2026-04-29 22:44:29 +00:00
2 changed files with 40 additions and 255 deletions
--- a/docs/product/implementation-ledger.md
+++ b/docs/product/implementation-ledger.md
@ -15,7 +15,7 @@ ## Purpose
 ## Current Product Position
-TenantPilot ist aktuell ein starkes internes Governance- und Operations-Produkt mit belastbaren Foundations fuer Execution Truth, Baselines/Drift, Findings, Evidence, Reviews, Review Packs, Supportability, Telemetry und Safety Controls. Die Repo-Wahrheit liegt damit ueber einer simplen Lesart von "R1 done / R2 partial". Gleichzeitig ist das Produkt noch nicht voll als kundenseitig konsumierbare Review- und Portfolio-Plattform ausgereift: Customer-safe Review Consumption, Cross-Tenant-Workflows und kommerzielle Lifecycle-Reife sind noch unvollstaendig. Zusaetzlich zeigt der Repo-Stand eine schmale Findings-Cleanup-Lane: sichtbare Lifecycle-Backfill-Runtime-Surfaces, `acknowledged`-Kompatibilitaet und fehlende explizite Creation-Time-Invariant-Absicherung sollten als getrennte Folgespecs behandelt werden.
+TenantPilot ist aktuell ein starkes internes Governance- und Operations-Produkt mit belastbaren Foundations fuer Execution Truth, Baselines/Drift, Findings, Evidence, Reviews, Review Packs, Supportability, Telemetry und Safety Controls und inzwischen repo-real umgesetzten Customer-safe Review Consumption, Risk-Acceptance/Exception-Workflow, Findings-/Governance-Inboxen und einer DE/EN-Locale-Foundation. Die Repo-Wahrheit liegt damit klar ueber einer simplen Lesart von "R1 done / R2 partial". Gleichzeitig ist das Produkt noch nicht voll als kundenseitig konsumierbare Portfolio- und Commercial-Plattform ausgereift: Cross-Tenant-Workflows, Compare/Promotion, Billing-/Lifecycle-Reife und Private-AI-Governance bleiben unvollstaendig. Zusaetzlich zeigt der Repo-Stand weiterhin eine schmale Findings-Cleanup-Lane: sichtbare Lifecycle-Backfill-Runtime-Surfaces, `acknowledged`-Kompatibilitaet und fehlende explizite Creation-Time-Invariant-Absicherung sollten als getrennte Folgespecs behandelt werden.
 ## Status Model
@ -41,24 +41,24 @@ ## Roadmap Coverage Summary
 | Roadmap Area | Status | Evidence Level | UI Ready | Tested | Sellable | Notes |
 |---|---|---:|---|---|---|---|
 | R1 Golden Master Governance | adopted | strong | yes | repo tests, not run | yes | Baselines, Drift, Findings und OperationRun-Truth sind breit im Produkt verankert. |
-| R2 Tenant Reviews, Evidence & Control Foundation | adopted | strong | yes | repo tests, not run | almost | Review-, Evidence- und Control-Foundations sind stark; Customer Review Workspace fehlt noch. |
+| R2 Tenant Reviews, Evidence & Control Foundation | adopted | strong | yes | repo tests, not run | yes | Reviews, Evidence, Review Packs, Customer Review Workspace und Control-/Exception-Layer greifen als reale Governance-Surface zusammen. |
 | Alert escalation + notification routing | implemented_verified | strong | partial | repo tests, not run | yes | Alert-Regeln, Dispatch, Cooldown und Quiet Hours sind real. |
 | Governance & Architecture Hardening | implemented_partial | strong | partial | repo tests, not run | foundation-only | Viele Hardening-Slices sind bereits im Code, die Lane bleibt aber aktiv. |
-| UI & Product Maturity Polish | implemented_partial | medium | partial | partial repo tests, not run | no | Einzelne Polishing-Slices sind da, aber kein geschlossenes "fertig"-Signal auf Theme-Ebene. |
+| UI & Product Maturity Polish | implemented_partial | strong | partial | partial repo tests, not run | no | Empty States, Navigation, Localization und read-only Review-Polish sind real, aber kein geschlossenes Theme-Completion-Signal. |
 | Secret & Security Hardening | implemented_verified | strong | yes | repo tests, not run | almost | Provider-Verifikation, Permission-Diagnostics und Redaction sind belastbar. |
 | Baseline Drift Engine (Cutover) | adopted | strong | yes | repo tests, not run | yes | Compare- und Drift-Workflow wirken als produktive Kernfunktion. |
-| R1.9 Platform Localization v1 | planned | none | no | no | no | Keine belastbare Locale-Foundation im Repo gefunden. |
+| R1.9 Platform Localization v1 | implemented_verified | strong | yes | repo tests, not run | foundation-only | Locale-Resolver, Override/Praeferenz, Workspace-Default, Fallback und lokalisierte Notifications sind repo-real. |
