0ff7039a42
Add roadmap and spec-candidate entries for four missing high-value domain expansions: - Entra Role Governance - SharePoint Tenant-Level Sharing Governance - Enterprise App / Service Principal Governance - Security Posture Signals Roadmap entries placed in Mid-term section as strategic domain coverage expansions. Spec candidates added to Qualified section with bounded problem/direction framing.
9.5 KiB
Product Roadmap
Strategic thematic blocks and release trajectory. This is the "big picture" — not individual specs.
Last updated: 2026-03-15
Release History
| Release | Theme | Status |
|---|---|---|
| R1 "Golden Master Governance" | Baseline drift as production feature, operations polish | Done |
| R1 cont. | Ops canonicalization, action surface contract, ops-ux enforcement | Done |
| R2 "Tenant Reviews & Evidence" | Evidence packs, stored reports, permission posture, alerts | Partial |
| R2 cont. | Alert escalation + notification routing | Done |
Active / Near-term
Governance & Architecture Hardening
Canonical run-view trust semantics, execution-time authorization continuity, tenant-owned query canon, findings workflow enforcement, Livewire trust-boundary reduction. Goal: Turn the new audit constitution into enforceable backend and workflow guardrails before further governance surface area lands.
Active specs: 144 Next wave candidates: queued execution reauthorization and scope continuity, tenant-owned query canon and wrong-tenant guards, findings workflow enforcement and audit backstop, Livewire context locking and trusted-state reduction Source: architecture audit 2026-03-15, audit constitution, product spec-candidates
UI & Product Maturity Polish
Empty state consistency, list-expand parity, workspace chooser refinement, navigation semantics. Goal: Every surface feels intentional and guided for first-run evaluation.
Active specs: 122, 121, 112
Secret & Security Hardening
Secret redaction integrity, provider access hardening, required permissions sidebar. Goal: Enterprise trust — no credential leaks, no permission gaps.
Active specs: 120, 108, 106
Baseline Drift Engine (Cutover)
Full content capture, cutover to unified engine, resume capability. Goal: Ship drift detection as the complete production governance feature.
Active specs: 119 (cutover)
Planned (Next Quarter)
R2 Completion — Evidence & Exception Workflows
- Review pack export (Spec 109 — done)
- Exception/risk-acceptance workflow for Findings → Not yet specced
- Formal "evidence pack" entity → Not yet specced
- Workspace-level PII override for review packs → deferred from 109
Policy Lifecycle / Ghost Policies
Soft delete detection, automatic restore, "Deleted" badge, restore from backup. Draft exists (Spec 900). Needs spec refresh and prioritization. Risk: Ghost policies create confusion for backup item references.
Platform Operations Maturity
- CSV export for filtered run metadata (deferred from Spec 114)
- Raw error/context drilldowns for system console (deferred from Spec 114)
- Multi-workspace operator selection in
/system(deferred from Spec 113)
Mid-term (2–3 Quarters)
MSP Portfolio & Operations (Multi-Tenant)
Multi-tenant health dashboard, SLA/compliance reports (PDF), cross-tenant troubleshooting center. Source: 0800-future-features brainstorming, identified as highest priority pillar. Prerequisite: Cross-tenant compare (Spec 043 — draft only).
Drift & Change Governance ("Revenue Lever #1")
Change approval workflows (DEV→PROD with audit pack), guardrails/policy freeze windows, tamper detection. Source: 0800-future-features brainstorming. Prerequisite: Drift engine fully shipped, findings workflow mature.
Standardization & Policy Quality ("Intune Linting")
Policy linter (naming, scope tag requirements, no All-Users on high-risk), company standards as templates, policy hygiene (duplicate finder, unassigned, orphaned, stale). Source: 0800-future-features brainstorming.
Compliance Readiness & Executive Review Packs
On-demand review packs that combine governance findings, accepted risks, evidence, baseline/drift posture, and key security signals into one coherent deliverable. BSI-/NIS2-/CIS-oriented readiness views (without certification claims). Executive / CISO / customer-facing report surfaces alongside operator-facing detail views. Exportable auditor-ready and management-ready outputs. Goal: Make TenantPilot sellable as an MSP-facing governance and review platform for German midmarket and compliance-oriented customers who want structured tenant reviews and management-ready outputs on demand. Why it matters: Turns existing governance data into a clear customer-facing value proposition. Strengthens MSP sales story beyond backup and restore. Creates a repeatable "review on demand" workflow for quarterly reviews, security health checks, and audit preparation. Depends on: StoredReports / EvidenceItems foundation, Tenant Review runs, Findings + Risk Acceptance workflow, evidence / signal ingestion, export pipeline maturity. Scope direction: Start as compliance readiness and review packaging. Avoid formal certification language or promises. Position as governance evidence, management reporting, and audit preparation.
