# Implementation Plan: Apps and App Management Coverage

**Branch**: `008-apps-app-management` | **Date**: 2025-12-26 | **Spec**: ./spec.md
**Input**: Feature specification from `/specs/008-apps-app-management/spec.md`

## Summary

Introduce backup and restore coverage for app workloads: client apps (metadata-only), app protection policies, and app configuration policies. The plan emphasizes safe restore with clear dependency handling and assignment mapping, without binary uploads.

Phase outputs:
- Phase 0 research: n/a (no new research artifact yet)
- Phase 1 design: n/a (no new data model artifact yet)

## Technical Context

**Language/Version**: PHP 8.4 (Laravel 12)  
**Primary Dependencies**: Laravel 12, Filament v4, Livewire v3, Microsoft Graph (custom client abstraction)  
**Storage**: PostgreSQL (JSONB payload storage for snapshots)  
**Testing**: Pest v4 + PHPUnit 12  
**Target Platform**: Docker/Sail locally; container deploy via Dokploy  
**Project Type**: Web application (Laravel backend + Filament admin UI)  
**Performance Goals**: Preview and restore for 50 app items in under 2 minutes  
**Constraints**: No binary upload; restore must be preview-only when dependencies are missing; audit logs required  
**Scale/Scope**: Mixed app portfolios with assignments and app dependency chains

## Constitution Check

The constitution at `.specify/memory/constitution.md` is currently an unfilled template. For this feature, adopt the repo rules as gates:

- Sail-first local dev/test commands.
- Spec gate: code changes must be accompanied by `specs/008-apps-app-management/` updates.
- Tests required for behavior changes (Pest).
- Restore safety: metadata-only for apps, no deletions, skip unsafe assignments.
- Auditability: backup and restore outcomes are logged per tenant.

## Project Structure

### Documentation (this feature)

```text
specs/008-apps-app-management/
├── spec.md
├── plan.md
└── tasks.md
```

### Source Code (expected touch points)

```text
app/
├── Filament/
│   └── Resources/
├── Models/
│   ├── BackupItem.php
│   ├── Policy.php
│   └── PolicyVersion.php
├── Services/
│   ├── Graph/
│   └── Intune/
└── Jobs/

config/
├── graph_contracts.php
├── intune_permissions.php
└── tenantpilot.php

tests/
├── Feature/
└── Unit/
```

**Structure Decision**: Extend existing policy snapshot and restore services with app-specific helpers where needed, keeping metadata-only operations.

## Complexity Tracking

| Violation | Why Needed | Simpler Alternative Rejected Because |
|-----------|------------|-------------------------------------|
| n/a | n/a | n/a |