# TenantPilot Implementation Ledger

> **Status:** Active  
> **Last reviewed:** 2026-05-01  
> **Use for:** Repo-based implementation status and product-surface maturity assessment  
> **Do not use for:** Roadmap priority, spec priority, or proof that tests were executed in the current branch
> **Scoped maintenance:** 2026-05-01 full repo-based maturity refresh against current `specs/` truth and repo anchors, especially refreshed Spec 043 and Specs 251-260 plus the implemented compare/preflight, governance-package, compliance-interpretation, commercial-lifecycle, and external-support-handoff slices.

## Purpose

Dieses Dokument beschreibt den aktuellen repo-basierten Implementierungsstand von TenantPilot. Es ergaenzt `roadmap.md` und `spec-candidates.md`, ersetzt sie aber nicht.

Bewertungsregeln fuer dieses Ledger:

- Repo-basiert only: Aussagen zaehlen nur, wenn Code, Datenmodell, Workflow, UI-Adoption oder Test-Artefakte im Repo belastbar darauf hinweisen.
- Keine Roadmap- oder Spec-Absicht ohne Repo-Evidence.
- `sellable` wird nur dort verwendet, wo UI, Workflow, Datenmodell, RBAC/Audit und passende Test-Artefakte plausibel zusammenpassen.
- Backend-only bleibt `foundation-only`.
- UI-only gilt nicht als fertig.
- Wenn Tests unten als vorhanden markiert sind, bedeutet das: passende Test-Dateien existieren im Repo. Sie wurden fuer dieses Ledger nicht ausgefuehrt.

## Current Product Position

TenantPilot ist aktuell ein starkes internes Governance- und Operations-Produkt mit belastbaren Foundations fuer Execution Truth, Baselines/Drift, Findings, Evidence, Reviews, Review Packs, Supportability, Telemetry und Safety Controls. Darauf sitzen inzwischen mehrere repo-real productization slices: eine customer-safe Review-/Governance-Package-Surface im Admin-Kontext, released-review detail handoff, compliance interpretation overlays, bounded external support-desk handoff, commercial lifecycle state handling mit read-only gating sowie eine kanonische cross-tenant compare preview mit promotion preflight. Die Repo-Wahrheit liegt damit klar ueber einer simplen Lesart von "R1 done / R2 partial" und auch ueber einer rein foundation-only Interpretation fuer Reviews, Support und Portfolio-Preparation. Gleichzeitig ist das Produkt noch nicht voll als kundenseitig konsumierbare Portfolio- und Commercial-Plattform ausgereift: Es fehlen die letzte customer-safe self-serve productization ueber der Review-Surface, actual portfolio promotion execution und ein breiterer decision workboard/action layer, wiederholbare Billing-/Trial-/Demo-Operations sowie eine AI-governed execution foundation.

## Status Model

- `planned`: nur in Roadmap oder Kandidatenliste, ohne belastbare Repo-Evidence
- `specified`: als Spec oder Draft angelegt, aber nicht repo-verifiziert umgesetzt
- `implemented_partial`: Teilumsetzung vorhanden, aber noch nicht als fertig bewertbar
- `implemented_backend`: belastbare Backend- oder Modelllogik vorhanden, aber keine ausreichende UI-Adoption
- `implemented_ui`: sichtbare UI vorhanden, aber Workflow- oder Backend-Proof ist noch zu schwach
- `implemented_verified`: Code, Modell, Workflow und Test-Artefakte sind plausibel vorhanden
- `adopted`: implementiert und bereits in zentrale Produktoberflaechen oder Kernablaeufe uebernommen
- `deferred`: bewusst verschoben
- `obsolete`: durch neuere Repo-Realitaet oder andere Implementierung ueberholt

Evidence-Level im Dokument:

- `none`: keine belastbare Repo-Evidence
- `weak`: duenne Code- oder Doc-Spur, aber kein belastbarer Gesamtworkflow
- `medium`: mehrere Repo-Signale, aber noch nicht durchgaengig
- `strong`: Datenmodell, Workflow, UI- oder Test-Spur greifen konsistent ineinander

