Links\RequiredPermissionsLinks;
-use App\Support\Verification\TenantPermissionCheckClusters;
+use App\Support\Verification\ManagedEnvironmentPermissionCheckClusters;
 use App\Support\Verification\VerificationCheckStatus;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
@@ -11,7 +11,7 @@
 it('marks a cluster as failed and blocking when an application permission is missing', function (): void {
     $tenant = ManagedEnvironment::factory()->create(['external_id' => 'tenant-a']);
 
-    $checks = TenantPermissionCheckClusters::buildChecks($tenant, [
+    $checks = ManagedEnvironmentPermissionCheckClusters::buildChecks($tenant, [
         [
             'key' => 'Directory.Read.All',
             'type' => 'application',
@@ -43,7 +43,7 @@
 it('marks a cluster as warn and non-blocking when only delegated permissions are missing', function (): void {
     $tenant = ManagedEnvironment::factory()->create(['external_id' => 'tenant-b']);
 
-    $checks = TenantPermissionCheckClusters::buildChecks($tenant, [
+    $checks = ManagedEnvironmentPermissionCheckClusters::buildChecks($tenant, [
         [
             'key' => 'DeviceManagementApps.Read.All',
             'type' => 'delegated',
@@ -64,7 +64,7 @@
 it('marks a cluster as skipped when no mapped permissions are present', function (): void {
     $tenant = ManagedEnvironment::factory()->create(['external_id' => 'tenant-c']);
 
-    $checks = TenantPermissionCheckClusters::buildChecks($tenant, []);
+    $checks = ManagedEnvironmentPermissionCheckClusters::buildChecks($tenant, []);
 
     $rbacCheck = collect($checks)->firstWhere('key', 'permissions.intune_rbac_assignments');
 
@@ -75,7 +75,7 @@
 it('marks a cluster as passed when all mapped permissions are granted', function (): void {
     $tenant = ManagedEnvironment::factory()->create(['external_id' => 'tenant-d']);
 
-    $checks = TenantPermissionCheckClusters::buildChecks($tenant, [
+    $checks = ManagedEnvironmentPermissionCheckClusters::buildChecks($tenant, [
         [
             'key' => 'Directory.Read.All',
             'type' => 'application',
@@ -104,7 +104,7 @@
 it('degrades permission clusters to warnings when inventory is not fresh', function (): void {
     $tenant = ManagedEnvironment::factory()->create(['external_id' => 'tenant-e']);
 
-    $checks = TenantPermissionCheckClusters::buildChecks(
+    $checks = ManagedEnvironmentPermissionCheckClusters::buildChecks(
         tenant: $tenant,
         permissions: [
             [
diff --git a/apps/platform/tests/Unit/TenantPermissionServiceTest.php b/apps/platform/tests/Unit/ManagedEnvironmentPermissionServiceTest.php
similarity index 80%
rename from apps/platform/tests/Unit/TenantPermissionServiceTest.php
rename to apps/platform/tests/Unit/ManagedEnvironmentPermissionServiceTest.php
index d5123c8e..99ead312 100644
--- a/apps/platform/tests/Unit/TenantPermissionServiceTest.php
+++ b/apps/platform/tests/Unit/ManagedEnvironmentPermissionServiceTest.php
@@ -1,16 +1,16 @@
 <?php
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Services\Graph\GraphClientInterface;
 use App\Services\Graph\GraphResponse;
-use App\Services\Intune\TenantPermissionService;
+use App\Services\Intune\ManagedEnvironmentPermissionService;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
 uses(RefreshDatabase::class);
 function requiredPermissions(): array
 {
-    $service = app(TenantPermissionService::class);
+    $service = app(ManagedEnvironmentPermissionService::class);
     $required = $service->getRequiredPermissions();
 
     if (empty($required)) {
@@ -39,17 +39,17 @@ function requiredPermissions(): array
     ensureDefaultProviderConnection($tenant, 'microsoft');
 
     foreach (requiredPermissions() as $permission) {
-        TenantPermission::create([
+        ManagedEnvironmentPermission::create([
             'managed_environment_id' => $tenant->id,
             'permission_key' => $permission['key'],
             'status' => 'granted',
         ]);
     }
 
-    $result = app(TenantPermissionService::class)->compare($tenant);
+    $result = app(ManagedEnvironmentPermissionService::class)->compare($tenant);
 
     expect($result['overall_status'])->toBe('granted');
-    expect(TenantPermission::where('managed_environment_id', $tenant->id)->where('status', 'granted')->count())
+    expect(ManagedEnvironmentPermission::where('managed_environment_id', $tenant->id)->where('status', 'granted')->count())
         ->toBe(count(requiredPermissions()));
 });
 
@@ -72,20 +72,20 @@ function requiredPermissions(): array
     ensureDefaultProviderConnection($tenant, 'microsoft');
 
     $first = $permissions[0]['key'];
-    TenantPermission::create([
+    ManagedEnvironmentPermission::create([
         'managed_environment_id' => $tenant->id,
         'permission_key' => $first,
         'status' => 'ok',
     ]);
 
     // Use liveCheck=true to trigger Graph API call
-    $result = app(TenantPermissionService::class)->compare($tenant, null, true, true);
+    $result = app(ManagedEnvironmentPermissionService::class)->compare($tenant, null, true, true);
 
     expect($result['overall_status'])->toBe('missing');
     $missingKey = $permissions[1]['key'] ?? null;
 
     if ($missingKey) {
-        $this->assertDatabaseHas('tenant_permissions', [
+        $this->assertDatabaseHas('managed_environment_permissions', [
             'managed_environment_id' => $tenant->id,
             'permission_key' => $missingKey,
             'status' => 'missing',
@@ -110,7 +110,7 @@ function requiredPermissions(): array
     $permissions = requiredPermissions();
     $first = $permissions[0]['key'];
 
-    $result = app(TenantPermissionService::class)->compare($tenant, [
+    $result = app(ManagedEnvironmentPermissionService::class)->compare($tenant, [
         $first => [
             'status' => 'error',
             'details' => ['message' => 'forbidden'],
@@ -119,7 +119,7 @@ function requiredPermissions(): array
 
     expect($result['overall_status'])->toBe('error');
 
-    $this->assertDatabaseHas('tenant_permissions', [
+    $this->assertDatabaseHas('managed_environment_permissions', [
         'managed_environment_id' => $tenant->id,
         'permission_key' => $first,
         'status' => 'error',
@@ -144,14 +144,14 @@ function requiredPermissions(): array
 
     ensureDefaultProviderConnection($tenant, 'microsoft');
 
-    TenantPermission::create([
+    ManagedEnvironmentPermission::create([
         'managed_environment_id' => $tenant->id,
         'permission_key' => 'DeviceManagementRBAC.ReadWrite.All',
         'status' => 'granted',
         'details' => ['source' => 'configured'],
     ]);
 
-    $result = app(TenantPermissionService::class)->compare($tenant, persist: false, useConfiguredStub: false);
+    $result = app(ManagedEnvironmentPermissionService::class)->compare($tenant, persist: false, useConfiguredStub: false);
 
     expect($result['overall_status'])->toBe('missing');
     expect($result['permissions'][0]['status'])->toBe('missing');
@@ -165,11 +165,11 @@ function requiredPermissions(): array
 
     ensureDefaultProviderConnection($tenant, 'microsoft');
 
-    TenantPermission::withoutEvents(function () use ($tenant): void {
-        app(TenantPermissionService::class)->compare($tenant);
+    ManagedEnvironmentPermission::withoutEvents(function () use ($tenant): void {
+        app(ManagedEnvironmentPermissionService::class)->compare($tenant);
     });
 
-    $this->assertDatabaseHas('tenant_permissions', [
+    $this->assertDatabaseHas('managed_environment_permissions', [
         'managed_environment_id' => $tenant->id,
         'workspace_id' => $tenant->workspace_id,
     ]);
@@ -186,9 +186,9 @@ function requiredPermissions(): array
 
     expect($tenantWithoutWorkspaceId->getAttribute('workspace_id'))->toBeNull();
 
-    app(TenantPermissionService::class)->compare($tenantWithoutWorkspaceId);
+    app(ManagedEnvironmentPermissionService::class)->compare($tenantWithoutWorkspaceId);
 
-    $this->assertDatabaseHas('tenant_permissions', [
+    $this->assertDatabaseHas('managed_environment_permissions', [
         'managed_environment_id' => (int) $tenant->getKey(),
         'workspace_id' => (int) $tenant->workspace_id,
     ]);
@@ -206,7 +206,7 @@ function requiredPermissions(): array
         ]);
     });
 
-    app(TenantPermissionService::class)->compare($tenant, persist: true);
+    app(ManagedEnvironmentPermissionService::class)->compare($tenant, persist: true);
 
-    expect(TenantPermission::query()->where('managed_environment_id', (int) $tenant->getKey())->count())->toBe(0);
+    expect(ManagedEnvironmentPermission::query()->where('managed_environment_id', (int) $tenant->getKey())->count())->toBe(0);
 });
diff --git a/apps/platform/tests/Unit/Onboarding/OnboardingDraftResolverTest.php b/apps/platform/tests/Unit/Onboarding/OnboardingDraftResolverTest.php
index d6fc8dd7..10acc7f8 100644
--- a/apps/platform/tests/Unit/Onboarding/OnboardingDraftResolverTest.php
+++ b/apps/platform/tests/Unit/Onboarding/OnboardingDraftResolverTest.php
@@ -42,7 +42,7 @@
     $resolved = app(OnboardingDraftResolver::class)->resolve($draft->getKey(), $user, $workspace);
 
     expect((int) $resolved->getKey())->toBe((int) $draft->getKey())
-        ->and($resolved->relationLoaded('tenant'))->toBeTrue()
+        ->and($resolved->relationLoaded('managedEnvironment'))->toBeTrue()
         ->and($resolved->relationLoaded('startedByUser'))->toBeTrue()
         ->and($resolved->relationLoaded('updatedByUser'))->toBeTrue();
 });
@@ -189,7 +189,7 @@
         'updated_by' => $user,
         'state' => [
             'entra_tenant_id' => (string) $activeTenant->managed_environment_id,
-            'tenant_name' => (string) $activeTenant->name,
+            'environment_name' => (string) $activeTenant->name,
         ],
     ]);
 
diff --git a/apps/platform/tests/Unit/Onboarding/OnboardingDraftStageResolverTest.php b/apps/platform/tests/Unit/Onboarding/OnboardingDraftStageResolverTest.php
index a823b4cc..375f37df 100644
--- a/apps/platform/tests/Unit/Onboarding/OnboardingDraftStageResolverTest.php
+++ b/apps/platform/tests/Unit/Onboarding/OnboardingDraftStageResolverTest.php
@@ -28,7 +28,7 @@
     $draft = createOnboardingDraft([
         'state' => [
             'entra_tenant_id' => '11111111-1111-1111-1111-111111111111',
-            'tenant_name' => 'Contoso',
+            'environment_name' => 'Contoso',
         ],
     ]);
 
@@ -49,7 +49,7 @@
         'current_step' => 'connection',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
         ],
     ]);
@@ -63,7 +63,7 @@
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => '22222222-2222-2222-2222-222222222222',
-            'tenant_name' => 'Contoso',
+            'environment_name' => 'Contoso',
             'provider_connection_id' => 42,
         ],
     ]);
@@ -85,7 +85,7 @@
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
         ],
     ]);
@@ -123,7 +123,7 @@
         'current_step' => 'bootstrap',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'bootstrap_operation_types' => ['inventory_sync'],
         ],
diff --git a/apps/platform/tests/Unit/Onboarding/OnboardingLifecycleServiceTest.php b/apps/platform/tests/Unit/Onboarding/OnboardingLifecycleServiceTest.php
index 3d53d382..0fee25af 100644
--- a/apps/platform/tests/Unit/Onboarding/OnboardingLifecycleServiceTest.php
+++ b/apps/platform/tests/Unit/Onboarding/OnboardingLifecycleServiceTest.php
@@ -27,7 +27,7 @@
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'connection_recently_updated' => true,
         ],
@@ -51,7 +51,7 @@
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => 42,
         ],
     ]);
@@ -78,7 +78,7 @@
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
         ],
     ]);
@@ -142,7 +142,7 @@
         'current_step' => 'bootstrap',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $verificationRun->getKey(),
             'bootstrap_operation_types' => ['inventory_sync'],
@@ -195,7 +195,7 @@
         'current_step' => 'bootstrap',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'verification_operation_run_id' => (int) $verificationRun->getKey(),
             'bootstrap_operation_types' => ['inventory_sync'],
@@ -231,7 +231,7 @@
         'current_step' => 'verify',
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
             'provider_connection_id' => (int) $connection->getKey(),
             'connection_recently_updated' => true,
         ],
@@ -254,15 +254,15 @@
         'tenant' => $tenant,
         'state' => [
             'entra_tenant_id' => (string) $tenant->managed_environment_id,
-            'tenant_name' => (string) $tenant->name,
+            'environment_name' => (string) $tenant->name,
         ],
     ]);
 
-    $draft = $draft->fresh()->load('tenant');
+    $draft = $draft->fresh()->load('managedEnvironment');
     $service = app(OnboardingLifecycleService::class);
 
-    expect($draft->tenant)->toBeInstanceOf(ManagedEnvironment::class)
-        ->and($draft->tenant?->trashed())->toBeTrue()
+    expect($draft->managedEnvironment)->toBeInstanceOf(ManagedEnvironment::class)
+        ->and($draft->managedEnvironment?->trashed())->toBeTrue()
         ->and($draft->isWorkflowResumable())->toBeTrue()
         ->and($service->canResumeDraft($draft))->toBeFalse();
 });
diff --git a/apps/platform/tests/Unit/Operations/OperationLifecyclePolicyValidatorTest.php b/apps/platform/tests/Unit/Operations/OperationLifecyclePolicyValidatorTest.php
index 83653922..baa57370 100644
--- a/apps/platform/tests/Unit/Operations/OperationLifecyclePolicyValidatorTest.php
+++ b/apps/platform/tests/Unit/Operations/OperationLifecyclePolicyValidatorTest.php
@@ -19,8 +19,8 @@
         'backup.schedule.execute',
         'restore.execute',
         'promotion.execute',
-        'tenant.review_pack.generate',
-        'tenant.review.compose',
+        'environment.review_pack.generate',
+        'environment.review.compose',
         'tenant.evidence.snapshot.generate',
     ]);
 });
@@ -32,7 +32,7 @@
         ->and($validator->jobUsesDirectFailedBridge('baseline.compare'))->toBeTrue()
         ->and($validator->jobUsesDirectFailedBridge('inventory.sync'))->toBeTrue()
         ->and($validator->jobUsesDirectFailedBridge('policy.sync'))->toBeTrue()
-        ->and($validator->jobUsesDirectFailedBridge('tenant.review.compose'))->toBeTrue()
+        ->and($validator->jobUsesDirectFailedBridge('environment.review.compose'))->toBeTrue()
         ->and($validator->jobUsesDirectFailedBridge('backup.schedule.execute'))->toBeFalse();
 });
 
diff --git a/apps/platform/tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php b/apps/platform/tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php
index 165c78ee..9f0a08bb 100644
--- a/apps/platform/tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php
+++ b/apps/platform/tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php
@@ -80,7 +80,7 @@
             'execution_authority_mode' => ExecutionAuthorityMode::ActorBound->value,
             'provider_connection_id' => (int) $connection->getKey(),
             'wizard' => [
-                'flow' => 'managed_tenant_onboarding',
+                'flow' => 'managed_environment_onboarding',
                 'step' => 'verification',
             ],
         ],
@@ -123,9 +123,9 @@
         'context' => [
             'execution_authority_mode' => ExecutionAuthorityMode::ActorBound->value,
             'provider_connection_id' => (int) $connection->getKey(),
-            'required_capability' => Capabilities::WORKSPACE_MANAGED_TENANT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC,
+            'required_capability' => Capabilities::WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC,
             'wizard' => [
-                'flow' => 'managed_tenant_onboarding',
+                'flow' => 'managed_environment_onboarding',
                 'step' => 'bootstrap',
             ],
         ],
diff --git a/apps/platform/tests/Unit/Policies/TenantOnboardingSessionPolicyTest.php b/apps/platform/tests/Unit/Policies/ManagedEnvironmentOnboardingSessionPolicyTest.php
similarity index 89%
rename from apps/platform/tests/Unit/Policies/TenantOnboardingSessionPolicyTest.php
rename to apps/platform/tests/Unit/Policies/ManagedEnvironmentOnboardingSessionPolicyTest.php
index fee06b17..3151c01d 100644
--- a/apps/platform/tests/Unit/Policies/TenantOnboardingSessionPolicyTest.php
+++ b/apps/platform/tests/Unit/Policies/ManagedEnvironmentOnboardingSessionPolicyTest.php
@@ -5,7 +5,7 @@
 use App\Models\ManagedEnvironment;
 use App\Models\User;
 use App\Models\WorkspaceMembership;
-use App\Policies\TenantOnboardingSessionPolicy;
+use App\Policies\ManagedEnvironmentOnboardingSessionPolicy;
 use App\Support\Workspaces\WorkspaceContext;
 use Illuminate\Auth\Access\Response;
 use Illuminate\Foundation\Testing\RefreshDatabase;
@@ -41,7 +41,7 @@
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $otherWorkspace->getKey());
 
-    $result = app(TenantOnboardingSessionPolicy::class)->view($otherWorkspaceUser, $draft);
+    $result = app(ManagedEnvironmentOnboardingSessionPolicy::class)->view($otherWorkspaceUser, $draft);
 
     expect($result)->toBeInstanceOf(Response::class)
         ->and($result->allowed())->toBeFalse()
@@ -80,7 +80,7 @@
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
-    $result = app(TenantOnboardingSessionPolicy::class)->view($workspaceOnlyUser, $draft);
+    $result = app(ManagedEnvironmentOnboardingSessionPolicy::class)->view($workspaceOnlyUser, $draft);
 
     expect($result)->toBeInstanceOf(Response::class)
         ->and($result->allowed())->toBeFalse()
@@ -108,8 +108,8 @@
 
     session()->put(WorkspaceContext::SESSION_KEY, (int) $tenant->workspace_id);
 
-    $viewResult = app(TenantOnboardingSessionPolicy::class)->view($readonlyUser, $draft);
-    $cancelResult = app(TenantOnboardingSessionPolicy::class)->cancel($readonlyUser, $draft);
+    $viewResult = app(ManagedEnvironmentOnboardingSessionPolicy::class)->view($readonlyUser, $draft);
+    $cancelResult = app(ManagedEnvironmentOnboardingSessionPolicy::class)->cancel($readonlyUser, $draft);
 
     expect($viewResult)->toBeInstanceOf(Response::class)
         ->and($viewResult->allowed())->toBeFalse()
diff --git a/apps/platform/tests/Unit/Providers/ProviderConnectionBadgeMappingTest.php b/apps/platform/tests/Unit/Providers/ProviderConnectionBadgeMappingTest.php
index b319fdd0..f5095b5f 100644
--- a/apps/platform/tests/Unit/Providers/ProviderConnectionBadgeMappingTest.php
+++ b/apps/platform/tests/Unit/Providers/ProviderConnectionBadgeMappingTest.php
@@ -26,8 +26,8 @@
 });
 
 it('maps managed-tenant onboarding verification badge aliases consistently', function (): void {
-    expect(BadgeCatalog::spec(BadgeDomain::ManagedTenantOnboardingVerificationStatus, 'unknown')->label)->toBe('Not started')
-        ->and(BadgeCatalog::spec(BadgeDomain::ManagedTenantOnboardingVerificationStatus, 'healthy')->label)->toBe('Ready')
-        ->and(BadgeCatalog::spec(BadgeDomain::ManagedTenantOnboardingVerificationStatus, 'degraded')->label)->toBe('Needs attention')
-        ->and(BadgeCatalog::spec(BadgeDomain::ManagedTenantOnboardingVerificationStatus, 'error')->label)->toBe('Blocked');
+    expect(BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentOnboardingVerificationStatus, 'unknown')->label)->toBe('Not started')
+        ->and(BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentOnboardingVerificationStatus, 'healthy')->label)->toBe('Ready')
+        ->and(BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentOnboardingVerificationStatus, 'degraded')->label)->toBe('Needs attention')
+        ->and(BadgeCatalog::spec(BadgeDomain::ManagedEnvironmentOnboardingVerificationStatus, 'error')->label)->toBe('Blocked');
 });
diff --git a/apps/platform/tests/Unit/Providers/ProviderOperationStartGateTest.php b/apps/platform/tests/Unit/Providers/ProviderOperationStartGateTest.php
index d02468eb..3529ea06 100644
--- a/apps/platform/tests/Unit/Providers/ProviderOperationStartGateTest.php
+++ b/apps/platform/tests/Unit/Providers/ProviderOperationStartGateTest.php
@@ -3,14 +3,14 @@
 use App\Models\OperationRun;
 use App\Models\ProviderConnection;
 use App\Models\ProviderCredential;
-use App\Models\TenantPermission;
+use App\Models\ManagedEnvironmentPermission;
 use App\Models\ManagedEnvironment;
 use App\Services\Providers\ProviderOperationStartGate;
 use App\Support\Auth\Capabilities;
 use App\Support\OperationRunOutcome;
 use App\Support\OperationRunStatus;
 use App\Support\Providers\ProviderReasonCodes;
-use App\Support\Verification\TenantPermissionCheckClusters;
+use App\Support\Verification\ManagedEnvironmentPermissionCheckClusters;
 use App\Support\Verification\VerificationReportSchema;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
@@ -29,11 +29,11 @@ function providerOperationStartGateSeedRequirementRows(ManagedEnvironment $tenan
                 continue;
             }
 
-            if (array_intersect($requirementKeys, TenantPermissionCheckClusters::requirementKeysForPermissionRow($permission)) === []) {
+            if (array_intersect($requirementKeys, ManagedEnvironmentPermissionCheckClusters::requirementKeysForPermissionRow($permission)) === []) {
                 continue;
             }
 
-            TenantPermission::query()->updateOrCreate([
+            ManagedEnvironmentPermission::query()->updateOrCreate([
                 'managed_environment_id' => (int) $tenant->getKey(),
                 'permission_key' => (string) ($permission['key'] ?? ''),
                 'workspace_id' => (int) $tenant->workspace_id,
diff --git a/apps/platform/tests/Unit/Support/CustomerHealth/WorkspaceHealthSummaryQueryTest.php b/apps/platform/tests/Unit/Support/CustomerHealth/WorkspaceHealthSummaryQueryTest.php
index db91ff2b..cdaf8d05 100644
--- a/apps/platform/tests/Unit/Support/CustomerHealth/WorkspaceHealthSummaryQueryTest.php
+++ b/apps/platform/tests/Unit/Support/CustomerHealth/WorkspaceHealthSummaryQueryTest.php
@@ -9,7 +9,7 @@
 use App\Models\ReviewPack;
 use App\Models\Finding;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantOnboardingSession;
+use App\Models\ManagedEnvironmentOnboardingSession;
 use App\Models\Workspace;
 use App\Support\CustomerHealth\CustomerHealthDimensionCatalog;
 use App\Support\CustomerHealth\WorkspaceHealthSummaryQuery;
@@ -338,7 +338,7 @@
 
     $unknownWorkspace = Workspace::factory()->create(['name' => 'Unknown Workspace']);
 
-    TenantOnboardingSession::factory()
+    ManagedEnvironmentOnboardingSession::factory()
         ->forWorkspace($unknownWorkspace)
         ->create([
             'lifecycle_state' => OnboardingLifecycleState::Draft->value,
diff --git a/apps/platform/tests/Unit/Support/GovernanceInbox/GovernanceInboxSectionBuilderTest.php b/apps/platform/tests/Unit/Support/GovernanceInbox/GovernanceInboxSectionBuilderTest.php
index af4f19df..bea71b7c 100644
--- a/apps/platform/tests/Unit/Support/GovernanceInbox/GovernanceInboxSectionBuilderTest.php
+++ b/apps/platform/tests/Unit/Support/GovernanceInbox/GovernanceInboxSectionBuilderTest.php
@@ -7,7 +7,7 @@
 use App\Models\FindingException;
 use App\Models\OperationRun;
 use App\Models\ManagedEnvironment;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Models\User;
 use App\Models\Workspace;
 use App\Support\Auth\Capabilities;
@@ -18,7 +18,7 @@
 use App\Support\OperationRunStatus;
 use App\Support\OperationRunType;
 use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
-use App\Support\PortfolioTriage\TenantTriageReviewFingerprint;
+use App\Support\PortfolioTriage\ManagedEnvironmentTriageReviewFingerprint;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
 uses(RefreshDatabase::class);
@@ -106,7 +106,7 @@
     ]);
 
