ahmido
417df4f9aa
## Summary
- centralize tenant operability into a lane-aware, actor-aware policy boundary
- align selector eligibility, administrative discoverability, remembered context, tenant-bound routes, and canonical run viewers
- add focused Pest coverage plus Spec 148 artifacts and final polish task completion
## Validation
- `vendor/bin/sail artisan test --compact tests/Unit/Tenants/TenantOperabilityServiceTest.php tests/Unit/Tenants/TenantOperabilityOutcomeTest.php tests/Feature/Workspaces/ChooseTenantPageTest.php tests/Feature/Workspaces/SelectTenantControllerTest.php tests/Feature/TenantRBAC/ArchivedTenantRouteAccessTest.php tests/Feature/TenantRBAC/TenantRouteDenyAsNotFoundTest.php tests/Feature/Operations/TenantlessOperationRunViewerTest.php tests/Feature/OpsUx/OperateHubShellTest.php tests/Feature/Rbac/TenantLifecycleActionVisibilityTest.php tests/Feature/TenantRBAC/TenantSwitcherScopeTest.php tests/Feature/Rbac/TenantResourceAuthorizationTest.php tests/Feature/Filament/ManagedTenantsLandingLifecycleTest.php tests/Feature/Filament/TenantGlobalSearchLifecycleScopeTest.php tests/Feature/Onboarding/OnboardingDraftLifecycleTest.php tests/Feature/Onboarding/OnboardingDraftAuthorizationTest.php`
- `vendor/bin/sail bin pint --dirty --format agent`
- manual browser smoke checks on `/admin/choose-tenant`, `/admin/tenants`, `/admin/onboarding`, `/admin/onboarding/{draft}`, and `/admin/operations/{run}`
## Filament / platform notes
- Livewire v4 compliance preserved
- panel provider registration unchanged in `bootstrap/providers.php`
- Tenant resource global search remains backed by existing view/edit pages and is now separated from active-only selector eligibility
- destructive actions remain action closures with confirmation and authorization enforcement
- no asset pipeline changes and no new `filament:assets` deployment requirement
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #177
6.5 KiB
Product Roadmap
Strategic thematic blocks and release trajectory. This is the "big picture" — not individual specs.
Last updated: 2026-03-15
Release History
| Release | Theme | Status |
|---|---|---|
| R1 "Golden Master Governance" | Baseline drift as production feature, operations polish | Done |
| R1 cont. | Ops canonicalization, action surface contract, ops-ux enforcement | Done |
| R2 "Tenant Reviews & Evidence" | Evidence packs, stored reports, permission posture, alerts | Partial |
| R2 cont. | Alert escalation + notification routing | Done |
Active / Near-term
Governance & Architecture Hardening
Canonical run-view trust semantics, execution-time authorization continuity, tenant-owned query canon, findings workflow enforcement, Livewire trust-boundary reduction. Goal: Turn the new audit constitution into enforceable backend and workflow guardrails before further governance surface area lands.
Active specs: 144 Next wave candidates: queued execution reauthorization and scope continuity, tenant-owned query canon and wrong-tenant guards, findings workflow enforcement and audit backstop, Livewire context locking and trusted-state reduction Source: architecture audit 2026-03-15, audit constitution, product spec-candidates
UI & Product Maturity Polish
Empty state consistency, list-expand parity, workspace chooser refinement, navigation semantics. Goal: Every surface feels intentional and guided for first-run evaluation.
Active specs: 122, 121, 112
Secret & Security Hardening
Secret redaction integrity, provider access hardening, required permissions sidebar. Goal: Enterprise trust — no credential leaks, no permission gaps.
Active specs: 120, 108, 106
Baseline Drift Engine (Cutover)
Full content capture, cutover to unified engine, resume capability. Goal: Ship drift detection as the complete production governance feature.