## Roadmap Coverage Summary

| Roadmap Area | Status | Evidence Level | UI Ready | Tested | Sellable | Notes |
|---|---|---:|---|---|---|---|
| R1 Golden Master Governance | adopted | strong | yes | repo tests, not run | yes | Baselines, Drift, Findings und OperationRun-Truth sind breit im Produkt verankert. |
| R2 Tenant Reviews, Evidence & Control Foundation | adopted | strong | yes | repo tests, not run | almost | Reviews, Evidence, Review Packs, Customer Review Workspace, governance-package delivery, compliance interpretation overlays und Control-/Exception-Layer greifen als reale Governance-Surface zusammen, aber die finale customer-safe self-serve productization bleibt offen. |
| Alert escalation + notification routing | implemented_verified | strong | partial | repo tests, not run | yes | Alert-Regeln, Dispatch, Cooldown und Quiet Hours sind real. |
| Governance & Architecture Hardening | implemented_partial | strong | partial | repo tests, not run | foundation-only | Viele Hardening-Slices sind bereits im Code, die Lane bleibt aber aktiv. |
| UI & Product Maturity Polish | implemented_partial | strong | partial | partial repo tests, not run | no | Empty States, Navigation, Localization und read-only Review-Polish sind real, aber kein geschlossenes Theme-Completion-Signal. |
| Secret & Security Hardening | implemented_verified | strong | yes | repo tests, not run | almost | Provider-Verifikation, Permission-Diagnostics und Redaction sind belastbar. |
| Baseline Drift Engine (Cutover) | adopted | strong | yes | repo tests, not run | yes | Compare- und Drift-Workflow wirken als produktive Kernfunktion. |
| R1.9 Platform Localization v1 | implemented_verified | strong | yes | repo tests, not run | foundation-only | Locale-Resolver, Override/Praeferenz, Workspace-Default, Fallback und lokalisierte Notifications sind repo-real. |
| Product Scalability & Self-Service Foundation | implemented_partial | strong | yes | repo tests, not run | almost | Onboarding, Support, Help, Entitlements, commercial lifecycle state handling und bounded support-desk handoff sind repo-real; Billing-, Trial- und Demo-Automation bleiben offen. |
| R2.0 Canonical Control Catalog Foundation | implemented_verified | strong | partial | repo tests, not run | foundation-only | Bereits implementiert und in Evidence/Reviews referenziert, aber kein eigenstaendiger Kundennutzen-Surface. |
| R2 Completion: customer review, support, help | implemented_partial | strong | yes | repo tests, not run | almost | Customer Review Workspace, released-review detail handoff, governance-package delivery, Support Diagnostics/Requests und Help-Katalog sind repo-real, aber die finale customer-safe productization ist noch nicht vollstaendig. |
| Compliance Evidence Mapping v1 | implemented_partial | strong | yes | repo tests, not run | foundation-only | Canonical control interpretation is rendered in tenant reviews and the customer review workspace, but broader framework coverage and auditor-facing mapping remain open. |
| Governance-as-a-Service Packaging v1 | implemented_partial | strong | yes | repo tests, not run | foundation-only | Governance package status, download messaging und current review-pack reuse sind repo-real, aber standalone recurring delivery workflows und breitere management packaging remain open. |
| Findings Workflow v2 / Execution Layer | adopted | strong | yes | repo tests, not run | almost | Triage, Ownership, My Work, Intake, Governance Inbox, Exceptions und Alerts/Hygiene sind real; Cross-Tenant-Decisioning bleibt spaeter. |
| Provider-missing policy visibility follow-up | specified | weak | no | no | no | Spec 261 ist als schmaler policy-only Follow-up vorbereitet; die breitere Lifecycle-Taxonomie bleibt strategisch und unimplementiert. |
| Platform Operations Maturity | implemented_partial | strong | yes | repo tests, not run | almost | System Panel, Control Tower und Ops Controls sind real; CSV/Raw Drilldowns bleiben offen. |
| Product Usage, Customer Health & Operational Controls | adopted | strong | yes | repo tests, not run | almost | Diese Mid-term-Lane ist im Repo bereits substanziell vorhanden. |
| Private AI Execution Governance Foundation | planned | none | no | no | no | Keine belastbare AI-Governance-Foundation im Repo. |
| MSP Portfolio & Operations | implemented_partial | strong | yes | repo tests, not run | foundation-only | Portfolio-Triage, canonical compare preview, preflight audit and launch continuity are repo-real; actual promotion execution and the broader decision workboard remain open. |
| Human-in-the-Loop Autonomous Governance | planned | none | no | no | no | Kein repo-verifizierter Decision-Pack- oder Approval-Workflow jenseits des jetzigen Exception-/Review-Layers. |
| Drift & Change Governance | implemented_partial | strong | yes | repo tests, not run | almost | Drift review, accepted-risk governance, exception validity und Governance-Inbox-Surfaces sind repo-real; portfolio-weite Eskalation bleibt offen. |
| Standardization & Policy Quality | planned | none | no | no | no | Keine starke Repo-Evidence fuer eine Intune-Linting- oder Policy-Quality-Oberflaeche. |
| PSA / Ticketing Handoff | implemented_verified | strong | yes | repo tests, not run | almost | Support Requests now include bounded external create/link handoff on the current tenant and operation-run contexts; broader multi-provider ITSM expansion remains separate work. |