     $backupHealthResolver = app(TenantBackupHealthResolver::class);
-    $fingerprints = app(TenantTriageReviewFingerprint::class);
+    $fingerprints = app(ManagedEnvironmentTriageReviewFingerprint::class);
 
     $alphaBackupFingerprint = $fingerprints->forBackupHealth($backupHealthResolver->assess($alphaTenant));
     $bravoBackupFingerprint = $fingerprints->forBackupHealth($backupHealthResolver->assess($bravoTenant));
@@ -114,7 +114,7 @@
     expect($alphaBackupFingerprint)->not->toBeNull()
         ->and($bravoBackupFingerprint)->not->toBeNull();
 
-    TenantTriageReview::factory()
+    ManagedEnvironmentTriageReview::factory()
         ->for($alphaTenant)
         ->followUpNeeded()
         ->create([
@@ -126,7 +126,7 @@
             'reviewed_at' => now()->subDay(),
         ]);
 
-    TenantTriageReview::factory()
+    ManagedEnvironmentTriageReview::factory()
         ->for($bravoTenant)
         ->reviewed()
         ->create([
diff --git a/apps/platform/tests/Unit/Support/OperateHub/OperateHubShellResolutionTest.php b/apps/platform/tests/Unit/Support/OperateHub/OperateHubShellResolutionTest.php
index c356d34c..553a59e2 100644
--- a/apps/platform/tests/Unit/Support/OperateHub/OperateHubShellResolutionTest.php
+++ b/apps/platform/tests/Unit/Support/OperateHub/OperateHubShellResolutionTest.php
@@ -94,7 +94,7 @@
 
     $request = Request::create(route('admin.workspace.environments.show', [
         'workspace' => $tenant->workspace,
-        'tenant' => $tenant,
+        'environment' => $tenant,
     ]));
     $request->setLaravelSession(app('session.store'));
     $request->setUserResolver(static fn () => $user);
diff --git a/apps/platform/tests/Unit/Support/OperationalControls/OperationalControlCatalogTest.php b/apps/platform/tests/Unit/Support/OperationalControls/OperationalControlCatalogTest.php
index d8d48634..67277aec 100644
--- a/apps/platform/tests/Unit/Support/OperationalControls/OperationalControlCatalogTest.php
+++ b/apps/platform/tests/Unit/Support/OperationalControls/OperationalControlCatalogTest.php
@@ -33,6 +33,6 @@
 
     expect(fn (): array => $catalog->definition('findings.lifecycle.backfill'))
         ->toThrow(\InvalidArgumentException::class)
-        ->and(fn (): array => $catalog->definition('tenant.review.compose'))
+        ->and(fn (): array => $catalog->definition('environment.review.compose'))
         ->toThrow(\InvalidArgumentException::class);
 });
\ No newline at end of file
diff --git a/apps/platform/tests/Unit/Support/OperatorExplanation/OperationRunExplanationTest.php b/apps/platform/tests/Unit/Support/OperatorExplanation/OperationRunExplanationTest.php
index ff740ba3..e4963adf 100644
--- a/apps/platform/tests/Unit/Support/OperatorExplanation/OperationRunExplanationTest.php
+++ b/apps/platform/tests/Unit/Support/OperatorExplanation/OperationRunExplanationTest.php
@@ -16,7 +16,7 @@
 
     $run = $this->makeArtifactTruthRun(
         tenant: $tenant,
-        type: 'tenant.review.compose',
+        type: 'environment.review.compose',
         context: [
             'managed_environment_id' => (int) $tenant->getKey(),
             'workspace_id' => (int) $tenant->workspace_id,
diff --git a/apps/platform/tests/Unit/Support/OpsUx/GovernanceRunDiagnosticSummaryBuilderTest.php b/apps/platform/tests/Unit/Support/OpsUx/GovernanceRunDiagnosticSummaryBuilderTest.php
index b202dd1d..2fa89fe4 100644
--- a/apps/platform/tests/Unit/Support/OpsUx/GovernanceRunDiagnosticSummaryBuilderTest.php
+++ b/apps/platform/tests/Unit/Support/OpsUx/GovernanceRunDiagnosticSummaryBuilderTest.php
@@ -138,7 +138,7 @@
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
 
-    $run = $this->makeArtifactTruthRun($tenant, 'tenant.review.compose');
+    $run = $this->makeArtifactTruthRun($tenant, 'environment.review.compose');
     $snapshot = $this->makeStaleArtifactTruthEvidenceSnapshot($tenant, [
         'operation_run_id' => null,
     ]);
@@ -177,7 +177,7 @@
     $tenant = ManagedEnvironment::factory()->create();
     [$user, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
 
-    $run = $this->makeArtifactTruthRun($tenant, 'tenant.review_pack.generate');
+    $run = $this->makeArtifactTruthRun($tenant, 'environment.review_pack.generate');
     $snapshot = $this->makeArtifactTruthEvidenceSnapshot($tenant, [
         'operation_run_id' => null,
     ]);
diff --git a/apps/platform/tests/Unit/Support/OpsUx/OperationRunProgressContractTest.php b/apps/platform/tests/Unit/Support/OpsUx/OperationRunProgressContractTest.php
index 87eb3cd7..ec28542e 100644
--- a/apps/platform/tests/Unit/Support/OpsUx/OperationRunProgressContractTest.php
+++ b/apps/platform/tests/Unit/Support/OpsUx/OperationRunProgressContractTest.php
@@ -175,9 +175,9 @@
         ->and($progress['percent'])->toBeNull();
 });
 
-it('derives a tenant review composite label from aggregate operation truth', function (): void {
+it('derives a environment review composite label from aggregate operation truth', function (): void {
     $run = OperationRun::factory()->create([
-        'type' => 'tenant.review.compose',
+        'type' => 'environment.review.compose',
         'status' => 'running',
         'outcome' => 'pending',
         'summary_counts' => [
@@ -196,7 +196,7 @@
 
 it('uses explicit composite attention hints when present', function (): void {
     $run = OperationRun::factory()->create([
-        'type' => 'tenant.review.compose',
+        'type' => 'environment.review.compose',
         'status' => 'running',
         'outcome' => 'pending',
         'summary_counts' => [
diff --git a/apps/platform/tests/Unit/Support/PortfolioCompare/CrossTenantComparePreviewBuilderTest.php b/apps/platform/tests/Unit/Support/PortfolioCompare/CrossEnvironmentComparePreviewBuilderTest.php
similarity index 76%
rename from apps/platform/tests/Unit/Support/PortfolioCompare/CrossTenantComparePreviewBuilderTest.php
rename to apps/platform/tests/Unit/Support/PortfolioCompare/CrossEnvironmentComparePreviewBuilderTest.php
index 268a504a..b4786737 100644
--- a/apps/platform/tests/Unit/Support/PortfolioCompare/CrossTenantComparePreviewBuilderTest.php
+++ b/apps/platform/tests/Unit/Support/PortfolioCompare/CrossEnvironmentComparePreviewBuilderTest.php
@@ -6,50 +6,50 @@
 use App\Models\Policy;
 use App\Models\PolicyVersion;
 use App\Models\ManagedEnvironment;
-use App\Support\PortfolioCompare\CrossTenantComparePreviewBuilder;
-use App\Support\PortfolioCompare\CrossTenantCompareSelection;
+use App\Support\PortfolioCompare\CrossEnvironmentComparePreviewBuilder;
+use App\Support\PortfolioCompare\CrossEnvironmentCompareSelection;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
 uses(RefreshDatabase::class);
 
 it('builds stable compare states for matching, differing, and missing subjects', function (): void {
-    $fixture = crossTenantCompareFixture();
+    $fixture = crossEnvironmentCompareFixture();
 
     createComparedPolicy(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'WiFi Corp',
         snapshot: ['settings' => [['key' => 'wifi', 'value' => 1]]],
     );
     createComparedPolicy(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'WiFi Corp',
         snapshot: ['settings' => [['key' => 'wifi', 'value' => 1]]],
     );
 
     createComparedPolicy(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Windows Compliance',
         snapshot: ['settings' => [['key' => 'compliance', 'value' => 1]]],
     );
     createComparedPolicy(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'Windows Compliance',
         snapshot: ['settings' => [['key' => 'compliance', 'value' => 2]]],
     );
 
     createComparedPolicy(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'VPN Profile',
         snapshot: ['settings' => [['key' => 'vpn', 'value' => 1]]],
     );
 
-    $selection = new CrossTenantCompareSelection(
-        sourceTenant: $fixture['sourceTenant'],
-        targetTenant: $fixture['targetTenant'],
+    $selection = new CrossEnvironmentCompareSelection(
+        sourceEnvironment: $fixture['sourceEnvironment'],
+        targetEnvironment: $fixture['targetEnvironment'],
         policyTypes: ['deviceConfiguration'],
     );
 
-    $builder = app(CrossTenantComparePreviewBuilder::class);
+    $builder = app(CrossEnvironmentComparePreviewBuilder::class);
     $preview = $builder->build($selection);
 
     expect($preview['summary'])->toBe([
@@ -74,37 +74,37 @@
 });
 
 it('marks unresolved source identity and duplicate target matches distinctly', function (): void {
-    $fixture = crossTenantCompareFixture();
+    $fixture = crossEnvironmentCompareFixture();
 
     InventoryItem::factory()->create([
-        'managed_environment_id' => (int) $fixture['sourceTenant']->getKey(),
+        'managed_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
         'policy_type' => 'deviceConfiguration',
         'display_name' => '   ',
         'external_id' => 'source-without-identifier',
     ]);
 
     createComparedPolicy(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Duplicated Policy',
         snapshot: ['settings' => [['key' => 'dup', 'value' => 1]]],
     );
 
     createComparedPolicy(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'Duplicated Policy',
         externalId: 'dup-target-1',
         snapshot: ['settings' => [['key' => 'dup', 'value' => 1]]],
     );
     createComparedPolicy(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'Duplicated Policy',
         externalId: 'dup-target-2',
         snapshot: ['settings' => [['key' => 'dup', 'value' => 1]]],
     );
 
-    $preview = app(CrossTenantComparePreviewBuilder::class)->build(new CrossTenantCompareSelection(
-        sourceTenant: $fixture['sourceTenant'],
-        targetTenant: $fixture['targetTenant'],
+    $preview = app(CrossEnvironmentComparePreviewBuilder::class)->build(new CrossEnvironmentCompareSelection(
+        sourceEnvironment: $fixture['sourceEnvironment'],
+        targetEnvironment: $fixture['targetEnvironment'],
         policyTypes: ['deviceConfiguration'],
     ));
 
@@ -131,18 +131,18 @@
 });
 
 /**
- * @return array{sourceTenant: ManagedEnvironment, targetTenant: ManagedEnvironment}
+ * @return array{sourceEnvironment: ManagedEnvironment, targetEnvironment: ManagedEnvironment}
  */
-function crossTenantCompareFixture(): array
+function crossEnvironmentCompareFixture(): array
 {
-    $sourceTenant = ManagedEnvironment::factory()->create();
-    $targetTenant = ManagedEnvironment::factory()->create([
-        'workspace_id' => (int) $sourceTenant->workspace_id,
+    $sourceEnvironment = ManagedEnvironment::factory()->create();
+    $targetEnvironment = ManagedEnvironment::factory()->create([
+        'workspace_id' => (int) $sourceEnvironment->workspace_id,
     ]);
 
     return [
-        'sourceTenant' => $sourceTenant,
-        'targetTenant' => $targetTenant,
+        'sourceEnvironment' => $sourceEnvironment,
+        'targetEnvironment' => $targetEnvironment,
     ];
 }
 
diff --git a/apps/platform/tests/Unit/Support/PortfolioCompare/CrossTenantPromotionExecutionPlannerTest.php b/apps/platform/tests/Unit/Support/PortfolioCompare/CrossEnvironmentPromotionExecutionPlannerTest.php
similarity index 75%
rename from apps/platform/tests/Unit/Support/PortfolioCompare/CrossTenantPromotionExecutionPlannerTest.php
rename to apps/platform/tests/Unit/Support/PortfolioCompare/CrossEnvironmentPromotionExecutionPlannerTest.php
index bb1e37b4..91e0e060 100644
--- a/apps/platform/tests/Unit/Support/PortfolioCompare/CrossTenantPromotionExecutionPlannerTest.php
+++ b/apps/platform/tests/Unit/Support/PortfolioCompare/CrossEnvironmentPromotionExecutionPlannerTest.php
@@ -2,23 +2,23 @@
 
 declare(strict_types=1);
 
-use App\Support\PortfolioCompare\CrossTenantPromotionExecutionPlanner;
+use App\Support\PortfolioCompare\CrossEnvironmentPromotionExecutionPlanner;
 
 it('builds a ready-only promotion execution plan with stable identity inputs', function (): void {
-    $planner = app(CrossTenantPromotionExecutionPlanner::class);
+    $planner = app(CrossEnvironmentPromotionExecutionPlanner::class);
 
     $preview = [
         'selection' => [
-            'sourceTenantId' => 10,
-            'targetTenantId' => 20,
+            'sourceEnvironmentId' => 10,
+            'targetEnvironmentId' => 20,
             'policyTypes' => ['settingsCatalog', 'deviceConfiguration'],
         ],
     ];
 
     $preflight = [
         'selection' => [
-            'sourceTenantId' => 10,
-            'targetTenantId' => 20,
+            'sourceEnvironmentId' => 10,
+            'targetEnvironmentId' => 20,
             'policyTypes' => ['deviceConfiguration', 'settingsCatalog'],
         ],
         'buckets' => [
@@ -48,8 +48,8 @@
         'updated' => 1,
     ])
         ->and($plan['selection'])->toBe([
-            'sourceTenantId' => 10,
-            'targetTenantId' => 20,
+            'sourceEnvironmentId' => 10,
+            'targetEnvironmentId' => 20,
             'policyTypes' => ['deviceConfiguration', 'settingsCatalog'],
         ])
         ->and(array_column($plan['items'], 'execution_action'))->toBe([
@@ -59,8 +59,8 @@
         ])
         ->and(array_column($plan['excluded'], 'excluded_reason'))->toContain('blocked', 'manual_mapping_required', 'source_policy_version_missing')
         ->and($plan['identity'])->toMatchArray([
-            'source_tenant_id' => 10,
-            'target_tenant_id' => 20,
+            'source_environment_id' => 10,
+            'target_environment_id' => 20,
             'policy_types' => ['deviceConfiguration', 'settingsCatalog'],
         ])
         ->and($plan['identity']['subjects'])->toBe([
@@ -92,20 +92,20 @@
 });
 
 it('rejects stale promotion preflight selections', function (): void {
-    $planner = app(CrossTenantPromotionExecutionPlanner::class);
+    $planner = app(CrossEnvironmentPromotionExecutionPlanner::class);
 
     expect(fn (): array => $planner->build(
-        ['selection' => ['sourceTenantId' => 10, 'targetTenantId' => 20, 'policyTypes' => ['deviceConfiguration']]],
-        ['selection' => ['sourceTenantId' => 10, 'targetTenantId' => 21, 'policyTypes' => ['deviceConfiguration']], 'buckets' => ['ready' => [], 'blocked' => [], 'manual_mapping_required' => []]],
+        ['selection' => ['sourceEnvironmentId' => 10, 'targetEnvironmentId' => 20, 'policyTypes' => ['deviceConfiguration']]],
+        ['selection' => ['sourceEnvironmentId' => 10, 'targetEnvironmentId' => 21, 'policyTypes' => ['deviceConfiguration']], 'buckets' => ['ready' => [], 'blocked' => [], 'manual_mapping_required' => []]],
     ))->toThrow(InvalidArgumentException::class, 'Promotion preflight is stale. Regenerate the preflight before execution.');
 });
 
 it('rejects promotion preflights with no executable ready subjects', function (): void {
-    $planner = app(CrossTenantPromotionExecutionPlanner::class);
+    $planner = app(CrossEnvironmentPromotionExecutionPlanner::class);
 
     expect(fn (): array => $planner->build(
-        ['selection' => ['sourceTenantId' => 10, 'targetTenantId' => 20, 'policyTypes' => ['deviceConfiguration']]],
-        ['selection' => ['sourceTenantId' => 10, 'targetTenantId' => 20, 'policyTypes' => ['deviceConfiguration']], 'buckets' => ['ready' => [], 'blocked' => [plannerSubject('Blocked Policy', 'blocked-subject', 'deviceConfiguration', 'different', 10, 20, 104, 'hash-blocked')], 'manual_mapping_required' => []]],
+        ['selection' => ['sourceEnvironmentId' => 10, 'targetEnvironmentId' => 20, 'policyTypes' => ['deviceConfiguration']]],
+        ['selection' => ['sourceEnvironmentId' => 10, 'targetEnvironmentId' => 20, 'policyTypes' => ['deviceConfiguration']], 'buckets' => ['ready' => [], 'blocked' => [plannerSubject('Blocked Policy', 'blocked-subject', 'deviceConfiguration', 'different', 10, 20, 104, 'hash-blocked')], 'manual_mapping_required' => []]],
     ))->toThrow(DomainException::class, 'Promotion preflight has no executable ready subjects.');
 });
 
@@ -118,8 +118,8 @@ function plannerSubject(
     string $subjectKey,
     string $policyType,
     string $state,
-    int $sourceTenantId,
-    int $targetTenantId,
+    int $sourceEnvironmentId,
+    int $targetEnvironmentId,
     ?int $policyVersionId,
     ?string $evidenceHash,
     array $reasonCodes = [],
@@ -130,7 +130,7 @@ function plannerSubject(
         'policyType' => $policyType,
         'state' => $state,
         'source' => [
-            'tenantId' => $sourceTenantId,
+            'environmentId' => $sourceEnvironmentId,
             'inventoryItemId' => $policyVersionId !== null ? $policyVersionId + 1000 : null,
             'subjectExternalId' => 'source-'.$subjectKey,
             'evidence' => [
@@ -139,7 +139,7 @@ function plannerSubject(
             ],
         ],
         'target' => [
-            'tenantId' => $targetTenantId,
+            'environmentId' => $targetEnvironmentId,
             'inventoryItemId' => $policyVersionId !== null ? $policyVersionId + 2000 : null,
             'subjectExternalId' => 'target-'.$subjectKey,
         ],
diff --git a/apps/platform/tests/Unit/Support/PortfolioCompare/CrossTenantPromotionPreflightTest.php b/apps/platform/tests/Unit/Support/PortfolioCompare/CrossEnvironmentPromotionPreflightTest.php
similarity index 73%
rename from apps/platform/tests/Unit/Support/PortfolioCompare/CrossTenantPromotionPreflightTest.php
rename to apps/platform/tests/Unit/Support/PortfolioCompare/CrossEnvironmentPromotionPreflightTest.php
index 83396e00..bd5c41cf 100644
--- a/apps/platform/tests/Unit/Support/PortfolioCompare/CrossTenantPromotionPreflightTest.php
+++ b/apps/platform/tests/Unit/Support/PortfolioCompare/CrossEnvironmentPromotionPreflightTest.php
@@ -7,78 +7,78 @@
 use App\Models\Policy;
 use App\Models\PolicyVersion;
 use App\Models\ManagedEnvironment;
-use App\Support\PortfolioCompare\CrossTenantComparePreviewBuilder;
-use App\Support\PortfolioCompare\CrossTenantCompareSelection;
-use App\Support\PortfolioCompare\CrossTenantPromotionPreflight;
+use App\Support\PortfolioCompare\CrossEnvironmentComparePreviewBuilder;
+use App\Support\PortfolioCompare\CrossEnvironmentCompareSelection;
+use App\Support\PortfolioCompare\CrossEnvironmentPromotionPreflight;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
 uses(RefreshDatabase::class);
 
 it('classifies ready, blocked, and manual mapping subjects from the compare preview', function (): void {
-    $fixture = crossTenantPromotionFixture();
+    $fixture = crossEnvironmentPromotionFixture();
 
     createPromotionSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Aligned Policy',
         snapshot: ['settings' => [['key' => 'aligned', 'value' => 1]]],
     );
     createPromotionSubject(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'Aligned Policy',
         snapshot: ['settings' => [['key' => 'aligned', 'value' => 1]]],
     );
 
     createPromotionSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Different Policy',
         snapshot: ['settings' => [['key' => 'different', 'value' => 1]]],
     );
     createPromotionSubject(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'Different Policy',
         snapshot: ['settings' => [['key' => 'different', 'value' => 2]]],
     );
 
     createPromotionSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Missing Policy',
         snapshot: ['settings' => [['key' => 'missing', 'value' => 1]]],
     );
 
     createPromotionSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Manual Mapping Policy',
         snapshot: ['settings' => [['key' => 'manual', 'value' => 1]]],
     );
     createPromotionSubject(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'Manual Mapping Policy',
         snapshot: ['settings' => [['key' => 'manual', 'value' => 1]]],
         externalId: 'manual-target-1',
     );
     createPromotionSubject(
-        tenant: $fixture['targetTenant'],
+        tenant: $fixture['targetEnvironment'],
         displayName: 'Manual Mapping Policy',
         snapshot: ['settings' => [['key' => 'manual', 'value' => 1]]],
         externalId: 'manual-target-2',
     );
 
     InventoryItem::factory()->create([
-        'managed_environment_id' => (int) $fixture['sourceTenant']->getKey(),
+        'managed_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
         'policy_type' => 'deviceConfiguration',
         'display_name' => '   ',
         'external_id' => 'missing-source-identifier',
     ]);
 
     Policy::factory()->create([
-        'managed_environment_id' => (int) $fixture['sourceTenant']->getKey(),
+        'managed_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
         'policy_type' => 'deviceConfiguration',
         'external_id' => 'meta-only-source',
         'display_name' => 'Refresh Required Policy',
         'platform' => 'windows',
     ]);
     InventoryItem::factory()->create([
-        'managed_environment_id' => (int) $fixture['sourceTenant']->getKey(),
+        'managed_environment_id' => (int) $fixture['sourceEnvironment']->getKey(),
         'policy_type' => 'deviceConfiguration',
         'external_id' => 'meta-only-source',
         'display_name' => 'Refresh Required Policy',
@@ -86,28 +86,28 @@
     ]);
 
     Policy::factory()->create([
-        'managed_environment_id' => (int) $fixture['targetTenant']->getKey(),
+        'managed_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => 'deviceConfiguration',
         'external_id' => 'meta-only-target',
         'display_name' => 'Refresh Required Policy',
         'platform' => 'windows',
     ]);
     InventoryItem::factory()->create([
-        'managed_environment_id' => (int) $fixture['targetTenant']->getKey(),
+        'managed_environment_id' => (int) $fixture['targetEnvironment']->getKey(),
         'policy_type' => 'deviceConfiguration',
         'external_id' => 'meta-only-target',
         'display_name' => 'Refresh Required Policy',
         'meta_jsonb' => ['etag' => 'target-meta-only'],
     ]);
 
-    $selection = new CrossTenantCompareSelection(
-        sourceTenant: $fixture['sourceTenant'],
-        targetTenant: $fixture['targetTenant'],
+    $selection = new CrossEnvironmentCompareSelection(
+        sourceEnvironment: $fixture['sourceEnvironment'],
+        targetEnvironment: $fixture['targetEnvironment'],
         policyTypes: ['deviceConfiguration'],
     );
 
