6c7a80e275
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 5m7s
Added jobs, controllers, and PDF generation logic for management report runtime as defined in Spec 379. Includes artifact migrations, payload builders, and testing coverage.
364 lines
45 KiB
Markdown
364 lines
45 KiB
Markdown
# TenantPilot Implementation Ledger
|
|
|
|
> **Status:** Active
|
|
> **Last reviewed:** 2026-06-15
|
|
> **Use for:** Repo-based implementation status and product-surface maturity assessment
|
|
> **Do not use for:** Roadmap priority, spec priority, or proof that tests were executed in the current branch
|
|
> **Scoped maintenance:** 2026-06-15 repo-truth sync after Specs 311-379, including completed Spec 311 surface-scope foundation, post-311 candidate reconciliation, Spec 377 UI closeout, and current working-tree Spec 379 management-report PDF runtime-gated status; 2026-05-15 Spec 310 product-truth/docs-drift reconciliation after Specs 307-309; 2026-05-15 Spec 309 RBAC role matrix and access boundary hardening update; 2026-05-15 Spec 308 customer-safe Decision Summary and Review Pack inclusion update; 2026-05-15 Decision Register proof-link implementation update after Spec 307; 2026-05-15 Decision Register reconciliation update after Spec 306; 2026-05-15 Tenant Panel dead-code retirement guardrail update after Spec 304; 2026-05-12 roadmap/ledger alignment after the admin workspace navigation and tenant-owned surface repair candidate intake from the repo-verified navigation/panel audit; 2026-05-06 ledger conflict cleanup plus alignment with `docs/product/roadmap.md` and `docs/product/spec-candidates.md` after the cross-domain indicator candidate intake and the current manual-promotion backlog review.
|
|
|
|
## Purpose
|
|
|
|
Dieses Dokument beschreibt den aktuellen repo-basierten Implementierungsstand von TenantPilot. Es ergaenzt `docs/product/roadmap.md` und `docs/product/spec-candidates.md`, ersetzt sie aber nicht.
|
|
|
|
Bewertungsregeln fuer dieses Ledger:
|
|
|
|
- Repo-basiert only: Aussagen zaehlen nur, wenn Code, Datenmodell, Workflow, UI-Adoption oder Test-Artefakte im Repo belastbar darauf hinweisen.
|
|
- Keine Roadmap- oder Spec-Absicht ohne Repo-Evidence.
|
|
- Produkt-Posture nutzt als Basis `foundation-only`, `implemented but not productized`, `fast sellable`, `sellable` oder `not implemented`; seit Spec 310 duerfen belegte Product-Truth-Labels wie `repo-real`, `open gap`, `historical` oder `security-hardening completed` in Statusnotizen oder kombinierten Tabellenzellen ergaenzen.
|
|
- `sellable` wird nur dort verwendet, wo UI, Workflow, Datenmodell, RBAC/Audit und passende Test-Artefakte plausibel zusammenpassen.
|
|
- `fast sellable` bedeutet: repo-real und kunden- oder operatornah genug, aber die letzte produktisierte Delivery-, Packaging- oder Self-Serve-Schicht fehlt noch.
|
|
- `implemented but not productized` bedeutet: reale Oberflaechen oder Workflows existieren, aber sie sind noch nicht als ruhige, wiederholbare Produkt-Slice zusammengezogen.
|
|
- `foundation-only` bleibt fuer Enablement-, Control-, Policy- oder technische Tragschichten reserviert.
|
|
- Wenn Tests unten als vorhanden markiert sind, bedeutet das: passende Test-Dateien existieren im Repo. Sie wurden fuer dieses Ledger nicht ausgefuehrt.
|
|
|
|
## Current Product Position
|
|
|
|
TenantPilot ist aktuell ein starkes Governance- und Operations-Produkt mit repo-realen Foundations fuer Execution Truth, Baselines/Drift, Findings, Evidence, Reviews, Review Packs, Supportability, Telemetry, Safety Controls, Commercial Lifecycle und governed AI policy. Seit Spec 311 ist der Workspace/Environment-Surface-Scope-Contract eine abgeschlossene Foundation: `/admin` und `/system` sind die aktiven Panels, `/admin/t` bleibt retired, workspace-wide versus environment-bound Scope ist route-owned, und `environment_id` ist ein expliziter Filter. Darauf sitzen inzwischen mehrere repo-real productization slices: Customer Review Workspace v1 Completion, Decision Register proof/run links, customer-safe Decision Summary und Review Pack inclusion, Governance Inbox operator workflow, Provider Connection scope hardening, canonical link/query cleanup, localization adoption/neutralization, support-access slices, commercial entitlement/lifecycle truth, UI productization closeout sowie current working-tree Management Report PDF runtime work. Die wichtigsten offenen Luecken sind nicht mehr diese Foundations, sondern runtime/productization follow-through: Management Report PDF staging/Dokploy renderer validation, Governance Artifact Lifecycle & Retention runtime, optional Provider readiness/onboarding polish, cross-domain indicator runtime adoption, manual system-panel browser fixture/procedure, durable self-serve commercial/subscription operations, and the first governed AI runtime consumer.
|
|
|
|
## Runtime Guardrails
|
|
|
|
- 2026-05-15 / Spec 304: Active Tenant Panel runtime is absent and guarded. `bootstrap/providers.php` registers no Tenant Panel provider, no active `TenantPanelProvider.php` exists under the platform app runtime paths, no `/admin/t` or legacy `/admin/tenants` route family is registered, and focused tests guard canonical workspace/environment link emission. Workspace remains the active Filament admin runtime context while Managed Environment surfaces stay under canonical workspace/environment routes.
|
|
- 2026-06-15 / Spec 311: Workspace / Environment Surface Scope Contract is a completed foundation. Do not reopen shell, sidebar, topbar, breadcrumb, or global workspace/environment scope unless fresh repo evidence shows regression. `environment_id` is an explicit page filter, not hidden global context.
|
|
- 2026-06-15 / Spec 377: post-productization browser reaudit is closed with follow-up; no P0/P1 productization findings remain in its accepted evidence. Remaining system-panel browser fixture/procedure work is validation follow-up, not a product runtime blocker.