## Implemented Capabilities

| Capability | Status | Backend | UI | Tests | RBAC/Audit | Sellable | Evidence |
|---|---|---|---|---|---|---|---|
| OperationRun truth layer | implemented_verified | yes | partial | repo tests, not run | yes | foundation-only | `app/Models/OperationRun.php`; `tests/Feature/System/*`; `tests/Feature/ReviewPack/*` |
| Baseline profiles, snapshots and compare | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Models/BaselineProfile.php`; `app/Models/BaselineSnapshot.php`; `app/Services/Baselines/BaselineCompareService.php` |
| Drift findings and governance pressure | adopted | yes | yes | repo tests, not run | yes | yes | `app/Models/Finding.php`; `app/Filament/Widgets/Dashboard/RecentDriftFindings.php`; `tests/Feature/Findings/*` |
| Findings inboxes and governance inbox | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Filament/Pages/Findings/MyFindingsInbox.php`; `app/Filament/Pages/Findings/FindingsIntakeQueue.php`; `app/Filament/Pages/Governance/GovernanceInbox.php`; `tests/Feature/Findings/MyWorkInboxTest.php`; `tests/Feature/Governance/*` |
| Finding exceptions and risk acceptance workflow | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/FindingException.php`; `app/Services/Findings/FindingExceptionService.php`; `app/Filament/Resources/FindingExceptionResource.php`; `tests/Feature/Findings/FindingExceptionWorkflowTest.php` |
| Restore workflow with safety gates | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Models/OperationRun.php`; restore gates and tests in `tests/Feature/Restore/*` |
| Evidence snapshots | implemented_verified | yes | yes | repo tests, not run | yes | foundation-only | `app/Models/EvidenceSnapshot.php`; `app/Services/Evidence/EvidenceSnapshotService.php`; `tests/Feature/Evidence/*` |
| Tenant reviews | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/TenantReview.php`; `app/Services/TenantReviews/TenantReviewService.php`; `tests/Feature/TenantReview/*` |
| Review pack generation and export | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Models/ReviewPack.php`; `app/Services/ReviewPackService.php`; `tests/Feature/ReviewPack/*` |
| Customer review workspace | implemented_partial | yes | yes | repo tests, not run | yes | almost | `app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`; `tests/Feature/Reviews/*`; `tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php` |
| Governance package delivery surface | implemented_partial | yes | yes | repo tests, not run | yes | almost | `app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`; `app/Filament/Resources/TenantReviewResource.php`; `tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php`; `tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php` |
| Compliance evidence mapping overlay | implemented_partial | yes | yes | repo tests, not run | partial | foundation-only | `app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php`; `app/Services/TenantReviews/TenantReviewSectionFactory.php`; `tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php` |
| Alerts and notification routing | implemented_verified | yes | partial | repo tests, not run | yes | yes | `app/Services/Alerts/AlertDispatchService.php`; `tests/Feature/*Alert*` |
| Provider health, onboarding readiness and required permissions | adopted | yes | yes | repo tests, not run | yes | almost | `app/Jobs/ProviderConnectionHealthCheckJob.php`; `app/Services/Onboarding/OnboardingLifecycleService.php`; `app/Filament/Pages/TenantRequiredPermissions.php` |
| Permission posture reporting | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Services/PermissionPosture/PermissionPostureFindingGenerator.php`; `tests/Feature/PermissionPosture/*` |
| Entra admin roles reporting | implemented_verified | yes | yes | repo tests, not run | yes | yes | `app/Services/EntraAdminRoles/EntraAdminRolesReportService.php`; `tests/Feature/EntraAdminRoles/*` |