 | Product Scalability & Self-Service Foundation | implemented_partial | strong | yes | repo tests, not run | almost | Onboarding, Support, Help und Entitlements sind weit; Billing, Trial und Demo-Reife fehlen. |
 | R2.0 Canonical Control Catalog Foundation | implemented_verified | strong | partial | repo tests, not run | foundation-only | Bereits implementiert und in Evidence/Reviews referenziert, aber kein eigenstaendiger Kundennutzen-Surface. |
-| R2 Completion: customer review, support, help | implemented_partial | strong | yes | repo tests, not run | almost | Support und Help sind real; kundensichere Review-Consumption ist noch offen. |
+| R2 Completion: customer review, support, help | adopted | strong | yes | repo tests, not run | yes | Customer Review Workspace, Support Diagnostics/Requests und Help-Katalog sind repo-real. |
-| Findings Workflow v2 / Execution Layer | implemented_partial | strong | yes | repo tests, not run | almost | Triage, Ownership, Alerts und Hygiene sind vorhanden; der naechste Operator-Layer fehlt und Legacy-Cleanup um Backfill-/Status-Kompatibilitaet bleibt offen. |
+| Findings Workflow v2 / Execution Layer | adopted | strong | yes | repo tests, not run | almost | Triage, Ownership, My Work, Intake, Governance Inbox, Exceptions und Alerts/Hygiene sind real; Cross-Tenant-Decisioning bleibt spaeter. |
 | Policy Lifecycle / Ghost Policies | specified | weak | no | no | no | Als Richtung sichtbar, aber nicht als repo-verifizierter Workflow. |
 | Platform Operations Maturity | implemented_partial | strong | yes | repo tests, not run | almost | System Panel, Control Tower und Ops Controls sind real; CSV/Raw Drilldowns bleiben offen. |
 | Product Usage, Customer Health & Operational Controls | adopted | strong | yes | repo tests, not run | almost | Diese Mid-term-Lane ist im Repo bereits substanziell vorhanden. |
 | Private AI Execution & Usage Governance Foundation | planned | none | no | no | no | Keine belastbare AI-Governance-Foundation im Repo. |
 | MSP Portfolio & Operations | implemented_partial | medium | partial | repo tests, not run | foundation-only | Portfolio-Triage ist da; Compare/Promotion und Decision Workboard fehlen. |
-| Human-in-the-Loop Autonomous Governance | planned | none | no | no | no | Kein repo-verifizierter Decision-Pack- oder Approval-Workflow. |
+| Human-in-the-Loop Autonomous Governance | planned | none | no | no | no | Kein repo-verifizierter Decision-Pack- oder Approval-Workflow jenseits des jetzigen Exception-/Review-Layers. |
-| Drift & Change Governance | specified | weak | no | no | no | Einzelne Foundations existieren, die thematische Produkt-Lane aber nicht. |
+| Drift & Change Governance | implemented_partial | strong | yes | repo tests, not run | almost | Drift review, accepted-risk governance, exception validity und Governance-Inbox-Surfaces sind repo-real; portfolio-weite Eskalation bleibt offen. |
 | Standardization & Policy Quality | planned | none | no | no | no | Keine starke Repo-Evidence fuer eine Intune-Linting- oder Policy-Quality-Oberflaeche. |
 | PSA / Ticketing Handoff | planned | none | no | no | no | Support Requests existieren, externe Handoff-Integration aber nicht. |
@ -69,10 +69,13 @@ ## Implemented Capabilities
 | OperationRun truth layer | implemented_verified | yes | partial | repo tests, not run | yes | foundation-only | `app/Models/OperationRun.php`; `tests/Feature/System/*`; `tests/Feature/ReviewPack/*` |
 | Baseline profiles, snapshots and compare | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Models/BaselineProfile.php`; `app/Models/BaselineSnapshot.php`; `app/Services/Baselines/BaselineCompareService.php` |
 | Drift findings and governance pressure | adopted | yes | yes | repo tests, not run | yes | yes | `app/Models/Finding.php`; `app/Filament/Widgets/Dashboard/RecentDriftFindings.php`; `tests/Feature/Findings/*` |
 | Findings inboxes and governance inbox | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Filament/Pages/Findings/MyFindingsInbox.php`; `app/Filament/Pages/Findings/FindingsIntakeQueue.php`; `app/Filament/Pages/Governance/GovernanceInbox.php`; `tests/Feature/Findings/MyWorkInboxTest.php`; `tests/Feature/Governance/*` |
