# Implementation Plan: TenantPilot v1

**Branch**: `tenantpilot-v1` | **Date**: 2025-12-10 | **Spec**: .specify/spec.md  
**Input**: Feature specification from `.specify/spec.md`

## Summary

TenantPilot v1 delivers admin-facing Intune inventory across the scoped object types (config, compliance, scripts, apps, CA, endpoint security, enrollment/autopilot), immutable backups, version history with diffs, and defensive restore (per-type restore levels from the matrix: enabled vs preview-only) in Filament. Data is tenant-aware with JSONB snapshots, Graph access is isolated behind an abstraction, and operations are audited. Local development uses Sail with PostgreSQL; deployments go through Dokploy staging before production.

## Technical Context

**Language/Version**: PHP 8.2+, Laravel 12, Filament 4  
**Primary Dependencies**: Laravel framework, Filament admin, Pest, Laravel Sail, Vite/Tailwind 4 for assets  
**Storage**: PostgreSQL (JSONB for policy snapshots, backups, versions)  
**Testing**: Pest via `./vendor/bin/sail artisan test` (graph boundaries mocked)  
**Target Platform**: Containerized web app on Dokploy (Staging → Production), Filament admin UI  
**Project Type**: Web (Laravel monolith with Filament)  
**Performance Goals**: Admin portal responsiveness (<1s typical page loads), Graph calls rate-limit aware; migrations avoid long locks  
**Constraints**: Safety-first ops (preview/confirm, audit), reversible migrations validated on staging, tenant-scoped queries, no secrets in code, JSONB retention to avoid unbounded growth; per-type restore behavior follows `scope.restore_matrix` (e.g., CA/enrollment restrictions = preview-only)  
**Scale/Scope**: Single-tenant deployment (tenant-aware schema), multi-type coverage driven by `scope.supported_types` + restore matrix

## Constitution Check

- Safety-First Operations: Restore/rollback flows require preview + explicit confirmation; conflict warnings surfaced; dry-run supported. ✅  
- Immutable Versioning: Policy versions/backups stored as immutable JSONB snapshots; no in-place edits; diffs available. ✅  
- Defensive Restore: Preview/dry-run, selective items, conflict detection, pre-execution summary, confirmation gate. ✅  
- Auditability: Backup creation, version capture, restore start/result (success/failure/partial) audited with tenant scoping. ✅  
- Tenant-Aware Architecture: Tenant entity present; all policy/version/backup/restore/audit records reference tenant context; queries enforce isolation. ✅  
- Graph Abstraction: All Graph calls through a dedicated adapter/service with standardized error mapping and logging (no direct Graph in UI/domain). ✅  
- Spec-Driven Development: Spec + plan present in `.specify/`; tasks to follow; constitution check complete before implementation. ✅

## Project Structure

### Documentation (this feature)

```text
.specify/
├── spec.md        # Feature specification (v1 scope)
├── plan.md        # This plan
└── tasks.md       # To be generated from plan/spec
```

### Source Code (repository root)

```text
app/
├── Models/
├── Http/Controllers/
├── Filament/                # Admin resources/pages/widgets
├── Services/Graph/          # Graph abstraction layer (planned)
├── Services/Intune/         # Domain orchestration (planned)
├── Actions/Jobs/Events/     # Async and domain events
database/
├── migrations/
├── seeders/
resources/
├── views/                   # Blade/Vite-driven assets
routes/
├── web.php
├── console.php
tests/
├── Feature/                 # Filament + flow coverage
└── Unit/
```

**Structure Decision**: Single Laravel monolith with Filament admin. Tenant-aware data stored in PostgreSQL JSONB; Graph access isolated under `app/Services/Graph/`; domain services for backups/versions/restores live under `app/Services/Intune/`.

## Complexity Tracking

No constitution violations; complexity tracking not required.