| Stored reports substrate | implemented_verified | yes | partial | repo tests, not run | partial | foundation-only | `app/Models/StoredReport.php`; `tests/Feature/PermissionPosture/StoredReportModelTest.php`; `tests/Feature/EntraAdminRoles/StoredReportFingerprintTest.php` |
| Support diagnostics | adopted | yes | yes | repo tests, not run | yes | almost | `app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php`; `app/Filament/Pages/TenantDashboard.php`; `tests/Feature/SupportDiagnostics/*` |
| In-app support requests | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/SupportRequest.php`; `app/Support/SupportRequests/*`; `tests/Feature/SupportRequests/*` |
| External support-desk handoff | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Support/SupportRequests/ExternalSupportDeskHandoffService.php`; `app/Support/SupportRequests/SupportRequestSubmissionService.php`; `tests/Unit/Support/SupportRequests/ExternalSupportDeskHandoffServiceTest.php` |
| Product knowledge and contextual help | implemented_partial | yes | yes | repo tests, not run | partial | almost | `app/Support/ProductKnowledge/ContextualHelpCatalog.php`; `tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php` |
| Localization foundation | implemented_verified | yes | yes | repo tests, not run | partial | foundation-only | `app/Services/Localization/LocaleResolver.php`; `app/Http/Controllers/LocalizationController.php`; `tests/Feature/Localization/*` |
| Product telemetry | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/ProductUsageEvent.php`; `app/Filament/System/Widgets/ProductTelemetryKpis.php`; `tests/Feature/System/ProductTelemetry/*` |
| Customer health scoring | implemented_verified | yes | yes | repo tests, not run | partial | almost | `app/Filament/System/Widgets/CustomerHealthKpis.php`; `app/Filament/System/Widgets/CustomerHealthTopWorkspaces.php`; `tests/Feature/System/CustomerHealth/*` |
| Operational controls | implemented_verified | yes | yes | repo tests, not run | yes | almost | `app/Models/OperationalControlActivation.php`; `app/Support/OperationalControls/*`; `tests/Feature/System/OpsControls/*` |
| Workspace entitlements | implemented_verified | yes | yes | repo tests, not run | yes | foundation-only | `app/Services/Entitlements/WorkspaceEntitlementResolver.php`; `tests/Feature/Filament/Settings/WorkspaceEntitlementsSettingsPageTest.php` |
| Commercial lifecycle state handling | implemented_verified | yes | yes | repo tests, not run | yes | foundation-only | `app/Services/Entitlements/WorkspaceCommercialLifecycleResolver.php`; `app/Filament/System/Pages/Directory/ViewWorkspace.php`; `tests/Feature/System/ViewWorkspaceEntitlementsTest.php`; `tests/Unit/Entitlements/WorkspaceCommercialLifecycleResolverTest.php` |
| Capability-first RBAC | adopted | yes | yes | repo tests, not run | yes | foundation-only | `app/Services/Auth/CapabilityResolver.php`; `app/Services/Auth/RoleCapabilityMap.php`; many `tests/Feature/Rbac/*` |
| Audit log foundation | adopted | yes | yes | repo tests, not run | yes | foundation-only | `app/Models/AuditLog.php`; `app/Services/Audit/WorkspaceAuditLogger.php`; many audit-focused feature tests |
| Canonical control catalog | implemented_verified | yes | partial | repo tests, not run | partial | foundation-only | `app/Support/Governance/Controls/CanonicalControlCatalog.php`; `config/canonical_controls.php`; `tests/Unit/Governance/*` |
| Portfolio triage continuity | implemented_verified | yes | yes | repo tests, not run | yes | foundation-only | `app/Services/PortfolioTriage/TenantTriageReviewService.php`; `app/Support/PortfolioTriage/*`; `tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php` |
| Cross-tenant compare preview and promotion preflight | implemented_verified | yes | yes | repo tests, not run | yes | foundation-only | `app/Filament/Pages/CrossTenantComparePage.php`; `app/Support/PortfolioCompare/CrossTenantComparePreviewBuilder.php`; `app/Support/PortfolioCompare/CrossTenantPromotionPreflight.php`; `tests/Feature/PortfolioCompare/*`; `tests/Unit/Support/PortfolioCompare/*` |

