TenantAtlas/docs/product/implementation-ledger.md

TenantPilot Implementation Ledger

Status: Active Last reviewed: 2026-06-15 Use for: Repo-based implementation status and product-surface maturity assessment Do not use for: Roadmap priority, spec priority, or proof that tests were executed in the current branch Scoped maintenance: 2026-06-15 repo-truth sync after Specs 311-379, including completed Spec 311 surface-scope foundation, post-311 candidate reconciliation, Spec 377 UI closeout, and current working-tree Spec 379 management-report PDF runtime-gated status; 2026-05-15 Spec 310 product-truth/docs-drift reconciliation after Specs 307-309; 2026-05-15 Spec 309 RBAC role matrix and access boundary hardening update; 2026-05-15 Spec 308 customer-safe Decision Summary and Review Pack inclusion update; 2026-05-15 Decision Register proof-link implementation update after Spec 307; 2026-05-15 Decision Register reconciliation update after Spec 306; 2026-05-15 Tenant Panel dead-code retirement guardrail update after Spec 304; 2026-05-12 roadmap/ledger alignment after the admin workspace navigation and tenant-owned surface repair candidate intake from the repo-verified navigation/panel audit; 2026-05-06 ledger conflict cleanup plus alignment with docs/product/roadmap.md and docs/product/spec-candidates.md after the cross-domain indicator candidate intake and the current manual-promotion backlog review.

Purpose

Dieses Dokument beschreibt den aktuellen repo-basierten Implementierungsstand von TenantPilot. Es ergaenzt docs/product/roadmap.md und docs/product/spec-candidates.md, ersetzt sie aber nicht.

Bewertungsregeln fuer dieses Ledger:

• Repo-basiert only: Aussagen zaehlen nur, wenn Code, Datenmodell, Workflow, UI-Adoption oder Test-Artefakte im Repo belastbar darauf hinweisen.
• Keine Roadmap- oder Spec-Absicht ohne Repo-Evidence.
• Produkt-Posture nutzt als Basis foundation-only, implemented but not productized, fast sellable, sellable oder not implemented; seit Spec 310 duerfen belegte Product-Truth-Labels wie repo-real, open gap, historical oder security-hardening completed in Statusnotizen oder kombinierten Tabellenzellen ergaenzen.
• sellable wird nur dort verwendet, wo UI, Workflow, Datenmodell, RBAC/Audit und passende Test-Artefakte plausibel zusammenpassen.
• fast sellable bedeutet: repo-real und kunden- oder operatornah genug, aber die letzte produktisierte Delivery-, Packaging- oder Self-Serve-Schicht fehlt noch.
• implemented but not productized bedeutet: reale Oberflaechen oder Workflows existieren, aber sie sind noch nicht als ruhige, wiederholbare Produkt-Slice zusammengezogen.
• foundation-only bleibt fuer Enablement-, Control-, Policy- oder technische Tragschichten reserviert.
• Wenn Tests unten als vorhanden markiert sind, bedeutet das: passende Test-Dateien existieren im Repo. Sie wurden fuer dieses Ledger nicht ausgefuehrt.

Current Product Position

TenantPilot ist aktuell ein starkes Governance- und Operations-Produkt mit repo-realen Foundations fuer Execution Truth, Baselines/Drift, Findings, Evidence, Reviews, Review Packs, Supportability, Telemetry, Safety Controls, Commercial Lifecycle und governed AI policy. Seit Spec 311 ist der Workspace/Environment-Surface-Scope-Contract eine abgeschlossene Foundation: /admin und /system sind die aktiven Panels, /admin/t bleibt retired, workspace-wide versus environment-bound Scope ist route-owned, und environment_id ist ein expliziter Filter. Darauf sitzen inzwischen mehrere repo-real productization slices: Customer Review Workspace v1 Completion, Decision Register proof/run links, customer-safe Decision Summary und Review Pack inclusion, Governance Inbox operator workflow, Provider Connection scope hardening, canonical link/query cleanup, localization adoption/neutralization, support-access slices, commercial entitlement/lifecycle truth, UI productization closeout sowie current working-tree Management Report PDF runtime work. Die wichtigsten offenen Luecken sind nicht mehr diese Foundations, sondern runtime/productization follow-through: Management Report PDF staging/Dokploy renderer validation, Governance Artifact Lifecycle & Retention runtime, optional Provider readiness/onboarding polish, cross-domain indicator runtime adoption, manual system-panel browser fixture/procedure, durable self-serve commercial/subscription operations, and the first governed AI runtime consumer.

