TenantAtlas/specs/300-internal-tenant-model-naming-consolidation/final-tenant-reference-audit.md

Final Tenant Reference Audit

Feature: Spec 300 Internal Tenant Model Naming Consolidation
Audit date: 2026-05-14
Status: Passing with one documented, isolated-passing browser timeout in the raw full suite.

This audit does not require every tenant string to disappear. It requires every remaining Tenant / tenant / tenants hit in active platform code, resources, routes, database artifacts, and tests to be classified as either renamed away or intentionally allowed.

Final Spec 300 Proof

Runtime Legacy Scan

Check	Result	Allowed?	Reason
/admin/t active route	no active route	yes	Retired tenant-panel route remains absent from route:list.
/admin/tenants active route	no active route	yes	Retired tenant resource route remains absent from route:list.
TenantPanelProvider runtime file/provider registration	no runtime hit	yes	Remaining hits are negative regression guards only.
setTenantPanelContext runtime helper	no runtime hit	yes	Remaining hits are negative regression guards only.
panel: 'tenant' / panel: "tenant" runtime bootstrap	no runtime hit	yes	No active tenant-panel bootstrap remains.
TenantResource::getUrl	0 hits	yes	Retired helper dependency removed.
TenantDashboard::getUrl	0 hits	yes	Retired helper dependency removed.
TenantRequiredPermissions::getUrl	0 hits	yes	Retired helper dependency removed.
Priority old-family scan	0 hits	yes	TenantReview, TenantPermission, TenantTriageReview, TenantOnboardingSession, managed-tenant onboarding names, old context routes, cross-tenant compare/promotion names, and source_tenant_id / target_tenant_id are removed from active scan scope.

Commands:

cd apps/platform

rg "TenantPanelProvider|setTenantPanelContext|panel:\s*'tenant'|panel:\s*\"tenant\"" app resources routes tests --glob '!vendor' --glob '!node_modules'
rg "/admin/t/|/admin/tenants|filament\.admin\.resources\.tenants" app resources routes tests --glob '!vendor' --glob '!node_modules'
rg "TenantResource::getUrl|TenantDashboard::getUrl|TenantRequiredPermissions::getUrl" app resources routes tests --glob '!vendor' --glob '!node_modules'
rg "TenantReview|tenant_reviews|tenant_review_sections|tenant-reviews|TenantPermission|tenant_permissions|TenantTriageReview|tenant_triage_reviews|TenantOnboardingSession|ManagedTenantOnboarding|managed_tenant_onboarding|managed_tenant_onboarding_sessions|choose-tenant|select-tenant|clear-tenant-context|cross-tenant-compare|CrossTenantCompare|CrossTenantPromotion|source_tenant_id|target_tenant_id|sourceTenantId|targetTenantId" app database resources routes tests --glob '!vendor' --glob '!node_modules'

Results:

Scan	Count	Classification
Legacy panel literals	10	Allowed regression guards in tests/Feature/WorkspaceFoundation/PlatformBootSmokeTest.php, tests/Feature/Guards/Spec288NoLegacyRouteAndHelperGuardTest.php, and tests/Feature/Guards/NoLegacyTenantPanelRuntimeTest.php.
Legacy route/name literals	123	Allowed negative route assertions, historical redirect/not-found tests, and Spec 300 browser guard assertions. No runtime route is present.
Retired URL helpers	0	Clean.
Priority old families	0	Clean.

Remaining Tenant References

Broad scan:

cd apps/platform
rg "\bTenant\b|\btenant\b|tenants" app database resources routes tests --glob '!vendor' --glob '!node_modules'

Result: 22,571 matches across 1,561 files.

Scope	Files	Allowed?	Classification
tests	1076	yes	Provider fixtures, framework tenancy API assertions, security/isolation tests, negative legacy route guards, historical compatibility tests, and renamed managed-environment regression coverage.
app	433	yes	Provider/Entra terminology, Filament tenancy APIs, system directory tenant terminology, tenant-isolation support domain, residual allowed schema families, product-brand namespaces, and operation/workload identifiers.
resources	38	yes	Filament/UI views using provider/system-directory terminology, framework tenant context terms, and allowed tenant-isolation copy where the domain still intentionally uses tenant as a security boundary.
database	12	yes	Historical migration filenames, provider columns, and residual schema families listed below; priority old tables were renamed.
routes	2	yes	System directory tenant routes only; no retired admin tenant routes.