|
|
- 2026-06-15 / current working-tree Spec 379: Management Report PDF generation is repo-real but runtime-gated. `TENANTPILOT_PDF_RENDERER_RUNTIME_VALIDATED=false` keeps generation disabled until deployed Gotenberg/Dokploy validation passes; current workspace code evidence must not be treated as production enablement.
|
|
|
|
## Status Model
|
|
|
|
- `foundation-only`: belastbare technische, policy- oder control-layer foundation ohne hinreichende Produktisierung
|
|
- `implemented but not productized`: reale Oberflaeche oder Workflow vorhanden, aber noch keine ruhige wiederholbare Produktschicht
|
|
- `fast sellable`: repo-real, kunden- oder operatornah und nah an wiederholbarer Delivery, aber letzte Produktisierungsluecken bleiben
|
|
- `sellable`: belastbare UI-, Workflow-, RBAC/Audit- und Test-Spur mit wiederholbarem Produktversprechen
|
|
- `not implemented`: noch kein belastbarer repo-real Slice fuer das eigentliche Ziel
|
|
|
|
Spec-310-Truth-Labels fuer Statusnotizen:
|
|
|
|
- `repo-real`: Code, Runtime-Oberflaeche, Tests oder akzeptierte Spec-Close-out-Evidence belegen den Slice im Repo
|
|
- `implemented`: Runtime existiert, Produktreife kann aber variieren
|
|
- `spec-backed`: formaler Spec existiert, Implementierung ist nicht automatisch vollstaendig
|
|
- `historical`: abgeschlossen, promoted oder nur noch Sequencing-Kontext
|
|
- `superseded`: durch spaetere Spec- oder Runtime-Wahrheit ersetzt
|
|
- `open gap`: braucht weiterhin Produkt- oder Technikarbeit
|
|
- `security-hardening completed`: Sicherheits-/Access-Hardening wurde spezifisch verifiziert und adressiert
|
|
- `decision needed`: Produkt- oder Architekturentscheidung vor Umsetzung noetig
|
|
|
|
Evidence-Level im Dokument:
|
|
|
|
- `none`: keine belastbare Repo-Evidence
|
|
- `weak`: duenne Code- oder Doc-Spur, aber kein belastbarer Gesamtworkflow
|
|
- `medium`: mehrere Repo-Signale, aber noch nicht durchgaengig
|
|
- `strong`: Datenmodell, Workflow, UI- oder Test-Spur greifen konsistent ineinander
|
|
|
|
## Roadmap Coverage Summary
|
|
|
|
| Roadmap Area | Product posture | Evidence Level | UI Ready | Tested | Sellable | Notes |
|
|
|---|---|---:|---|---|---|---|
|
|
| R1 Golden Master Governance | sellable | strong | yes | repo tests, not run | yes | Baselines, Drift, Findings und OperationRun-Truth sind breit im Produkt verankert. |
|
|
| R2 Tenant Reviews, Evidence & Control Foundation | fast sellable | strong | yes | repo tests, not run | near | Reviews, Evidence, Review Packs, Customer Review Workspace v1 completion, governance-package delivery, customer-safe Decision Summary / Review Pack inclusion, compliance interpretation overlays und Control-/Exception-Layer greifen als reale Governance-Surface zusammen; Management Report PDF bleibt bis zur Staging/Dokploy-Renderer-Validierung runtime-gated. |
|
|
| Alert escalation + notification routing | sellable | strong | partial | repo tests, not run | yes | Alert-Regeln, Dispatch, Cooldown und Quiet Hours sind real. |
|
|
| Governance & Architecture Hardening | foundation-only | strong | partial | repo tests, not run | no | Viele Hardening-Slices sind bereits im Code; Spec 309 ist `security-hardening completed`, Spec 311 ist completed surface-scope foundation, und Support Access Governance bleibt getrennt von RBAC-hardening. |
|
|
| UI & Product Maturity Polish | implemented but not productized | strong | partial | repo tests, not run | no | Empty States, Navigation, Localization, read-only Review-Polish, Customer Review Workspace v1, Governance Inbox final workflow, and Spec 377 closeout evidence are repo-real; remaining system-panel browser fixture/procedure is validation follow-up. |
|
|
| Secret & Security Hardening | fast sellable | strong | yes | repo tests, not run | yes | Provider-Verifikation, Permission-Diagnostics und Redaction sind belastbar. |
|
|
| Baseline Drift Engine (Cutover) | sellable | strong | yes | repo tests, not run | yes | Compare- und Drift-Workflow wirken als produktive Kernfunktion. |
|
|
| R1.9 Platform Localization v1 | implemented but not productized / repo-real | strong | yes | repo tests, not run | no | Locale-Resolver, Override/Praeferenz, Workspace-Default, Fallback, lokalisierte Notifications, and adoption/neutralization work through Specs 275 and 286 are repo-real; remaining copy QA is polish. |
|
|
| Product Scalability & Self-Service Foundation | fast sellable | strong | yes | repo tests, not run | near | Onboarding, Support, Help, Entitlements, commercial lifecycle state handling, billing-state maturity, support-access slices, and bounded support-desk handoff are repo-real; broader self-serve customer portal, trial/demo operations, and subscription ops remain productization decisions. |
|
|
| R2.0 Canonical Control Catalog Foundation | foundation-only | strong | partial | repo tests, not run | no | Bereits implementiert und in Evidence/Reviews referenziert, aber kein eigenstaendiger Kundennutzen-Surface. |
|
|
| R2 Completion: customer review, support, help | fast sellable | strong | yes | repo tests, not run | near | Customer Review Workspace v1 completion, released-review detail handoff, governance-package delivery, Support Diagnostics/Requests, support-access slices, and Help-Katalog are repo-real; production-grade management PDF output remains runtime-gated. |
|
|
| Compliance Evidence Mapping v1 | implemented but not productized | strong | yes | repo tests, not run | no | Canonical control interpretation is rendered in tenant reviews and the customer review workspace, but broader framework coverage and auditor-facing mapping remain open. |
|
|
| Governance-as-a-Service Packaging v1 | implemented but not productized | strong | yes | repo tests, not run | no | Governance package status, download messaging, current review-pack reuse, and management-report PDF artifact flow are repo-real; recurring delivery workflows and production PDF renderer validation remain open. |
|
|