 | Finding exceptions and risk acceptance workflow | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/FindingException.php`; `app/Services/Findings/FindingExceptionService.php`; `app/Filament/Resources/FindingExceptionResource.php`; `tests/Feature/Findings/FindingExceptionWorkflowTest.php` |
 | Restore workflow with safety gates | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Models/OperationRun.php`; restore gates and tests in `tests/Feature/Restore/*` |
 | Evidence snapshots | implemented_verified | yes | yes | repo tests, not run | yes | foundation-only | `app/Models/EvidenceSnapshot.php`; `app/Services/Evidence/EvidenceSnapshotService.php`; `tests/Feature/Evidence/*` |
 | Tenant reviews | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/TenantReview.php`; `app/Services/TenantReviews/TenantReviewService.php`; `tests/Feature/TenantReview/*` |
 | Review pack generation and export | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Models/ReviewPack.php`; `app/Services/ReviewPackService.php`; `tests/Feature/ReviewPack/*` |
 | Customer review workspace | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`; `tests/Feature/Reviews/*`; `tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php` |
 | Alerts and notification routing | implemented_verified | yes | partial | repo tests, not run | yes | yes | `app/Services/Alerts/AlertDispatchService.php`; `tests/Feature/*Alert*` |
 | Provider health, onboarding readiness and required permissions | adopted | yes | yes | repo tests, not run | yes | almost | `app/Jobs/ProviderConnectionHealthCheckJob.php`; `app/Services/Onboarding/OnboardingLifecycleService.php`; `app/Filament/Pages/TenantRequiredPermissions.php` |
 | Permission posture reporting | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Services/PermissionPosture/PermissionPostureFindingGenerator.php`; `tests/Feature/PermissionPosture/*` |
@ -81,6 +84,7 @@ ## Implemented Capabilities
 | Support diagnostics | adopted | yes | yes | repo tests, not run | yes | almost | `app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php`; `app/Filament/Pages/TenantDashboard.php`; `tests/Feature/SupportDiagnostics/*` |
 | In-app support requests | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/SupportRequest.php`; `app/Support/SupportRequests/*`; `tests/Feature/SupportRequests/*` |
 | Product knowledge and contextual help | implemented_partial | yes | yes | repo tests, not run | partial | almost | `app/Support/ProductKnowledge/ContextualHelpCatalog.php`; `tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php` |
 | Localization foundation | implemented_verified | yes | yes | repo tests, not run | partial | foundation-only | `app/Services/Localization/LocaleResolver.php`; `app/Http/Controllers/LocalizationController.php`; `tests/Feature/Localization/*` |
 | Product telemetry | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/ProductUsageEvent.php`; `app/Filament/System/Widgets/ProductTelemetryKpis.php`; `tests/Feature/System/ProductTelemetry/*` |
 | Customer health scoring | implemented_verified | yes | yes | repo tests, not run | partial | almost | `app/Filament/System/Widgets/CustomerHealthKpis.php`; `app/Filament/System/Widgets/CustomerHealthTopWorkspaces.php`; `tests/Feature/System/CustomerHealth/*` |
 | Operational controls | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/OperationalControlActivation.php`; `app/Support/OperationalControls/*`; `tests/Feature/System/OpsControls/*` |
@ -99,14 +103,15 @@ ## Foundation-Only Capabilities
 - Canonical control catalog: starke semantische Foundation fuer Evidence, Findings und Reviews.
 - Stored reports substrate: wichtig fuer Reports, Evidence und Diagnostics, aber kein eigenstaendiges Produktversprechen.
 - Evidence snapshot substrate: tragende technische Basis fuer Reviews und Exports.
 - Localization foundation: resolved locale precedence, Workspace-Default, User-Praeferenz/Override und Notification-Formatting sind real, aber Enablement statt eigener Produkt-Surface.
 - Operational control registry and evaluator: starke Safety-Control-Foundation, primar operatorseitig.
 - Customer health scoring: reale interne SaaS-Operations-Layer, aber noch keine eigenstaendige Kundenoberflaeche.