Runtime Guardrails

• 2026-05-15 / Spec 304: Active Tenant Panel runtime is absent and guarded. bootstrap/providers.php registers no Tenant Panel provider, no active TenantPanelProvider.php exists under the platform app runtime paths, no /admin/t or legacy /admin/tenants route family is registered, and focused tests guard canonical workspace/environment link emission. Workspace remains the active Filament admin runtime context while Managed Environment surfaces stay under canonical workspace/environment routes.
• 2026-06-15 / Spec 311: Workspace / Environment Surface Scope Contract is a completed foundation. Do not reopen shell, sidebar, topbar, breadcrumb, or global workspace/environment scope unless fresh repo evidence shows regression. environment_id is an explicit page filter, not hidden global context.
• 2026-06-15 / Spec 377: post-productization browser reaudit is closed with follow-up; no P0/P1 productization findings remain in its accepted evidence. Remaining system-panel browser fixture/procedure work is validation follow-up, not a product runtime blocker.
• 2026-06-15 / current working-tree Spec 379: Management Report PDF generation is repo-real but runtime-gated. TENANTPILOT_PDF_RENDERER_RUNTIME_VALIDATED=false keeps generation disabled until deployed Gotenberg/Dokploy validation passes; current workspace code evidence must not be treated as production enablement.

Status Model

• foundation-only: belastbare technische, policy- oder control-layer foundation ohne hinreichende Produktisierung
• implemented but not productized: reale Oberflaeche oder Workflow vorhanden, aber noch keine ruhige wiederholbare Produktschicht
• fast sellable: repo-real, kunden- oder operatornah und nah an wiederholbarer Delivery, aber letzte Produktisierungsluecken bleiben
• sellable: belastbare UI-, Workflow-, RBAC/Audit- und Test-Spur mit wiederholbarem Produktversprechen
• not implemented: noch kein belastbarer repo-real Slice fuer das eigentliche Ziel

Spec-310-Truth-Labels fuer Statusnotizen:

• repo-real: Code, Runtime-Oberflaeche, Tests oder akzeptierte Spec-Close-out-Evidence belegen den Slice im Repo
• implemented: Runtime existiert, Produktreife kann aber variieren
• spec-backed: formaler Spec existiert, Implementierung ist nicht automatisch vollstaendig
• historical: abgeschlossen, promoted oder nur noch Sequencing-Kontext
• superseded: durch spaetere Spec- oder Runtime-Wahrheit ersetzt
• open gap: braucht weiterhin Produkt- oder Technikarbeit
• security-hardening completed: Sicherheits-/Access-Hardening wurde spezifisch verifiziert und adressiert
• decision needed: Produkt- oder Architekturentscheidung vor Umsetzung noetig

Evidence-Level im Dokument:

• none: keine belastbare Repo-Evidence
• weak: duenne Code- oder Doc-Spur, aber kein belastbarer Gesamtworkflow
• medium: mehrere Repo-Signale, aber noch nicht durchgaengig
• strong: Datenmodell, Workflow, UI- oder Test-Spur greifen konsistent ineinander