| Findings Workflow v2 / Execution Layer | fast sellable | strong | yes | repo tests, not run | yes | Triage, Ownership, My Work, Intake, Governance Inbox, Exceptions und Alerts/Hygiene sind real; Cross-Tenant-Decisioning bleibt spaeter. |
|
|
| Provider-missing policy visibility follow-up | not implemented | weak | no | no | no | `specs/261-provider-missing-policy-visibility/spec.md` bleibt ein schmaler policy-only Follow-up; die breitere Lifecycle-Taxonomie ist getrennt. |
|
|
| Platform Operations Maturity | implemented but not productized | strong | yes | repo tests, not run | no | System Panel, Control Tower und Ops Controls sind real; CSV/Raw Drilldowns bleiben offen. |
|
|
| Product Usage, Customer Health & Operational Controls | implemented but not productized | strong | yes | repo tests, not run | no | Diese Mid-term-Lane ist im Repo bereits substanziell vorhanden, bleibt aber vor allem operatorseitige Produktisierung. |
|
|
| Private AI Execution Governance Foundation | foundation-only | strong | partial | repo tests, not run | no | `specs/248-private-ai-policy-foundation/spec.md` ist repo-real in Policy, Boundary, Settings und Ops Controls; der erste Runtime-Consumer fehlt noch. |
|
|
| MSP Portfolio & Operations | implemented but not productized | strong | yes | repo tests, not run | no | Portfolio-Triage, canonical compare preview, preflight audit and launch continuity are repo-real; actual promotion execution and the broader decision workboard remain open. |
|
|
| Human-in-the-Loop Autonomous Governance | not implemented | weak | no | no | no | Kein repo-verifizierter Decision-Pack- oder Approval-Workflow jenseits des jetzigen Exception-/Review-Layers. |
|
|
| Drift & Change Governance | fast sellable | strong | yes | repo tests, not run | yes | Drift review, accepted-risk governance, exception validity und Governance-Inbox-Surfaces sind repo-real; portfolio-weite Eskalation bleibt offen. |
|
|
| Standardization & Policy Quality | not implemented | none | no | no | no | Keine starke Repo-Evidence fuer eine Intune-Linting- oder Policy-Quality-Oberflaeche. |
|
|
| PSA / Ticketing Handoff | implemented but not productized | strong | yes | repo tests, not run | no | Support Requests include bounded external create/link handoff on the current tenant and operation-run contexts; broader multi-provider ITSM expansion remains separate work. |
|
|
|
|
## Implemented Capabilities
|
|
|
|
| Capability | Product posture | Backend | UI | Tests | RBAC/Audit | Sellable | Evidence |
|
|
|---|---|---|---|---|---|---|---|
|
|
| OperationRun truth layer | foundation-only | yes | partial | repo tests, not run | yes | no | `app/Models/OperationRun.php`; `tests/Feature/System/*`; `tests/Feature/ReviewPack/*` |
|
|
| Baseline profiles, snapshots and compare | sellable | yes | yes | repo tests, not run | yes | yes | `app/Models/BaselineProfile.php`; `app/Models/BaselineSnapshot.php`; `app/Services/Baselines/BaselineCompareService.php` |
|
|
| Drift findings and governance pressure | sellable | yes | yes | repo tests, not run | yes | yes | `app/Models/Finding.php`; `app/Filament/Widgets/Dashboard/RecentDriftFindings.php`; `tests/Feature/Findings/*` |
|
|
| Findings inboxes and governance inbox | fast sellable | yes | yes | repo tests, not run | yes | yes | `app/Filament/Pages/Findings/MyFindingsInbox.php`; `app/Filament/Pages/Findings/FindingsIntakeQueue.php`; `app/Filament/Pages/Governance/GovernanceInbox.php`; `tests/Feature/Findings/MyWorkInboxTest.php`; `tests/Feature/Governance/*` |
|
|
| Finding exceptions and risk acceptance workflow | fast sellable | yes | yes | repo tests, not run | yes | yes | `app/Models/FindingException.php`; `app/Services/Findings/FindingExceptionService.php`; `app/Filament/Resources/FindingExceptionResource.php`; `tests/Feature/Findings/FindingExceptionWorkflowTest.php` |
|
|
| Decision Register operator surface | implemented but not productized / repo-real | yes | yes | repo tests, not run | yes | no | `specs/265-decision-register-approval/spec.md`; `specs/306-decision-register-reconciliation/decision-register-reconciliation.md`; `specs/307-decision-register-evidence-operationrun-link-polish/spec.md`; `app/Filament/Pages/Governance/DecisionRegister.php`; `app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php`; `tests/Feature/Governance/DecisionRegisterPageTest.php`; `tests/Feature/Findings/FindingExceptionDecisionRegisterNavigationTest.php`; `tests/Feature/Findings/FindingExceptionDecisionRegisterBoundariesTest.php` |
|
|
| Decision Register proof/run links | fast sellable / repo-real | yes | yes | repo tests, not run | yes | no | `specs/307-decision-register-evidence-operationrun-link-polish/spec.md`; `specs/307-decision-register-evidence-operationrun-link-polish/tasks.md`; `app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php`; `app/Filament/Pages/Governance/DecisionRegister.php`; `tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php`; `tests/Feature/Governance/DecisionRegisterPageTest.php` |
|
|
| Governance Inbox final operator workflow | fast sellable / repo-real / implemented | yes | yes | repo tests, not run | yes | near | `specs/327-governance-inbox-decision-first-workbench-productization/spec.md`; `specs/346-governance-inbox-final-operator-workflow/spec.md`; `app/Filament/Pages/Governance/GovernanceInbox.php`; `tests/Feature/Governance/*` |
|
|
| Restore workflow with safety gates | sellable | yes | yes | repo tests, not run | yes | yes | `app/Models/OperationRun.php`; restore gates and tests in `tests/Feature/Restore/*` |
|
|
| Evidence snapshots | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Models/EvidenceSnapshot.php`; `app/Services/Evidence/EvidenceSnapshotService.php`; `tests/Feature/Evidence/*` |
|
|
| Tenant reviews | fast sellable | yes | yes | repo tests, not run | yes | yes | `app/Models/TenantReview.php`; `app/Services/TenantReviews/TenantReviewService.php`; `tests/Feature/TenantReview/*` |
|
|