## Foundation-Only Capabilities

- OperationRun truth and canonical operation typing: starke Execution-Foundation, aber kein eigenstaendiger Kundennutzen-Surface.
- Audit log foundation: breit genutzt und wichtig fuer Governance, aber allein nicht verkaufbar.
- Capability-first RBAC: belastbar und testnah, bleibt aber Enablement-Layer.
- Workspace entitlements und commercial lifecycle policy engine: reale Gate-, Lifecycle- und Override-Logik, aber noch keine volle Billing-/Contract-Ops story.
- Canonical control catalog: starke semantische Foundation fuer Evidence, Findings und Reviews.
- Stored reports substrate: wichtig fuer Reports, Evidence und Diagnostics, aber kein eigenstaendiges Produktversprechen.
- Evidence snapshot substrate: tragende technische Basis fuer Reviews und Exports.
- Localization foundation: resolved locale precedence, Workspace-Default, User-Praeferenz/Override und Notification-Formatting sind real, aber Enablement statt eigener Produkt-Surface.
- Operational control registry and evaluator: starke Safety-Control-Foundation, primar operatorseitig.
- Customer health scoring: reale interne SaaS-Operations-Layer, aber noch keine eigenstaendige Kundenoberflaeche.
- Portfolio triage continuity: sinnvoller Multi-Tenant-Unterbau, aber noch kein vollstaendiges Portfolio-Produkt.

## Partial Capabilities

- Customer-facing review consumption: Tenant Reviews, Evidence Snapshots, Review Packs, the Customer Review Workspace, the customer-safe released-review detail mode, governance-package delivery cues, compliance interpretation overlays, and commercial-lifecycle-aware access states are repo-real; broader lifecycle/governance taxonomy work remains separate.
- Findings Workflow v2: Triage, Assignment, My Work, Intake, Governance Inbox, Exceptions, notifications, and the three queue-facing cleanup/hardening follow-through packages are now repo-backed; later cross-tenant action layers remain separate work.
- Product scalability and self-service: Onboarding, Support, Help, Entitlements, commercial lifecycle state handling, and external support-desk handoff are repo-real; broader trial/demo and commercialization layers still remain.
- MSP portfolio operations: Portfolio-Triage plus cross-tenant compare preview and promotion preflight are repo-real; actual promotion execution and broader portfolio action orchestration remain open.
- Platform operations maturity: Control Tower und Ops Controls sind stark, aber einige geplante operatorseitige Drilldowns/Exports fehlen noch.
- Product knowledge rollout: Help-Katalog und Resolver sind real, aber noch nicht breit genug adoptiert fuer "fertig".