Roadmap Coverage Summary

Roadmap Area	Product posture	Evidence Level	UI Ready	Tested	Sellable	Notes
R1 Golden Master Governance	sellable	strong	yes	repo tests, not run	yes	Baselines, Drift, Findings und OperationRun-Truth sind breit im Produkt verankert.
R2 Tenant Reviews, Evidence & Control Foundation	fast sellable	strong	yes	repo tests, not run	near	Reviews, Evidence, Review Packs, Customer Review Workspace v1 completion, governance-package delivery, customer-safe Decision Summary / Review Pack inclusion, compliance interpretation overlays und Control-/Exception-Layer greifen als reale Governance-Surface zusammen; Management Report PDF bleibt bis zur Staging/Dokploy-Renderer-Validierung runtime-gated.
Alert escalation + notification routing	sellable	strong	partial	repo tests, not run	yes	Alert-Regeln, Dispatch, Cooldown und Quiet Hours sind real.
Governance & Architecture Hardening	foundation-only	strong	partial	repo tests, not run	no	Viele Hardening-Slices sind bereits im Code; Spec 309 ist security-hardening completed, Spec 311 ist completed surface-scope foundation, und Support Access Governance bleibt getrennt von RBAC-hardening.
UI & Product Maturity Polish	implemented but not productized	strong	partial	repo tests, not run	no	Empty States, Navigation, Localization, read-only Review-Polish, Customer Review Workspace v1, Governance Inbox final workflow, and Spec 377 closeout evidence are repo-real; remaining system-panel browser fixture/procedure is validation follow-up.
Secret & Security Hardening	fast sellable	strong	yes	repo tests, not run	yes	Provider-Verifikation, Permission-Diagnostics und Redaction sind belastbar.
Baseline Drift Engine (Cutover)	sellable	strong	yes	repo tests, not run	yes	Compare- und Drift-Workflow wirken als produktive Kernfunktion.
R1.9 Platform Localization v1	implemented but not productized / repo-real	strong	yes	repo tests, not run	no	Locale-Resolver, Override/Praeferenz, Workspace-Default, Fallback, lokalisierte Notifications, and adoption/neutralization work through Specs 275 and 286 are repo-real; remaining copy QA is polish.
Product Scalability & Self-Service Foundation	fast sellable	strong	yes	repo tests, not run	near	Onboarding, Support, Help, Entitlements, commercial lifecycle state handling, billing-state maturity, support-access slices, and bounded support-desk handoff are repo-real; broader self-serve customer portal, trial/demo operations, and subscription ops remain productization decisions.
R2.0 Canonical Control Catalog Foundation	foundation-only	strong	partial	repo tests, not run	no	Bereits implementiert und in Evidence/Reviews referenziert, aber kein eigenstaendiger Kundennutzen-Surface.
R2 Completion: customer review, support, help	fast sellable	strong	yes	repo tests, not run	near	Customer Review Workspace v1 completion, released-review detail handoff, governance-package delivery, Support Diagnostics/Requests, support-access slices, and Help-Katalog are repo-real; production-grade management PDF output remains runtime-gated.
Compliance Evidence Mapping v1	implemented but not productized	strong	yes	repo tests, not run	no	Canonical control interpretation is rendered in tenant reviews and the customer review workspace, but broader framework coverage and auditor-facing mapping remain open.
Governance-as-a-Service Packaging v1	implemented but not productized	strong	yes	repo tests, not run	no	Governance package status, download messaging, current review-pack reuse, and management-report PDF artifact flow are repo-real; recurring delivery workflows and production PDF renderer validation remain open.
Findings Workflow v2 / Execution Layer	fast sellable	strong	yes	repo tests, not run	yes	Triage, Ownership, My Work, Intake, Governance Inbox, Exceptions und Alerts/Hygiene sind real; Cross-Tenant-Decisioning bleibt spaeter.
Provider-missing policy visibility follow-up	not implemented	weak	no	no	no	specs/261-provider-missing-policy-visibility/spec.md bleibt ein schmaler policy-only Follow-up; die breitere Lifecycle-Taxonomie ist getrennt.
Platform Operations Maturity	implemented but not productized	strong	yes	repo tests, not run	no	System Panel, Control Tower und Ops Controls sind real; CSV/Raw Drilldowns bleiben offen.
Product Usage, Customer Health & Operational Controls	implemented but not productized	strong	yes	repo tests, not run	no	Diese Mid-term-Lane ist im Repo bereits substanziell vorhanden, bleibt aber vor allem operatorseitige Produktisierung.
Private AI Execution Governance Foundation	foundation-only	strong	partial	repo tests, not run	no	specs/248-private-ai-policy-foundation/spec.md ist repo-real in Policy, Boundary, Settings und Ops Controls; der erste Runtime-Consumer fehlt noch.
MSP Portfolio & Operations	implemented but not productized	strong	yes	repo tests, not run	no	Portfolio-Triage, canonical compare preview, preflight audit and launch continuity are repo-real; actual promotion execution and the broader decision workboard remain open.
Human-in-the-Loop Autonomous Governance	not implemented	weak	no	no	no	Kein repo-verifizierter Decision-Pack- oder Approval-Workflow jenseits des jetzigen Exception-/Review-Layers.
Drift & Change Governance	fast sellable	strong	yes	repo tests, not run	yes	Drift review, accepted-risk governance, exception validity und Governance-Inbox-Surfaces sind repo-real; portfolio-weite Eskalation bleibt offen.
Standardization & Policy Quality	not implemented	none	no	no	no	Keine starke Repo-Evidence fuer eine Intune-Linting- oder Policy-Quality-Oberflaeche.
PSA / Ticketing Handoff	implemented but not productized	strong	yes	repo tests, not run	no	Support Requests include bounded external create/link handoff on the current tenant and operation-run contexts; broader multi-provider ITSM expansion remains separate work.