 - Portfolio triage continuity: sinnvoller Multi-Tenant-Unterbau, aber noch kein vollstaendiges Portfolio-Produkt.
 ## Partial Capabilities
- Customer-facing review consumption: Tenant Reviews, Evidence Snapshots und Review Packs sind stark, aber ein repo-verifizierter Customer Review Workspace fehlt.
+- Customer-facing review consumption: Tenant Reviews, Evidence Snapshots, Review Packs und der Customer Review Workspace sind repo-real, aber portfolio-weite Consumption- und Sharing-Patterns bleiben offen.
- Findings Workflow v2: Triage, Assignment, Hygiene und Notifications sind vorhanden, aber kein konsolidierter Decision-/Inbox-Layer; zusaetzlich bleibt Cleanup debt um Lifecycle-Backfill-Surfaces, `acknowledged`-Kompatibilitaet und explizite Creation-Time-Invarianten.
+- Findings Workflow v2: Triage, Assignment, My Work, Intake, Governance Inbox, Exceptions und Notifications sind vorhanden; spaetere Cross-Tenant-Decisioning-Layer und Cleanup debt um Lifecycle-Backfill-Surfaces, `acknowledged`-Kompatibilitaet und explizite Creation-Time-Invarianten bleiben offen.
 - Product scalability and self-service: Onboarding, Support, Help und Entitlements sind weit, Billing-, Trial- und Demo-Reife aber nicht.
 - MSP portfolio operations: Portfolio-Triage ist vorhanden, Cross-Tenant Compare und Promotion fehlen.
 - Platform operations maturity: Control Tower und Ops Controls sind stark, aber einige geplante operatorseitige Drilldowns/Exports fehlen noch.
@ -114,13 +119,12 @@ ## Partial Capabilities
 ## Planned But Not Implemented
 - Platform Localization v1
 - Private AI Execution & Usage Governance Foundation
 - Human-in-the-Loop Autonomous Governance
 - Standardization & Policy Quality / Intune Linting
 - PSA / Ticketing Handoff
 - Customer Review Workspace v1
 - Cross-Tenant Compare and Promotion v1
 - Policy Lifecycle / Ghost Policies
 - Later compliance overlays beyond the current control/evidence foundation
 ## Release Readiness
@ -128,8 +132,8 @@ ## Release Readiness
 | Release / Theme | Readiness | Notes |
 |---|---|---|
 | R1 Golden Master Governance | implemented | Die zentrale Governance- und Execution-Layer ist repo-verifiziert und breit adoptiert. |
-| R2 Tenant Reviews & Evidence Packs | partially implemented | Reviews, Evidence Snapshots und Review Packs sind stark; kundensichere Consumption fehlt noch. |
+| R2 Tenant Reviews & Evidence Packs | implemented | Reviews, Evidence Snapshots, Review Packs, Customer Review Workspace und Exception-/Accepted-Risk-Workflow sind repo-real; breitere Commercial-Polish-Themen bleiben separat. |
-| R3 MSP Portfolio OS | foundation only | Portfolio-Triage ist da, aber Compare/Promotion und Decision Workflows fehlen. |
+| R3 MSP Portfolio OS | foundation only | Portfolio-Triage und Governance-Surfaces sind da, aber Compare/Promotion und portfolio-weite Action-Layer fehlen. |
 | Later Compliance Light | foundation only | Canonical Controls, Evidence und Exceptions existieren als Grundlage; ein Compliance-Produkt ist nicht repo-proven. |
 ## Commercial Readiness
@ -138,14 +142,16 @@ ### Demo-ready
 - Baseline compare and drift walkthroughs
 - Review pack generation and export
 - Customer-safe review workspace walkthroughs
 - Provider health, onboarding readiness and required permissions
 - Support diagnostics
 - Permission posture and Entra admin roles reporting
 ### Almost sellable
- Review-driven governance workflow around tenant reviews and review packs
+- Review-driven governance workflow rund um Tenant Reviews, Customer Review Workspace, accepted risks und Review Packs
 - Baseline drift and restore governance
 - Findings workflow mit persönlicher Inbox, Intake, Governance Inbox und Exception-Handling
 - Alerting and run visibility for governance operations
 - Support requests with contextual diagnostics
 - Provider readiness and permission posture reporting
@ -159,6 +165,7 @@ ### Foundation-only
 - Canonical control catalog
 - Stored reports substrate
 - Evidence snapshot substrate
 - Localization foundation
 - Product telemetry
 - Customer health scoring
 - Operational controls
@ -166,9 +173,7 @@ ### Foundation-only
 ### Not sellable yet
 - Customer Review Workspace v1
 - Cross-Tenant Compare and Promotion v1
 - Localization v1
 - Private AI Execution Governance Foundation
