TenantAtlas/specs/404-public-content-messaging/contracts/public-content-contract.md

Public Website Positioning Contract: Spec 404

This feature has no REST, GraphQL, Laravel, Filament, Livewire, Microsoft Graph, database, queue, job, policy, RBAC, or product runtime API contract.

The contract is the public static website behavior that reviewers and smoke checks must verify.

Core Public Routes

The following default routes must render intentionally and expose Tenantial-specific content, metadata, and CTAs:

• /
• /platform
• /pricing
• /contact
• /trust
• /legal
• /privacy
• /terms
• /imprint
• /welcome-to-docs/
• /guides/intro/
• /guides/getting-started/
• /guides/first-project-checklist/
• /platform/evidence-review/

The following English mirrors must remain consistent where they are intentionally exposed:

• /en/
• /en/platform
• /en/pricing
• /en/contact
• /en/trust
• /en/legal
• /en/privacy
• /en/terms
• /en/imprint
• /en/welcome-to-docs/
• /en/guides/intro/
• /en/guides/getting-started/
• /en/guides/first-project-checklist/
• /en/platform/evidence-review/

Redirect-only aliases such as /product must continue to resolve intentionally and must not become a second competing product story.

Homepage Positioning Contract

The homepage must satisfy:

• the hero clearly identifies Tenantial as policy governance for Microsoft 365 and modern cloud environments, or an equivalent policy-governance phrasing
• Microsoft 365 is presented as the first focus without collapsing the category to Intune-only messaging
• provider-extensible wording is allowed only as design or future direction, not live-support proof
• a trust teaser introduces auditability, evidence history, role-based access, review trails, or DACH evaluation readiness without false assurance
• an operating-model section makes the flow from observed state to evidence, detection, review, decision, and audit trail explicit
• a capability section explains policy evidence, drift/change detection, governance reviews, controlled recovery, provider readiness, and decision traceability rather than a narrow feature list
• audience messaging reaches MSPs, internal IT teams, and governance-minded evaluators, not only endpoint administrators
• a boundaries section makes clear that Tenantial is not an admin-center clone, not blind automation, and not a helpdesk or PSA replacement
• the final CTA offers a concrete next step with an intentional destination

/platform Governance-Model Contract

The public /platform route must satisfy:

• explains the governance model more deeply than the homepage
• connects evidence, findings, drift, review, accepted risks or exceptions, controlled recovery, and audit trail into one public product story
• keeps Microsoft 365 first focus without promising unsupported providers as live integrations
• frames previews, screenshots, or product-like examples as static/demo/illustrative where needed
• does not import, inspect, or cite apps/platform as an implementation source
• does not imply that the public website connects to a provider, runs Microsoft Graph, or shows live tenant/customer data

Provider Posture Contract

Public provider/domain wording must satisfy:

• Microsoft 365 is the current public focus
• Intune is one Microsoft 365 policy domain, not the umbrella product category
• Entra or other Microsoft domains may be described only when consistent with current route truth
• Google, AWS, and other non-Microsoft providers may appear only as architecture direction, future direction, or provider-extensible wording unless current support is verified
• roadmap or architecture-direction references must be clearly labeled as such

Trust And Claim Guardrail Contract

Public copy must avoid unsupported claims about:

• German hosting
• DSGVO or GDPR compliance
• AVV or TOM availability
• ISO, BSI, NIS2, or similar certification
• Microsoft endorsement or partnership
• no customer data stored
• automatic restore, autonomous remediation, self-healing, or approval-free automation
• fake customer logos, fake testimonials, fake case studies, or fake compliance badges

Trust, FAQ, footer, and legal-adjacent copy should explain product boundaries calmly and conservatively without adding fake proof or fake workflows.

Navigation And CTA Contract

Every public navigation item, CTA, footer link, docs link, and visible form-like control must satisfy:

• resolves to an intentional route, anchor, static asset, mailto: link, or legitimate external URL
• no public href="#" placeholders
• no navigation labels that imply production-ready pages which do not exist
• primary CTAs lead to contact, walkthrough, demo discussion, or another real next step
• secondary CTAs lead to product explanation, trust review, pricing review, or docs review
• localized routes remain in the current locale where a localized mirror exists
• labels avoid login, signup, account creation, checkout, subscription, instant provisioning, self-serve billing, or automated scheduling implications unless those workflows exist

Metadata Contract

Each rendered canonical route must provide:

• Tenantial-specific page title and description
• policy-governance positioning rather than Intune-only framing
• route-appropriate canonical, Open Graph, and Twitter summary values
• no ScrewFast, construction, hardware, manufacturing, template, TenantAtlas, TenantPilot, or TenantCTRL residue in public metadata
• no unsupported provider, trust, proof, or automation claims in title, description, Open Graph, Twitter, schema, or docs metadata
• sitemap and robots behavior preserved from the launch-readiness baseline unless a website-scope correction is documented

Docs Exposure Contract

Exposed docs routes must:

• contain intentional Tenantial-specific content or be hidden from public navigation
• reinforce the same policy-governance and claim-safe posture as the marketing routes
• avoid placeholder theme content and unsupported product behavior claims
• avoid support, legal, provider, compliance, or recovery commitments not supplied by current product/business truth
• remain clearly separate from apps/platform implementation documentation unless a future spec changes scope

Product Preview Contract

Static product previews must:

• be framed as illustrative, static, or demo content where needed
• avoid implying live tenant/customer/provider data
• avoid internal Laravel/Filament implementation details
• avoid turning visual labels into runtime product taxonomy
• communicate meaning through wording and labeling, not color alone

Browser And Accessibility Contract

Validated public routes must:

• avoid body-level horizontal overflow on representative desktop and mobile viewports
• keep primary navigation, CTAs, footer links, FAQ controls, and visible controls keyboard reachable
• show visible focus states for interactive elements
• remain understandable with reduced motion
• keep primary content and links usable if JavaScript fails where reasonably possible for a static marketing site

Scope Contract

Implementation and validation must not touch:

• /Users/ahmeddarrazi/Documents/projects/wt-website/apps/platform
• Laravel providers, migrations, policies, jobs, queues, database, Filament resources, Livewire components, Blade views, tenant/workspace/RBAC code, Microsoft Graph code, or AuditLog behavior

Scope proof command:

cd /Users/ahmeddarrazi/Documents/projects/wt-website && git status --short -- apps/platform

The command must print no output.