-    $preview = app(CrossTenantComparePreviewBuilder::class)->build($selection);
-    $preflight = app(CrossTenantPromotionPreflight::class)->build($preview);
+    $preview = app(CrossEnvironmentComparePreviewBuilder::class)->build($selection);
+    $preflight = app(CrossEnvironmentPromotionPreflight::class)->build($preview);
 
     expect($preflight['summary'])->toBe([
         'ready' => 3,
@@ -133,7 +133,7 @@
         ->first(fn (array $subject): bool => in_array('source_identifier_missing', data_get($subject, 'preflight.reasonCodes', []), true));
 
     expect($identifierGap)->toBeArray()
-        ->and(data_get($identifierGap, 'preflight.reasonLabels.0'))->toBe('Source tenant subject is missing a stable compare identifier.')
+        ->and(data_get($identifierGap, 'preflight.reasonLabels.0'))->toBe('Source environment subject is missing a stable compare identifier.')
         ->and($preflight['blockedReasonCounts'])->toMatchArray([
             'source_identifier_missing' => 1,
             'source_evidence_refresh_required' => 1,
@@ -142,42 +142,42 @@
 });
 
 it('remains read only when building a promotion preflight', function (): void {
-    $fixture = crossTenantPromotionFixture();
+    $fixture = crossEnvironmentPromotionFixture();
 
     createPromotionSubject(
-        tenant: $fixture['sourceTenant'],
+        tenant: $fixture['sourceEnvironment'],
         displayName: 'Readonly Policy',
         snapshot: ['settings' => [['key' => 'readonly', 'value' => 1]]],
     );
 
-    $preview = app(CrossTenantComparePreviewBuilder::class)->build(new CrossTenantCompareSelection(
-        sourceTenant: $fixture['sourceTenant'],
-        targetTenant: $fixture['targetTenant'],
+    $preview = app(CrossEnvironmentComparePreviewBuilder::class)->build(new CrossEnvironmentCompareSelection(
+        sourceEnvironment: $fixture['sourceEnvironment'],
+        targetEnvironment: $fixture['targetEnvironment'],
         policyTypes: ['deviceConfiguration'],
     ));
 
     $operationRunCount = OperationRun::query()->count();
     $policyVersionCount = PolicyVersion::query()->count();
 
-    app(CrossTenantPromotionPreflight::class)->build($preview);
+    app(CrossEnvironmentPromotionPreflight::class)->build($preview);
 
     expect(OperationRun::query()->count())->toBe($operationRunCount)
         ->and(PolicyVersion::query()->count())->toBe($policyVersionCount);
 });
 
 /**
- * @return array{sourceTenant: ManagedEnvironment, targetTenant: ManagedEnvironment}
+ * @return array{sourceEnvironment: ManagedEnvironment, targetEnvironment: ManagedEnvironment}
  */
-function crossTenantPromotionFixture(): array
+function crossEnvironmentPromotionFixture(): array
 {
-    $sourceTenant = ManagedEnvironment::factory()->create();
-    $targetTenant = ManagedEnvironment::factory()->create([
-        'workspace_id' => (int) $sourceTenant->workspace_id,
+    $sourceEnvironment = ManagedEnvironment::factory()->create();
+    $targetEnvironment = ManagedEnvironment::factory()->create([
+        'workspace_id' => (int) $sourceEnvironment->workspace_id,
     ]);
 
     return [
-        'sourceTenant' => $sourceTenant,
-        'targetTenant' => $targetTenant,
+        'sourceEnvironment' => $sourceEnvironment,
+        'targetEnvironment' => $targetEnvironment,
     ];
 }
 
diff --git a/apps/platform/tests/Unit/Support/PortfolioTriage/TenantTriageReviewFingerprintTest.php b/apps/platform/tests/Unit/Support/PortfolioTriage/ManagedEnvironmentTriageReviewFingerprintTest.php
similarity index 94%
rename from apps/platform/tests/Unit/Support/PortfolioTriage/TenantTriageReviewFingerprintTest.php
rename to apps/platform/tests/Unit/Support/PortfolioTriage/ManagedEnvironmentTriageReviewFingerprintTest.php
index ca93b60f..4baba4f7 100644
--- a/apps/platform/tests/Unit/Support/PortfolioTriage/TenantTriageReviewFingerprintTest.php
+++ b/apps/platform/tests/Unit/Support/PortfolioTriage/ManagedEnvironmentTriageReviewFingerprintTest.php
@@ -6,7 +6,7 @@
 use App\Support\BackupHealth\BackupScheduleFollowUpEvaluation;
 use App\Support\BackupHealth\TenantBackupHealthAssessment;
 use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
-use App\Support\PortfolioTriage\TenantTriageReviewFingerprint;
+use App\Support\PortfolioTriage\ManagedEnvironmentTriageReviewFingerprint;
 use Carbon\CarbonImmutable;
 
 afterEach(function (): void {
@@ -53,7 +53,7 @@ function triageFingerprintBackupAssessment(
 it('keeps backup fingerprints deterministic across volatile copy changes', function (): void {
     CarbonImmutable::setTestNow(CarbonImmutable::create(2026, 4, 10, 8, 0, 0, 'UTC'));
 
-    $fingerprints = app(TenantTriageReviewFingerprint::class);
+    $fingerprints = app(ManagedEnvironmentTriageReviewFingerprint::class);
 
     $first = $fingerprints->forBackupHealth(triageFingerprintBackupAssessment(
         tenantId: 1,
@@ -80,7 +80,7 @@ function triageFingerprintBackupAssessment(
 });
 
 it('separates concern families and changes fingerprints when the material concern changes', function (): void {
-    $fingerprints = app(TenantTriageReviewFingerprint::class);
+    $fingerprints = app(ManagedEnvironmentTriageReviewFingerprint::class);
 
     $backup = $fingerprints->forConcernFamily(
         PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH,
@@ -126,7 +126,7 @@ function triageFingerprintBackupAssessment(
 });
 
 it('only emits fingerprints for current affected-set concerns', function (): void {
-    $fingerprints = app(TenantTriageReviewFingerprint::class);
+    $fingerprints = app(ManagedEnvironmentTriageReviewFingerprint::class);
 
     expect($fingerprints->forBackupHealth(
         triageFingerprintBackupAssessment(
diff --git a/apps/platform/tests/Unit/Support/PortfolioTriage/TenantTriageReviewStateResolverTest.php b/apps/platform/tests/Unit/Support/PortfolioTriage/ManagedEnvironmentTriageReviewStateResolverTest.php
similarity index 88%
rename from apps/platform/tests/Unit/Support/PortfolioTriage/TenantTriageReviewStateResolverTest.php
rename to apps/platform/tests/Unit/Support/PortfolioTriage/ManagedEnvironmentTriageReviewStateResolverTest.php
index 64375cac..bbcecd75 100644
--- a/apps/platform/tests/Unit/Support/PortfolioTriage/TenantTriageReviewStateResolverTest.php
+++ b/apps/platform/tests/Unit/Support/PortfolioTriage/ManagedEnvironmentTriageReviewStateResolverTest.php
@@ -3,13 +3,13 @@
 declare(strict_types=1);
 
 use App\Models\ManagedEnvironment;
-use App\Models\TenantTriageReview;
+use App\Models\ManagedEnvironmentTriageReview;
 use App\Models\User;
 use App\Support\BackupHealth\BackupFreshnessEvaluation;
 use App\Support\BackupHealth\BackupScheduleFollowUpEvaluation;
 use App\Support\BackupHealth\TenantBackupHealthAssessment;
 use App\Support\PortfolioTriage\PortfolioArrivalContextToken;
-use App\Support\PortfolioTriage\TenantTriageReviewStateResolver;
+use App\Support\PortfolioTriage\ManagedEnvironmentTriageReviewStateResolver;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 
 uses(RefreshDatabase::class);
@@ -62,7 +62,7 @@ function triageResolverBackupAssessment(int $tenantId, string $posture, ?string
     ]);
     createUserWithTenant(tenant: $thirdTenant, user: $reviewer, role: 'owner');
 
-    TenantTriageReview::factory()
+    ManagedEnvironmentTriageReview::factory()
         ->for($firstTenant)
         ->for($reviewer, 'reviewer')
         ->reviewed()
@@ -71,7 +71,7 @@ function triageResolverBackupAssessment(int $tenantId, string $posture, ?string
             'workspace_id' => (int) $firstTenant->workspace_id,
         ]);
 
-    TenantTriageReview::factory()
+    ManagedEnvironmentTriageReview::factory()
         ->for($secondTenant)
         ->for($reviewer, 'reviewer')
         ->followUpNeeded()
@@ -80,7 +80,7 @@ function triageResolverBackupAssessment(int $tenantId, string $posture, ?string
             'workspace_id' => (int) $firstTenant->workspace_id,
         ]);
 
-    $resolved = app(TenantTriageReviewStateResolver::class)->resolveMany(
+    $resolved = app(ManagedEnvironmentTriageReviewStateResolver::class)->resolveMany(
         workspaceId: (int) $firstTenant->workspace_id,
         tenantIds: [(int) $firstTenant->getKey(), (int) $secondTenant->getKey(), (int) $thirdTenant->getKey()],
         backupHealthByTenant: [
@@ -105,11 +105,11 @@ function triageResolverBackupAssessment(int $tenantId, string $posture, ?string
     $summary = $resolved['summaries'][PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH];
 
     expect($resolved['rows'][(int) $firstTenant->getKey()][PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH]['derived_state'])
-        ->toBe(TenantTriageReview::STATE_REVIEWED)
+        ->toBe(ManagedEnvironmentTriageReview::STATE_REVIEWED)
         ->and($resolved['rows'][(int) $secondTenant->getKey()][PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH]['derived_state'])
-        ->toBe(TenantTriageReview::STATE_FOLLOW_UP_NEEDED)
+        ->toBe(ManagedEnvironmentTriageReview::STATE_FOLLOW_UP_NEEDED)
         ->and($resolved['rows'][(int) $thirdTenant->getKey()][PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH]['derived_state'])
-        ->toBe(TenantTriageReview::DERIVED_STATE_NOT_REVIEWED)
+        ->toBe(ManagedEnvironmentTriageReview::DERIVED_STATE_NOT_REVIEWED)
         ->and($summary['affected_total'])->toBe(3)
         ->and($summary['reviewed_count'])->toBe(1)
         ->and($summary['follow_up_needed_count'])->toBe(1)
@@ -121,7 +121,7 @@ function triageResolverBackupAssessment(int $tenantId, string $posture, ?string
     $tenant = ManagedEnvironment::factory()->create(['status' => 'active']);
     [$reviewer, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
 
-    TenantTriageReview::factory()
+    ManagedEnvironmentTriageReview::factory()
         ->for($tenant)
         ->for($reviewer, 'reviewer')
         ->reviewed()
@@ -131,7 +131,7 @@ function triageResolverBackupAssessment(int $tenantId, string $posture, ?string
             'workspace_id' => (int) $tenant->workspace_id,
         ]);
 
-    $resolved = app(TenantTriageReviewStateResolver::class)->resolveMany(
+    $resolved = app(ManagedEnvironmentTriageReviewStateResolver::class)->resolveMany(
         workspaceId: (int) $tenant->workspace_id,
         tenantIds: [(int) $tenant->getKey()],
         backupHealthByTenant: [
@@ -145,7 +145,7 @@ function triageResolverBackupAssessment(int $tenantId, string $posture, ?string
 
     $row = $resolved['rows'][(int) $tenant->getKey()][PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH];
 
-    expect($row['derived_state'])->toBe(TenantTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW)
+    expect($row['derived_state'])->toBe(ManagedEnvironmentTriageReview::DERIVED_STATE_CHANGED_SINCE_REVIEW)
         ->and($resolved['summaries'][PortfolioArrivalContextToken::FAMILY_BACKUP_HEALTH]['changed_since_review_count'])->toBe(1);
 });
 
@@ -153,7 +153,7 @@ function triageResolverBackupAssessment(int $tenantId, string $posture, ?string
     $tenant = ManagedEnvironment::factory()->create(['status' => 'active']);
     [$reviewer, $tenant] = createUserWithTenant(tenant: $tenant, role: 'owner');
 
-    TenantTriageReview::factory()
+    ManagedEnvironmentTriageReview::factory()
         ->for($tenant)
         ->for($reviewer, 'reviewer')
         ->reviewed()
@@ -162,7 +162,7 @@ function triageResolverBackupAssessment(int $tenantId, string $posture, ?string
             'workspace_id' => (int) $tenant->workspace_id,
         ]);
 
-    $resolved = app(TenantTriageReviewStateResolver::class)->resolveMany(
+    $resolved = app(ManagedEnvironmentTriageReviewStateResolver::class)->resolveMany(
         workspaceId: (int) $tenant->workspace_id,
         tenantIds: [(int) $tenant->getKey()],
         backupHealthByTenant: [
diff --git a/apps/platform/tests/Unit/Support/ProductTelemetry/ProductTelemetryRecorderTest.php b/apps/platform/tests/Unit/Support/ProductTelemetry/ProductTelemetryRecorderTest.php
index 601f281c..b035496c 100644
--- a/apps/platform/tests/Unit/Support/ProductTelemetry/ProductTelemetryRecorderTest.php
+++ b/apps/platform/tests/Unit/Support/ProductTelemetry/ProductTelemetryRecorderTest.php
@@ -21,7 +21,7 @@
         workspaceId: (int) $workspace->getKey(),
         tenantId: (int) $tenant->getKey(),
         userId: (int) $user->getKey(),
-        subjectType: 'tenant_onboarding_session',
+        subjectType: 'managed_environment_onboarding_session',
         subjectId: 42,
         metadata: [
             'checkpoint_key' => 'tenant_connected',
@@ -34,7 +34,7 @@
         ->and($event->workspace_id)->toBe((int) $workspace->getKey())
         ->and($event->managed_environment_id)->toBe((int) $tenant->getKey())
         ->and($event->user_id)->toBe((int) $user->getKey())
-        ->and($event->subject_type)->toBe('tenant_onboarding_session')
+        ->and($event->subject_type)->toBe('managed_environment_onboarding_session')
         ->and($event->subject_id)->toBe('42')
         ->and($event->metadata)->toBe([
             'checkpoint_key' => 'tenant_connected',
@@ -48,7 +48,7 @@
         'user_id' => (int) $user->getKey(),
         'event_name' => ProductUsageEventCatalog::ONBOARDING_CHECKPOINT_COMPLETED,
         'feature_area' => 'onboarding',
-        'subject_type' => 'tenant_onboarding_session',
+        'subject_type' => 'managed_environment_onboarding_session',
         'subject_id' => '42',
     ]);
 });
@@ -63,7 +63,7 @@
         workspaceId: (int) $workspace->getKey(),
         tenantId: (int) $tenant->getKey(),
         userId: (int) $user->getKey(),
-        subjectType: 'tenant_onboarding_session',
+        subjectType: 'managed_environment_onboarding_session',
         subjectId: 99,
         metadata: [
             'checkpoint_key' => 'verify_access',
diff --git a/apps/platform/tests/Unit/Support/ProductTelemetry/ProductTelemetrySafeMetadataTest.php b/apps/platform/tests/Unit/Support/ProductTelemetry/ProductTelemetrySafeMetadataTest.php
index f819a636..15677f91 100644
--- a/apps/platform/tests/Unit/Support/ProductTelemetry/ProductTelemetrySafeMetadataTest.php
+++ b/apps/platform/tests/Unit/Support/ProductTelemetry/ProductTelemetrySafeMetadataTest.php
@@ -29,7 +29,7 @@
         workspaceId: (int) $workspace->getKey(),
         tenantId: (int) $tenant->getKey(),
         userId: (int) $user->getKey(),
-        subjectType: 'tenant_onboarding_session',
+        subjectType: 'managed_environment_onboarding_session',
         subjectId: 7,
         metadata: [
             'checkpoint_key' => 'tenant_connected',
@@ -58,7 +58,7 @@
         subjectType: 'operation_run',
         subjectId: 9,
         metadata: [
-            'unknown_key' => 'tenant.review_pack.generate',
+            'unknown_key' => 'environment.review_pack.generate',
         ],
     ))->toThrow(InvalidArgumentException::class, 'Unsupported telemetry metadata keys');
 });
@@ -73,7 +73,7 @@
         workspaceId: (int) $workspace->getKey(),
         tenantId: (int) $tenant->getKey(),
         userId: (int) $user->getKey(),
-        subjectType: 'tenant_onboarding_session',
+        subjectType: 'managed_environment_onboarding_session',
         subjectId: 77,
         metadata: [
             $key => $value,
diff --git a/apps/platform/tests/Unit/Support/ProductTelemetry/ProductTelemetrySummaryQueryTest.php b/apps/platform/tests/Unit/Support/ProductTelemetry/ProductTelemetrySummaryQueryTest.php
index d9ecd0d3..d2207336 100644
--- a/apps/platform/tests/Unit/Support/ProductTelemetry/ProductTelemetrySummaryQueryTest.php
+++ b/apps/platform/tests/Unit/Support/ProductTelemetry/ProductTelemetrySummaryQueryTest.php
@@ -30,14 +30,14 @@
             'workspace_id' => (int) $workspaceA->getKey(),
             'managed_environment_id' => (int) $tenantA->getKey(),
             'user_id' => (int) $user->getKey(),
-            'subject_type' => 'tenant_onboarding_session',
+            'subject_type' => 'managed_environment_onboarding_session',
             'subject_id' => '11',
             'occurred_at' => now()->subHours(2),
         ]);
 
     ProductUsageEvent::factory()
         ->forEvent(ProductUsageEventCatalog::OPERATIONS_STARTED, [
-            'operation_type' => 'tenant.review_pack.generate',
+            'operation_type' => 'environment.review_pack.generate',
         ])
         ->create([
             'workspace_id' => (int) $workspaceB->getKey(),
diff --git a/apps/platform/tests/Unit/Support/SupportDiagnostics/SupportDiagnosticBundleBuilderTest.php b/apps/platform/tests/Unit/Support/SupportDiagnostics/SupportDiagnosticBundleBuilderTest.php
index 14ff384f..b1fc12e3 100644
--- a/apps/platform/tests/Unit/Support/SupportDiagnostics/SupportDiagnosticBundleBuilderTest.php
+++ b/apps/platform/tests/Unit/Support/SupportDiagnostics/SupportDiagnosticBundleBuilderTest.php
@@ -59,7 +59,7 @@
             'operation_context',
             'findings',
             'stored_reports',
-            'tenant_review',
+            'environment_review',
             'review_pack',
             'audit_history',
         ])
@@ -99,7 +99,7 @@
         ->and($sections['provider_connection']['availability'])->toBe('missing')
         ->and($sections['findings']['availability'])->toBe('missing')
         ->and($sections['stored_reports']['availability'])->toBe('missing')
-        ->and($sections['tenant_review']['availability'])->toBe('missing')
+        ->and($sections['environment_review']['availability'])->toBe('missing')
         ->and($sections['review_pack']['availability'])->toBe('missing');
 });
 
diff --git a/apps/platform/tests/Unit/Support/Ui/DerivedState/RequestScopedDerivedStateStoreTest.php b/apps/platform/tests/Unit/Support/Ui/DerivedState/RequestScopedDerivedStateStoreTest.php
index c504ba52..3136fd8d 100644
--- a/apps/platform/tests/Unit/Support/Ui/DerivedState/RequestScopedDerivedStateStoreTest.php
+++ b/apps/platform/tests/Unit/Support/Ui/DerivedState/RequestScopedDerivedStateStoreTest.php
@@ -24,7 +24,7 @@
     $left = DerivedStateKey::fromModel(
         DerivedStateFamily::ArtifactTruth,
         $record,
-        'tenant_review',
+        'environment_review',
         [
             'user_id' => 7,
             'scope' => ['tenant' => 8, 'workspace' => 12],
@@ -34,7 +34,7 @@
     $right = DerivedStateKey::fromModel(
         DerivedStateFamily::ArtifactTruth,
         $record,
-        'tenant_review',
+        'environment_review',
         [
             'scope' => ['workspace' => 12, 'tenant' => 8],
             'user_id' => 7,
@@ -48,7 +48,7 @@
 
 it('reuses cached values after the first miss', function (): void {
     $store = new RequestScopedDerivedStateStore('request-a');
-    $key = new DerivedStateKey(DerivedStateFamily::ArtifactTruth, 'App\\Models\\TenantReview', '55', 'tenant_review');
+    $key = new DerivedStateKey(DerivedStateFamily::ArtifactTruth, 'App\\Models\\EnvironmentReview', '55', 'environment_review');
     $resolutions = 0;
 
     $first = $store->resolve($key, function () use (&$resolutions): string {
@@ -100,13 +100,13 @@
     $store = new RequestScopedDerivedStateStore('request-c');
     $resolutions = 0;
 
-    $tenantReviewKey = new DerivedStateKey(DerivedStateFamily::ArtifactTruth, 'App\\Models\\TenantReview', '101', 'tenant_review');
-    $reviewPackKey = new DerivedStateKey(DerivedStateFamily::ArtifactTruth, 'App\\Models\\TenantReview', '101', 'review_pack');
+    $environmentReviewKey = new DerivedStateKey(DerivedStateFamily::ArtifactTruth, 'App\\Models\\EnvironmentReview', '101', 'environment_review');
+    $reviewPackKey = new DerivedStateKey(DerivedStateFamily::ArtifactTruth, 'App\\Models\\EnvironmentReview', '101', 'review_pack');
 
-    $tenantReviewValue = $store->resolve($tenantReviewKey, function () use (&$resolutions): string {
+    $environmentReviewValue = $store->resolve($environmentReviewKey, function () use (&$resolutions): string {
         $resolutions++;
 
-        return 'tenant-review';
+        return 'environment-review';
     });
 
     $reviewPackValue = $store->resolve($reviewPackKey, function () use (&$resolutions): string {
@@ -115,7 +115,7 @@
         return 'review-pack';
     });
 
-    expect($tenantReviewValue)->toBe('tenant-review')
+    expect($environmentReviewValue)->toBe('environment-review')
         ->and($reviewPackValue)->toBe('review-pack')
         ->and($resolutions)->toBe(2)
         ->and($store->entryCount())->toBe(2);
@@ -123,16 +123,16 @@
 
 it('invalidates exact keys and whole family slices', function (): void {
     $store = new RequestScopedDerivedStateStore('request-d');
-    $tenantReviewKey = new DerivedStateKey(DerivedStateFamily::ArtifactTruth, 'App\\Models\\TenantReview', '1', 'tenant_review');
+    $environmentReviewKey = new DerivedStateKey(DerivedStateFamily::ArtifactTruth, 'App\\Models\\EnvironmentReview', '1', 'environment_review');
     $reviewPackKey = new DerivedStateKey(DerivedStateFamily::ArtifactTruth, 'App\\Models\\ReviewPack', '9', 'review_pack');
     $navigationKey = new DerivedStateKey(DerivedStateFamily::RelatedNavigationPrimary, 'App\\Models\\Finding', '1', 'finding');
 
-    $store->resolve($tenantReviewKey, static fn (): string => 'review');
+    $store->resolve($environmentReviewKey, static fn (): string => 'review');
     $store->resolve($reviewPackKey, static fn (): string => 'pack');
     $store->resolve($navigationKey, static fn (): string => 'link');
 
-    expect($store->invalidateKey($tenantReviewKey))->toBe(1)
-        ->and($store->resolutionRecord($tenantReviewKey))->toBeNull()
+    expect($store->invalidateKey($environmentReviewKey))->toBe(1)
+        ->and($store->resolutionRecord($environmentReviewKey))->toBeNull()
         ->and($store->entryCount())->toBe(2)
         ->and($store->invalidateFamily(DerivedStateFamily::ArtifactTruth))->toBe(1)
         ->and($store->entryCount())->toBe(1)
diff --git a/apps/platform/tests/Unit/Support/Ui/GovernanceArtifactTruth/CompressedGovernanceOutcomeTest.php b/apps/platform/tests/Unit/Support/Ui/GovernanceArtifactTruth/CompressedGovernanceOutcomeTest.php
index 4b31b64f..5b417b94 100644
--- a/apps/platform/tests/Unit/Support/Ui/GovernanceArtifactTruth/CompressedGovernanceOutcomeTest.php
+++ b/apps/platform/tests/Unit/Support/Ui/GovernanceArtifactTruth/CompressedGovernanceOutcomeTest.php
@@ -77,7 +77,7 @@ classification: 'primary',
 
 it('keeps review-register compression publication-first without inventing a new badge dialect', function (): void {
     $truth = compressionFixtureEnvelope([
-        'artifactFamily' => 'tenant_review',
+        'artifactFamily' => 'environment_review',
         'contentState' => 'partial',
         'freshnessState' => 'stale',
         'publicationReadiness' => 'internal_only',
diff --git a/apps/platform/tests/Unit/TenantRequiredPermissionsCopyPayloadTest.php b/apps/platform/tests/Unit/TenantRequiredPermissionsCopyPayloadTest.php
index 68d585a0..9ac9e48d 100644
--- a/apps/platform/tests/Unit/TenantRequiredPermissionsCopyPayloadTest.php
+++ b/apps/platform/tests/Unit/TenantRequiredPermissionsCopyPayloadTest.php
@@ -1,7 +1,7 @@
 <?php
 
 use App\Models\ManagedEnvironment;
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 
 it('builds copy payload as newline-separated missing permissions for the selected type', function (): void {
     $rows = [
@@ -39,7 +39,7 @@
         ],
     ];
 