 - External Support Desk / PSA Handoff
 - Compliance Light product layer
@ -177,40 +182,39 @@ ## Open Gaps & Blockers
 | Gap | Type | Impact | Roadmap Area | Recommended Spec |
 |---|---|---|---|---|
-| Customer-safe review workspace is missing | Release blocker | Existing review and evidence assets cannot yet be consumed as a clear customer-facing surface | R2 completion / Tenant Reviews | P0 Customer Review Workspace v1 |
+| Decisioning still spans multiple repo-real inboxes | UX blocker | My Findings, Intake, Governance Inbox und Exception Queue sind real, aber Operators springen weiter zwischen mehreren Spezial-Surfaces und es gibt noch keinen portfolio-weiten Action-Layer | Findings Workflow / MSP Portfolio | P1 Governance Decision Surface Convergence |
 | No consolidated operator decision inbox | UX blocker | Operators still move between findings, runs, alerts and portfolio surfaces to act | Findings Workflow / MSP Portfolio | P0 Decision-Based Governance Inbox v1 |
 | Findings lifecycle backfill runtime surfaces remain productized | Cleanup blocker | Runbooks, commands, capabilities and tenant actions still expose a pre-production repair path that should not ship as product truth | Findings Workflow / Legacy Removal | P1 Remove Findings Lifecycle Backfill Runtime Surfaces |
 | Legacy `acknowledged` status compatibility still survives | Semantics blocker | Status helpers, filters, badges, capability aliases and tests keep non-canonical workflow semantics alive | Findings Workflow / RBAC | P1 Remove Legacy Acknowledged Finding Status Compatibility |
 | Creation-time finding invariants are implied but not explicitly protected | Integrity blocker | Future finding generators could regress into partial lifecycle writes and recreate the need for repair tooling | Findings Workflow / Data Integrity | P1 Enforce Creation-Time Finding Invariants |
 | Cross-tenant compare and promotion is not repo-proven | Release blocker | MSP portfolio story remains partial | MSP Portfolio & Operations | P1 Cross-Tenant Compare and Promotion v1 |
 | Localization foundation is absent | UX blocker | Product polish and DACH-readiness remain limited | R1.9 Platform Localization v1 | P1 Localization v1 |
 | Entitlements stop short of full commercial lifecycle | Commercialization blocker | Plan gating exists, but trial, grace and suspension semantics remain incomplete | Product Scalability & Self-Service Foundation | P2 Commercial Entitlements and Billing-State Maturity |
 | Support requests do not hand off to an external desk | Commercialization blocker | Support operations still depend on manual follow-through outside the product | R2 completion / Support | P2 External Support Desk / PSA Handoff |
 | AI governance foundation is absent | Architecture blocker | Future AI features would risk trust and policy drift if added directly | Private AI Execution & Usage Governance | P3 Private AI Execution Governance Foundation |
-| Roadmap understates current repo truth | Architecture blocker | Prioritization can drift because strategy docs lag implementation | Product planning / roadmap maintenance | none - docs alignment |
+| Roadmap understates current repo truth | Architecture blocker | Prioritization can drift because strategy docs still lag neuere Review-, Findings- und Localization-Surfaces | Product planning / roadmap maintenance | none - docs alignment |
 | Test files were not executed for this ledger update | Testing blocker | This document relies on code plus test presence, not live runtime validation | all areas | none - run targeted suites |
 ## Recommended Next Specs
- `P0 Customer Review Workspace v1`: turns existing reviews, evidence and review-pack outputs into a customer-safe read-only product surface.
+- `P1 Governance Decision Surface Convergence`: verbindet My Findings, Intake, Governance Inbox, Customer Review Workspace und Exception Queue zu weniger Operator-Journeys und bereitet die Portfolio-Ebene vor.
 - `P0 Decision-Based Governance Inbox v1`: consolidates existing findings, runs, alerts and triage signals into one operator work surface.
 - `P1 Remove Findings Lifecycle Backfill Runtime Surfaces`: removes visible pre-production repair tooling from runbooks, commands, actions, capabilities and deploy/runtime hooks.