| Review pack generation and export | fast sellable | yes | yes | repo tests, not run | yes | yes | `specs/109-review-pack-export/spec.md`; `specs/308-decision-register-summary-review-pack/plan.md`; `app/Models/ReviewPack.php`; `app/Services/ReviewPackService.php`; `app/Jobs/GenerateReviewPackJob.php`; `tests/Feature/ReviewPack/*` |
|
|
| Decision Summary in reviews and Review Packs | fast sellable / repo-real | yes | yes | repo tests, not run | yes | yes | `specs/308-decision-register-summary-review-pack/spec.md`; `specs/308-decision-register-summary-review-pack/plan.md`; `app/Services/EnvironmentReviews/EnvironmentReviewComposer.php`; `app/Jobs/GenerateReviewPackJob.php`; `tests/Feature/EnvironmentReview/EnvironmentReviewExecutivePackTest.php`; `tests/Feature/ReviewPack/EnvironmentReviewDerivedReviewPackTest.php` |
|
|
| Customer review workspace | fast sellable / repo-real / implemented | yes | yes | repo tests, not run | yes | near | `specs/258-customer-review-productization/spec.md`; `specs/312-customer-review-workspace-v1-completion/spec.md`; `specs/342-customer-review-workspace-final-consumption-productization/spec.md`; `app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`; `tests/Feature/Reviews/*`; `tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php` |
|
|
| Management Report PDF generation | implemented but not productized / repo-real / open gap | yes | yes | repo tests, not run | yes | no | `specs/378-management-report-pdf-v1/spec.md`; `specs/379-management-report-pdf-runtime/spec.md`; `app/Services/ManagementReports/ManagementReportPdfService.php`; `app/Jobs/GenerateManagementReportPdfJob.php`; `app/Http/Controllers/ManagementReportPdfDownloadController.php`; `app/Filament/Resources/ReviewPackResource/Pages/ViewReviewPack.php`; `tests/Feature/ReviewPack/Spec379ManagementReportPdfTest.php`; `tests/Browser/Spec379ManagementReportPdfSmokeTest.php`; runtime gate requires staging/Dokploy validation before production enablement |
|
|
| Governance package delivery surface | implemented but not productized | yes | yes | repo tests, not run | yes | no | `specs/260-governance-service-packaging/spec.md`; `app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`; `app/Filament/Resources/TenantReviewResource.php`; `tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php`; `tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php` |
|
|
| Compliance evidence mapping overlay | implemented but not productized | yes | yes | repo tests, not run | partial | no | `specs/259-compliance-evidence-mapping/spec.md`; `app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php`; `app/Services/TenantReviews/TenantReviewSectionFactory.php`; `tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php` |
|
|
| Alerts and notification routing | sellable | yes | partial | repo tests, not run | yes | yes | `app/Services/Alerts/AlertDispatchService.php`; `tests/Feature/*Alert*` |
|
|
| Provider health, onboarding readiness and required permissions | fast sellable | yes | yes | repo tests, not run | yes | yes | `app/Jobs/ProviderConnectionHealthCheckJob.php`; `app/Services/Onboarding/OnboardingLifecycleService.php`; `app/Filament/Pages/TenantRequiredPermissions.php` |
|
|
| Permission posture reporting | sellable | yes | yes | repo tests, not run | yes | yes | `app/Services/PermissionPosture/PermissionPostureFindingGenerator.php`; `tests/Feature/PermissionPosture/*` |
|
|
| Entra admin roles reporting | sellable | yes | yes | repo tests, not run | yes | yes | `app/Services/EntraAdminRoles/EntraAdminRolesReportService.php`; `tests/Feature/EntraAdminRoles/*` |
|
|
| Stored reports substrate and artifact surface | implemented but not productized / repo-real | yes | partial | repo tests, not run | partial | no | `specs/277-stored-reports-surface/spec.md`; `app/Models/StoredReport.php`; current working-tree Spec 379 management PDF artifact fields; `tests/Feature/PermissionPosture/StoredReportModelTest.php`; `tests/Feature/EntraAdminRoles/StoredReportFingerprintTest.php`; `tests/Feature/ReviewPack/Spec379ManagementReportPdfTest.php` |
|
|
| Support diagnostics | fast sellable | yes | yes | repo tests, not run | yes | yes | `app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php`; `app/Filament/Pages/TenantDashboard.php`; `tests/Feature/SupportDiagnostics/*` |
|
|
| In-app support requests | fast sellable | yes | yes | repo tests, not run | yes | yes | `app/Models/SupportRequest.php`; `app/Support/SupportRequests/*`; `tests/Feature/SupportRequests/*` |
|
|
| External support-desk handoff | implemented but not productized | yes | yes | repo tests, not run | yes | no | `app/Support/SupportRequests/ExternalSupportDeskHandoffService.php`; `app/Support/SupportRequests/SupportRequestSubmissionService.php`; `tests/Unit/Support/SupportRequests/ExternalSupportDeskHandoffServiceTest.php` |
|
|
| Product knowledge and contextual help | implemented but not productized | yes | yes | repo tests, not run | partial | no | `app/Support/ProductKnowledge/ContextualHelpCatalog.php`; `tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php` |
|
|
| Localization foundation | foundation-only | yes | yes | repo tests, not run | partial | no | `specs/252-platform-localization-v1/spec.md`; `app/Services/Localization/LocaleResolver.php`; `app/Http/Controllers/LocalizationController.php`; `tests/Feature/Localization/*` |
|
|
| Product telemetry | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Models/ProductUsageEvent.php`; `app/Filament/System/Widgets/ProductTelemetryKpis.php`; `tests/Feature/System/ProductTelemetry/*` |
|
|
| Customer health scoring | foundation-only | yes | yes | repo tests, not run | partial | no | `app/Filament/System/Widgets/CustomerHealthKpis.php`; `app/Filament/System/Widgets/CustomerHealthTopWorkspaces.php`; `tests/Feature/System/CustomerHealth/*` |
|
|
| Operational controls | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Models/OperationalControlActivation.php`; `app/Support/OperationalControls/*`; `tests/Feature/System/OpsControls/*` |