-    $payload = TenantRequiredPermissionsViewModelBuilder::deriveCopyPayload($rows, 'application');
+    $payload = ManagedEnvironmentRequiredPermissionsViewModelBuilder::deriveCopyPayload($rows, 'application');
 
     expect($payload)->toBe(implode("\n", [
         'DeviceManagementApps.Read.All',
@@ -75,7 +75,7 @@
         ],
     ];
 
-    $payload = TenantRequiredPermissionsViewModelBuilder::deriveCopyPayload($rows, 'delegated', ['f2']);
+    $payload = ManagedEnvironmentRequiredPermissionsViewModelBuilder::deriveCopyPayload($rows, 'delegated', ['f2']);
 
     expect($payload)->toBe(implode("\n", [
         'A',
@@ -84,7 +84,7 @@
 });
 
 it('ignores search terms for copy payload but respects the feature filter', function (): void {
-    $permissionService = \Mockery::mock(\App\Services\Intune\TenantPermissionService::class);
+    $permissionService = \Mockery::mock(\App\Services\Intune\ManagedEnvironmentPermissionService::class);
     $permissionService->shouldReceive('compare')
         ->andReturn([
             'overall_status' => 'missing',
@@ -100,7 +100,7 @@
             ],
         ]);
 
-    $builder = new TenantRequiredPermissionsViewModelBuilder($permissionService);
+    $builder = new ManagedEnvironmentRequiredPermissionsViewModelBuilder($permissionService);
     $tenant = ManagedEnvironment::factory()->make(['external_id' => 'tenant-copy-a', 'name' => 'ManagedEnvironment']);
 
     $vm = $builder->build($tenant, [
diff --git a/apps/platform/tests/Unit/TenantRequiredPermissionsFeatureImpactTest.php b/apps/platform/tests/Unit/TenantRequiredPermissionsFeatureImpactTest.php
index 4d5f12d7..04763c33 100644
--- a/apps/platform/tests/Unit/TenantRequiredPermissionsFeatureImpactTest.php
+++ b/apps/platform/tests/Unit/TenantRequiredPermissionsFeatureImpactTest.php
@@ -1,6 +1,6 @@
 <?php
 
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 
 it('aggregates feature impacts without double-counting within a feature', function (): void {
     $rows = [
@@ -46,7 +46,7 @@
         ],
     ];
 
-    $impacts = TenantRequiredPermissionsViewModelBuilder::deriveFeatureImpacts($rows);
+    $impacts = ManagedEnvironmentRequiredPermissionsViewModelBuilder::deriveFeatureImpacts($rows);
     $byFeature = collect($impacts)->keyBy('feature')->all();
 
     expect($byFeature['backup'])->toMatchArray([
diff --git a/apps/platform/tests/Unit/TenantRequiredPermissionsFilteringTest.php b/apps/platform/tests/Unit/TenantRequiredPermissionsFilteringTest.php
index f41fc18a..6e02fa52 100644
--- a/apps/platform/tests/Unit/TenantRequiredPermissionsFilteringTest.php
+++ b/apps/platform/tests/Unit/TenantRequiredPermissionsFilteringTest.php
@@ -1,6 +1,6 @@
 <?php
 
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 
 it('filters and sorts permissions by status, type, features, and search', function (): void {
     $permissions = [
@@ -30,14 +30,14 @@
         ],
     ];
 
-    $state = TenantRequiredPermissionsViewModelBuilder::normalizeFilterState([
+    $state = ManagedEnvironmentRequiredPermissionsViewModelBuilder::normalizeFilterState([
         'status' => 'all',
         'type' => 'all',
         'features' => [],
         'search' => '',
     ]);
 
-    $filtered = TenantRequiredPermissionsViewModelBuilder::applyFilterState($permissions, $state);
+    $filtered = ManagedEnvironmentRequiredPermissionsViewModelBuilder::applyFilterState($permissions, $state);
 
     expect(array_column($filtered, 'key'))->toBe([
         'alpha.read',
@@ -45,41 +45,41 @@
         'beta.read',
     ]);
 
-    $missingState = TenantRequiredPermissionsViewModelBuilder::normalizeFilterState([
+    $missingState = ManagedEnvironmentRequiredPermissionsViewModelBuilder::normalizeFilterState([
         'status' => 'missing',
         'type' => 'all',
         'features' => ['backup'],
         'search' => '',
     ]);
 
-    $missing = TenantRequiredPermissionsViewModelBuilder::applyFilterState($permissions, $missingState);
+    $missing = ManagedEnvironmentRequiredPermissionsViewModelBuilder::applyFilterState($permissions, $missingState);
 
     expect(array_column($missing, 'key'))->toBe([
         'alpha.read',
         'gamma.manage',
     ]);
 
-    $presentDelegatedState = TenantRequiredPermissionsViewModelBuilder::normalizeFilterState([
+    $presentDelegatedState = ManagedEnvironmentRequiredPermissionsViewModelBuilder::normalizeFilterState([
         'status' => 'present',
         'type' => 'delegated',
         'features' => [],
         'search' => '',
     ]);
 
-    $presentDelegated = TenantRequiredPermissionsViewModelBuilder::applyFilterState($permissions, $presentDelegatedState);
+    $presentDelegated = ManagedEnvironmentRequiredPermissionsViewModelBuilder::applyFilterState($permissions, $presentDelegatedState);
 
     expect(array_column($presentDelegated, 'key'))->toBe([
         'beta.read',
     ]);
 
-    $searchState = TenantRequiredPermissionsViewModelBuilder::normalizeFilterState([
+    $searchState = ManagedEnvironmentRequiredPermissionsViewModelBuilder::normalizeFilterState([
         'status' => 'all',
         'type' => 'all',
         'features' => [],
         'search' => 'RESTORE',
     ]);
 
-    $search = TenantRequiredPermissionsViewModelBuilder::applyFilterState($permissions, $searchState);
+    $search = ManagedEnvironmentRequiredPermissionsViewModelBuilder::applyFilterState($permissions, $searchState);
 
     expect(array_column($search, 'key'))->toBe([
         'gamma.manage',
diff --git a/apps/platform/tests/Unit/TenantRequiredPermissionsFreshnessTest.php b/apps/platform/tests/Unit/TenantRequiredPermissionsFreshnessTest.php
index 9caf2212..737d02b5 100644
--- a/apps/platform/tests/Unit/TenantRequiredPermissionsFreshnessTest.php
+++ b/apps/platform/tests/Unit/TenantRequiredPermissionsFreshnessTest.php
@@ -2,11 +2,11 @@
 
 declare(strict_types=1);
 
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 use Carbon\CarbonImmutable;
 
 it('marks freshness as stale when last refreshed is missing', function (): void {
-    $freshness = TenantRequiredPermissionsViewModelBuilder::deriveFreshness(
+    $freshness = ManagedEnvironmentRequiredPermissionsViewModelBuilder::deriveFreshness(
         null,
         CarbonImmutable::parse('2026-02-08 12:00:00'),
     );
@@ -16,7 +16,7 @@
 });
 
 it('marks freshness as stale when last refreshed is older than 30 days', function (): void {
-    $freshness = TenantRequiredPermissionsViewModelBuilder::deriveFreshness(
+    $freshness = ManagedEnvironmentRequiredPermissionsViewModelBuilder::deriveFreshness(
         CarbonImmutable::parse('2026-01-08 11:59:59'),
         CarbonImmutable::parse('2026-02-08 12:00:00'),
     );
@@ -25,7 +25,7 @@
 });
 
 it('marks freshness as not stale when last refreshed is exactly 30 days old', function (): void {
-    $freshness = TenantRequiredPermissionsViewModelBuilder::deriveFreshness(
+    $freshness = ManagedEnvironmentRequiredPermissionsViewModelBuilder::deriveFreshness(
         CarbonImmutable::parse('2026-01-09 12:00:00'),
         CarbonImmutable::parse('2026-02-08 12:00:00'),
     );
@@ -36,11 +36,11 @@
 it('keeps the thirty day freshness boundary exact to the second', function (): void {
     $reference = CarbonImmutable::parse('2026-02-08 12:00:00');
 
-    $insideWindow = TenantRequiredPermissionsViewModelBuilder::deriveFreshness(
+    $insideWindow = ManagedEnvironmentRequiredPermissionsViewModelBuilder::deriveFreshness(
         CarbonImmutable::parse('2026-01-09 12:00:01'),
         $reference,
     );
-    $outsideWindow = TenantRequiredPermissionsViewModelBuilder::deriveFreshness(
+    $outsideWindow = ManagedEnvironmentRequiredPermissionsViewModelBuilder::deriveFreshness(
         CarbonImmutable::parse('2026-01-09 11:59:59'),
         $reference,
     );
diff --git a/apps/platform/tests/Unit/TenantRequiredPermissionsOverallStatusTest.php b/apps/platform/tests/Unit/TenantRequiredPermissionsOverallStatusTest.php
index 9bf92912..221f1bbc 100644
--- a/apps/platform/tests/Unit/TenantRequiredPermissionsOverallStatusTest.php
+++ b/apps/platform/tests/Unit/TenantRequiredPermissionsOverallStatusTest.php
@@ -1,6 +1,6 @@
 <?php
 
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 use App\Support\Verification\VerificationReportOverall;
 
 it('maps overall to blocked when any application permission is missing', function (): void {
@@ -23,7 +23,7 @@
         ],
     ];
 
-    expect(TenantRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows))
+    expect(ManagedEnvironmentRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows))
         ->toBe(VerificationReportOverall::Blocked->value);
 });
 
@@ -47,7 +47,7 @@
         ],
     ];
 
-    expect(TenantRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows))
+    expect(ManagedEnvironmentRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows))
         ->toBe(VerificationReportOverall::NeedsAttention->value);
 });
 
@@ -71,7 +71,7 @@
         ],
     ];
 
-    expect(TenantRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows))
+    expect(ManagedEnvironmentRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows))
         ->toBe(VerificationReportOverall::NeedsAttention->value);
 });
 
@@ -95,7 +95,7 @@
         ],
     ];
 
-    expect(TenantRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows))
+    expect(ManagedEnvironmentRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows))
         ->toBe(VerificationReportOverall::Ready->value);
 });
 
@@ -119,6 +119,6 @@
         ],
     ];
 
-    expect(TenantRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows, true))
+    expect(ManagedEnvironmentRequiredPermissionsViewModelBuilder::deriveOverallStatus($rows, true))
         ->toBe(VerificationReportOverall::NeedsAttention->value);
 });
diff --git a/apps/platform/tests/Unit/TenantResourceConsentUrlTest.php b/apps/platform/tests/Unit/TenantResourceConsentUrlTest.php
index 179bc7eb..b066a840 100644
--- a/apps/platform/tests/Unit/TenantResourceConsentUrlTest.php
+++ b/apps/platform/tests/Unit/TenantResourceConsentUrlTest.php
@@ -1,6 +1,6 @@
 <?php
 
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\ProviderConnection;
 use App\Models\ProviderCredential;
 use App\Models\ManagedEnvironment;
@@ -33,7 +33,7 @@
         ],
     ]);
 
-    $url = TenantResource::adminConsentUrl($tenant);
+    $url = ManagedEnvironmentResource::adminConsentUrl($tenant);
 
     parse_str((string) parse_url((string) $url, PHP_URL_QUERY), $query);
 
@@ -66,7 +66,7 @@
         ],
     ]);
 
-    $url = TenantResource::adminConsentUrl($tenant);
+    $url = ManagedEnvironmentResource::adminConsentUrl($tenant);
 
     parse_str((string) parse_url((string) $url, PHP_URL_QUERY), $query);
 
diff --git a/apps/platform/tests/Unit/TenantReview/TenantReviewBadgeTest.php b/apps/platform/tests/Unit/TenantReview/TenantReviewBadgeTest.php
deleted file mode 100644
index 3e3219f2..00000000
--- a/apps/platform/tests/Unit/TenantReview/TenantReviewBadgeTest.php
+++ /dev/null
@@ -1,28 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-use App\Support\Badges\BadgeCatalog;
-use App\Support\Badges\BadgeDomain;
-
-it('maps tenant review lifecycle values to canonical badge semantics', function (): void {
-    expect(BadgeCatalog::spec(BadgeDomain::TenantReviewStatus, 'draft')->label)->toBe('Draft')
-        ->and(BadgeCatalog::spec(BadgeDomain::TenantReviewStatus, 'ready')->color)->toBe('info')
-        ->and(BadgeCatalog::spec(BadgeDomain::TenantReviewStatus, 'published')->color)->toBe('success')
-        ->and(BadgeCatalog::spec(BadgeDomain::TenantReviewStatus, 'archived')->color)->toBe('gray')
-        ->and(BadgeCatalog::spec(BadgeDomain::TenantReviewStatus, 'failed')->color)->toBe('danger');
-});
-
-it('maps tenant review completeness values to canonical badge semantics', function (): void {
-    expect(BadgeCatalog::spec(BadgeDomain::TenantReviewCompleteness, 'complete')->label)->toBe('Review inputs ready')
-        ->and(BadgeCatalog::spec(BadgeDomain::TenantReviewCompleteness, 'partial')->color)->toBe('warning')
-        ->and(BadgeCatalog::spec(BadgeDomain::TenantReviewCompleteness, 'missing')->label)->toBe('Review input pending')
-        ->and(BadgeCatalog::spec(BadgeDomain::TenantReviewCompleteness, 'missing')->color)->toBe('info')
-        ->and(BadgeCatalog::spec(BadgeDomain::TenantReviewCompleteness, 'stale')->label)->toBe('Refresh review inputs');
-});
-
-it('maps publication-readiness truth badges for tenant reviews', function (): void {
-    expect(BadgeCatalog::spec(BadgeDomain::GovernanceArtifactPublicationReadiness, 'internal_only')->label)->toBe('Internal only')
-        ->and(BadgeCatalog::spec(BadgeDomain::GovernanceArtifactPublicationReadiness, 'blocked')->label)->toBe('Publication blocked')
-        ->and(BadgeCatalog::spec(BadgeDomain::GovernanceArtifactPublicationReadiness, 'publishable')->label)->toBe('Publishable');
-});
diff --git a/apps/platform/tests/Unit/Tenants/TenantActionPolicySurfaceTest.php b/apps/platform/tests/Unit/Tenants/TenantActionPolicySurfaceTest.php
index 7acb26ce..00f867e4 100644
--- a/apps/platform/tests/Unit/Tenants/TenantActionPolicySurfaceTest.php
+++ b/apps/platform/tests/Unit/Tenants/TenantActionPolicySurfaceTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Filament\Resources\TenantResource;
+use App\Filament\Resources\ManagedEnvironmentResource;
 use App\Models\ManagedEnvironment;
 use App\Services\Tenants\TenantActionPolicySurface;
 use App\Support\Tenants\TenantActionSurface;
@@ -125,7 +125,7 @@
     expect($inspectKeys)->toBe(['view'])
         ->and($primaryKeys)->toBe(['archive'])
         ->and($overflowKeys)->toBe(['related_onboarding'])
-        ->and(TenantResource::actionSurfaceDeclaration()->listRowPrimaryActionLimit())->toBe(1);
+        ->and(ManagedEnvironmentResource::actionSurfaceDeclaration()->listRowPrimaryActionLimit())->toBe(1);
 });
 
 it('invalidates cached tenant index catalogs when the related onboarding draft lifecycle changes', function (): void {
diff --git a/apps/platform/tests/Unit/Tenants/TenantPageCategoryTest.php b/apps/platform/tests/Unit/Tenants/TenantPageCategoryTest.php
index de6d4574..bf696d97 100644
--- a/apps/platform/tests/Unit/Tenants/TenantPageCategoryTest.php
+++ b/apps/platform/tests/Unit/Tenants/TenantPageCategoryTest.php
@@ -12,7 +12,7 @@
 })->with([
     'workspace overview' => ['/admin', TenantPageCategory::WorkspaceScoped],
     'workspace chooser exception' => ['/admin/choose-workspace', TenantPageCategory::WorkspaceChooserException],
-    'tenant chooser' => ['/admin/choose-tenant', TenantPageCategory::WorkspaceScoped],
+    'tenant chooser' => ['/admin/choose-environment', TenantPageCategory::WorkspaceScoped],
     'retired tenant resource detail' => ['/admin/tenants/tenant-123', TenantPageCategory::WorkspaceScoped],
     'retired tenant panel route' => ['/admin/t/tenant-123', TenantPageCategory::WorkspaceScoped],
     'workspace environment detail' => ['/admin/workspaces/acme/environments/tenant-123', TenantPageCategory::TenantBound],
diff --git a/apps/platform/tests/Unit/Ui/GovernanceActions/GovernanceActionCatalogTest.php b/apps/platform/tests/Unit/Ui/GovernanceActions/GovernanceActionCatalogTest.php
index 1205c8d5..7b614f0c 100644
--- a/apps/platform/tests/Unit/Ui/GovernanceActions/GovernanceActionCatalogTest.php
+++ b/apps/platform/tests/Unit/Ui/GovernanceActions/GovernanceActionCatalogTest.php
@@ -50,7 +50,7 @@
 
     expect($bindingsBySurface->get('view_evidence_snapshot', collect())->pluck('actionName')->all())
         ->toEqualCanonicalizing(['refresh_evidence', 'expire_snapshot'])
-        ->and($bindingsBySurface->get('view_tenant_review', collect())->pluck('actionName')->all())
+        ->and($bindingsBySurface->get('view_environment_review', collect())->pluck('actionName')->all())
         ->toContain('refresh_review', 'publish_review', 'archive_review');
 });
 
diff --git a/apps/platform/tests/Unit/Verification/TenantPermissionCapabilityMappingTest.php b/apps/platform/tests/Unit/Verification/ManagedEnvironmentPermissionCapabilityMappingTest.php
similarity index 65%
rename from apps/platform/tests/Unit/Verification/TenantPermissionCapabilityMappingTest.php
rename to apps/platform/tests/Unit/Verification/ManagedEnvironmentPermissionCapabilityMappingTest.php
index 1542ad1c..6e845ea8 100644
--- a/apps/platform/tests/Unit/Verification/TenantPermissionCapabilityMappingTest.php
+++ b/apps/platform/tests/Unit/Verification/ManagedEnvironmentPermissionCapabilityMappingTest.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-use App\Support\Verification\TenantPermissionCheckClusters;
+use App\Support\Verification\ManagedEnvironmentPermissionCheckClusters;
 
 it('maps configured permission rows to provider requirement keys', function (): void {
     $roleDefinitionRow = [
@@ -23,10 +23,10 @@
         'details' => null,
     ];
 
-    expect(TenantPermissionCheckClusters::requirementKeysForPermissionRow($roleDefinitionRow))
+    expect(ManagedEnvironmentPermissionCheckClusters::requirementKeysForPermissionRow($roleDefinitionRow))
         ->toContain('provider.directory_role_definitions', 'permissions.admin_consent')
-        ->and(TenantPermissionCheckClusters::requirementKeysForPermissionRow($groupRow))
+        ->and(ManagedEnvironmentPermissionCheckClusters::requirementKeysForPermissionRow($groupRow))
         ->toContain('permissions.directory_groups', 'permissions.admin_consent')
-        ->and(TenantPermissionCheckClusters::rowsForRequirementKey([$roleDefinitionRow, $groupRow], 'provider.directory_role_definitions'))
+        ->and(ManagedEnvironmentPermissionCheckClusters::rowsForRequirementKey([$roleDefinitionRow, $groupRow], 'provider.directory_role_definitions'))
         ->toHaveCount(1);
 });
diff --git a/apps/platform/tests/Unit/VerificationAssistViewModelBuilderTest.php b/apps/platform/tests/Unit/VerificationAssistViewModelBuilderTest.php
index ef7577c3..3a93a4ea 100644
--- a/apps/platform/tests/Unit/VerificationAssistViewModelBuilderTest.php
+++ b/apps/platform/tests/Unit/VerificationAssistViewModelBuilderTest.php
@@ -3,7 +3,7 @@
 declare(strict_types=1);
 
 use App\Models\ManagedEnvironment;
-use App\Services\Intune\TenantRequiredPermissionsViewModelBuilder;
+use App\Services\Intune\ManagedEnvironmentRequiredPermissionsViewModelBuilder;
 use App\Support\Links\RequiredPermissionsLinks;
 use App\Support\Providers\ProviderNextStepsRegistry;
 use App\Support\Providers\ProviderReasonCodes;
@@ -21,7 +21,7 @@
         'name' => 'Blocked ManagedEnvironment',
     ]);
 
-    $permissionsBuilder = Mockery::mock(TenantRequiredPermissionsViewModelBuilder::class);
+    $permissionsBuilder = Mockery::mock(ManagedEnvironmentRequiredPermissionsViewModelBuilder::class);
     $permissionsBuilder
         ->shouldReceive('build')
         ->twice()
@@ -189,7 +189,7 @@
         'external_id' => 'tenant-assist-ready-a',
     ]);
 
-    $permissionsBuilder = Mockery::mock(TenantRequiredPermissionsViewModelBuilder::class);
+    $permissionsBuilder = Mockery::mock(ManagedEnvironmentRequiredPermissionsViewModelBuilder::class);
     $permissionsBuilder
         ->shouldReceive('build')
         ->once()
@@ -251,7 +251,7 @@
 
     $staleAt = CarbonImmutable::now()->subDays(45)->toIso8601String();
 
-    $permissionsBuilder = Mockery::mock(TenantRequiredPermissionsViewModelBuilder::class);
+    $permissionsBuilder = Mockery::mock(ManagedEnvironmentRequiredPermissionsViewModelBuilder::class);
     $permissionsBuilder
         ->shouldReceive('build')
         ->twice()
diff --git a/apps/platform/tests/Unit/VerificationReportSanitizerEvidenceKindsTest.php b/apps/platform/tests/Unit/VerificationReportSanitizerEvidenceKindsTest.php
index 40d0a022..b23c6225 100644
--- a/apps/platform/tests/Unit/VerificationReportSanitizerEvidenceKindsTest.php
+++ b/apps/platform/tests/Unit/VerificationReportSanitizerEvidenceKindsTest.php
@@ -7,7 +7,7 @@
 it('preserves safe evidence pointer kinds for app diagnostics', function (): void {
     $report = [
         'schema_version' => '1',
-        'flow' => 'managed_tenant_onboarding',
+        'flow' => 'managed_environment_onboarding',
         'generated_at' => now()->toIso8601String(),
         'summary' => [
             'overall' => 'warn',
@@ -54,7 +54,7 @@
 it('keeps safe configuration phrases in verification messages', function (): void {
     $report = [
         'schema_version' => '1',
-        'flow' => 'managed_tenant_onboarding',
+        'flow' => 'managed_environment_onboarding',
         'generated_at' => now()->toIso8601String(),
         'summary' => [
             'overall' => 'warn',
diff --git a/docs/research/admin-canonical-tenant-rollout.md b/docs/research/admin-canonical-tenant-rollout.md
index 16475051..ae2fa6a1 100644
--- a/docs/research/admin-canonical-tenant-rollout.md
+++ b/docs/research/admin-canonical-tenant-rollout.md
@@ -75,8 +75,8 @@ ## Exception Inventory
 
