# Allowed Tenant References **Feature**: Spec 300 Internal Tenant Model Naming Consolidation **Created**: 2026-05-13 **Status**: Preparation baseline; implementation must refresh after final scans. Spec 300 does not delete the word `tenant` everywhere. It removes platform-owned Tenant-first architecture from active code while preserving legitimate provider, framework, historical, and regression-guard references. ## Allowed Categories | Category | Allowed References | Why Allowed | |---|---|---| | Provider-specific | `Microsoft tenant`, `Entra tenant`, `Azure tenant`, `tenantId`, `entra_tenant_id`, `microsoft_tenant_id`, `external_tenant`, `provider tenant id`, `target tenant` | These describe external directory/provider truth or raw API payload contracts. | | Framework-required | `Filament::getTenant()`, `Filament::setTenant()`, Filament tenancy context APIs, package method names | These names are framework APIs and cannot be renamed locally. | | Historical | Completed specs, old close-out notes, migration history that is not active product truth | Historical implementation evidence must not be rewritten as preparation drift. | | Regression-guard | Negative route/helper/resource guard literals such as `/admin/t`, `/admin/tenants`, `TenantPanelProvider`, `setTenantPanelContext` | These prevent legacy route/helper reintroduction. | ## Preparation Observations | Reference | Representative File(s) | Category | Why Allowed / Required Action | |---|---|---|---| | `Microsoft tenant ID` | `apps/platform/app/Filament/Resources/ProviderConnectionResource.php`, browser/provider tests | `provider-specific` | External Microsoft directory ID copy; keep. | | `entra_tenant_id` | provider connection migrations/factories/resources, onboarding, verification, target scope | `provider-specific` | External Entra tenant identity; keep unless a specific usage is actually platform Managed Environment ID. | | `tenantId` | Graph services, target-scope arrays, provider payloads, some job named args | mixed | Keep provider payload/API usages; rename platform Managed Environment ID variables after classification. | | `Filament::getTenant()` | Filament context helpers/views/tests | `framework-required` | Filament tenancy API; keep and document. | | `/admin/t` and `/admin/tenants` literals | guard tests and completed spec artifacts | `regression-guard` / `historical` | Keep only in negative assertions or historical specs. | | Completed Spec 297-299 close-out language | `specs/297-*`, `specs/298-*`, `specs/299-*` | `historical` | Do not rewrite completed implementation evidence. | ## Final Close-Out Requirement At implementation close-out, every remaining active `tenant` reference must be listed here or in `tenant-reference-inventory.md` with: - exact reference or pattern - file path - category - why it is allowed - whether it is provider-specific, framework-required, historical, or regression-guard No active platform-managed-environment reference may be allowed merely because renaming it was inconvenient. ## Implementation Loop Update - 2026-05-13 The completed slice preserves the following tenant references as allowed while the remaining platform-owned schema/model families stay unresolved in `tenant-reference-inventory.md`. | Reference | Representative File(s) | Category | Why Allowed | |---|---|---|---| | `Microsoft tenant ID`, `Entra tenant ID`, `tenantId`, `entra_tenant_id`, `microsoft_tenant_id` | provider connections, Graph clients, onboarding provider identity, verification/reporting tests | `provider-specific` | These refer to external Microsoft/Entra tenant identity or raw provider payload contracts and were intentionally preserved. | | `Filament::getTenant()`, `Filament::setTenant()`, tenancy middleware/context APIs | Filament pages/resources/widgets/tests | `framework-required` | Filament tenancy APIs retain tenant naming in v5/Livewire v4. | | `/admin/t`, `/admin/tenants`, `TenantPanelProvider`, `setTenantPanelContext` | route/panel regression guards and legacy-not-found tests | `regression-guard` | These literals prove retired routes/helpers/panels remain absent. | | System directory `ViewTenant` | `apps/platform/app/Filament/System/Pages/Directory/ViewTenant.php`, `apps/platform/app/Support/System/SystemDirectoryLinks.php` | `system/customer-directory` | The system panel directory still uses customer/provider tenant terminology; this is not the admin managed-environment resource owner. | | `tenant` query parameters for provider, review, governance, and historical filters | review/governance/provider/filter pages and tests | mixed | Preserved where they represent provider/customer tenant filter state or existing public query contracts; final exhaustive cleanup remains blocked by unresolved platform-owned families. | Not allowed yet: | Reference family | Status | |---|---| | `TenantReview*`, `TenantPermission*`, `TenantOnboardingSession*`, `TenantTriageReview*`, and tenant-named DB tables | Active platform-owned references remain and block merge readiness for full Spec 300. | | Managed Environment primary-key variables named `tenantId` | Mixed usage remains; must be classified separately from provider `tenantId` before renaming. |