|
|
| Governed AI policy foundation | foundation-only | yes | partial | repo tests, not run | yes | no | `specs/248-private-ai-policy-foundation/spec.md`; `app/Support/Ai/AiUseCaseCatalog.php`; `app/Support/Ai/GovernedAiExecutionBoundary.php`; `app/Support/Ai/AiDecisionAuditMetadataFactory.php`; `app/Filament/Pages/Settings/WorkspaceSettings.php`; `tests/Unit/Support/Ai/*`; `tests/Feature/SettingsFoundation/WorkspaceAiPolicySettingsTest.php`; `tests/Feature/System/OpsControls/AiExecutionOperationalControlTest.php` |
|
|
| Workspace entitlements | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Services/Entitlements/WorkspaceEntitlementResolver.php`; `tests/Feature/Filament/Settings/WorkspaceEntitlementsSettingsPageTest.php` |
|
|
| Commercial lifecycle state handling | implemented but not productized / repo-real | yes | yes | repo tests, not run | yes | no | `specs/251-commercial-entitlements-billing-state/spec.md`; `specs/274-billing-subscription-truth/spec.md`; `app/Services/Entitlements/WorkspaceCommercialLifecycleResolver.php`; `app/Filament/System/Pages/Directory/ViewWorkspace.php`; `tests/Feature/System/ViewWorkspaceEntitlementsTest.php`; `tests/Unit/Entitlements/WorkspaceCommercialLifecycleResolverTest.php` |
|
|
| Capability-first RBAC | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Services/Auth/CapabilityResolver.php`; `app/Services/Auth/RoleCapabilityMap.php`; many `tests/Feature/Rbac/*` |
|
|
| RBAC role matrix and access boundary hardening | security-hardening completed / repo-real | yes | yes | repo tests, not run | yes | no | `specs/309-rbac-role-matrix-access-boundary-audit/tasks.md`; `app/Services/Auth/WorkspaceRoleCapabilityMap.php`; `app/Models/User.php`; `tests/Feature/Rbac/RoleMatrix/ManagerAccessTest.php`; `tests/Feature/Rbac/PanelAccess/AdminPanelAccessBoundaryTest.php`; `tests/Feature/Rbac/PanelAccess/SystemPanelAccessBoundaryTest.php` |
|
|
| Workspace / Environment Surface Scope Contract | foundation-only / repo-real / implemented | yes | yes | repo tests, not run | yes | no | `specs/311-workspace-environment-surface-scope-contract/spec.md`; `bootstrap/providers.php`; `routes/web.php`; active `/admin` and `/system`; no active `/admin/t`; `environment_id` filter semantics |
|
|
| Provider Connection scope hardening | security-hardening completed / repo-real | yes | yes | repo tests, not run | yes | no | `specs/339-provider-connection-scope-hardening/spec.md`; `app/Filament/Resources/ProviderConnectionResource.php`; `app/Policies/ProviderConnectionPolicy.php`; `tests/Feature/ProviderConnections/*` |
|
|
| Canonical link / query cleanup | implemented / repo-real | yes | yes | repo tests, not run | partial | no | `specs/341-canonical-link-query-cleanup/spec.md`; `app/Support/Workspaces/WorkspaceHubNavigation.php`; `app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`; route/link guard tests |
|
|
| Audit log foundation | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Models/AuditLog.php`; `app/Services/Audit/WorkspaceAuditLogger.php`; many audit-focused feature tests |
|
|
| Canonical control catalog | foundation-only | yes | partial | repo tests, not run | partial | no | `app/Support/Governance/Controls/CanonicalControlCatalog.php`; `config/canonical_controls.php`; `tests/Unit/Governance/*` |
|
|
| Portfolio triage continuity | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Services/PortfolioTriage/TenantTriageReviewService.php`; `app/Support/PortfolioTriage/*`; `tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php` |
|
|
| Cross-tenant compare preview and promotion preflight | fast sellable | yes | yes | repo tests, not run | yes | yes | `specs/043-cross-tenant-compare-and-promotion/spec.md`; `app/Filament/Pages/CrossTenantComparePage.php`; `app/Support/PortfolioCompare/CrossTenantComparePreviewBuilder.php`; `app/Support/PortfolioCompare/CrossTenantPromotionPreflight.php`; `tests/Feature/PortfolioCompare/*`; `tests/Unit/Support/PortfolioCompare/*` |
|
|
|
|
## Foundation-Only Capabilities
|
|
|
|
- OperationRun truth and canonical operation typing: starke Execution-Foundation, aber kein eigenstaendiger Kundennutzen-Surface.
|
|
- Audit log foundation: breit genutzt und wichtig fuer Governance, aber allein nicht verkaufbar.
|
|
- Capability-first RBAC: belastbar und testnah, bleibt aber Enablement-Layer; Spec 309 ist die abgeschlossene `security-hardening completed` Korrektur fuer Owner-only membership management und admin/system panel boundaries, nicht die Support Access Governance Productization.
|
|
- Workspace entitlements und commercial lifecycle policy engine: reale Gate-, Lifecycle-, Billing-State- und Override-Logik; volle Self-Service-Billing-/Subscription-Ops bleiben spaetere Produktisierung.
|
|
- Canonical control catalog: starke semantische Foundation fuer Evidence, Findings und Reviews.
|
|
- Stored reports substrate: wichtig fuer Reports, Evidence, Diagnostics und Management Report PDF artifacts; Produktreife haengt weiter an lifecycle/retention semantics und Runtime-Validierung.
|
|
- Evidence snapshot substrate: tragende technische Basis fuer Reviews und Exports.
|
|
- Localization foundation: resolved locale precedence, Workspace-Default, User-Praeferenz/Override und Notification-Formatting sind real, aber Enablement statt eigener Produkt-Surface.
|
|
- Governed AI policy foundation: Use-Case-Katalog, Boundary, Audit-Metadata, Workspace-Policy-Surface und Ops-Control-Integration sind repo-real, aber noch ohne ersten Runtime-Consumer.
|
|
- Workspace / Environment Surface Scope Contract: completed foundation fuer route-owned scope; nicht als offener Produkt-Slice behandeln.
|
|
- Operational control registry and evaluator: starke Safety-Control-Foundation, primar operatorseitig.
|
|
- Product telemetry und customer health scoring: reale operatorseitige SaaS-Operations-Layer, aber noch keine eigenstaendige sellable Oberflaeche.