Allowed categories:

Category	Representative references	Representative files / scopes	Allowed?	Reason
Provider term	Microsoft tenant ID, Entra tenant ID, tenantId, entra_tenant_id, microsoft_tenant_id, provider tenant scope payloads	provider connections, onboarding provider identity, Graph/provider services, verification/report tests	yes	These describe external Microsoft/Entra/provider identity or raw API payload contracts.
Filament/framework-required	Filament::getTenant(), Filament::setTenant(), canAccessTenant(), tenant ownership relationship names, tenancy middleware	Filament resources/pages/widgets, test helpers, RBAC tests	yes	Filament v5 and related package APIs use tenant terminology; renaming local calls would break framework integration.
Regression guard	/admin/t, /admin/tenants, filament.admin.resources.tenants, TenantPanelProvider, setTenantPanelContext, panel: 'tenant'	guard tests, legacy route not-found tests, Spec 300 smoke guard	yes	These literals prove retired routes, panels, and helpers do not return.
System directory	system/directory/tenants, ViewTenant, {tenant} system route parameter	app/Filament/System/Pages/Directory/ViewTenant.php, routes/web.php, system directory tests	yes	System panel directory intentionally models external/customer tenants, not the admin managed-environment product route.
Tenant-isolation domain	App\Support\Tenants\*, TenantAction*, TenantOperability*, tenant-owned tables/model families, tenant lifecycle/security terminology	RBAC, middleware, workspace isolation, operability, action-surface, support-diagnostics code/tests	yes	These references denote the isolation/security boundary and compatibility contracts; the primary product model is now ManagedEnvironment.
Residual schema family	tenant_settings, tenant_role_mappings, baseline_tenant_assignments, UserTenantPreference, user_managed_environment_preferences	models, migrations, factories, workspace isolation tests, baseline assignment tests	yes	These are retained schema/compatibility families. Where they point at the product environment, columns/relations use managed_environment_id; no old Tenant resource or route is generated from them.
Historical migration filename	old *_tenants* migration filenames that create or alter current managed_environments-based schema	database/migrations	yes	Migration filenames are historical ledger entries. Runtime table/constraint names were renamed where they were part of the priority families or active route/resource proof.
Product brand / namespace	tenantpilot, TenantPilot, env/config namespaces	config, console, docs/tests	yes	Product naming remains intentionally separate from the internal model rename.
Operation/workload identifier	provider or workload operation strings that still include tenant as domain language, for example tenant evidence snapshot generation	operation catalog, operation tests, telemetry/support diagnostics	yes	Operation IDs are compatibility/workload identifiers. Spec 300 changed active managed-environment surfaces without rewriting unrelated historical operation keys.

No unclassified active platform-owned priority family remains in app, database, resources, routes, or tests.

Route Proof

Command	Result
cd apps/platform && ./vendor/bin/sail artisan route:list | rg "admin/t|admin/tenants|filament\.admin\.resources\.tenants"	No output.
cd apps/platform && ./vendor/bin/sail artisan route:list | rg "tenant|choose-environment|select-environment|clear-environment-context|cross-environment-compare|managed-environments|environment-reviews"	Shows admin/choose-environment, admin/clear-environment-context, admin/cross-environment-compare, admin/select-environment, environment review routes under /admin/workspaces/{workspace}/environments/{environment}/environment-reviews, and system directory routes /system/directory/tenants.

Active route classification:

Route family	Allowed?	Reason
/admin/choose-environment, /admin/select-environment, /admin/clear-environment-context, /admin/cross-environment-compare	yes	Renamed replacements for old choose/select/clear/cross tenant routes.
/admin/workspaces/{workspace}/environments/{environment}/environment-reviews	yes	Renamed replacement for old tenant-reviews route.
/system/directory/tenants and /system/directory/tenants/{tenant}	yes	System directory route for external/customer tenant directory, not retired admin TenantResource route.

