# Tasks: Tenant Portfolio & Context Switch (031)

**Branch**: `feat/031-tenant-portfolio-context-switch`  
**Date**: 2026-01-04  
**Input**: [spec.md](./spec.md), [plan.md](./plan.md)

## Phase 1: Setup
- [x] T001 Create spec/plan/tasks and checklist.

## Phase 2: Research & Design
- [ ] T002 Review Filament tenancy support and choose the context mechanism (route vs session).
- [ ] T003 Define tenant access roles and mapping (user memberships; future org/group principals).
- [ ] T004 Decide how to store `environment` (column vs JSONB) and whether MSP “customer grouping” is in scope.
- [ ] T005 Define context precedence rules (env override, route tenant, session/default tenant) and cross-tab safety expectations.

## Phase 3: Tests (TDD)
- [ ] T006 Authorization: user cannot open unauthorized tenant (403).
- [ ] T007 Authorization: tenant-scoped resources deny cross-tenant access via URL (403/404).
- [ ] T008 Context switching: “Open tenant” sets context and tenant-scoped pages filter correctly.
- [ ] T009 Bulk sync: dispatches one job per selected tenant; readonly role cannot run it.
- [ ] T010 UI (optional browser tests): tenant switcher visible and environment badge shown.

## Phase 4: Implementation
- [ ] T011 Add migrations for tenant memberships/roles and environment attribute (and optional preferences).
- [ ] T012 Implement `TenantContext` + authorization gate/policy (`canAccessTenant`).
- [ ] T013 Integrate tenant switcher into Filament topbar and make Current Tenant always visible.
- [ ] T014 Scope tenant resources (Policies/Backups/RestoreRuns/etc.) via TenantContext; replace direct `Tenant::current()` usage.
- [ ] T015 Update `TenantResource` into a portfolio view: access-scoped query, columns, filters, “Open”, “Sync”, bulk “Sync selected”.
- [ ] T016 Add restore guardrails (target tenant header + tenant-aware confirmations).

## Phase 5: Verification
- [ ] T017 Run targeted tests.
- [ ] T018 Run Pint (`./vendor/bin/pint --dirty`).