 Approved tenant-panel-native or bootstrapping exceptions:
 
-- `app/Filament/Pages/ChooseTenant.php`
-- `app/Http/Controllers/SelectTenantController.php`
+- `app/Filament/Pages/ChooseEnvironment.php`
+- `app/Http/Controllers/SelectEnvironmentController.php`
 - `app/Support/Middleware/EnsureFilamentTenantSelected.php`
 - `app/Filament/Concerns/ResolvesPanelTenantContext.php`
 
diff --git a/specs/167-derived-state-memoization/contracts/request-scoped-derived-state.logical.openapi.yaml b/specs/167-derived-state-memoization/contracts/request-scoped-derived-state.logical.openapi.yaml
index e4637a6f..379b242e 100644
--- a/specs/167-derived-state-memoization/contracts/request-scoped-derived-state.logical.openapi.yaml
+++ b/specs/167-derived-state-memoization/contracts/request-scoped-derived-state.logical.openapi.yaml
@@ -20,7 +20,7 @@ servers:
 x-derived-state-consumers:
   - surface: reviews.register.table
     family: artifact_truth
-    variant: tenant_review
+    variant: environment_review
     accessPattern: row_safe
     scopeInputs:
       - record_class
@@ -30,12 +30,12 @@ x-derived-state-consumers:
     guardScope:
       - app/Filament/Pages/Reviews/ReviewRegister.php
     requiredMarkers:
-      - 'private function reviewTruth(TenantReview $record, bool $fresh = false): ArtifactTruthEnvelope'
+      - 'private function reviewTruth(EnvironmentReview $record, bool $fresh = false): ArtifactTruthEnvelope'
       - '$this->reviewTruth($record)'
     maxOccurrences:
-      - needle: '->forTenantReview('
+      - needle: '->forEnvironmentReview('
         max: 1
-      - needle: '->forTenantReviewFresh('
+      - needle: '->forEnvironmentReviewFresh('
         max: 1
   - surface: monitoring.evidence_overview.table
     family: artifact_truth
@@ -78,9 +78,9 @@ x-derived-state-consumers:
         max: 1
       - needle: '->forEvidenceSnapshotFresh('
         max: 1
-  - surface: tenant.tenant_reviews.table
+  - surface: environment.environment_reviews.table
     family: artifact_truth
-    variant: tenant_review
+    variant: environment_review
     accessPattern: row_safe
     scopeInputs:
       - record_class
@@ -89,15 +89,15 @@ x-derived-state-consumers:
       - tenant_id
     freshnessPolicy: invalidate_after_mutation
     guardScope:
-      - app/Filament/Resources/TenantReviewResource.php
+      - app/Filament/Resources/EnvironmentReviewResource.php
     requiredMarkers:
-      - 'private static function truthEnvelope(TenantReview $record, bool $fresh = false): ArtifactTruthEnvelope'
+      - 'private static function truthEnvelope(EnvironmentReview $record, bool $fresh = false): ArtifactTruthEnvelope'
       - 'static::truthEnvelope($record)'
       - 'static::truthEnvelope($review->refresh(), fresh: true);'
     maxOccurrences:
-      - needle: '->forTenantReview('
+      - needle: '->forEnvironmentReview('
         max: 1
-      - needle: '->forTenantReviewFresh('
+      - needle: '->forEnvironmentReviewFresh('
         max: 1
   - surface: tenant.review_packs.table
     family: artifact_truth
@@ -326,7 +326,7 @@ x-derived-state-consumers:
       - tenant_id
     freshnessPolicy: invalidate_after_mutation
     guardScope:
-      - app/Filament/Widgets/Tenant/BaselineCompareCoverageBanner.php
+      - app/Filament/Widgets/ManagedEnvironment/BaselineCompareCoverageBanner.php
     requiredMarkers:
       - 'private function governanceAggregate(ManagedEnvironment $tenant): TenantGovernanceAggregate'
       - '$this->governanceAggregate($tenant)'
diff --git a/specs/300-internal-tenant-model-naming-consolidation/allowed-tenant-references.md b/specs/300-internal-tenant-model-naming-consolidation/allowed-tenant-references.md
new file mode 100644
index 00000000..7880bd43
--- /dev/null
+++ b/specs/300-internal-tenant-model-naming-consolidation/allowed-tenant-references.md
@@ -0,0 +1,58 @@
+# Allowed Tenant References
+
+**Feature**: Spec 300 Internal Tenant Model Naming Consolidation  
+**Created**: 2026-05-13  
+**Status**: Preparation baseline; implementation must refresh after final scans.
+
+Spec 300 does not delete the word `tenant` everywhere. It removes platform-owned Tenant-first architecture from active code while preserving legitimate provider, framework, historical, and regression-guard references.
+
+## Allowed Categories
+
+| Category | Allowed References | Why Allowed |
+|---|---|---|
+| Provider-specific | `Microsoft tenant`, `Entra tenant`, `Azure tenant`, `tenantId`, `entra_tenant_id`, `microsoft_tenant_id`, `external_tenant`, `provider tenant id`, `target tenant` | These describe external directory/provider truth or raw API payload contracts. |
+| Framework-required | `Filament::getTenant()`, `Filament::setTenant()`, Filament tenancy context APIs, package method names | These names are framework APIs and cannot be renamed locally. |
+| Historical | Completed specs, old close-out notes, migration history that is not active product truth | Historical implementation evidence must not be rewritten as preparation drift. |
+| Regression-guard | Negative route/helper/resource guard literals such as `/admin/t`, `/admin/tenants`, `TenantPanelProvider`, `setTenantPanelContext` | These prevent legacy route/helper reintroduction. |
+
+## Preparation Observations
+
+| Reference | Representative File(s) | Category | Why Allowed / Required Action |
+|---|---|---|---|
+| `Microsoft tenant ID` | `apps/platform/app/Filament/Resources/ProviderConnectionResource.php`, browser/provider tests | `provider-specific` | External Microsoft directory ID copy; keep. |
+| `entra_tenant_id` | provider connection migrations/factories/resources, onboarding, verification, target scope | `provider-specific` | External Entra tenant identity; keep unless a specific usage is actually platform Managed Environment ID. |
+| `tenantId` | Graph services, target-scope arrays, provider payloads, some job named args | mixed | Keep provider payload/API usages; rename platform Managed Environment ID variables after classification. |
+| `Filament::getTenant()` | Filament context helpers/views/tests | `framework-required` | Filament tenancy API; keep and document. |
+| `/admin/t` and `/admin/tenants` literals | guard tests and completed spec artifacts | `regression-guard` / `historical` | Keep only in negative assertions or historical specs. |
+| Completed Spec 297-299 close-out language | `specs/297-*`, `specs/298-*`, `specs/299-*` | `historical` | Do not rewrite completed implementation evidence. |
+
+## Final Close-Out Requirement
+
+At implementation close-out, every remaining active `tenant` reference must be listed here or in `tenant-reference-inventory.md` with:
+
+- exact reference or pattern
+- file path
+- category
+- why it is allowed
+- whether it is provider-specific, framework-required, historical, or regression-guard
+
+No active platform-managed-environment reference may be allowed merely because renaming it was inconvenient.
+
+## Implementation Loop Update - 2026-05-13
+
+The completed slice preserves the following tenant references as allowed while the remaining platform-owned schema/model families stay unresolved in `tenant-reference-inventory.md`.
+
+| Reference | Representative File(s) | Category | Why Allowed |
+|---|---|---|---|
+| `Microsoft tenant ID`, `Entra tenant ID`, `tenantId`, `entra_tenant_id`, `microsoft_tenant_id` | provider connections, Graph clients, onboarding provider identity, verification/reporting tests | `provider-specific` | These refer to external Microsoft/Entra tenant identity or raw provider payload contracts and were intentionally preserved. |
+| `Filament::getTenant()`, `Filament::setTenant()`, tenancy middleware/context APIs | Filament pages/resources/widgets/tests | `framework-required` | Filament tenancy APIs retain tenant naming in v5/Livewire v4. |
+| `/admin/t`, `/admin/tenants`, `TenantPanelProvider`, `setTenantPanelContext` | route/panel regression guards and legacy-not-found tests | `regression-guard` | These literals prove retired routes/helpers/panels remain absent. |
+| System directory `ViewTenant` | `apps/platform/app/Filament/System/Pages/Directory/ViewTenant.php`, `apps/platform/app/Support/System/SystemDirectoryLinks.php` | `system/customer-directory` | The system panel directory still uses customer/provider tenant terminology; this is not the admin managed-environment resource owner. |
+| `tenant` query parameters for provider, review, governance, and historical filters | review/governance/provider/filter pages and tests | mixed | Preserved where they represent provider/customer tenant filter state or existing public query contracts; final exhaustive cleanup remains blocked by unresolved platform-owned families. |
+
+Not allowed yet:
+
+| Reference family | Status |
+|---|---|
+| `TenantReview*`, `TenantPermission*`, `TenantOnboardingSession*`, `TenantTriageReview*`, and tenant-named DB tables | Active platform-owned references remain and block merge readiness for full Spec 300. |
+| Managed Environment primary-key variables named `tenantId` | Mixed usage remains; must be classified separately from provider `tenantId` before renaming. |
diff --git a/specs/300-internal-tenant-model-naming-consolidation/checklists/requirements.md b/specs/300-internal-tenant-model-naming-consolidation/checklists/requirements.md
new file mode 100644
index 00000000..8a729d88
--- /dev/null
+++ b/specs/300-internal-tenant-model-naming-consolidation/checklists/requirements.md
@@ -0,0 +1,56 @@
+# Requirements Checklist: Internal Tenant Model Naming Consolidation
+
+**Purpose**: Preparation readiness review for Spec 300  
+**Created**: 2026-05-13  
+**Feature**: `specs/300-internal-tenant-model-naming-consolidation/spec.md`
+
+## Candidate And Scope
+
+- [x] CHK001 The selected candidate was directly provided by the user as Spec 300.
+- [x] CHK002 The scope is cleanup-only and explicitly follows Specs 297-299.
+- [x] CHK003 Completed-spec guardrail was checked for Specs 297-299; they are dependency context, not rewrite targets.
+- [x] CHK004 The spec does not create a new product feature, navigation redesign, provider framework, OperationRun architecture, or localization sweep.
+- [x] CHK005 The spec uses current repo truth: `ManagedEnvironment` and `managed_environments` already exist.
+
+## Constitution And Architecture
+
+- [x] CHK006 SPEC-GATE-001 candidate check is filled.
+- [x] CHK007 Proportionality review is filled for the broad structural rename blast radius.
+- [x] CHK008 No new persisted product truth, enum/status family, DTO/presenter layer, registry, resolver, or UI framework is introduced.
+- [x] CHK009 LEAN-001 compatibility posture is explicit: no aliases, no dual-write/read, no route compatibility unless the spec stops for migration risk.
+- [x] CHK010 Provider boundary handling distinguishes platform Managed Environment truth from Microsoft/Entra/Graph tenant truth.
+
+## Route, RBAC, And Filament
+
+- [x] CHK011 Canonical `/admin/workspaces/{workspace}/environments/...` route contract is explicit.
+- [x] CHK012 Retired `/admin/t/...` and `/admin/tenants/...` route families remain forbidden.
+- [x] CHK013 Workspace membership and Managed Environment membership semantics are preserved.
+- [x] CHK014 Filament v5 / Livewire v4.0+ compliance is explicit.
+- [x] CHK015 Laravel 12 panel provider registration location is `apps/platform/bootstrap/providers.php`.
+- [x] CHK016 Global search impact is explicitly called out for renamed resources.
+- [x] CHK017 Destructive action confirmation, execution via `->action(...)`, authorization, and audit preservation are explicit.
+- [x] CHK018 Asset strategy is unchanged unless implementation unexpectedly registers Filament assets.
+
+## Test Governance
+
+- [x] CHK019 Runtime/test impact is explicit.
+- [x] CHK020 Focused validation lanes are named.
+- [x] CHK021 Browser smoke anchors are explicit and do not become a hidden broad browser family.
+- [x] CHK022 Fixture/helper cost risk is called out, especially around renamed tenant context helpers.
+- [x] CHK023 Final scans and close-out inventory are required.
+
+## Artifact Readiness
+
+- [x] CHK024 `spec.md` exists.
+- [x] CHK025 `plan.md` exists.
+- [x] CHK026 `tasks.md` exists.
+- [x] CHK027 `tenant-reference-inventory.md` exists as a preparation baseline.
+- [x] CHK028 `allowed-tenant-references.md` exists as a preparation baseline.
+- [x] CHK029 Tasks are ordered, phased, and verifiable.
+- [x] CHK030 No application implementation was performed during preparation.
+
+## Review Outcome
+
+- [x] CHK031 Review outcome class: `documentation-required-exception` because provider/framework tenant references must remain allowed and documented.
+- [x] CHK032 Workflow outcome: `keep`.
+- [x] CHK033 Final note location: active feature PR close-out entry `Guardrail / Structural Tenant Naming Consolidation / Smoke Coverage`.
diff --git a/specs/300-internal-tenant-model-naming-consolidation/final-tenant-reference-audit.md b/specs/300-internal-tenant-model-naming-consolidation/final-tenant-reference-audit.md
new file mode 100644
index 00000000..5c953f2c
--- /dev/null
+++ b/specs/300-internal-tenant-model-naming-consolidation/final-tenant-reference-audit.md
@@ -0,0 +1,169 @@
+# Final Tenant Reference Audit
+
+**Feature**: Spec 300 Internal Tenant Model Naming Consolidation  
+**Audit date**: 2026-05-14  
+**Status**: Passing with one documented, isolated-passing browser timeout in the raw full suite.
+
+This audit does not require every `tenant` string to disappear. It requires every remaining `Tenant` / `tenant` / `tenants` hit in active platform code, resources, routes, database artifacts, and tests to be classified as either renamed away or intentionally allowed.
+
+## Final Spec 300 Proof
+
+### Runtime Legacy Scan
+
+| Check | Result | Allowed? | Reason |
+|---|---:|---:|---|
+| `/admin/t` active route | no active route | yes | Retired tenant-panel route remains absent from `route:list`. |
+| `/admin/tenants` active route | no active route | yes | Retired tenant resource route remains absent from `route:list`. |
+| `TenantPanelProvider` runtime file/provider registration | no runtime hit | yes | Remaining hits are negative regression guards only. |
+| `setTenantPanelContext` runtime helper | no runtime hit | yes | Remaining hits are negative regression guards only. |
+| `panel: 'tenant'` / `panel: "tenant"` runtime bootstrap | no runtime hit | yes | No active tenant-panel bootstrap remains. |
+| `TenantResource::getUrl` | 0 hits | yes | Retired helper dependency removed. |
+| `TenantDashboard::getUrl` | 0 hits | yes | Retired helper dependency removed. |
+| `TenantRequiredPermissions::getUrl` | 0 hits | yes | Retired helper dependency removed. |
+| Priority old-family scan | 0 hits | yes | `TenantReview`, `TenantPermission`, `TenantTriageReview`, `TenantOnboardingSession`, managed-tenant onboarding names, old context routes, cross-tenant compare/promotion names, and `source_tenant_id` / `target_tenant_id` are removed from active scan scope. |
+
+Commands:
+
+```bash
+cd apps/platform
+
+rg "TenantPanelProvider|setTenantPanelContext|panel:\s*'tenant'|panel:\s*\"tenant\"" app resources routes tests --glob '!vendor' --glob '!node_modules'
+rg "/admin/t/|/admin/tenants|filament\.admin\.resources\.tenants" app resources routes tests --glob '!vendor' --glob '!node_modules'
+rg "TenantResource::getUrl|TenantDashboard::getUrl|TenantRequiredPermissions::getUrl" app resources routes tests --glob '!vendor' --glob '!node_modules'
+rg "TenantReview|tenant_reviews|tenant_review_sections|tenant-reviews|TenantPermission|tenant_permissions|TenantTriageReview|tenant_triage_reviews|TenantOnboardingSession|ManagedTenantOnboarding|managed_tenant_onboarding|managed_tenant_onboarding_sessions|choose-tenant|select-tenant|clear-tenant-context|cross-tenant-compare|CrossTenantCompare|CrossTenantPromotion|source_tenant_id|target_tenant_id|sourceTenantId|targetTenantId" app database resources routes tests --glob '!vendor' --glob '!node_modules'
+```
+
+Results:
+
+| Scan | Count | Classification |
+|---|---:|---|
+| Legacy panel literals | 10 | Allowed regression guards in `tests/Feature/WorkspaceFoundation/PlatformBootSmokeTest.php`, `tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php`, and `tests/Feature/Guards/NoLegacyTenantPanelRuntimeTest.php`. |
+| Legacy route/name literals | 123 | Allowed negative route assertions, historical redirect/not-found tests, and Spec 300 browser guard assertions. No runtime route is present. |
+| Retired URL helpers | 0 | Clean. |
+| Priority old families | 0 | Clean. |
+
+### Remaining Tenant References
+
+Broad scan:
+
+```bash
+cd apps/platform
+rg "\bTenant\b|\btenant\b|tenants" app database resources routes tests --glob '!vendor' --glob '!node_modules'
+```
+
+Result: **22,571 matches across 1,561 files**.
+
+| Scope | Files | Allowed? | Classification |
+|---|---:|---:|---|
+| `tests` | 1076 | yes | Provider fixtures, framework tenancy API assertions, security/isolation tests, negative legacy route guards, historical compatibility tests, and renamed managed-environment regression coverage. |
+| `app` | 433 | yes | Provider/Entra terminology, Filament tenancy APIs, system directory tenant terminology, tenant-isolation support domain, residual allowed schema families, product-brand namespaces, and operation/workload identifiers. |
+| `resources` | 38 | yes | Filament/UI views using provider/system-directory terminology, framework tenant context terms, and allowed tenant-isolation copy where the domain still intentionally uses tenant as a security boundary. |
+| `database` | 12 | yes | Historical migration filenames, provider columns, and residual schema families listed below; priority old tables were renamed. |
+| `routes` | 2 | yes | System directory tenant routes only; no retired admin tenant routes. |
+
+Allowed categories:
+
+| Category | Representative references | Representative files / scopes | Allowed? | Reason |
+|---|---|---|---:|---|
+| Provider term | `Microsoft tenant ID`, `Entra tenant ID`, `tenantId`, `entra_tenant_id`, `microsoft_tenant_id`, provider tenant scope payloads | provider connections, onboarding provider identity, Graph/provider services, verification/report tests | yes | These describe external Microsoft/Entra/provider identity or raw API payload contracts. |
+| Filament/framework-required | `Filament::getTenant()`, `Filament::setTenant()`, `canAccessTenant()`, tenant ownership relationship names, tenancy middleware | Filament resources/pages/widgets, test helpers, RBAC tests | yes | Filament v5 and related package APIs use tenant terminology; renaming local calls would break framework integration. |
+| Regression guard | `/admin/t`, `/admin/tenants`, `filament.admin.resources.tenants`, `TenantPanelProvider`, `setTenantPanelContext`, `panel: 'tenant'` | guard tests, legacy route not-found tests, Spec 300 smoke guard | yes | These literals prove retired routes, panels, and helpers do not return. |
+| System directory | `system/directory/tenants`, `ViewTenant`, `{tenant}` system route parameter | `app/Filament/System/Pages/Directory/ViewTenant.php`, `routes/web.php`, system directory tests | yes | System panel directory intentionally models external/customer tenants, not the admin managed-environment product route. |
+| Tenant-isolation domain | `App\Support\Tenants\*`, `TenantAction*`, `TenantOperability*`, tenant-owned tables/model families, tenant lifecycle/security terminology | RBAC, middleware, workspace isolation, operability, action-surface, support-diagnostics code/tests | yes | These references denote the isolation/security boundary and compatibility contracts; the primary product model is now `ManagedEnvironment`. |
+| Residual schema family | `tenant_settings`, `tenant_role_mappings`, `baseline_tenant_assignments`, `UserTenantPreference`, `user_managed_environment_preferences` | models, migrations, factories, workspace isolation tests, baseline assignment tests | yes | These are retained schema/compatibility families. Where they point at the product environment, columns/relations use `managed_environment_id`; no old Tenant resource or route is generated from them. |
+| Historical migration filename | old `*_tenants*` migration filenames that create or alter current `managed_environments`-based schema | `database/migrations` | yes | Migration filenames are historical ledger entries. Runtime table/constraint names were renamed where they were part of the priority families or active route/resource proof. |
+| Product brand / namespace | `tenantpilot`, `TenantPilot`, env/config namespaces | config, console, docs/tests | yes | Product naming remains intentionally separate from the internal model rename. |
+| Operation/workload identifier | provider or workload operation strings that still include tenant as domain language, for example tenant evidence snapshot generation | operation catalog, operation tests, telemetry/support diagnostics | yes | Operation IDs are compatibility/workload identifiers. Spec 300 changed active managed-environment surfaces without rewriting unrelated historical operation keys. |
+
+No unclassified active platform-owned priority family remains in `app`, `database`, `resources`, `routes`, or `tests`.
+
+### Route Proof
+
+| Command | Result |
+|---|---|
+| `cd apps/platform && ./vendor/bin/sail artisan route:list \| rg "admin/t\|admin/tenants\|filament\.admin\.resources\.tenants"` | No output. |
+| `cd apps/platform && ./vendor/bin/sail artisan route:list \| rg "tenant\|choose-environment\|select-environment\|clear-environment-context\|cross-environment-compare\|managed-environments\|environment-reviews"` | Shows `admin/choose-environment`, `admin/clear-environment-context`, `admin/cross-environment-compare`, `admin/select-environment`, environment review routes under `/admin/workspaces/{workspace}/environments/{environment}/environment-reviews`, and system directory routes `/system/directory/tenants`. |
+
+Active route classification:
+
+| Route family | Allowed? | Reason |
+|---|---:|---|
+| `/admin/choose-environment`, `/admin/select-environment`, `/admin/clear-environment-context`, `/admin/cross-environment-compare` | yes | Renamed replacements for old choose/select/clear/cross tenant routes. |
+| `/admin/workspaces/{workspace}/environments/{environment}/environment-reviews` | yes | Renamed replacement for old `tenant-reviews` route. |
+| `/system/directory/tenants` and `/system/directory/tenants/{tenant}` | yes | System directory route for external/customer tenant directory, not retired admin TenantResource route. |
+
+### DB Proof
+
+| Command | Result |
+|---|---|
+| `cd apps/platform && ./vendor/bin/sail artisan migrate:fresh --seed` | Passed on 2026-05-14 after the priority schema renames. No DB-affecting changes were made after this pass. |
+| Boost read-only table check for old/new priority tables | Old tables absent; new tables present: `environment_review_sections`, `environment_reviews`, `managed_environment_onboarding_sessions`, `managed_environment_permissions`, `managed_environment_triage_reviews`. |
+| Boost read-only constraint check `pg_constraint where conname ilike '%tenant%'` | Residual tenant-named constraints are classified as provider (`users_entra_tenant_id_entra_object_id_unique`), residual schema (`baseline_tenant_assignments_*`, `tenant_role_mappings_*`, `tenant_settings_*`), or audit/isolation (`audit_logs_tenant_workspace_scope_check`). |
+
+Read-only table proof result:
+
+| Table | Classification |
+|---|---|
+| `environment_reviews` | renamed priority family |
+| `environment_review_sections` | renamed priority family |
+| `managed_environment_permissions` | renamed priority family |
+| `managed_environment_triage_reviews` | renamed priority family |
+| `managed_environment_onboarding_sessions` | renamed priority family |
+
+### Test Proof
+
+| Lane | Result |
+|---|---|
+| TenantReview -> EnvironmentReview focused lane | Passed: 54 tests, 445 assertions. |
+| TenantPermission -> ManagedEnvironmentPermission focused lane | Passed: 95 tests, 491 assertions. |
+| TenantTriageReview -> ManagedEnvironmentTriageReview focused lane | Passed: 35 tests, 246 assertions. |
+| TenantOnboardingSession -> ManagedEnvironmentOnboardingSession focused lane | Passed: 135 tests, 641 assertions. |
+| choose/select/clear/cross environment route/context lane | Passed: 80 tests, 467 assertions. |
+| Baseline source/target environment lane | Passed: 34 tests, 299 assertions. |
+| Finding exception open-queue environment route lane | Passed: 10 tests, 56 assertions. |
+| `tests/Feature/Guards` | Passed: 266 tests, 4,708 assertions. |
+| `tests/Feature/Workspaces` | Passed: 96 tests, 276 assertions. |
+| `tests/Feature/Filament` | Passed: 773 tests, 5,017 assertions, 5 skipped. |
+| `tests/Feature/ProviderConnections` | Passed: 78 tests, 588 assertions. |
+| `tests/Feature/RequiredPermissions` | Passed: 21 tests, 82 assertions. |
+| `tests/Feature/Rbac` | Passed: 156 tests, 744 assertions. |
+| Focused GovernanceArtifacts context test after review-pack flake fix | Passed: 5 tests, 12 assertions. |
+| Focused ReviewPack regression group after deterministic operation fixture fix | Passed: 54 tests, 255 assertions. |
+| `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` | Passed. |
+| `git diff --check` | Passed. |
+
+Raw full suite:
+
+| Command | Result |
+|---|---|
+| `cd apps/platform && ./vendor/bin/sail artisan test --compact` | Failed only on `tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php` with a 15s browser click timeout at line 110. Summary: 1 failed, 8 skipped, 4,680 passed, 31,620 assertions, 4,489.12s. |