Entra Role Governance
Expand TenantPilot's governance coverage into Microsoft Entra role definitions and assignments as a first-class identity administration surface. What it means: Inventory and visibility for built-in and custom role definitions. Visibility into role assignments and governance-relevant changes. Review-ready representation of identity administration posture. Why it matters: Identity role governance is central to audit readiness and privilege control. Strengthens TenantPilot beyond device configuration into identity governance. Scope direction: Start with visibility, inventory, and governance-oriented reviewability. Avoid prematurely turning this into a full attestation workflow block.
SharePoint Tenant-Level Sharing Governance
Extend TenantPilot into high-value Microsoft 365 data-governance controls by covering tenant-level SharePoint and OneDrive sharing settings. What it means: Visibility into tenant-wide sharing and external access posture. Governance-oriented review surface for high-risk sharing controls. Alignment with customer demand for audit-ready data-sharing posture. Why it matters: Tenant-level sharing controls are critical for data exposure and external collaboration governance. Expands TenantPilot into a high-value non-Intune policy domain without becoming a generic M365 admin mirror. Scope direction: Start at tenant-level settings, not full site-level governance. Position as governance and reviewability, not full SharePoint administration.
Enterprise App / Service Principal Governance
Add governance coverage for enterprise applications and service principals, especially around privileged permissions, expiring credentials, and review workflows. What it means: Visibility into enterprise apps and service principals. Detection of expiring secrets and certificates. Governance surfaces for privileged app access and renewal workflows. Why it matters: App identities are a major cloud governance and security pain point for MSPs and enterprise customers. Creates strong customer-facing value beyond tenant configuration backup and restore. Scope direction: Start with visibility, expiry monitoring, and governance workflows. Avoid collapsing this into app-consent policy coverage alone.
Security Posture Signals
Expand TenantPilot's evidence layer with high-value security posture signals that support customer reviews, audit preparation, and recurring governance reporting. What it means: Defender Vulnerability Management exposure and remediation-oriented signals. Backup success/failure and protection-state signals. Additional evidence inputs for review packs and executive reporting. Why it matters: Strengthens TenantPilot's audit and review story without turning it into a remediation engine. Helps prove operational effectiveness in recurring customer reviews. Scope direction: Treat these as evidence/signal domains, not policy domains. Prioritize reporting, history, and correlation over operational ownership.
Long-term
Tenant-to-Tenant / Staging→Prod Promotion
Compare/diff between tenants, mapping UI (groups, scope tags, filters, named locations, app refs), promotion plan (preview → dry-run → cutover → verify). Source: 0800-future-features, Spec 043 draft.
Recovery Confidence ("Killer Feature")
Automated restore tests in test tenants, recovery readiness report, preflight score. Source: 0800-future-features brainstorming.
Security Suite Layer
Security posture score, blast radius display, opt-in high-risk enablement. Source: 0800-future-features brainstorming.
Script & Secrets Governance
Script diff + approval + rollback, secret scanning, allowlist/signing workflow. Source: 0800-future-features brainstorming.
Infrastructure & Platform Debt
| Item | Risk | Status |
|---|---|---|
No .env.example in repo |
Onboarding friction | Open |
| No CI pipeline config | No automated quality gate | Open |
| No PHPStan/Larastan | No static analysis | Open |
| SQLite for tests vs PostgreSQL in prod | Schema drift risk | Open |
| No formal release process | Manual deploys | Open |
| Dokploy config external to repo | Env drift | Open |
Priority Ranking (from Product Brainstorming)
- MSP Portfolio + Alerting
- Drift + Approval Workflows
- Standardization / Linting
- Promotion DEV→PROD
- Recovery Confidence
How to use this file
- Big themes live here.
- Concrete spec candidates → see spec-candidates.md
- Small discoveries from implementation → see discoveries.md
- Product principles → see principles.md