 - `P1 Remove Legacy Acknowledged Finding Status Compatibility`: collapses findings workflow semantics onto the canonical `triaged` model and removes stale RBAC/query aliases.
 - `P1 Enforce Creation-Time Finding Invariants`: proves that new findings are lifecycle-ready at write time so no repair backfill has to return later.
 - `P1 Cross-Tenant Compare and Promotion v1`: needed to move from portfolio visibility to portfolio action.
 - `P1 Localization v1`: still absent in repo and becomes more expensive the later it lands.
 - `P2 Commercial Entitlements and Billing-State Maturity`: extends the already real entitlement substrate into a usable commercial lifecycle.
 - `P2 External Support Desk / PSA Handoff`: extends support requests beyond internal persistence.
 - `P3 Private AI Execution Governance Foundation`: should exist before feature-level AI adoption, not after it.
 ## Roadmap Drift Notes
 - `roadmap.md` understates current R2 completion. Customer Review Workspace, published review handoff, review-pack downloads und der Finding-Exception-/Risk-Acceptance-Workflow sind bereits repo-real.
 - `roadmap.md` understates findings workflow maturity. My Findings, Intake, Governance Inbox und Exception Queue existieren bereits im Repo.
 - `roadmap.md` understates localization maturity. Locale resolution order, Workspace-Default, User-Praeferenz, lokalisierte Notifications und Fallback-Tests sind implementiert.
 - `roadmap.md` understates the current R2 control foundation. Canonical controls, stored reports, permission posture and Entra admin roles are already repo-real, not just near-term ideas.
 - `roadmap.md` understates product supportability. Support diagnostics, in-app support requests and contextual help already exist in the repo.
 - `roadmap.md` understates operational maturity. Product telemetry, customer health and operational controls are already implemented and wired into the system panel.
 - `roadmap.md` understates commercial foundations. A workspace entitlement resolver, plan profiles and enforcement points already exist, even though full billing-state maturity does not.
- The roadmap is stronger at describing missing customer-facing consumption than missing backend foundations. Customer Review Workspace v1, Cross-Tenant Compare and Promotion, Localization and AI Governance still look genuinely unimplemented.
+- The roadmap is now better at describing still-missing portfolio- und commercial-Layer than the current state of review/findings/localization implementation. Cross-Tenant Compare and Promotion, full billing-state maturity, external PSA handoff and AI Governance still look genuinely unimplemented.
- The main drift pattern is underestimation, not overestimation. The only place where optimism should still be resisted is customer-facing review maturity: internal review and evidence foundations are strong, but the repo does not yet prove a finished customer review workspace.
+- The main drift pattern is underestimation, not overestimation. Customer-facing review consumption is no longer the clearest missing piece; portfolio action and commercial lifecycle are.
 ## Evidence Sources
@ -227,12 +231,19 @@ ## Evidence Sources
 - `apps/platform/app/Filament/Pages/TenantDashboard.php`
 - `apps/platform/app/Filament/System/Pages/Dashboard.php`
 - `apps/platform/app/Filament/Pages/TenantRequiredPermissions.php`
 - `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`
 - `apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php`
 - `apps/platform/app/Filament/Pages/Findings/FindingsIntakeQueue.php`
 - `apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php`
 - `apps/platform/app/Filament/Pages/Monitoring/FindingExceptionsQueue.php`
 Wichtige Models:
 - `apps/platform/app/Models/OperationRun.php`
 - `apps/platform/app/Models/Finding.php`
 - `apps/platform/app/Models/FindingException.php`
 - `apps/platform/app/Models/FindingExceptionDecision.php`
 - `apps/platform/app/Models/FindingExceptionEvidenceReference.php`
 - `apps/platform/app/Models/BaselineProfile.php`
 - `apps/platform/app/Models/BaselineSnapshot.php`
 - `apps/platform/app/Models/EvidenceSnapshot.php`
@ -251,6 +262,7 @@ ## Evidence Sources
 - `apps/platform/app/Services/Evidence/EvidenceSnapshotService.php`
 - `apps/platform/app/Services/Baselines/BaselineCompareService.php`
 - `apps/platform/app/Services/Alerts/AlertDispatchService.php`
 - `apps/platform/app/Services/Findings/FindingExceptionService.php`
 - `apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php`
 - `apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php`
 - `apps/platform/app/Services/Entitlements/WorkspaceEntitlementResolver.php`
@ -258,6 +270,7 @@ ## Evidence Sources
 - `apps/platform/app/Support/Governance/Controls/CanonicalControlCatalog.php`
 - `apps/platform/app/Services/Audit/WorkspaceAuditLogger.php`
 - `apps/platform/app/Services/Auth/CapabilityResolver.php`
 - `apps/platform/app/Services/Localization/LocaleResolver.php`
 Wichtige Test-Anker im Repo:
@ -276,4 +289,4 @@ ## Evidence Sources
 ## Last Updated
-2026-04-27 on branch `248-private-ai-policy-foundation`
+2026-04-29 on branch `platform-dev`
--- a/specs/900-policy-lifecycle/spec.md
+++ b/specs/900-policy-lifecycle/spec.md
@ -1,228 +0,0 @@
 # Feature 005: Policy Lifecycle Management
 ## Overview
 Implement proper lifecycle management for policies that are deleted in Intune, including soft delete, UI indicators, and orphaned policy handling.