|
|
- Portfolio triage continuity: sinnvoller Multi-Tenant-Unterbau, aber noch kein vollstaendiges Portfolio-Produkt.
|
|
|
|
## Fast-Sellable Or Not-Yet-Productized Capabilities
|
|
|
|
- Customer-facing review consumption: Tenant Reviews, Evidence Snapshots, Review Packs, the Customer Review Workspace, the customer-safe released-review detail mode, governance-package delivery cues, Spec 308 Decision Summary / Review Pack inclusion, compliance interpretation overlays, commercial-lifecycle-aware access states, and post-311 Customer Review Workspace v1 completion are repo-real; future external portal/consumption would be a separate product decision.
|
|
- Findings Workflow v2: Triage, Assignment, My Work, Intake, Governance Inbox, Exceptions, notifications, and the three queue-facing cleanup/hardening follow-through packages are now repo-backed; later cross-tenant action layers remain separate work.
|
|
- Decision Register and Governance Inbox: Spec 265 operator register runtime, Spec 306 reconciliation, Spec 307 direct evidence/report plus source/evidence OperationRun proof-link polish, Spec 308 customer-safe Decision Summary / Review Pack inclusion, and Specs 327/346 Governance Inbox productization are repo-backed; do not treat Decision-Based Governance Inbox v1 as Greenfield.
|
|
- Product scalability and self-service: Onboarding, Support, Help, Entitlements, commercial lifecycle state handling, support-access slices, billing-state maturity, and external support-desk handoff are repo-real; broader trial/demo, self-serve subscription operations, and customer portal packaging remain.
|
|
- Management reporting: current working-tree management-report PDF runtime and artifact flow are repo-real, but production enablement remains gated on staging/Dokploy renderer validation.
|
|
- MSP portfolio operations: Portfolio-Triage plus cross-tenant compare preview and promotion preflight are repo-real; actual promotion execution and broader portfolio action orchestration remain open.
|
|
- Platform operations maturity: Control Tower und Ops Controls sind stark, aber einige geplante operatorseitige Drilldowns/Exports fehlen noch.
|
|
- Product knowledge rollout: Help-Katalog und Resolver sind real, aber noch nicht breit genug adoptiert fuer "fertig".
|
|
|
|
## Not Implemented
|
|
|
|
- Governance Artifact Lifecycle & Retention v1
|
|
- Management Report PDF staging/Dokploy runtime validation and production enablement
|
|
- Durable self-serve Billing / Subscription Operations beyond existing entitlement and lifecycle truth
|
|
- Workspace & Tenant Closure Lifecycle runtime follow-through beyond existing taxonomy/current slices
|
|
- First Governed AI Runtime Consumer v1
|
|
- Human-in-the-Loop Autonomous Governance
|
|
- Standardization & Policy Quality / Intune Linting
|
|
- Provider-Missing Policy Visibility & Restore Continuity v1 (`specs/261-provider-missing-policy-visibility/spec.md`, spec-backed prep only)
|
|
- Broader compliance frameworks and auditor-facing mapping beyond the current evidence overlay
|
|
|
|
## Release Readiness
|
|
|
|
| Release / Theme | Readiness | Notes |
|
|
|---|---|---|
|
|
| R1 Golden Master Governance | sellable | Die zentrale Governance- und Execution-Layer ist repo-verifiziert und breit adoptiert. |
|
|
| R2 Tenant Reviews & Evidence Packs | fast sellable | Reviews, Evidence Snapshots, Review Packs, Customer Review Workspace v1 completion, released-review detail handoff, governance-package delivery, compliance interpretation overlays, Exception-/Accepted-Risk-Workflow und Management Report PDF runtime work are repo-real; PDF production enablement remains gated by staging/Dokploy renderer validation. |
|
|
| R3 MSP Portfolio OS | implemented but not productized | Portfolio-Triage sowie canonical compare preview/preflight sind da, aber actual promotion execution und portfolio-weite Action-Layer fehlen weiter. |
|
|
| Compliance Evidence Mapping v1 | implemented but not productized | Compliance interpretation overlays sind repo-real in Tenant Reviews und Customer Review Workspace, aber breitere Framework-Abdeckung und auditor-facing mapping fehlen weiter. |
|
|
| Governance-as-a-Service Packaging v1 | implemented but not productized | Governance package status, delivery messaging, current review-pack reuse, and management-report PDF artifact flow are repo-real; recurring delivery workflow and production renderer validation remain incomplete. |
|
|
|
|
## Commercial Readiness
|
|
|
|
### Demo-ready
|
|
|
|
- Baseline compare and drift walkthroughs
|
|
- Review pack generation and export
|
|
- Customer review workspace walkthroughs with operator guidance
|
|
- Cross-tenant compare preview and promotion preflight walkthroughs
|
|
- Provider health, onboarding readiness and required permissions
|
|
- Support diagnostics
|
|
- Permission posture and Entra admin roles reporting
|
|
|
|
### Fast sellable
|
|
|
|
- Review-driven governance workflow rund um Tenant Reviews, Customer Review Workspace, governance-package delivery, Spec 308 Decision Summary / Review Pack inclusion, compliance interpretation overlays, accepted risks und Review Packs, aber noch nicht als vollstaendig productisierte customer-safe consumption experience
|
|
- Baseline drift and restore governance
|
|
- Findings workflow mit persönlicher Inbox, Intake, Governance Inbox und Exception-Handling
|
|
- Alerting and run visibility for governance operations
|
|
- Support requests with contextual diagnostics and bounded external create/link handoff
|
|
- Provider readiness and permission posture reporting
|
|
|
|
### Implemented but not productized
|
|
|
|
- Review pack generation and export als wiederholbare auditor-/executive-ready delivery layer
|
|
- Broader compliance evidence mapping surface
|
|
- Standalone governance-as-a-service packaging workflow
|
|
- Cross-tenant compare preview and promotion preflight without execution
|
|
- Product knowledge and contextual help rollout
|
|
|
|
### Foundation-only
|
|
|
|
- OperationRun truth layer
|
|
- Audit foundation
|
|
- Capability-first RBAC
|
|
- Workspace entitlements
|
|
- Canonical control catalog
|
|
- Stored reports substrate
|
|
- Evidence snapshot substrate
|
|
- Localization foundation
|
|
- Governed AI policy foundation
|
|
- Product telemetry
|
|
- Customer health scoring
|
|
- Operational controls
|
|
- Portfolio triage continuity
|
|
|
|
### Not implemented
|
|
|
|
- Auditor-ready executive export / auditor pack delivery
|
|
- Portfolio-wide promotion execution and governance decision-pack workflow
|
|
- Billing and subscription truth layer
|
|
- Stored reports product surface
|
|
- Customer-facing localization adoption
|
|
- Workspace and tenant closure lifecycle runtime follow-through
|
|
- First governed AI runtime consumer
|
|
|
|
## Open Gaps & Blockers
|
|
|
|
Queue audit note: no safe automatic next-best-prep target remains active. The remaining open lanes are now tracked as explicit manual promotions in `docs/product/spec-candidates.md` instead of being re-opened through automatic queue logic.