Active specs: 119 (cutover)
Planned (Next Quarter)
R2 Completion — Evidence & Exception Workflows
- Review pack export (Spec 109 — done)
- Exception/risk-acceptance workflow for Findings → Not yet specced
- Formal "evidence pack" entity → Not yet specced
- Workspace-level PII override for review packs → deferred from 109
Policy Lifecycle / Ghost Policies
Soft delete detection, automatic restore, "Deleted" badge, restore from backup. Draft exists (Spec 900). Needs spec refresh and prioritization. Risk: Ghost policies create confusion for backup item references.
Platform Operations Maturity
- CSV export for filtered run metadata (deferred from Spec 114)
- Raw error/context drilldowns for system console (deferred from Spec 114)
- Multi-workspace operator selection in
/system(deferred from Spec 113)
Mid-term (2–3 Quarters)
MSP Portfolio & Operations (Multi-Tenant)
Multi-tenant health dashboard, SLA/compliance reports (PDF), cross-tenant troubleshooting center. Source: 0800-future-features brainstorming, identified as highest priority pillar. Prerequisite: Cross-tenant compare (Spec 043 — draft only).
Drift & Change Governance ("Revenue Lever #1")
Change approval workflows (DEV→PROD with audit pack), guardrails/policy freeze windows, tamper detection. Source: 0800-future-features brainstorming. Prerequisite: Drift engine fully shipped, findings workflow mature.
Standardization & Policy Quality ("Intune Linting")
Policy linter (naming, scope tag requirements, no All-Users on high-risk), company standards as templates, policy hygiene (duplicate finder, unassigned, orphaned, stale). Source: 0800-future-features brainstorming.
Compliance Readiness & Executive Review Packs
On-demand review packs that combine governance findings, accepted risks, evidence, baseline/drift posture, and key security signals into one coherent deliverable. BSI-/NIS2-/CIS-oriented readiness views (without certification claims). Executive / CISO / customer-facing report surfaces alongside operator-facing detail views. Exportable auditor-ready and management-ready outputs. Goal: Make TenantPilot sellable as an MSP-facing governance and review platform for German midmarket and compliance-oriented customers who want structured tenant reviews and management-ready outputs on demand. Why it matters: Turns existing governance data into a clear customer-facing value proposition. Strengthens MSP sales story beyond backup and restore. Creates a repeatable "review on demand" workflow for quarterly reviews, security health checks, and audit preparation. Depends on: StoredReports / EvidenceItems foundation, Tenant Review runs, Findings + Risk Acceptance workflow, evidence / signal ingestion, export pipeline maturity. Scope direction: Start as compliance readiness and review packaging. Avoid formal certification language or promises. Position as governance evidence, management reporting, and audit preparation.
Long-term
Tenant-to-Tenant / Staging→Prod Promotion
Compare/diff between tenants, mapping UI (groups, scope tags, filters, named locations, app refs), promotion plan (preview → dry-run → cutover → verify). Source: 0800-future-features, Spec 043 draft.
Recovery Confidence ("Killer Feature")
Automated restore tests in test tenants, recovery readiness report, preflight score. Source: 0800-future-features brainstorming.
Security Suite Layer
Security posture score, blast radius display, opt-in high-risk enablement. Source: 0800-future-features brainstorming.
Script & Secrets Governance
Script diff + approval + rollback, secret scanning, allowlist/signing workflow. Source: 0800-future-features brainstorming.
Infrastructure & Platform Debt
| Item | Risk | Status |
|---|---|---|
No .env.example in repo |
Onboarding friction | Open |
| No CI pipeline config | No automated quality gate | Open |
| No PHPStan/Larastan | No static analysis | Open |
| SQLite for tests vs PostgreSQL in prod | Schema drift risk | Open |
| No formal release process | Manual deploys | Open |
| Dokploy config external to repo | Env drift | Open |
Priority Ranking (from Product Brainstorming)
- MSP Portfolio + Alerting
- Drift + Approval Workflows
- Standardization / Linting
- Promotion DEV→PROD
- Recovery Confidence
How to use this file
- Big themes live here.
- Concrete spec candidates → see spec-candidates.md
- Small discoveries from implementation → see discoveries.md
- Product principles → see principles.md