 ## Problem Statement
 Currently, when a policy is deleted in Intune:
 - ❌ Policy remains in TenantAtlas database indefinitely
 - ❌ No indication that policy no longer exists in Intune
 - ❌ Backup Items reference "ghost" policies
 - ❌ Users cannot distinguish between active and deleted policies
 **Discovered during**: Feature 004 manual testing (user deleted policy in Intune)
 ## Goals
 - **Primary**: Implement soft delete for policies removed from Intune
 - **Secondary**: Show clear UI indicators for deleted policies
 - **Tertiary**: Maintain referential integrity for Backup Items and Policy Versions
 ## Scope
 - **Policy Sync**: Detect missing policies during `SyncPoliciesJob`
 - **Data Model**: Add `deleted_at`, `deleted_by` columns (Laravel Soft Delete pattern)
 - **UI**: Badge indicators, filters, restore capability
 - **Audit**: Log when policies are soft-deleted and restored
 ---
 ## User Stories
 ### User Story 1 - Automatic Soft Delete on Sync
 **As a system administrator**, I want policies deleted in Intune to be automatically marked as deleted in TenantAtlas, so that the inventory reflects the current Intune state.
 **Acceptance Criteria:**
 1. **Given** a policy exists in TenantAtlas with `external_id` "abc-123",
   **When** the next policy sync runs and "abc-123" is NOT returned by Graph API,
   **Then** the policy is soft-deleted (sets `deleted_at = now()`)
 2. **Given** a soft-deleted policy,
   **When** it re-appears in Intune (same `external_id`),
   **Then** the policy is automatically restored (`deleted_at = null`)
 3. **Given** multiple policies are deleted in Intune,
   **When** sync runs,
   **Then** all missing policies are soft-deleted in a single transaction
 ---
 ### User Story 2 - UI Indicators for Deleted Policies
 **As an admin**, I want to see clear indicators when viewing deleted policies, so I understand their status.
 **Acceptance Criteria:**
 1. **Given** I view a Backup Item referencing a deleted policy,
   **When** I see the policy name,
   **Then** it shows a red "Deleted" badge next to the name
 2. **Given** I view the Policies list,
   **When** I enable the "Show Deleted" filter,
   **Then** deleted policies appear with:
   - Red "Deleted" badge
   - Deleted date in "Last Synced" column
   - Grayed-out appearance
 3. **Given** a policy was deleted,
   **When** I view the Policy detail page,
   **Then** I see:
   - Warning banner: "This policy was deleted from Intune on {date}"
   - All data remains readable (versions, snapshots, metadata)