## Planned But Not Implemented

- Private AI Execution Governance Foundation
- Human-in-the-Loop Autonomous Governance
- Standardization & Policy Quality / Intune Linting
- Provider-Missing Policy Visibility & Restore Continuity v1 (Spec 261, specified only)
- Broader compliance frameworks and auditor-facing mapping beyond the current evidence overlay

## Release Readiness

| Release / Theme | Readiness | Notes |
|---|---|---|
| R1 Golden Master Governance | implemented | Die zentrale Governance- und Execution-Layer ist repo-verifiziert und breit adoptiert. |
| R2 Tenant Reviews & Evidence Packs | implemented | Reviews, Evidence Snapshots, Review Packs, Customer Review Workspace, released-review detail handoff, governance-package delivery, compliance interpretation overlays und Exception-/Accepted-Risk-Workflow sind repo-real; die finale customer-safe Productization bleibt als sellability follow-up offen. |
| R3 MSP Portfolio OS | partial | Portfolio-Triage sowie canonical compare preview/preflight sind da, aber actual promotion execution und portfolio-weite Action-Layer fehlen weiter. |
| Compliance Evidence Mapping v1 | partial | Compliance interpretation overlays sind repo-real in Tenant Reviews und Customer Review Workspace, aber breitere Framework-Abdeckung und auditor-facing mapping fehlen weiter. |
| Governance-as-a-Service Packaging v1 | partial | Governance package status, delivery messaging und current review-pack reuse sind repo-real; eine wiederholbare management-taugliche Packaging-Workflow-Layer ist nicht vollstaendig. |

## Commercial Readiness

### Demo-ready

- Baseline compare and drift walkthroughs
- Review pack generation and export
- Customer review workspace walkthroughs with operator guidance
- Cross-tenant compare preview and promotion preflight walkthroughs
- Provider health, onboarding readiness and required permissions
- Support diagnostics
- Permission posture and Entra admin roles reporting

### Almost sellable

- Review-driven governance workflow rund um Tenant Reviews, Customer Review Workspace, governance-package delivery, compliance interpretation overlays, accepted risks und Review Packs, aber noch nicht als vollstaendig productisierte customer-safe consumption experience
- Baseline drift and restore governance
- Findings workflow mit persönlicher Inbox, Intake, Governance Inbox und Exception-Handling
- Alerting and run visibility for governance operations
- Support requests with contextual diagnostics and bounded external create/link handoff
- Provider readiness and permission posture reporting

### Foundation-only

- OperationRun truth layer
- Audit foundation
- Capability-first RBAC
- Workspace entitlements
- Canonical control catalog
- Stored reports substrate
- Evidence snapshot substrate
- Localization foundation
- Product telemetry
- Customer health scoring
- Operational controls
- Portfolio triage continuity

### Not sellable yet

- Portfolio-wide promotion execution and decision workboard
- Broader compliance evidence mapping surface
- Standalone governance-as-a-service packaging workflow
- Private AI Execution Governance Foundation

## Open Gaps & Blockers

Queue audit note: the former queue-facing gap rows for customer review productization, governance convergence, the findings cleanup trio, compare/preflight, commercial lifecycle maturity, compliance evidence mapping, governance packaging, and external support-desk handoff were narrowed or removed here on 2026-05-01 because refreshed Spec 043 and Specs 251-260 now provide prepared or implemented packages for those bounded slices.

| Gap | Type | Impact | Roadmap Area | Recommended Spec |
|---|---|---|---|---|
| No safe automatic next-best-prep target is currently active | Planning blocker | `spec-candidates.md` had drifted behind current `specs/` truth, so automatic next-spec selection would have reopened already prepared or completed packages | Product planning / queue hygiene | none - require explicit promotion of the next candidate |
| Customer-safe review productization is not fully complete | Productization blocker | Customer review workspace, released-review details, governance-package delivery, compliance overlays, and lifecycle-aware access are repo-real, but the final calmer self-serve customer-safe polish is still incomplete | R2 review consumption | explicit follow-through only if re-promoted; do not reopen completed specs automatically |
| Portfolio promotion execution and the broader decision workboard remain absent | Product blocker | Compare preview and preflight are repo-real, but no execution path, persisted drafts, queueing, or wider portfolio action orchestration exists | MSP Portfolio & Operations | explicit new candidate or follow-up; do not reopen Spec 043 automatically |
| Provider-missing policy visibility follow-up remains specified only | Product blocker | Spec 261 exists as a bounded policy-only correction, but implementation has not landed and the broader lifecycle taxonomy stays deferred | Lifecycle governance / provider truth | Spec 261 if pressure becomes immediate |
| Workspace, Tenant & Managed Object Lifecycle Governance v1 remains deferred by design | Strategic blocker | The lifecycle taxonomy is still intentionally broader than the bounded slices that just landed and should not be auto-selected without an explicit roadmap decision | Lifecycle governance / enterprise trust | deferred strategic candidate only |
| AI governance foundation is absent | Architecture blocker | Future AI features would risk trust and policy drift if added directly | Private AI Execution Governance | P3 Private AI Execution Governance Foundation |
| Roadmap understates current repo truth | Documentation blocker | Prioritization can drift because strategy docs still lag compare/preflight, governance-package delivery, compliance overlays, commercial lifecycle handling, and support handoff slices | Product planning / roadmap maintenance | none - docs alignment |
| Test files were not executed for this ledger update | Testing blocker | This document relies on code plus test presence, not live runtime validation | all areas | none - run targeted suites |