|
|
|
|
| Gap | Type | Impact | Roadmap Area | Recommended Spec |
|
|
|---|---|---|---|---|
|
|
| No safe automatic next-best-prep target is currently active | Planning boundary | `docs/product/spec-candidates.md` now keeps the active queue empty, so the next slice must be promoted deliberately instead of selected automatically | Product planning / queue hygiene | none - require explicit manual promotion |
|
|
| Management Report PDF production enablement remains gated | Runtime validation blocker | Current-branch Spec 379 implements the generation/download/audit flow, but staging/Dokploy Gotenberg validation must pass before enabling production runtime | Management reporting / review delivery | current Spec 379 follow-through, no new feature spec |
|
|
| Governance-artifact lifecycle runtime is still missing | Trust / auditability blocker | Lifecycle taxonomy and point retention rules exist, but governance artifacts still lack immutable-reference, hold, export, delete, and suspended/read-only runtime semantics | Lifecycle governance / enterprise trust | `Governance Artifact Lifecycle & Retention v1` |
|
|
| Provider readiness / onboarding polish may remain | Optional productization gap | Provider scope is hardened, but setup and resolution guidance should be promoted only if fresh operator evidence shows friction | Provider readiness | manual promotion only |
|
|
| Cross-domain progress and indicator runtime adoption may remain | UX / trust guardrail | Spec 278 provides the standardization path, but runtime adoption should follow only where actual indicator drift is visible | UI semantics / product trust | `Cross-Domain Progress / Indicator Semantics candidate group` |
|
|
| System-panel browser fixture/procedure remains manual | Validation follow-up | Spec 377 closed post-productization browser re-audit with no P0/P1 findings, but system-panel in-app browser fixture coverage remains procedure-dependent | Release validation | manual fixture/procedure follow-up |
|
|
| Durable self-serve subscription operations are not productized | Commercial productization gap | Entitlement and billing-state truth exist, but customer self-serve subscription operations, payment/invoice workflows, or commercial portal behavior remain outside the current product | Commercial readiness | manual promotion only |
|
|
| Future customer portal/external consumption is not productized | Productization decision | Customer Review Workspace v1 is repo-real in the admin context; a broader external customer portal is separate work | Customer consumption | manual promotion only |
|
|
| First governed AI runtime consumer is missing | Architecture blocker | The policy foundation exists, but there is no bounded runtime consumer proving the model end-to-end | Governed AI follow-through | `First Governed AI Runtime Consumer v1` |
|
|
|
|
## Recommended Manual Promotions
|
|
|
|
- `Management Report PDF staging/runtime validation and release hardening` -> anchored by `specs/378-management-report-pdf-v1/spec.md`, `specs/379-management-report-pdf-runtime/spec.md`, `apps/platform/app/Services/ManagementReports/ManagementReportPdfService.php`, `apps/platform/app/Jobs/GenerateManagementReportPdfJob.php`, `apps/platform/app/Http/Controllers/ManagementReportPdfDownloadController.php`, `apps/platform/app/Models/StoredReport.php`, and the Spec 379 runtime-validation artifacts.
|
|
- `Governance Artifact Lifecycle & Retention runtime` -> anchored by `specs/158-artifact-truth-semantics/spec.md`, `specs/262-lifecycle-governance-taxonomy/spec.md`, `specs/267-artifact-lifecycle-retention/spec.md`, and `docs/product/standards/lifecycle-governance.md`.
|
|
- `Provider readiness / onboarding productization` -> anchored by `specs/281-provider-connection-provider-scope-microsoft-profile-extraction/spec.md`, `specs/339-provider-connection-scope-hardening/spec.md`, `specs/353-provider-connections-resolution-guidance-v1/spec.md`, `apps/platform/app/Filament/Resources/ProviderConnectionResource.php`, and `apps/platform/app/Policies/ProviderConnectionPolicy.php`; promote only for fresh UX friction, not scope authority.
|
|
- `Cross-Domain Progress / Indicator runtime follow-through` -> anchored by `specs/278-cross-domain-progress-indicator-semantics/spec.md`, `docs/ui/tenantpilot-enterprise-ui-standards.md`, and current progress-like UI seams called out in `docs/product/spec-candidates.md`.
|
|
- `Manual system-panel browser fixture or audit procedure` -> anchored by `specs/376-*`, `specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/closeout-decision.md`, and the system-panel authentication/fixture limits recorded there.
|
|
- `First Governed AI Runtime Consumer v1` -> anchored by `specs/248-private-ai-policy-foundation/spec.md`.
|
|
|
|
## Roadmap Drift Notes
|
|
|
|
- `docs/product/roadmap.md` and `docs/product/spec-candidates.md` are aligned through 2026-06-15, including Spec 311 completed surface-scope foundation, Specs 312/342/343/344/349/351/372 Customer Review Workspace v1 completion lineage, Specs 327/346 Governance Inbox lineage, Specs 339/341 provider/link cleanup, Spec 377 closeout evidence, and current working-tree Spec 379 runtime-gated Management Report PDF status.
|
|
- The remaining documentation risk is overstating current working-tree or local runtime evidence as production-ready. Management Report PDF remains disabled by runtime gate until staging/Dokploy renderer validation passes.
|
|
- This ledger therefore treats review-driven governance as `fast sellable`, Management Report PDF as `implemented but not productized`, and broad shell/scope/Decision Register/customer-review foundations as historical/completed rather than active candidates.
|
|
- Tests referenced here remain repo-present only. They were not executed for this ledger update.