 ---
 ### User Story 3 - Restore Workflow
 **As an admin**, I want to restore a deleted policy from backup, so I can recover accidentally deleted configurations.
 **Acceptance Criteria:**
 1. **Given** I view a deleted policy's detail page,
   **When** I click the "Restore to Intune" action,
   **Then** the restore wizard opens pre-filled with the latest policy snapshot
 2. **Given** a policy is successfully restored to Intune,
   **When** the next sync runs,
   **Then** the policy is automatically undeleted in TenantAtlas (`deleted_at = null`)
 ---
 ## Functional Requirements
 ### Data Model
 **FR-005.1**: Policies table MUST use Laravel Soft Delete pattern:
 ```php
 Schema::table('policies', function (Blueprint $table) {
    $table->softDeletes(); // deleted_at
    $table->string('deleted_by')->nullable(); // admin email who triggered deletion
 });
 ```
 **FR-005.2**: Policy model MUST use `SoftDeletes` trait:
 ```php
 use Illuminate\Database\Eloquent\SoftDeletes;
 class Policy extends Model {
    use SoftDeletes;
 }
 ```
 ### Policy Sync Behavior
 **FR-005.3**: `PolicySyncService::syncPolicies()` MUST detect missing policies:
 - Collect all `external_id` values returned by Graph API
 - Query existing policies for this tenant: `whereNotIn('external_id', $currentExternalIds)`
 - Soft delete missing policies: `each(fn($p) => $p->delete())`
 **FR-005.4**: System MUST restore policies that re-appear:
 - Check if policy exists with `Policy::withTrashed()->where('external_id', $id)->first()`
 - If soft-deleted: call `$policy->restore()`
 - Update `last_synced_at` timestamp
 **FR-005.5**: System MUST log audit entries:
 - `policy.deleted` (when soft-deleted during sync)
 - `policy.restored` (when re-appears in Intune)
 ### UI Display
 **FR-005.6**: PolicyResource table MUST:
 - Default query: exclude soft-deleted policies
 - Add filter "Show Deleted" (includes `withTrashed()` in query)
 - Show "Deleted" badge for soft-deleted policies
 **FR-005.7**: BackupItemsRelationManager MUST:
 - Show "Deleted" badge when `policy->trashed()` returns true
 - Allow viewing deleted policy details (read-only)
 **FR-005.8**: Policy detail view MUST:
 - Show warning banner when policy is soft-deleted
 - Display deletion date and reason (if available)
 - Disable edit actions (policy no longer exists in Intune)
 ---
 ## Non-Functional Requirements
 **NFR-005.1**: Soft delete MUST NOT break existing features:
 - Backup Items keep valid foreign keys
 - Policy Versions remain accessible
 - Restore functionality works for deleted policies
 **NFR-005.2**: Performance: Sync detection MUST NOT cause N+1 queries:
 - Use single `whereNotIn()` query to find missing policies
 - Batch soft-delete operation
 **NFR-005.3**: Data retention: Soft-deleted policies MUST be retained for audit purposes (no automatic purging)
 ---
 ## Implementation Plan
 ### Phase 1: Data Model (30 min)
 1. Create migration for `policies` soft delete columns
 2. Add `SoftDeletes` trait to Policy model
 3. Run migration on dev environment
 ### Phase 2: Sync Logic (1 hour)
 1. Update `PolicySyncService::syncPolicies()`
   - Track current external IDs from Graph
   - Soft delete missing policies
   - Restore re-appeared policies
 2. Add audit logging
 3. Test with manual deletion in Intune
 ### Phase 3: UI Indicators (1.5 hours)
 1. Update `PolicyResource`:
   - Add "Show Deleted" filter
   - Add "Deleted" badge column
   - Modify query to exclude deleted by default
 2. Update `BackupItemsRelationManager`:
   - Show "Deleted" badge for `policy->trashed()`
 3. Update Policy detail view:
   - Warning banner for deleted policies
   - Disable edit actions
 ### Phase 4: Testing (1 hour)
 1. Unit tests:
   - Test soft delete on sync
   - Test restore on re-appearance
 2. Feature tests:
   - E2E sync with deleted policies
   - UI filter behavior
 3. Manual QA:
   - Delete policy in Intune → sync → verify soft delete
   - Re-create policy → sync → verify restore
 **Total Estimated Duration**: ~4-5 hours
 ---
 ## Risks & Mitigations
 | Risk | Mitigation |
 |------|------------|
 | Foreign key constraints block soft delete | Laravel soft delete only sets timestamp, constraints remain valid |
 | Bulk delete impacts performance | Use chunked queries if tenant has 1000+ policies |
 | Deleted policies clutter UI | Default filter hides them, "Show Deleted" is opt-in |
 ---
 ## Success Criteria
 1. ✅ Policies deleted in Intune are soft-deleted in TenantAtlas within 1 sync cycle
 2. ✅ Re-appearing policies are automatically restored
 3. ✅ UI clearly indicates deleted status
 4. ✅ Backup Items and Versions remain accessible for deleted policies
 5. ✅ No breaking changes to existing features
 ---
 ## Related Features
 - Feature 004: Assignments & Scope Tags (discovered this issue during testing)
 - Feature 001: Backup/Restore (must work with deleted policies)
 ---
 **Status**: Planned (Post-Feature 004)  
 **Priority**: P2 (Quality of Life improvement)  
 **Created**: 2025-12-22  
 **Author**: AI + Ahmed  
 **Next Steps**: Implement after Feature 004 Phase 3 testing complete