+| Isolated rerun: `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php` | Passed: 1 test, 46 assertions, 7.36s. |
+
+The raw full suite failure is classified as an isolated browser timeout flake because the same test passed immediately in isolation without code changes.
+
+### Browser Proof
+
+| Test | Result |
+|---|---|
+| `tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php` | Passed in browser smoke lane. |
+| `tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php` | Passed in browser smoke lane. |
+| `tests/Browser/Dashboard/TenantDashboardProductizationSmokeTest.php` | Passed in browser smoke lane. |
+| `tests/Browser/Spec299WorkspaceOverviewCutoverSealSmokeTest.php` | Passed in browser smoke lane. |
+| `tests/Browser/Spec300ManagedEnvironmentNamingConsolidationSmokeTest.php` | Passed in browser smoke lane. |
+| Combined required browser smoke lane | Passed: 5 tests, 138 assertions. |
+| Additional stale route/detail browser group (`Spec172`, `Spec192`, `Spec194`, `Spec202`, `Spec265`) | Passed: 13 tests, 211 assertions. |
+| `tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php` isolated after full-suite timeout | Passed: 1 test, 46 assertions. |
+
+### Decision
+
+**merge-ready with documented isolated browser flake**
+
+The conditions for Spec 300 close-out are met:
+
+- Old `/admin/t` and `/admin/tenants` routes are absent.
+- Old URL helpers and old TenantPanel provider/helper references have no runtime usage.
+- Priority platform-owned families were renamed or classified.
+- Remaining `Tenant` / `tenant` / `tenants` hits are classified by provider, framework, regression-guard, system-directory, tenant-isolation, residual-schema, historical-migration, product-brand, or operation-workload category.
+- Migration/seed proof passed after schema renames.
+- Feature, Filament, Workspace, Provider, RequiredPermissions, RBAC, focused ReviewPack, and browser smoke lanes passed.
+- Raw full suite had one browser timeout that passed immediately in isolation and is documented above.
diff --git a/specs/300-internal-tenant-model-naming-consolidation/plan.md b/specs/300-internal-tenant-model-naming-consolidation/plan.md
new file mode 100644
index 00000000..118f4d05
--- /dev/null
+++ b/specs/300-internal-tenant-model-naming-consolidation/plan.md
@@ -0,0 +1,278 @@
+# Implementation Plan: Internal Tenant Model Naming Consolidation
+
+**Branch**: `300-internal-tenant-model-naming-consolidation` | **Date**: 2026-05-13 | **Spec**: `specs/300-internal-tenant-model-naming-consolidation/spec.md`
+**Input**: Feature specification from `/specs/300-internal-tenant-model-naming-consolidation/spec.md`
+
+## Summary
+
+Spec 300 is a structural cleanup after the managed-environment cutover pack. Current repo truth already has `App\Models\ManagedEnvironment`, `ManagedEnvironmentFactory`, `managed_environments`, `managed_environment_id`, and canonical workspace/environment routes, but active technical owners still use Tenant-first names across Filament resources/pages/widgets, route parameters, services, tests, migration filenames, table names, index/constraint names, and provider-adjacent payloads.
+
+The implementation approach is inventory-first: classify every remaining tenant reference, rename only platform-owned Managed Environment references, preserve provider-specific and framework-required terms, run focused route/RBAC/Filament/browser validation, and leave no compatibility alias or legacy route in final state.
+
+## Technical Context
+
+**Language/Version**: PHP 8.4.15, Laravel 12.52.0  
+**Primary Dependencies**: Filament 5.2.1, Livewire 4.1.4, Pest 4.3.1, Laravel Sail 1.52.0  
+**Storage**: PostgreSQL; current source-of-truth table is `managed_environments`  
+**Testing**: Pest via `cd apps/platform && ./vendor/bin/sail artisan test --compact`; Browser tests under `apps/platform/tests/Browser` for smoke anchors  
+**Validation Lanes**: Feature/Guards, Workspaces, ProviderConnections, RequiredPermissions, Filament, Rbac, targeted Browser smoke, Pint dirty, `git diff --check`  
+**Target Platform**: Laravel SaaS admin app deployed via Dokploy containers; local validation via Sail  
+**Project Type**: Monorepo with Laravel platform app under `apps/platform`  
+**Performance Goals**: No broad suite repair loop by default; keep scans and tests focused around structural rename blast radius  
+**Constraints**: No runtime behavior change, no production compatibility layer, no route resurrection, no RBAC widening, no provider payload corruption  
+**Scale/Scope**: Structural rename across platform-owned environment concepts only
+
+## UI / Surface Guardrail Plan
+
+- **Guardrail scope**: workflow/route/resource guardrail change, no intended visible UI redesign
+- **Native vs custom classification summary**: native Filament/resource/page behavior preserved
+- **Shared-family relevance**: canonical links, navigation/route registration, global search, audit metadata, OperationRun metadata, guard tests
+- **State layers in scope**: route binding, page/resource class names, table/column/index/constraint names, helper names, test helper names, audit/metadata keys
+- **Audience modes in scope**: operator-MSP and support-platform only as existing surfaces; no new customer-facing mode
+- **Decision/diagnostic/raw hierarchy plan**: unchanged
+- **Raw/support gating plan**: unchanged
+- **One-primary-action / duplicate-truth control**: unchanged; any touched actions keep existing hierarchy
+- **Handling modes by drift class or surface**: review-mandatory for active `Tenant*` technical owners; allowed classification for provider/framework/historical/regression-guard
+- **Repository-signal treatment**: review-mandatory for final scans, route proof, helper retirement, DB naming, provider allowlist, and browser anchors
+- **Special surface test profiles**: `route-contract`, `standard-native-filament`, `global-context-shell`, `browser-smoke` for selected anchors
+- **Required tests or manual smoke**: focused Pest guard/feature lanes plus selected Browser smokes
+- **Exception path and spread control**: provider-specific and framework-required tenant terms are documented in `allowed-tenant-references.md`; no unclassified exception
+- **Active feature PR close-out entry**: Guardrail / Structural Tenant Naming Consolidation / Smoke Coverage
+
+## Shared Pattern & System Fit
+
+- **Cross-cutting feature marker**: yes
+- **Systems touched**: `ManagedEnvironmentLinks`, workspace intended URL handling, Filament resource/page discovery and routes, route model binding, global search, RBAC helper/policies, OperationRun metadata, audit logs, evidence/report/review references, tests
+- **Shared abstractions reused**: Existing route helpers, existing RBAC/policy helpers, existing OperationRun link/service truth, existing Filament v5 resources/pages/actions
+- **New abstraction introduced? why?**: none
+- **Why the existing abstraction was sufficient or insufficient**: Existing environment-first helpers and models are sufficient; the issue is remaining names around them.
+- **Bounded deviation / spread control**: Provider-specific and Filament framework terms remain only with explicit classification.
+
+## OperationRun UX Impact
+
+- **Touches OperationRun start/completion/link UX?**: no
+- **Central contract reused**: Existing `OperationRunLinks`, `OperationRunService`, and OperationRun monitoring semantics remain unchanged if touched
+- **Delegated UX behaviors**: N/A
+- **Surface-owned behavior kept local**: N/A
+- **Queued DB-notification policy**: N/A
+- **Terminal notification path**: N/A
+- **Exception path**: none
+
+## Provider Boundary & Portability Fit
+
+- **Shared provider/platform boundary touched?**: yes
+- **Provider-owned seams**: Microsoft/Entra tenant identifiers, Graph `tenantId`, `entra_tenant_id`, `microsoft_tenant_id`, target-scope provider metadata, raw provider payloads
+- **Platform-core seams**: Managed Environment model/table/resource/page/service/helper naming, route parameters, platform metadata keys, evidence/report/review references
+- **Neutral platform terms / contracts preserved**: `ManagedEnvironment`, `managed_environment_id`, `environment`, `workspace`, `ManagedEnvironmentLinks`
+- **Retained provider-specific semantics and why**: Microsoft/Entra terms stay because they represent external directory identity, not platform object ownership.
+- **Bounded extraction or follow-up path**: document-in-feature. Stop only if ambiguous active platform-owned references cannot be classified safely.
+
+## Constitution Check
+
+*GATE: Must pass before implementation. Re-check after structural rename phases.*
+
+- Inventory-first: no inventory domain change; source scans/classification precede edits.
+- Read/write separation: no new user-triggered write behavior; touched destructive actions must keep confirmation, authorization, audit, and tests.
+- Graph contract path: no Graph endpoint changes; provider-specific Graph tenant identifiers remain provider-owned.
+- Deterministic capabilities: no capability derivation change.
+- RBAC-UX: `/admin` and `/system` planes remain separated; workspace/environment non-entitlement stays 404; member-without-capability stays 403.
+- Workspace isolation: workspace remains primary session context; Managed Environment remains secondary context.
+- Tenant isolation: current tenant-owned-by-history semantics are preserved behaviorally while platform-owned naming moves to environment-first.
+- Run observability: no new queued/remote work; OperationRun metadata naming may change only where platform-owned.
+- Test governance: focused structural rename lanes are explicit; no broad test family growth by default.
+- Proportionality: broad rename is justified as post-cutover cleanup; no new runtime abstraction.
+- No premature abstraction: no registries/resolvers/frameworks added.
+- Persisted truth: no new table/entity/product truth; only names may change.
+- Behavioral state: no new states or reason families.
+- Shared pattern first: existing link/RBAC/Filament/OperationRun patterns are reused.
+- Provider boundary: platform-owned Tenant-first terms are removed; provider-owned tenant terms are kept and documented.
+- LEAN-001: pre-production posture means no compatibility aliases, dual paths, or historical fixtures unless a spec-blocking migration risk is discovered.
+- Filament v5: Livewire v4.0+ is required; this repo has Livewire 4.1.4.
+- Laravel 12 panel providers: remain registered in `apps/platform/bootstrap/providers.php`, not `bootstrap/app.php`.
+- Global search: any renamed globally searchable resource must keep View/Edit pages or disable global search.
+- Filament actions: any touched destructive actions must remain `Action::make(...)->action(...)` with `->requiresConfirmation()` and authorization.
+- Asset strategy: unchanged; if assets are unexpectedly registered, deployment must run `cd apps/platform && php artisan filament:assets`.
+
+## Test Governance Check
+
+- **Test purpose / classification by changed surface**: Feature guards for route/helper/naming contracts; Filament/Livewire feature tests for resources/pages/actions; Unit tests for pure helper services; Browser smoke for selected visible anchors.
+- **Affected validation lanes**: Feature/Guards, Workspaces, ProviderConnections, RequiredPermissions, Filament, Rbac, targeted Browser.
+- **Why this lane mix is the narrowest sufficient proof**: It proves route/RBAC equivalence and stale-name absence without treating the rename as a full-suite stabilization spec.
+- **Narrowest proving command(s)**:
+  - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards`
+  - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Workspaces`
+  - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections`
+  - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/RequiredPermissions`
+  - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament`
+  - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Rbac`
+- **Fixture / helper / factory / seed / context cost risks**: Rename helpers without widening default workspace/provider/browser setup.
+- **Expensive defaults or shared helper growth introduced?**: no
+- **Heavy-family additions, promotions, or visibility changes**: none planned; Browser anchors stay explicit.
+- **Surface-class relief / special coverage rule**: `standard-native-filament` unless a visible context-shell/browser anchor changes.
+- **Closing validation and reviewer handoff**: final scans, focused lanes, Browser anchors, Pint dirty, `git diff --check`, and close-out inventory.
+- **Budget / baseline / trend follow-up**: none expected; document any unexpected lane runtime growth.
+- **Review-stop questions**: Did any active platform-owned `Tenant*` owner remain? Did route parameters still use `{tenant}` for platform environment routes? Did provider terms remain correct? Did global search remain valid? Did RBAC widen?
+- **Escalation path**: document-in-feature; follow-up-spec only for unresolved migration/schema risk or ambiguous platform-owned references.
+- **Active feature PR close-out entry**: Guardrail / Structural Tenant Naming Consolidation / Smoke Coverage
+- **Why no dedicated follow-up spec is needed**: The rename is explicitly scoped as the post-297-299 cleanup; unresolved blockers must stop this spec rather than silently deferring core cleanup.
+
+## Project Structure
+
+### Documentation (this feature)
+
+```text
+specs/300-internal-tenant-model-naming-consolidation/
+├── allowed-tenant-references.md
+├── checklists/
+│   └── requirements.md
+├── plan.md
+├── spec.md
+├── tasks.md
+└── tenant-reference-inventory.md
+```
+
+### Source Code (repository root)
+
+```text
+apps/platform/
+├── app/
+│   ├── Console/Commands/
+│   ├── Filament/
+│   │   ├── Concerns/
+│   │   ├── Pages/
+│   │   ├── Resources/
+│   │   ├── System/
+│   │   └── Widgets/
+│   ├── Http/Controllers/
+│   ├── Jobs/
+│   ├── Models/
+│   ├── Policies/
+│   ├── Services/
+│   └── Support/
+├── config/
+├── database/
+│   ├── factories/
+│   └── migrations/
+├── resources/
+├── routes/
+└── tests/
+    ├── Browser/
+    ├── Feature/
+    └── Unit/
+```
+
+**Structure Decision**: Use the existing Laravel/Filament layout. Do not introduce new base folders. Rename files/classes in-place to established destination names.
+
+## Complexity Tracking
+
+| Violation | Why Needed | Simpler Alternative Rejected Because |
+|-----------|------------|-------------------------------------|
+| Broad structural rename | Active technical names keep old Tenant-first architecture alive after route/copy cutover | Comments/docs alone do not stop future code from using active `Tenant*` classes/helpers/routes |
+| Migration/index/constraint rename review | DB source truth is already `managed_environment`, but tenant-named migration files/indexes/constraints remain | Leaving schema names mixed makes future migrations and guard tests ambiguous |
+
+## Proportionality Review
+
+- **Current operator problem**: Future platform/environment work can regress visible behavior and provider boundaries because active code still presents Tenant as the platform managed target.
+- **Existing structure is insufficient because**: Specs 297-299 cleaned route/copy/final seal surfaces, not internal class/table/helper ownership.
+- **Narrowest correct implementation**: Classify first, rename platform-owned names only, preserve provider/framework/historical/guard terms, and prove equivalence.
+- **Ownership cost created**: High review and testing cost, plus migration/schema risk; contained by phased tasks and final inventory.
+- **Alternative intentionally rejected**: Leave active internal names as legacy debt. Rejected because the project is pre-production and LEAN-001 favors canonical replacement over legacy preservation.
+- **Release truth**: Current-release structural cleanup
+
+## Repository Truth From Preparation
+
+- Current branch before prep: `platform-dev`, clean.
+- Current branch after `create-new-feature`: `300-internal-tenant-model-naming-consolidation`.
+- Latest starting commit: `b98bafcf feat: finalize managed environment cutover seal (#354)`.
+- Related specs:
+  - `specs/297-managed-environment-canonical-route-cutover/` has completed task/checklist signals and route-cutover artifacts.
+  - `specs/298-managed-environment-terminology-copy-cleanup/` has completed checklist signals and terminology audit artifacts.
+  - `specs/299-managed-environment-cutover-final-seal/` has completed checklist signals and final cutover audit artifacts.
+- Current model/table truth:
+  - `App\Models\ManagedEnvironment` exists.
+  - `ManagedEnvironmentFactory` exists.
+  - `managed_environments` exists.
+  - No active `App\Models\Tenant` model was found through application info or `app/Models` scan.
+- Current route truth:
+  - `/admin/workspaces/{workspace}/environments/...` routes exist.
+  - `/admin/t` and `/admin/tenants` had no matching routes via Boost route lookup.
+  - Sail route scan shows canonical environment routes still use `{tenant}` as a route parameter and active classes such as `TenantDashboard`, `TenantDiagnostics`, and `TenantRequiredPermissions`.
+- Current scan volume:
+  - Broad tenant scan: 2323 line hits.
+  - Provider-allowed scan: 1661 line hits.
+  - Migration/schema scan: 851 line hits.
+  - Legacy route/helper/resource scan: 242 line hits.
+
+## Phase 0: Preparation And Safety
+
+1. Confirm branch and dirty state.
+2. Refresh the inventory scans in `tenant-reference-inventory.md`.
+3. Stop if unrelated uncommitted changes exist.
+4. Stop if production-data migration requirements are discovered.
+5. Confirm no app implementation begins until spec/plan/tasks/checklist are accepted.
+
+## Phase 1: Baseline Inventory And Guard Tests
+
+1. Run required route/source/provider/schema scans.
+2. Expand `tenant-reference-inventory.md` from preparation summary into file-level classification.
+3. Expand `allowed-tenant-references.md` with all provider/framework/historical/regression-guard references.
+4. Add/update guard tests for route resurrection, active `Tenant*` platform owners, stale helper names, and provider terminology preservation.
+
+## Phase 2: DB And Schema Naming Cleanup
+
+1. Verify `managed_environments` remains the source-of-truth table.
+2. Rename platform-owned tenant-named tables/columns/indexes/constraints where safe.
+3. Rename migration filenames/classes where they are historical names for active platform Managed Environment truth and pre-production safety allows it.
+4. Keep provider-owned `entra_tenant_id` / `microsoft_tenant_id` payload fields.
+5. Validate with `migrate:fresh --seed` or document why targeted migration validation is the narrower proof.
+
+## Phase 3: Model, Factory, Service, And Helper Rename
+
+1. Keep `ManagedEnvironment` model and `ManagedEnvironmentFactory` as canonical.
+2. Rename platform-owned model classes such as `TenantPermission`, `TenantSetting`, `TenantRoleMapping`, `TenantOnboardingSession`, and review/triage classes when classification says they represent Managed Environment-owned truth.
+3. Rename platform-owned service/support classes and variables.
+4. Remove stale compatibility aliases.
+5. Run focused Unit/Feature tests for renamed helpers and services.
+
+## Phase 4: Filament Resource/Page/Widget Rename
+
+1. Rename `TenantResource` and nested Pages/RelationManagers to environment-first names.
+2. Rename `TenantDashboard`, `TenantDiagnostics`, and `TenantRequiredPermissions` to environment-first page names.
+3. Update route owner classes and route names without changing canonical URL segments.
+4. Review global search: renamed resources must have View/Edit pages or disable global search.
+5. Preserve destructive action confirmation, server authorization, and audit behavior.
+
+## Phase 5: Tests, Fixtures, Browser Anchors
+
+1. Rename stale test helpers and fixtures.
+2. Keep negative guard literals only where explicitly documented.
+3. Update Browser smoke selectors only where visible copy/test IDs depend on renamed technical owners.
+4. Run focused validation lanes and Browser anchors.
+
+## Phase 6: Final Classification And Validation
+
+1. Rerun final scans.
+2. Ensure no unclassified active platform-owned tenant references remain.
+3. Complete final `tenant-reference-inventory.md` and `allowed-tenant-references.md`.
+4. Run Pint dirty and `git diff --check`.
+5. Produce final implementation report with rename summary, DB changes, remaining references, route contract, validation, and decision.
+
+## Risk Controls
+
+- No blind global search/replace.
+- No permanent alias classes.
+- No route compatibility layer.
+- No dual-write/dual-read unless this spec is stopped and replaced with a production migration spec.
+- Provider-specific and framework-required tenant references must be preserved, not renamed for cleanliness.
+- Broad scan output must be triaged before code changes.
+- Keep implementation commits phased so rollback/review is possible.
+
+## Final Decision Criteria
+
+Implementation may report only one of:
+
+- `merge-ready; internal tenant naming consolidation complete`
+- `merge-ready with documented provider/framework tenant references`
+- `blocked by unresolved platform-owned tenant references`
+- `blocked by migration/schema risk`
+- `incomplete; canonical route or RBAC regression found`
diff --git a/specs/300-internal-tenant-model-naming-consolidation/spec.md b/specs/300-internal-tenant-model-naming-consolidation/spec.md
new file mode 100644
index 00000000..21a14a29
--- /dev/null
+++ b/specs/300-internal-tenant-model-naming-consolidation/spec.md
@@ -0,0 +1,254 @@
+# Feature Specification: Internal Tenant Model Naming Consolidation
+
+**Feature Branch**: `300-internal-tenant-model-naming-consolidation`  
+**Created**: 2026-05-13  
+**Status**: Ready  
+**Input**: User-provided Spec 300 draft for a narrow structural rename after Specs 297-299
+
+## Spec Candidate Check *(mandatory — SPEC-GATE-001)*
+
+- **Problem**: Runtime routes and customer-facing copy are now workspace/environment-first, but active technical owners still use `Tenant` names for the platform-managed environment object.
+- **Today's failure**: Developers can still reach for `TenantResource`, `TenantDashboard`, `{tenant}` route parameters, `tenant_*` tables, or tenant-named helpers and accidentally stabilize platform-owned tenant-first architecture.
+- **User-visible improvement**: Future environment work remains provider-neutral and less likely to leak old Tenant wording back into URLs, navigation, tests, reports, or admin workflows.
+- **Smallest enterprise-capable version**: Classify every remaining `tenant` reference, rename only platform-owned Managed Environment references, preserve provider/framework/historical/negative-guard references, and prove canonical routes/RBAC remain equivalent.
+- **Explicit non-goals**: No new product feature, navigation redesign, provider abstraction rewrite, OperationRun architecture change, localization sweep, compatibility layer, `/admin/t/...` route, `/admin/tenants/...` route, or TenantPanel restoration.
+- **Permanent complexity imported**: No new runtime abstraction or feature framework. The implementation imports rename/migration review cost, guard tests, and two spec-local classification artifacts.
+- **Why now**: Current `platform-dev` has `feat: finalize managed environment cutover seal (#354)`, and Specs 297, 298, and 299 carry completed-task/review signals. This is the right structural cleanup after the cutover seal, not a cutover fix.
+- **Why not local**: The drift spans Filament resources/pages/widgets, route parameters, services, migrations, indexes, tables, tests, helpers, audit/metadata keys, and provider payload boundaries.
+- **Approval class**: Cleanup
+- **Red flags triggered**: Broad structural rename blast radius. Defense: no blind search/replace, mandatory inventory, provider/framework allowlist, focused route/RBAC guards, and no compatibility aliases in final state.
+- **Score**: Nutzen: 2 | Dringlichkeit: 2 | Scope: 1 | Komplexität: 1 | Produktnähe: 1 | Wiederverwendung: 2 | **Gesamt: 9/12**
+- **Decision**: approve as a bounded cleanup spec
+
+## Spec Scope Fields *(mandatory)*
+
+- **Scope**: workspace + managed-environment core naming
+- **Primary Routes**:
+  - `/admin/workspaces/{workspace}/environments`
+  - `/admin/workspaces/{workspace}/environments/{environment}`
+  - `/admin/workspaces/{workspace}/environments/{environment}/...`
+  - `/admin/workspaces/{workspace}/operations`
+  - `/admin/provider-connections`
+- **Data Ownership**: No new persisted truth. Existing Managed Environment-owned and tenant-owned-by-history tables/columns may be renamed only when they refer to the platform Managed Environment object.
+- **RBAC**: Workspace membership remains the authority boundary; Managed Environment membership remains narrowing-only; non-entitled workspace/environment access remains deny-as-not-found; member-without-capability remains forbidden.
+
+For canonical-view specs:
+
+- **Default filter behavior when tenant-context is active**: Existing workspace/environment filters remain equivalent; any renamed query parameter must preserve current scoping semantics.
+- **Explicit entitlement checks preventing cross-tenant leakage**: Existing policies, Gates, `ManagedEnvironmentAccessScopeResolver`, route binding, and test helpers must continue enforcing workspace + environment entitlement.
+
+## Cross-Cutting / Shared Pattern Reuse *(mandatory)*
+
+- **Cross-cutting feature?**: yes