DB Proof

Command	Result
cd apps/platform && ./vendor/bin/sail artisan migrate:fresh --seed	Passed on 2026-05-14 after the priority schema renames. No DB-affecting changes were made after this pass.
Boost read-only table check for old/new priority tables	Old tables absent; new tables present: environment_review_sections, environment_reviews, managed_environment_onboarding_sessions, managed_environment_permissions, managed_environment_triage_reviews.
Boost read-only constraint check pg_constraint where conname ilike '%tenant%'	Residual tenant-named constraints are classified as provider (users_entra_tenant_id_entra_object_id_unique), residual schema (baseline_tenant_assignments_*, tenant_role_mappings_*, tenant_settings_*), or audit/isolation (audit_logs_tenant_workspace_scope_check).

Read-only table proof result:

Table	Classification
environment_reviews	renamed priority family
environment_review_sections	renamed priority family
managed_environment_permissions	renamed priority family
managed_environment_triage_reviews	renamed priority family
managed_environment_onboarding_sessions	renamed priority family

Test Proof

Lane	Result
TenantReview -> EnvironmentReview focused lane	Passed: 54 tests, 445 assertions.
TenantPermission -> ManagedEnvironmentPermission focused lane	Passed: 95 tests, 491 assertions.
TenantTriageReview -> ManagedEnvironmentTriageReview focused lane	Passed: 35 tests, 246 assertions.
TenantOnboardingSession -> ManagedEnvironmentOnboardingSession focused lane	Passed: 135 tests, 641 assertions.
choose/select/clear/cross environment route/context lane	Passed: 80 tests, 467 assertions.
Baseline source/target environment lane	Passed: 34 tests, 299 assertions.
Finding exception open-queue environment route lane	Passed: 10 tests, 56 assertions.
tests/Feature/Guards	Passed: 266 tests, 4,708 assertions.
tests/Feature/Workspaces	Passed: 96 tests, 276 assertions.
tests/Feature/Filament	Passed: 773 tests, 5,017 assertions, 5 skipped.
tests/Feature/ProviderConnections	Passed: 78 tests, 588 assertions.
tests/Feature/RequiredPermissions	Passed: 21 tests, 82 assertions.
tests/Feature/Rbac	Passed: 156 tests, 744 assertions.
Focused GovernanceArtifacts context test after review-pack flake fix	Passed: 5 tests, 12 assertions.
Focused ReviewPack regression group after deterministic operation fixture fix	Passed: 54 tests, 255 assertions.
cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent	Passed.
git diff --check	Passed.

Raw full suite:

Command	Result
cd apps/platform && ./vendor/bin/sail artisan test --compact	Failed only on tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php with a 15s browser click timeout at line 110. Summary: 1 failed, 8 skipped, 4,680 passed, 31,620 assertions, 4,489.12s.
Isolated rerun: cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php	Passed: 1 test, 46 assertions, 7.36s.

The raw full suite failure is classified as an isolated browser timeout flake because the same test passed immediately in isolation without code changes.

Browser Proof

Test	Result
tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php	Passed in browser smoke lane.
tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php	Passed in browser smoke lane.
tests/Browser/Dashboard/TenantDashboardProductizationSmokeTest.php	Passed in browser smoke lane.
tests/Browser/Spec299WorkspaceOverviewCutoverSealSmokeTest.php	Passed in browser smoke lane.
tests/Browser/Spec300ManagedEnvironmentNamingConsolidationSmokeTest.php	Passed in browser smoke lane.
Combined required browser smoke lane	Passed: 5 tests, 138 assertions.
Additional stale route/detail browser group (Spec172, Spec192, Spec194, Spec202, Spec265)	Passed: 13 tests, 211 assertions.
tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php isolated after full-suite timeout	Passed: 1 test, 46 assertions.

Decision

merge-ready with documented isolated browser flake

The conditions for Spec 300 close-out are met:

• Old /admin/t and /admin/tenants routes are absent.
• Old URL helpers and old TenantPanel provider/helper references have no runtime usage.
• Priority platform-owned families were renamed or classified.
• Remaining Tenant / tenant / tenants hits are classified by provider, framework, regression-guard, system-directory, tenant-isolation, residual-schema, historical-migration, product-brand, or operation-workload category.
• Migration/seed proof passed after schema renames.
• Feature, Filament, Workspace, Provider, RequiredPermissions, RBAC, focused ReviewPack, and browser smoke lanes passed.
• Raw full suite had one browser timeout that passed immediately in isolation and is documented above.