## Recommended Next Specs

- `No safe automatic next-best-prep target`: queue hygiene work is complete; do not reopen Specs 043 or 251-260 through another automatic selection pass.
- `Spec 261 execution decision`: if provider-missing pressure is immediate, execute the already-prepared policy-only follow-up instead of drafting a broader lifecycle patch.
- `Workspace, Tenant & Managed Object Lifecycle Governance v1`: still the main deferred strategic candidate, but only after an explicit roadmap/product decision promotes it into the active queue.
- `P3 Private AI Execution Governance Foundation`: should exist before feature-level AI adoption, not after it.

## Roadmap Drift Notes

- `roadmap.md` understates current R2 implementation depth, but the ledger had overstated sellability. Customer Review Workspace, published review handoff, review-pack downloads und der Finding-Exception-/Risk-Acceptance-Workflow sind repo-real; the remaining gap is customer-safe productization, not review-foundation absence.
- `roadmap.md` understates findings workflow maturity. My Findings, Intake, Governance Inbox und Exception Queue existieren bereits im Repo.
- `roadmap.md` understates localization maturity. Locale resolution order, Workspace-Default, User-Praeferenz, lokalisierte Notifications und Fallback-Tests sind implementiert.
- `roadmap.md` understates the current R2 control foundation. Canonical controls, stored reports, permission posture and Entra admin roles are already repo-real, not just near-term ideas.
- `roadmap.md` understates product supportability. Support diagnostics, in-app support requests and contextual help already exist in the repo.
- `roadmap.md` understates operational maturity. Product telemetry, customer health and operational controls are already implemented and wired into the system panel.
- `roadmap.md` understates commercial foundations. Workspace entitlements, commercial lifecycle state handling, plan profiles and enforcement points already exist, even though full billing-state maturity does not.
- `roadmap.md` understates MSP portfolio preparation. Cross-tenant compare preview, promotion preflight, audit logging and launch continuity are already repo-real.
- `roadmap.md` understates governance-package delivery and compliance interpretation. The customer review workspace and released-review detail now expose governance-package status/download cues plus current evidence interpretation overlays.
- `roadmap.md` understates bounded external support handoff. Support requests now support current-scope external create/link handoff without introducing a separate support queue product.
- Queue-facing drift had become larger than roadmap drift alone: this ledger and `spec-candidates.md` were still naming already prepared or completed slices as open candidates even though refreshed Spec 043 and Specs 251-260 now carry prep or implementation-close-out evidence.
- The main drift pattern is still underestimation, but customer-review sellability now needs a more precise reading: the missing piece is no longer basic review read-only access, but the final customer-safe productization layer over an already real surface.