+- **Interaction class(es)**: canonical links, route helpers, global search/resource ownership, navigation registration, audit event names, OperationRun metadata keys, evidence/report/review links, guard tests
+- **Systems touched**: `ManagedEnvironmentLinks`, workspace intended URL handling, Filament admin panel discovery/routes, route bindings, resources/pages/widgets, RBAC helpers, audit and OperationRun metadata emitters, test helpers
+- **Existing pattern(s) to extend**: Existing workspace/environment route helpers and guard-test patterns from Specs 297-299
+- **Shared contract / presenter / builder / renderer to reuse**: `App\Support\ManagedEnvironmentLinks`, existing workspace route owners, existing RBAC/policy helpers, existing Filament v5 action/resource conventions
+- **Why the existing shared path is sufficient or insufficient**: Existing helpers already own canonical environment URLs; this spec renames technical owners around those helpers rather than introducing a new link or navigation framework.
+- **Allowed deviation and why**: Provider-specific and Filament framework-required tenant APIs may remain after classification.
+- **Consistency impact**: Routes, route parameters, class names, test helpers, audit metadata, and report/evidence links must remain environment-first unless provider/framework/historical/negative-guard classification applies.
+- **Review focus**: Reviewers must verify no active platform-owned `Tenant*` technical owner remains unclassified and no legacy route/helper is revived.
+
+## OperationRun UX Impact *(mandatory)*
+
+- **Touches OperationRun start/completion/link UX?**: no
+- **Shared OperationRun UX contract/layer reused**: Existing `OperationRunLinks` and OperationRun service truth remain unchanged if touched.
+- **Delegated start/completion UX behaviors**: N/A - no run start, completion, notification, dedupe, or link UX semantics are introduced.
+- **Local surface-owned behavior that remains**: Existing operation initiation inputs only.
+- **Queued DB-notification policy**: N/A
+- **Terminal notification path**: N/A
+- **Exception required?**: none
+
+## Provider Boundary / Platform Core Check *(mandatory)*
+
+- **Shared provider/platform boundary touched?**: yes
+- **Boundary classification**: mixed
+- **Seams affected**: platform Managed Environment identifiers/classes/tables, provider connection target-scope metadata, Graph/Entra tenant IDs, onboarding provider identity fields, audit/OperationRun metadata keys
+- **Neutral platform terms preserved or introduced**: `workspace`, `environment`, `managed_environment`, `managed_environment_id`, `ManagedEnvironment`, `ManagedEnvironmentLinks`
+- **Provider-specific semantics retained and why**: `Microsoft tenant`, `Entra tenant`, `Azure tenant`, `tenantId`, `entra_tenant_id`, `microsoft_tenant_id`, `provider tenant id`, `target tenant` remain where they describe external provider truth or raw API payloads.
+- **Why this does not deepen provider coupling accidentally**: The spec moves platform-owned naming away from `Tenant` while explicitly quarantining provider-owned tenant terms instead of deleting them.
+- **Follow-up path**: document-in-feature through `tenant-reference-inventory.md` and `allowed-tenant-references.md`; escalate only if an ambiguous active platform-owned term cannot be safely classified.
+
+## UI / Surface Guardrail Impact *(mandatory)*
+
+| Surface / Change | Operator-facing surface change? | Native vs Custom | Shared-Family Relevance | State Layers Touched | Exception Needed? | Low-Impact / `N/A` Note |
+|---|---|---|---|---|---|---|
+| Filament environment resources/pages technical rename | no expected copy/layout change | Native Filament | navigation/routes/global search | route, page class, resource class | no | Technical owner rename only; visible copy remains from Specs 298-299 |
+| Route parameter rename from `{tenant}` to `{environment}` where platform-owned | no URL shape change | N/A | canonical route helpers | route binding, URL generation | no | Segment remains `/environments/...` |
+| Provider-specific tenant labels | no | Native Filament / existing copy | provider identity | provider payload/copy | yes, allowed classification | Keep Microsoft/Entra terms |
+
+## Decision-First Surface Role *(mandatory when operator-facing surfaces are changed)*
+
+N/A - no new operator-facing surface and no new decision workflow. Existing surfaces must remain equivalent.
+
+## Audience-Aware Disclosure *(mandatory when operator-facing surfaces are changed)*
+
+N/A - no new detail or status surface. Existing diagnostics/support/raw disclosure tiers must remain unchanged.
+
+## UI/UX Surface Classification *(mandatory when operator-facing surfaces are changed)*
+
+N/A - no new operator-facing list/detail/queue/report surface. Any touched Filament resource/page keeps its current surface class and action hierarchy.
+
+## Operator Surface Contract *(mandatory when operator-facing surfaces are changed)*
+
+N/A - no new operator-facing page. Any renamed page/resource keeps the existing operator question, default-visible content, diagnostics-only content, actions, destructive-action handling, and RBAC.
+
+## Proportionality Review *(mandatory when structural complexity is introduced)*
+
+- **New source of truth?**: no
+- **New persisted entity/table/artifact?**: no new product truth; possible table/column/index/constraint renames only
+- **New abstraction?**: no
+- **New enum/state/reason family?**: no
+- **New cross-domain UI framework/taxonomy?**: no
+- **Current operator problem**: The platform core still looks Tenant-first internally, making future environment/workspace/provider work error-prone and increasing regression risk after the cutover.
+- **Existing structure is insufficient because**: Specs 297-299 intentionally stopped short of structural DB/model/resource consolidation. Leaving active `Tenant*` owners in place keeps the old architecture as the easiest path for future work.
+- **Narrowest correct implementation**: Rename only platform-owned Managed Environment references and classify everything else; do not generalize provider architecture or rewrite unrelated domains.
+- **Ownership cost**: High review and test cost from a broad rename; mitigated by inventory, phased tasks, focused validation lanes, and no compatibility layer.
+- **Alternative intentionally rejected**: Leave internal names as-is and rely on docs. Rejected because active class/table/helper names shape future code and tests more strongly than comments.
+- **Release truth**: Current-release cleanup after the managed-environment cutover pack
+
+### Compatibility posture
+
+This feature assumes a pre-production environment with no live customer data and no compatibility requirement. No legacy aliases, dual-write/read paths, or old route compatibility layers should remain in final state unless a blocking production-data fact is discovered and the spec is stopped.
+
+## Testing / Lane / Runtime Impact *(mandatory for runtime behavior changes)*
+
+- **Test purpose / classification**: Feature guard tests, Filament/Livewire page/action tests, focused Unit tests for pure helpers, targeted Browser smoke anchors for visible flows
+- **Validation lane(s)**: Feature/Guards, Feature/Workspaces, Feature/ProviderConnections, Feature/RequiredPermissions, Feature/Filament, Feature/Rbac, Browser anchors, Pint dirty, `git diff --check`
+- **Why this classification and these lanes are sufficient**: The change is structural naming with route/RBAC equivalence requirements; focused guards and impacted feature lanes prove the contract without a broad suite repair loop.
+- **New or expanded test families**: Narrow guard tests for no stale `Tenant*` active owner/helper/route regression; no new heavy family by default.
+- **Fixture / helper cost impact**: Helpers must be renamed without making workspace/provider/browser setup implicit. Expensive context remains opt-in.
+- **Heavy-family visibility / justification**: Browser smokes are explicit anchors only because canonical route and visible navigation regressions are high-impact.
+- **Special surface test profile**: `route-contract`, `standard-native-filament`, `global-context-shell`, `browser-smoke` only for touched visible anchors
+- **Standard-native relief or required special coverage**: Standard Filament/Livewire tests are enough for class/resource rename behavior; browser coverage is limited to existing smoke anchors.
+- **Reviewer handoff**: Verify route contract, old route absence, RBAC isolation, stale helper absence, provider terminology preservation, and no unclassified active platform-owned tenant references.
+- **Budget / baseline / trend impact**: Expected focused-lane runtime increase only; document if broad lane cost shifts.
+- **Escalation needed**: document-in-feature; follow-up-spec only if migration/schema risk or unresolved platform-owned tenant references block cleanup.
+- **Active feature PR close-out entry**: Guardrail / Structural Tenant Naming Consolidation / Smoke Coverage
+- **Planned validation commands**:
+  - `cd apps/platform && ./vendor/bin/sail artisan route:list | rg "admin/t|admin/tenants|workspaces/.*/environments|provider-connections|required-permissions|operations"`
+  - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards`
+  - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Workspaces`
+  - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections`
+  - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/RequiredPermissions`
+  - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament`
+  - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Rbac`
+  - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
+  - `git diff --check`
+
+## User Scenarios & Testing *(mandatory)*
+
+### User Story 1 - Platform Maintainer Renames Active Managed Environment Owners (Priority: P1)
+
+As a platform maintainer, I need active platform-owned technical names to say ManagedEnvironment/Environment when they refer to the platform managed target, so future code does not rebuild Tenant-first architecture.
+
+**Why this priority**: This is the core structural cleanup and the strongest dependency-unblocking value.
+
+**Independent Test**: Run the final tenant-reference scan and verify every remaining tenant reference is classified as provider-specific, framework-required, historical, or regression-guard.
+
+**Acceptance Scenarios**:
+
+1. **Given** a platform-owned Filament resource/page/service/helper that refers to the Managed Environment object, **When** Spec 300 is complete, **Then** the active class/helper/table/column name is environment-first or is documented as a blocker.
+2. **Given** a remaining `tenant` reference in active code, **When** the final inventory is reviewed, **Then** it has an explicit allowed category and reason.
+
+---
+
+### User Story 2 - Operator Routes And Access Stay Equivalent (Priority: P2)
+
+As an operator, I need workspace/environment routes and access rules to behave exactly as before, so the cleanup does not change product behavior.
+
+**Why this priority**: The structural rename must not weaken route stability, RBAC, or workspace/environment isolation.
+
+**Independent Test**: Run canonical route, retired route, workspace/environment isolation, and impacted Filament/RBAC tests.
+
+**Acceptance Scenarios**:
+
+1. **Given** an entitled user opens `/admin/workspaces/{workspace}/environments/{environment}`, **When** the page resolves, **Then** the same environment detail behavior is available under canonical routes.
+2. **Given** a user is not entitled to the workspace or environment, **When** they access renamed routes or actions, **Then** deny-as-not-found semantics still apply.
+3. **Given** retired `/admin/t/...` or `/admin/tenants/...` URLs, **When** they are requested, **Then** no product route is resurrected.
+
+---
+
+### User Story 3 - Provider Tenant Terminology Remains Correct (Priority: P3)
+
+As a provider integration maintainer, I need Microsoft/Entra/Graph tenant terminology to remain intact where it represents external provider truth, so the platform cleanup does not corrupt API contracts or admin meaning.
+
+**Why this priority**: The goal is platform-owned cleanup, not deleting the word tenant everywhere.
+
+**Independent Test**: Run provider-specific scans and verify allowed references remain in provider-owned fields/copy/payloads.
+
+**Acceptance Scenarios**:
+
+1. **Given** a provider connection field named `entra_tenant_id`, **When** Spec 300 is complete, **Then** the field remains if it represents the external Entra tenant ID.
+2. **Given** a raw Graph payload or target-scope metadata contains `tenantId`, **When** classification is performed, **Then** the provider-owned key is preserved and documented.
+
+### Edge Cases
+
+- `ManagedEnvironment` already exists as the active model and `managed_environments` already exists as the active table; implementation must consolidate remaining names rather than assume a greenfield `Tenant` model/table rename.
+- Migration filenames and index/constraint names can still carry `tenant` even when table/columns already use `managed_environment`; these must be classified and renamed where safe under the pre-production posture.
+- Filament tenancy APIs such as `Filament::getTenant()` are framework-required and must not be renamed.
+- Historical specs and negative guard regex literals may keep tenant wording only when the file/category makes that reason explicit.
+- Provider identity fields such as `entra_tenant_id` may appear beside platform `managed_environment_id`; only the platform-owned key should be renamed.
+
+## Requirements *(mandatory)*
+
+### Functional Requirements
+
+- **FR-300-001**: The implementation MUST refresh `tenant-reference-inventory.md` before runtime edits and classify every relevant `tenant` hit as `platform-managed-environment`, `provider-specific`, `framework-required`, `historical`, `regression-guard`, `test-fixture-stale`, or `blocked/unclear`.
+- **FR-300-002**: No active `App\Models\Tenant` model or `TenantFactory` may remain. Current repo truth already uses `App\Models\ManagedEnvironment` and `ManagedEnvironmentFactory`; implementation must not add a compatibility alias.
+- **FR-300-003**: Platform-owned Filament owners such as `TenantResource`, `TenantDashboard`, `TenantRequiredPermissions`, `TenantDiagnostics`, `ManageTenantMemberships`, and `TenantMembershipsRelationManager` MUST be renamed to ManagedEnvironment/Environment equivalents unless a repo-real blocker is documented.
+- **FR-300-004**: Platform-owned route parameters under canonical environment routes MUST use `{environment}` where feasible, or document the repo-real blocker, while preserving public URL segments as `/environments/...`.
+- **FR-300-005**: Platform-owned services/helpers/support classes such as `TenantMembershipManager`, `TenantDiagnosticsService`, `TenantPageCategory`, `TenantAction*`, `TenantOperability*`, `TenantDashboard*`, and tenant-owned workspace-isolation helpers MUST be renamed when they refer to the platform Managed Environment object.
+- **FR-300-006**: Database table, column, index, constraint, model, factory, and migration names that refer to the platform Managed Environment object MUST be environment-first where safe under LEAN-001. Existing active `managed_environments`, `managed_environment_id`, and `managed_environment_memberships` truth MUST remain source of truth.
+- **FR-300-007**: Tenant-named review, evidence, report, baseline, finding, backup, restore, and OperationRun metadata references MUST be renamed only when they point to the platform Managed Environment object. Provider payload keys remain provider-specific.
+- **FR-300-008**: Provider-specific tenant terminology MUST remain intact where it represents Microsoft/Entra/Azure/Graph/provider target truth, including `tenantId`, `entra_tenant_id`, `microsoft_tenant_id`, and provider-facing copy such as `Microsoft tenant ID`.
+- **FR-300-009**: Framework-required Filament tenant APIs MUST be kept and documented, including `Filament::getTenant()`, `Filament::setTenant()`, and tenancy contracts/method names.
+- **FR-300-010**: Stale test helpers such as `setTenantPanelContext`, `panel: 'tenant'`, and active platform-owned `TenantFactory` references MUST be removed except for explicit negative guard literals.
+- **FR-300-011**: Existing canonical routes MUST remain active and no `/admin/t/...`, `/admin/tenants/...`, or active route named `filament.admin.resources.tenants.*` may return as a product route.
+- **FR-300-012**: RBAC semantics MUST remain unchanged: workspace membership remains role authority, environment membership remains narrowing-only, non-entitlement stays 404, and missing capability stays 403.
+- **FR-300-013**: Audit/event names and OperationRun metadata keys MAY be renamed only when they represent platform Managed Environment truth; no silent dual-writing is allowed unless a separate migration-risk decision changes this spec.
+- **FR-300-014**: Final scans MUST show no unclassified active platform-owned tenant references.
+
+### Non-Functional Requirements
+
+- **NFR-300-001**: The implementation MUST use a phased rename and tests; blind global search/replace is forbidden.
+- **NFR-300-002**: No compatibility layer, alias class, dual-read, dual-write, or legacy route should remain in final state under the repo's pre-production posture.
+- **NFR-300-003**: Filament v5 / Livewire v4.0+ compliance MUST be explicit; no Livewire v3 or Filament v3/v4 APIs may be introduced.
+- **NFR-300-004**: Laravel 12 panel provider registration remains in `apps/platform/bootstrap/providers.php`; do not register panel providers in `bootstrap/app.php`.
+- **NFR-300-005**: Globally searchable resources must either retain View/Edit pages or disable global search after renaming.
+- **NFR-300-006**: Destructive actions touched by the rename must keep `->action(...)`, `->requiresConfirmation()`, server-side authorization, and audit behavior.
+- **NFR-300-007**: Asset strategy is unchanged; if implementation unexpectedly registers Filament assets, deployment notes must include `cd apps/platform && php artisan filament:assets`.
+
+## Acceptance Criteria
+
+- **AC-300-001**: No active platform-owned model/resource/page/helper/factory named `Tenant*` remains unless explicitly classified as provider-specific, framework-required, historical, or regression-guard.
+- **AC-300-002**: Active platform-owned DB naming is environment-first. `managed_environments`, `managed_environment_id`, and `managed_environment_memberships` remain source-of-truth names; old tenant-named active FKs/tables/constraints are removed or documented as allowed non-platform references.
+- **AC-300-003**: Active Filament technical owners for environment management are environment-named and global search behavior remains valid under Filament v5 rules.
+- **AC-300-004**: `/admin/workspaces/{workspace}/environments/...` routes remain active; `/admin/t/...` and `/admin/tenants/...` remain retired.
+- **AC-300-005**: Provider-specific Microsoft/Entra/provider tenant language remains intact and documented.
+- **AC-300-006**: No stale helper names remain except negative guard literals documented in the inventory.
+- **AC-300-007**: Workspace/environment RBAC and isolation tests prove no access widening.
+- **AC-300-008**: OperationRun remains execution truth; only platform-owned metadata names change if needed.
+- **AC-300-009**: Evidence/report/review semantics remain unchanged; only platform-owned references are renamed.
+- **AC-300-010**: `tenant-reference-inventory.md` and `allowed-tenant-references.md` classify all remaining tenant references at close-out.
+
+## Out Of Scope
+
+- New product features or navigation redesign
+- Customer Review Workspace, Governance Inbox, Localization v1, package execution, guided operations, or broader provider abstraction work
+- Microsoft Graph contract refactor or OperationRun architecture change
+- Reintroducing `TenantPanelProvider`, `/admin/t/...`, `/admin/tenants/...`, or old TenantResource product routes
+- Production online migration/backfill strategy for live customer data
+- Permanent aliases, compatibility routes, dual-write, or dual-read behavior
+
+## Assumptions
+
+- Specs 297-299 are merged into the current branch or this branch is based on their final state.
+- There is no production customer data requiring online backward-compatible migration.
+- Local/dev/test data may be migrated or rebuilt.
+- Provider-specific tenant concepts and Filament framework-required tenant APIs are allowed when classified.
+- The current repo source of truth is `App\Models\ManagedEnvironment` and table `managed_environments`; the cleanup targets remaining technical debt.
+
+## Open Questions
+
+- None blocking for preparation. If implementation discovers production-data migration risk or an ambiguous active platform-owned tenant reference that cannot be classified, stop and report `blocked by migration/schema risk` or `blocked by unresolved platform-owned tenant references`.
diff --git a/specs/300-internal-tenant-model-naming-consolidation/tasks.md b/specs/300-internal-tenant-model-naming-consolidation/tasks.md
new file mode 100644
index 00000000..1734819e
--- /dev/null
+++ b/specs/300-internal-tenant-model-naming-consolidation/tasks.md
@@ -0,0 +1,175 @@
+# Tasks: Internal Tenant Model Naming Consolidation
+
+**Input**: Design documents from `/specs/300-internal-tenant-model-naming-consolidation/`  
+**Prerequisites**: `spec.md`, `plan.md`, `tenant-reference-inventory.md`, `allowed-tenant-references.md`
+
+**Tests**: Required. This is a runtime structural rename with route/RBAC equivalence requirements. Use Pest 4.3.1 and existing Browser smoke anchors.
+
+## Test Governance Checklist
+
+- [ ] Lane assignment is named and is the narrowest sufficient proof for the changed behavior.
+- [ ] New or changed tests stay in the smallest honest family, and any heavy-governance or browser addition is explicit.
+- [ ] Shared helpers, factories, seeds, fixtures, and context defaults stay cheap by default; any widening is isolated or documented.
+- [ ] Planned validation commands cover the change without pulling in unrelated lane cost.
+- [ ] The declared surface test profile or `standard-native-filament` relief is explicit.
+- [ ] Any material budget, baseline, trend, or escalation note is recorded in the active spec or PR.
+
+## Format: `[ID] [P?] [Story] Description`
+
+- **[P]**: Can run in parallel when files are disjoint.
+- **[Story]**: US1 platform naming, US2 route/RBAC equivalence, US3 provider terminology.
+- **Paths**: Use absolute repo paths in implementation notes and final report where useful.
+
+## Phase 1: Setup And Baseline Safety
+
+**Purpose**: Confirm the branch, repo state, dependency state, route truth, and scan volume before touching runtime code.
+
+- [x] T001 Run `git status --short --branch`, `git diff --stat`, and `git log -1 --oneline` from `/Users/ahmeddarrazi/Documents/projects/wt-plattform`; stop if unrelated uncommitted changes exist.
+- [x] T002 Confirm the implementation branch is `300-internal-tenant-model-naming-consolidation` or an isolated session branch derived from it.
+- [x] T003 Review `/Users/ahmeddarrazi/Documents/projects/wt-plattform/AGENTS.md`, `.specify/memory/constitution.md`, this spec package, and Specs 297, 298, and 299.
+- [x] T004 Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan route:list | rg "admin/t|admin/tenants|workspaces/.*/environments|provider-connections|required-permissions|operations"`.
+- [x] T005 Run the broad tenant scan from `spec.md` and capture output/counts in `specs/300-internal-tenant-model-naming-consolidation/tenant-reference-inventory.md`.
+- [x] T006 Run the provider-specific scan from `spec.md` and capture output/counts in `specs/300-internal-tenant-model-naming-consolidation/allowed-tenant-references.md`.
+- [x] T007 Run the migration/schema scan from `spec.md` and capture output/counts in `tenant-reference-inventory.md`.
+- [x] T008 Confirm no production customer data or shared staging migration requirement exists. If this is false, stop and report `blocked by migration/schema risk`.
+- [x] T009 Confirm current repo truth: `App\Models\ManagedEnvironment` and `managed_environments` are canonical; no active `App\Models\Tenant` model exists.
+- [x] T010 Confirm scope boundary: no feature work, no compatibility layer, no broad provider abstraction, no OperationRun architecture change, no navigation redesign.
+
+**Checkpoint**: Baseline inventory exists and implementation can proceed safely.
+
+## Phase 2: Guard Tests First
+
+**Purpose**: Add or update failing/protective tests before broad rename work.
+
+- [x] T011 [P] [US1] Add/update a guard test in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/ManagedEnvironment/LegacyTenantCoreGuardTest.php` proving no active `App\Models\Tenant`, `TenantFactory`, platform-owned `TenantResource`, `TenantDashboard`, `TenantDiagnostics`, or `TenantRequiredPermissions` owner remains after implementation.
+- [x] T012 [P] [US2] Update `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Guards/ManagedEnvironmentCanonicalRouteContractTest.php` to assert canonical environment URLs still generate `/admin/workspaces/{workspace}/environments/...`.
+- [x] T013 [P] [US2] Update `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/Guards/NoActiveTenantResourceRoutesTest.php` to assert `/admin/t/...`, `/admin/tenants/...`, and active `filament.admin.resources.tenants.*` route names remain absent.