|
|
|
|
## Evidence Sources
|
|
|
|
Wichtigste Strategie- und Scope-Quellen:
|
|
|
|
- `docs/product/roadmap.md`
|
|
- `docs/product/spec-candidates.md`
|
|
|
|
Wichtige Plattform- und UI-Anker:
|
|
|
|
- `apps/platform/bootstrap/providers.php`
|
|
- `apps/platform/app/Providers/Filament/AdminPanelProvider.php`
|
|
- `apps/platform/app/Providers/Filament/SystemPanelProvider.php`
|
|
- `apps/platform/app/Filament/Pages/TenantDashboard.php`
|
|
- `apps/platform/app/Filament/Pages/CrossTenantComparePage.php`
|
|
- `apps/platform/app/Filament/System/Pages/Dashboard.php`
|
|
- `apps/platform/app/Filament/Pages/TenantRequiredPermissions.php`
|
|
- `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`
|
|
- `apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php`
|
|
- `apps/platform/app/Filament/Pages/Findings/FindingsIntakeQueue.php`
|
|
- `apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php`
|
|
- `apps/platform/app/Filament/Pages/Monitoring/FindingExceptionsQueue.php`
|
|
|
|
Wichtige Models:
|
|
|
|
- `apps/platform/app/Models/OperationRun.php`
|
|
- `apps/platform/app/Models/Finding.php`
|
|
- `apps/platform/app/Models/FindingException.php`
|
|
- `apps/platform/app/Models/FindingExceptionDecision.php`
|
|
- `apps/platform/app/Models/FindingExceptionEvidenceReference.php`
|
|
- `apps/platform/app/Models/BaselineProfile.php`
|
|
- `apps/platform/app/Models/BaselineSnapshot.php`
|
|
- `apps/platform/app/Models/EvidenceSnapshot.php`
|
|
- `apps/platform/app/Models/TenantReview.php`
|
|
- `apps/platform/app/Models/ReviewPack.php`
|
|
- `apps/platform/app/Models/StoredReport.php`
|
|
- `apps/platform/app/Models/SupportRequest.php`
|
|
- `apps/platform/app/Models/ProductUsageEvent.php`
|
|
- `apps/platform/app/Models/OperationalControlActivation.php`
|
|
- `apps/platform/app/Models/AuditLog.php`
|
|
|
|
Wichtige Services und Jobs:
|
|
|
|
- `apps/platform/app/Services/ReviewPackService.php`
|
|
- `apps/platform/app/Services/TenantReviews/TenantReviewService.php`
|
|
- `apps/platform/app/Services/Evidence/EvidenceSnapshotService.php`
|
|
- `apps/platform/app/Services/Baselines/BaselineCompareService.php`
|
|
- `apps/platform/app/Services/Entitlements/WorkspaceCommercialLifecycleResolver.php`
|
|
- `apps/platform/app/Services/Alerts/AlertDispatchService.php`
|
|
- `apps/platform/app/Services/Findings/FindingExceptionService.php`
|
|
- `apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php`
|
|
- `apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php`
|
|
- `apps/platform/app/Services/Entitlements/WorkspaceEntitlementResolver.php`
|
|
- `apps/platform/app/Services/PortfolioTriage/TenantTriageReviewService.php`
|
|
- `apps/platform/app/Support/Ai/AiUseCaseCatalog.php`
|
|
- `apps/platform/app/Support/Ai/GovernedAiExecutionBoundary.php`
|
|
- `apps/platform/app/Support/Ai/AiDecisionAuditMetadataFactory.php`
|
|
- `apps/platform/app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php`
|
|
- `apps/platform/app/Support/PortfolioCompare/CrossTenantComparePreviewBuilder.php`
|
|
- `apps/platform/app/Support/PortfolioCompare/CrossTenantPromotionPreflight.php`
|
|
- `apps/platform/app/Support/SupportRequests/ExternalSupportDeskHandoffService.php`
|
|
- `apps/platform/app/Support/Governance/Controls/CanonicalControlCatalog.php`
|
|
- `apps/platform/app/Services/Audit/WorkspaceAuditLogger.php`
|
|
- `apps/platform/app/Services/Auth/CapabilityResolver.php`
|
|
- `apps/platform/app/Filament/Pages/Settings/WorkspaceSettings.php`
|
|
- `apps/platform/app/Services/Localization/LocaleResolver.php`
|
|
|
|
Wichtige Test-Anker im Repo:
|
|
|
|
- `apps/platform/tests/Feature/PortfolioCompare/*`
|
|
- `apps/platform/tests/Feature/ReviewPack/*`
|
|
- `apps/platform/tests/Feature/Evidence/*`
|
|
- `apps/platform/tests/Feature/PermissionPosture/*`
|
|
- `apps/platform/tests/Feature/EntraAdminRoles/*`
|
|
- `apps/platform/tests/Feature/SupportDiagnostics/*`
|
|
- `apps/platform/tests/Feature/SupportRequests/*`
|
|
- `apps/platform/tests/Feature/System/ViewWorkspaceEntitlementsTest.php`
|
|
- `apps/platform/tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php`
|
|
- `apps/platform/tests/Feature/System/CustomerHealth/*`
|
|
- `apps/platform/tests/Feature/System/ProductTelemetry/*`
|
|
- `apps/platform/tests/Feature/System/OpsControls/*`
|
|
- `apps/platform/tests/Feature/System/OpsControls/AiExecutionOperationalControlTest.php`
|
|
- `apps/platform/tests/Feature/SettingsFoundation/WorkspaceAiPolicySettingsTest.php`
|
|
- `apps/platform/tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php`
|
|
- `apps/platform/tests/Unit/Governance/*`
|
|
- `apps/platform/tests/Unit/Support/Ai/*`
|
|
- `apps/platform/tests/Unit/Support/PortfolioCompare/*`
|
|
- `apps/platform/tests/Unit/Support/SupportRequests/ExternalSupportDeskHandoffServiceTest.php`
|
|
- `apps/platform/tests/Unit/Entitlements/*`
|
|
|
|
## Last Updated
|
|
|
|
2026-05-02 on branch `platform-dev` (ledger drift correction and alignment with `docs/product/roadmap.md` plus `docs/product/spec-candidates.md` after the manual-promotion split)
|