## Evidence Sources

Wichtigste Strategie- und Scope-Quellen:

- `docs/product/roadmap.md`
- `docs/product/spec-candidates.md`

Wichtige Plattform- und UI-Anker:

- `apps/platform/bootstrap/providers.php`
- `apps/platform/app/Providers/Filament/AdminPanelProvider.php`
- `apps/platform/app/Providers/Filament/SystemPanelProvider.php`
- `apps/platform/app/Filament/Pages/TenantDashboard.php`
- `apps/platform/app/Filament/Pages/CrossTenantComparePage.php`
- `apps/platform/app/Filament/System/Pages/Dashboard.php`
- `apps/platform/app/Filament/Pages/TenantRequiredPermissions.php`
- `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`
- `apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php`
- `apps/platform/app/Filament/Pages/Findings/FindingsIntakeQueue.php`
- `apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php`
- `apps/platform/app/Filament/Pages/Monitoring/FindingExceptionsQueue.php`

Wichtige Models:

- `apps/platform/app/Models/OperationRun.php`
- `apps/platform/app/Models/Finding.php`
- `apps/platform/app/Models/FindingException.php`
- `apps/platform/app/Models/FindingExceptionDecision.php`
- `apps/platform/app/Models/FindingExceptionEvidenceReference.php`
- `apps/platform/app/Models/BaselineProfile.php`
- `apps/platform/app/Models/BaselineSnapshot.php`
- `apps/platform/app/Models/EvidenceSnapshot.php`
- `apps/platform/app/Models/TenantReview.php`
- `apps/platform/app/Models/ReviewPack.php`
- `apps/platform/app/Models/StoredReport.php`
- `apps/platform/app/Models/SupportRequest.php`
- `apps/platform/app/Models/ProductUsageEvent.php`
- `apps/platform/app/Models/OperationalControlActivation.php`
- `apps/platform/app/Models/AuditLog.php`

Wichtige Services und Jobs:

- `apps/platform/app/Services/ReviewPackService.php`
- `apps/platform/app/Services/TenantReviews/TenantReviewService.php`
- `apps/platform/app/Services/Evidence/EvidenceSnapshotService.php`
- `apps/platform/app/Services/Baselines/BaselineCompareService.php`
- `apps/platform/app/Services/Entitlements/WorkspaceCommercialLifecycleResolver.php`
- `apps/platform/app/Services/Alerts/AlertDispatchService.php`
- `apps/platform/app/Services/Findings/FindingExceptionService.php`
- `apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php`
- `apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php`
- `apps/platform/app/Services/Entitlements/WorkspaceEntitlementResolver.php`
- `apps/platform/app/Services/PortfolioTriage/TenantTriageReviewService.php`
- `apps/platform/app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php`
- `apps/platform/app/Support/PortfolioCompare/CrossTenantComparePreviewBuilder.php`
- `apps/platform/app/Support/PortfolioCompare/CrossTenantPromotionPreflight.php`
- `apps/platform/app/Support/SupportRequests/ExternalSupportDeskHandoffService.php`
- `apps/platform/app/Support/Governance/Controls/CanonicalControlCatalog.php`
- `apps/platform/app/Services/Audit/WorkspaceAuditLogger.php`
- `apps/platform/app/Services/Auth/CapabilityResolver.php`
- `apps/platform/app/Services/Localization/LocaleResolver.php`

Wichtige Test-Anker im Repo:

- `apps/platform/tests/Feature/PortfolioCompare/*`
- `apps/platform/tests/Feature/ReviewPack/*`
- `apps/platform/tests/Feature/Evidence/*`
- `apps/platform/tests/Feature/PermissionPosture/*`
- `apps/platform/tests/Feature/EntraAdminRoles/*`
- `apps/platform/tests/Feature/SupportDiagnostics/*`
- `apps/platform/tests/Feature/SupportRequests/*`
- `apps/platform/tests/Feature/System/ViewWorkspaceEntitlementsTest.php`
- `apps/platform/tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php`
- `apps/platform/tests/Feature/System/CustomerHealth/*`
- `apps/platform/tests/Feature/System/ProductTelemetry/*`
- `apps/platform/tests/Feature/System/OpsControls/*`
- `apps/platform/tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php`
- `apps/platform/tests/Unit/Governance/*`
- `apps/platform/tests/Unit/Support/PortfolioCompare/*`
- `apps/platform/tests/Unit/Support/SupportRequests/ExternalSupportDeskHandoffServiceTest.php`
- `apps/platform/tests/Unit/Entitlements/*`

## Last Updated

2026-05-01 on branch `platform-dev` (full repo-based maturity refresh against current specs and repo anchors)