+- [x] T014 [P] [US2] Add/update route binding coverage in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/tests/Feature/ManagedEnvironment/ManagedEnvironmentRouteBindingTest.php` for `{environment}` or final chosen environment route parameter names.
+- [ ] T015 [P] [US1] Add/update a stale helper guard proving `setTenantPanelContext`, `panel: 'tenant'`, and `panel: "tenant"` remain absent except documented negative guard literals.
+- [ ] T016 [P] [US3] Add/update provider terminology tests proving `Microsoft tenant ID`, `Entra tenant ID`, `tenantId`, `entra_tenant_id`, and `microsoft_tenant_id` remain where provider-owned.
+- [ ] T017 Run the new/updated focused guard tests and confirm they fail only for expected pre-implementation stale names.
+
+**Checkpoint**: Guard coverage is in place before renames.
+
+## Phase 3: DB, Migration, Factory, And Model Naming
+
+**Purpose**: Align active platform-owned schema/model names with Managed Environment truth without compatibility shims.
+
+- [ ] T018 [US1] Review all migration files under `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/database/migrations` whose filenames or constraints mention tenants while operating on `managed_environments`.
+- [ ] T019 [US1] Rename platform-owned migration filenames/comments/index/constraint names from tenant-first to managed-environment-first where safe under LEAN-001.
+- [ ] T020 [US1] Preserve provider-owned columns such as `entra_tenant_id` and raw provider payload keys.
+- [ ] T021 [US1] Rename platform-owned table names such as `tenant_permissions`, `tenant_role_mappings`, `tenant_settings`, `tenant_reviews`, `tenant_review_sections`, `tenant_triage_reviews`, and `managed_tenant_onboarding_sessions` only after classification confirms they represent Managed Environment truth.
+- [ ] T022 [US1] Rename platform-owned model classes and factories that correspond to renamed tables, updating relationships, `$table`, casts, policies, factories, seeders, and tests.
+- [ ] T023 [US1] Keep `App\Models\ManagedEnvironment`, `ManagedEnvironmentFactory`, `managed_environments`, and `managed_environment_id` as source-of-truth names.
+- [ ] T024 [US1] Remove any old compatibility aliases created during the rename before moving past this phase.
+- [ ] T025 [US2] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan migrate:fresh --seed` or document in `tenant-reference-inventory.md` why targeted migration validation is the narrower safe proof.
+
+**Checkpoint**: Schema/model naming is environment-first or explicitly classified.
+
+## Phase 4: Filament Resource, Page, Widget, And Route Owner Rename
+
+**Purpose**: Remove active platform-owned Tenant technical owner names from Filament and route ownership.
+
+- [x] T026 [US1] Rename `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Resources/TenantResource.php` to `ManagedEnvironmentResource.php` or the narrowest environment-first repo-conventional name.
+- [x] T027 [US1] Rename nested TenantResource pages: `ListTenants`, `ViewTenant`, `EditTenant`, and `ManageTenantMemberships` to environment-first equivalents.
+- [x] T028 [US1] Rename `TenantMembershipsRelationManager` to `ManagedEnvironmentMembershipsRelationManager` or the chosen environment-first equivalent.
+- [x] T029 [US1] Rename `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/TenantDashboard.php` to an environment-first page name.
+- [x] T030 [US1] Rename `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/TenantDiagnostics.php` to an environment-first page name.
+- [x] T031 [US1] Rename `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Pages/TenantRequiredPermissions.php` to an environment-first page name.
+- [x] T032 [US1] Rename environment-owned widgets under `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Filament/Widgets/Tenant` and dashboard widgets that refer to the platform environment object.
+- [x] T033 [US2] Update `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/routes/web.php` route owner classes and route parameters from `{tenant}` to `{environment}` where feasible, preserving `/environments/...` URL segments.
+- [x] T034 [US2] Ensure canonical link helpers use `ManagedEnvironmentLinks` and no runtime dependency on `TenantResource::getUrl(...)`, `TenantDashboard::getUrl(...)`, or `TenantRequiredPermissions::getUrl(...)` remains.
+- [x] T035 [US2] Verify every renamed globally searchable Filament resource has a View/Edit page or disables global search.
+- [x] T036 [US2] For any touched destructive action, verify it still uses `Action::make(...)->action(...)`, `->requiresConfirmation()`, authorization, notification, and audit behavior.
+- [x] T037 [US2] Confirm Laravel 12 panel provider registration remains in `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/bootstrap/providers.php` and no panel provider is added to `bootstrap/app.php`.
+- [x] T038 [US2] If any Filament assets are newly registered unexpectedly, update deployment notes to include `cd apps/platform && php artisan filament:assets`; otherwise document asset strategy unchanged.
+
+**Checkpoint**: Active Filament environment owners are environment-first and route shape is stable.
+
+## Phase 5: Service, Support, Job, Policy, And Helper Rename
+
+**Purpose**: Remove platform-owned Tenant-first technical vocabulary outside Filament.
+
+- [x] T039 [US1] Rename `TenantMembershipManager` to `ManagedEnvironmentMembershipManager` and update DI, tests, and relation managers.
+- [ ] T040 [US1] Rename `TenantDiagnosticsService`, `TenantRequiredPermissionsViewModelBuilder`, `TenantPermissionService`, and related platform-owned support classes where classification confirms Managed Environment truth. **Partial 2026-05-13:** renamed diagnostics and required-permissions view-model builder; broader permission/review/onboarding families remain unresolved.
+- [ ] T041 [US1] Rename platform-owned support classes under `/Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform/app/Support/Tenants` to environment-first equivalents.
+- [ ] T042 [US1] Rename platform-owned dashboard, backup health, inventory coverage, portfolio triage, and RBAC support classes that describe Managed Environment behavior.
+- [ ] T043 [US1] Rename job constructor properties and named arguments such as `tenantId` only when they refer to platform Managed Environment IDs; preserve provider target-scope tenant IDs.
+- [ ] T044 [US2] Preserve RBAC policy behavior and update only class names, method parameter names, PHPDoc, imports, and tests.
+- [ ] T045 [US2] Keep workspace membership as role/capability authority and Managed Environment membership as narrowing-only.
+- [ ] T046 [US3] Preserve provider-owned Graph, Entra, Azure, and target-scope terminology in Graph clients, provider connections, verification reports, onboarding provider identity fields, and raw payloads.
+- [ ] T047 [US1] Rename platform-owned audit event/action names and audit metadata keys from tenant-first to managed-environment-first where classification confirms they refer to the platform object.
+- [ ] T048 [US1] Rename platform-owned OperationRun metadata keys plus evidence/report/review references from `tenant_*` to managed-environment names while preserving provider payload keys.
+
+**Checkpoint**: Platform-owned services/helpers/jobs/policies no longer rely on Tenant-first architecture names.
+
+## Phase 6: Tests, Fixtures, Browser Anchors, And Documentation Artifacts
+
+**Purpose**: Align tests and spec-local classification docs with final runtime state.
+
+- [ ] T049 [US1] Rename stale test files, helper functions, fixtures, datasets, and factory helper methods that refer to the platform Managed Environment object as Tenant. **Partial 2026-05-13:** updated class imports, selected helper names, and guard expectations; many historical/stale test file names and schema/model fixture families remain.
+- [ ] T050 [US1] Remove compatibility helpers such as `setTenantPanelContext`; keep only the environment/workspace helper style used by Specs 297-299.
+- [x] T051 [US2] Update Browser smoke tests only where selectors or visible environment route anchors require it.
+- [ ] T052 [US3] Update tests that assert provider-specific copy so they continue to expect Microsoft/Entra tenant terminology where provider-owned.
+- [x] T053 [US1] Refresh `specs/300-internal-tenant-model-naming-consolidation/tenant-reference-inventory.md` with final file-level classification and `Fixed?` status.
+- [x] T054 [US3] Refresh `specs/300-internal-tenant-model-naming-consolidation/allowed-tenant-references.md` with all final provider-specific, framework-required, historical, and regression-guard references.
+- [ ] T055 [US1] Ensure historical specs remain untouched except using them as dependency context.
+
+**Checkpoint**: Tests and classification artifacts match the final implementation.
+
+## Phase 7: Focused Validation
+
+**Purpose**: Prove route, RBAC, provider, Filament, and browser behavior after the rename.
+
+- [x] T056 [US2] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan route:list | rg "admin/t|admin/tenants|workspaces/.*/environments|operations|provider-connections|required-permissions"` and record route contract outcome.
+- [ ] T057 [US1] Run the broad tenant scan and confirm no unclassified active platform-owned tenant references remain. **Failed 2026-05-14:** scan still finds 1585 files with active tenant references; unresolved schema/model/resource families remain.
+- [ ] T058 [US3] Run the provider-allowed scan and confirm all remaining provider terms are documented. **Partial 2026-05-14:** provider terms are preserved in 433 files, but final exhaustive classification is blocked by unresolved platform-owned references.
+- [ ] T059 [US1] Run the migration/schema scan and confirm all platform-owned DB names are environment-first or explicitly classified. **Failed 2026-05-14:** tenant-named table/model families remain active across 131 files and current PostgreSQL schema.
+- [x] T060 [US2] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Guards`.
+- [x] T061 [US2] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Workspaces`.
+- [x] T062 [US2] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections`.
+- [x] T063 [US2] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/RequiredPermissions`.
+- [x] T064 [US2] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Filament`.
+- [x] T065 [US2] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Rbac`.
+- [x] T066 [US2] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php tests/Browser/Spec299WorkspaceOverviewCutoverSealSmokeTest.php`.
+- [x] T066A [US2] Add and run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec300ManagedEnvironmentNamingConsolidationSmokeTest.php` for the Spec 300 workspace overview, environment dashboard, operations, provider connection, required-permissions, and browser-console proof.
+- [x] T067 [US1] Run `cd /Users/ahmeddarrazi/Documents/projects/wt-plattform/apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`.
+- [x] T068 [US1] Run `git diff --check`.
+
+**Checkpoint**: Focused validation has passed or a stop decision is documented.
+
+## Phase 8: Final Report
+
+**Purpose**: Produce the required implementation close-out without hiding unresolved references.
+
+- [ ] T069 [US1] Report exact commands run and outcomes.
+- [ ] T070 [US1] Report rename summary using the table `Old | New | Type | Files`.
+- [ ] T071 [US1] Report DB changes using the table `Old table/column | New table/column | Migration/action`.
+- [ ] T072 [US3] Report remaining tenant references using the table `Reference | File | Category | Why allowed`.
+- [ ] T073 [US2] Report route contract status for workspace/environment routes, `/admin/t/...`, `/admin/tenants/...`, provider tenantless routes, and workspace operations routes.
+- [ ] T074 [US2] Report validation results including test counts, assertions, skipped tests, Browser smoke result, Pint result, and `git diff --check`.
+- [ ] T075 [US1] Declare exactly one final decision:
+  - `merge-ready; internal tenant naming consolidation complete`
+  - `merge-ready with documented provider/framework tenant references`
+  - `blocked by unresolved platform-owned tenant references`
+  - `blocked by migration/schema risk`
+  - `incomplete; canonical route or RBAC regression found`
+
+## Dependencies And Ordering
+
+- Phase 1 blocks all runtime edits.
+- Phase 2 guard tests should precede broad renames.
+- Phase 3 schema/model work should precede Filament/resource work where classes depend on model/table names.
+- Phase 4 and Phase 5 can be split by disjoint file ownership once route/model names settle.
+- Phase 6 must run after runtime renames.
+- Phase 7 and Phase 8 are final validation and close-out only.
+
+## Explicit Non-Implementation Boundaries
+
+- Do not add a `Tenant` alias class.
+- Do not revive `TenantPanelProvider`.
+- Do not restore `/admin/t/...` or `/admin/tenants/...`.
+- Do not rename provider-owned `tenantId`, `entra_tenant_id`, or `microsoft_tenant_id`.
+- Do not rewrite completed Specs 297-299.
+- Do not create a new provider framework.
+- Do not change OperationRun status/outcome semantics.
diff --git a/specs/300-internal-tenant-model-naming-consolidation/tenant-reference-inventory.md b/specs/300-internal-tenant-model-naming-consolidation/tenant-reference-inventory.md
new file mode 100644
index 00000000..aec2c881
--- /dev/null
+++ b/specs/300-internal-tenant-model-naming-consolidation/tenant-reference-inventory.md
@@ -0,0 +1,129 @@
+# Tenant Reference Inventory
+
+**Feature**: Spec 300 Internal Tenant Model Naming Consolidation  
+**Created**: 2026-05-13  
+**Status**: Preparation baseline; implementation must refresh and expand this to file-level close-out classification before runtime edits.
+
+## Preparation Baseline
+
+Commands run during preparation:
+
+```bash
+git status --short --branch
+git diff --stat
+git log -1 --oneline
+
+cd apps/platform
+./vendor/bin/sail artisan route:list | rg "admin/t|admin/tenants|workspaces/.*/environments|provider-connections|required-permissions|operations"
+```
+
+Observed during preparation:
+
+- Starting branch before Spec Kit script: `platform-dev`
+- Feature branch after Spec Kit script: `300-internal-tenant-model-naming-consolidation`
+- Starting commit: `b98bafcf feat: finalize managed environment cutover seal (#354)`
+- `ManagedEnvironment` model exists.
+- `ManagedEnvironmentFactory` exists.
+- `managed_environments` table exists.
+- No active `App\Models\Tenant` model was found in the model list or `apps/platform/app/Models`.
+- No `admin/t` or `admin/tenants` routes were found through Laravel Boost route lookup.
+- Sail route scan found canonical `/admin/workspaces/{workspace}/environments/...` routes but route parameters and route names still use `{tenant}` in many route definitions.
+
+Preparation scan counts:
+
+| Scan | Count | Notes |
+|---|---:|---|
+| Broad tenant scan | 2323 | Active code/tests/config/migrations still contain substantial tenant vocabulary. |
+| Provider-specific scan | 1661 | Many hits are likely legitimate provider/Graph/Entra tenant terms. |
+| Migration/schema scan | 851 | Table/column/index/constraint and historical migration naming need careful classification. |
+| Legacy route/helper/resource scan | 242 | Route/helper/resource names remain a focused cleanup area. |
+
+## Classification Rules
+
+| Category | Meaning | Action |
+|---|---|---|
+| `platform-managed-environment` | Internal platform object currently named Tenant but semantically Managed Environment | Rename |
+| `provider-specific` | Microsoft/Entra/Azure/Graph/external tenant concept | Keep |
+| `framework-required` | Filament/Laravel/package tenant API | Keep and document |
+| `historical` | Old specs/docs/changelogs/migration history where not active runtime truth | Keep unless active docs require update |
+| `regression-guard` | Negative tests or regexes preventing legacy reintroduction | Keep |
+| `test-fixture-stale` | Old test naming not tied to provider/framework/guard | Rename |
+| `blocked/unclear` | Ambiguous meaning | Inspect manually before changing |
+
+## Initial Inventory Summary
+
+| Pattern | Representative File(s) | Category | Action | Fixed? |
+|---|---|---|---|---|
+| `TenantResource`, `TenantDashboard`, `TenantDiagnostics`, `TenantRequiredPermissions` | `apps/platform/app/Filament/Resources/TenantResource.php`, `apps/platform/app/Filament/Pages/TenantDashboard.php`, `apps/platform/app/Filament/Pages/TenantDiagnostics.php`, `apps/platform/app/Filament/Pages/TenantRequiredPermissions.php` | `platform-managed-environment` | Rename active Filament technical owners | No - prep only |
+| `{tenant}` route parameter under `/admin/workspaces/{workspace}/environments/...` | `apps/platform/routes/web.php` | `platform-managed-environment` | Rename parameter where feasible to `{environment}` while preserving URL segment | No - prep only |
+| `managed_environments` with tenant-named migration/index files | `apps/platform/database/migrations/2025_12_10_000100_create_tenants_table.php`, `apps/platform/database/migrations/*_tenants_*` | `platform-managed-environment` or `historical` | Rename active schema names where safe; classify historical migration names | No - prep only |
+| `tenant_permissions`, `tenant_role_mappings`, `tenant_settings`, `tenant_reviews`, `tenant_review_sections`, `tenant_triage_reviews` | `apps/platform/app/Models/TenantPermission.php`, `apps/platform/app/Models/TenantReview.php`, related migrations | `platform-managed-environment` pending file-level review | Rename if they point to Managed Environment product truth | No - prep only |
+| `TenantMembershipManager`, `TenantDiagnosticsService`, `TenantRequiredPermissionsViewModelBuilder` | `apps/platform/app/Services/Auth/TenantMembershipManager.php`, `apps/platform/app/Services/Auth/TenantDiagnosticsService.php`, `apps/platform/app/Services/Intune/TenantRequiredPermissionsViewModelBuilder.php` | mixed: `platform-managed-environment` and possible provider-specific | Classify by method/field before rename | No - prep only |
+| `setTenantPanelContext`, `panel: 'tenant'`, `panel: "tenant"` | Guard/test scan returned matches | `test-fixture-stale` or `regression-guard` | Remove stale helpers; keep negative guard literals only | No - prep only |
+| `Filament::getTenant()`, `Filament::setTenant()`, tenancy contracts | Filament framework usages in app/resources/views/tests | `framework-required` | Keep and document | No - prep only |
+| `tenantId`, `entra_tenant_id`, `microsoft_tenant_id`, `Microsoft tenant ID` | Provider connections, Graph services, onboarding, verification, target scope | `provider-specific` | Keep and document | No - prep only |
+| Historical completed specs 297-299 tenant references | `specs/297-*`, `specs/298-*`, `specs/299-*` | `historical` / `regression-guard` | Do not rewrite completed specs | N/A |
+
+## Required Close-Out State
+
+Before Spec 300 can be reported merge-ready, this inventory must be replaced or extended with file-level rows for all remaining active tenant references and each row must have:
+
+- Pattern/reference
+- File
+- Category
+- Action taken
+- Fixed? status
+- Why allowed if not renamed
+
+No `blocked/unclear` or unclassified active platform-owned reference may remain at close-out.
+
+## Implementation Loop Slice - 2026-05-13
+
+This implementation loop completed a bounded Filament/page/widget/route-owner slice and stopped before the schema/model/table phase. The stop condition is `blocked by unresolved platform-owned tenant references`: remaining database and domain families are too broad to safely rename as a follow-on to the UI route-owner rename without a separate focused pass and migration plan.
+
+Validation scan counts after the slice:
+
+| Scan | Count | Outcome |
+|---|---:|---|
+| Broad active `tenant` file scan | 1559 files | Not clean; includes provider/framework terms plus unresolved platform-owned schema/model/test families. |
+| Tenant schema/model family scan | 230 files | Not clean; active `TenantReview`, `TenantPermission`, `TenantOnboardingSession`, `TenantTriageReview`, tenant-named factories, migrations, resources, and tests remain. |
+| Old Filament owner scan | 2 files | Clean for active runtime; remaining hits are regression guard literals and action-surface reference notes only. |
+
+Completed runtime rename summary:
+
+| Pattern | Representative File(s) | Category | Action | Fixed? |
+|---|---|---|---|---|
+| `TenantResource` | `apps/platform/app/Filament/Resources/ManagedEnvironmentResource.php` | `platform-managed-environment` | Renamed resource class and references to `ManagedEnvironmentResource` | Yes |
+| `TenantResource` nested pages | `apps/platform/app/Filament/Resources/ManagedEnvironmentResource/Pages/*` | `platform-managed-environment` | Renamed `ListTenants`, `ViewTenant`, `EditTenant`, `ManageTenantMemberships` to environment-first page owners | Yes |
+| `TenantMembershipsRelationManager` | `apps/platform/app/Filament/Resources/ManagedEnvironmentResource/RelationManagers/ManagedEnvironmentMembershipsRelationManager.php` | `platform-managed-environment` | Renamed relation manager | Yes |
+| `TenantDashboard`, `TenantDiagnostics`, `TenantRequiredPermissions` | `apps/platform/app/Filament/Pages/EnvironmentDashboard.php`, `EnvironmentDiagnostics.php`, `EnvironmentRequiredPermissions.php` | `platform-managed-environment` | Renamed page owners and Blade page views | Yes |
+| `Widgets/Tenant` environment widgets | `apps/platform/app/Filament/Widgets/ManagedEnvironment/*` | `platform-managed-environment` | Moved widget namespace and renamed tenant-prefixed widget classes | Yes |
+| `{tenant}` on canonical environment routes | `apps/platform/routes/web.php`, `apps/platform/app/Filament/Concerns/WorkspaceScopedTenantRoutes.php` | `platform-managed-environment` | Renamed route parameter to `{environment}` for canonical workspace environment routes while preserving URL segments | Yes |
+| `TenantMembershipManager`, `TenantDiagnosticsService`, `TenantRequiredPermissionsViewModelBuilder` | `apps/platform/app/Services/Auth/*`, `apps/platform/app/Services/Intune/*` | `platform-managed-environment` | Renamed first service-owner slice | Yes |
+
+Remaining unresolved platform-owned references:
+
+| Pattern/reference | Representative file(s) | Category | Action needed | Fixed? |
+|---|---|---|---|---|
+| `TenantReview`, `TenantReviewResource`, `tenant_reviews`, `tenant_review_sections` | `apps/platform/app/Filament/Resources/TenantReviewResource.php`, `apps/platform/app/Models/TenantReview.php`, review tests/factories/migrations | `platform-managed-environment` pending review | Requires dedicated review/evidence/customer-review rename plan and migrations | No |
+| `TenantPermission`, `tenant_permissions` | `apps/platform/app/Models/TenantPermission.php`, required-permissions tests/factories/migrations | `platform-managed-environment` pending review | Requires schema/model/resource/support rename with provider permission terminology preserved | No |
+| `TenantOnboardingSession`, `managed_tenant_onboarding_sessions` | `apps/platform/app/Models/TenantOnboardingSession.php`, onboarding routes/services/tests | `platform-managed-environment` pending review | Requires onboarding-session rename and route/controller/service updates | No |
+| `TenantTriageReview`, `tenant_triage_reviews` | portfolio triage models/support/tests | `platform-managed-environment` pending review | Requires portfolio triage domain rename | No |
+| `tenantId` variables/named args using Managed Environment primary keys | jobs, resources, support helpers, tests | mixed | Classify provider target-scope tenant IDs vs platform Managed Environment IDs before rename | No |
+| Stale test file names and historical helper names | `apps/platform/tests/Feature/Filament/Tenant*`, `tests/Browser/Tenant*` | `test-fixture-stale` | Rename in a separate broad test-file pass after schema/domain names settle | Partial |
+
+Commands run and outcomes:
+
+| Command | Outcome |
+|---|---|
+| `./vendor/bin/sail artisan route:list \| rg "admin/t\|admin/tenants\|workspaces/.*/environments\|provider-connections\|required-permissions\|operations"` | Passed; canonical environment routes use `{environment}` and no active `/admin/t` or `/admin/tenants` route appeared. |
+| `./vendor/bin/sail composer dump-autoload` | Passed; emitted pre-existing PSR-4 warnings for test helper classes and ran Filament asset publish hook without tracked public asset changes. |
+| `./vendor/bin/sail artisan test --compact tests/Feature/Guards` | Passed: 266 tests, 4707 assertions. |
+| `./vendor/bin/sail artisan test --compact tests/Feature/Workspaces tests/Feature/ProviderConnections` | Passed: 174 tests, 864 assertions. |
+| `./vendor/bin/sail artisan test --compact tests/Feature/RequiredPermissions ... access-scope tests` | Passed: 49 tests, 203 assertions. |
+| `./vendor/bin/sail artisan test --compact tests/Feature/Filament` | Passed: 773 tests, 5017 assertions, 5 skipped. |
+| `./vendor/bin/sail artisan test --compact tests/Feature/Rbac` | Passed: 156 tests, 744 assertions. |
+| `./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php tests/Browser/Spec299WorkspaceOverviewCutoverSealSmokeTest.php` | Passed: 3 tests, 38 assertions. |
+| `./vendor/bin/sail artisan test --compact tests/Browser/Dashboard/TenantDashboardProductizationSmokeTest.php tests/Browser/TenantMembershipsPageTest.php` | Passed: 2 tests, 68 assertions. |
+| `./vendor/bin/sail bin pint --dirty --format agent` | Passed. |
+| `git diff --check` | Passed. |