Implemented Capabilities

Capability	Product posture	Backend	UI	Tests	RBAC/Audit	Sellable	Evidence
OperationRun truth layer	foundation-only	yes	partial	repo tests, not run	yes	no	app/Models/OperationRun.php; tests/Feature/System/*; tests/Feature/ReviewPack/*
Baseline profiles, snapshots and compare	sellable	yes	yes	repo tests, not run	yes	yes	app/Models/BaselineProfile.php; app/Models/BaselineSnapshot.php; app/Services/Baselines/BaselineCompareService.php
Drift findings and governance pressure	sellable	yes	yes	repo tests, not run	yes	yes	app/Models/Finding.php; app/Filament/Widgets/Dashboard/RecentDriftFindings.php; tests/Feature/Findings/*
Findings inboxes and governance inbox	fast sellable	yes	yes	repo tests, not run	yes	yes	app/Filament/Pages/Findings/MyFindingsInbox.php; app/Filament/Pages/Findings/FindingsIntakeQueue.php; app/Filament/Pages/Governance/GovernanceInbox.php; tests/Feature/Findings/MyWorkInboxTest.php; tests/Feature/Governance/*
Finding exceptions and risk acceptance workflow	fast sellable	yes	yes	repo tests, not run	yes	yes	app/Models/FindingException.php; app/Services/Findings/FindingExceptionService.php; app/Filament/Resources/FindingExceptionResource.php; tests/Feature/Findings/FindingExceptionWorkflowTest.php
Decision Register operator surface	implemented but not productized / repo-real	yes	yes	repo tests, not run	yes	no	specs/265-decision-register-approval/spec.md; specs/306-decision-register-reconciliation/decision-register-reconciliation.md; specs/307-decision-register-evidence-operationrun-link-polish/spec.md; app/Filament/Pages/Governance/DecisionRegister.php; app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php; tests/Feature/Governance/DecisionRegisterPageTest.php; tests/Feature/Findings/FindingExceptionDecisionRegisterNavigationTest.php; tests/Feature/Findings/FindingExceptionDecisionRegisterBoundariesTest.php
Decision Register proof/run links	fast sellable / repo-real	yes	yes	repo tests, not run	yes	no	specs/307-decision-register-evidence-operationrun-link-polish/spec.md; specs/307-decision-register-evidence-operationrun-link-polish/tasks.md; app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php; app/Filament/Pages/Governance/DecisionRegister.php; tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php; tests/Feature/Governance/DecisionRegisterPageTest.php
Governance Inbox final operator workflow	fast sellable / repo-real / implemented	yes	yes	repo tests, not run	yes	near	specs/327-governance-inbox-decision-first-workbench-productization/spec.md; specs/346-governance-inbox-final-operator-workflow/spec.md; app/Filament/Pages/Governance/GovernanceInbox.php; tests/Feature/Governance/*
Restore workflow with safety gates	sellable	yes	yes	repo tests, not run	yes	yes	app/Models/OperationRun.php; restore gates and tests in tests/Feature/Restore/*
Evidence snapshots	foundation-only	yes	yes	repo tests, not run	yes	no	app/Models/EvidenceSnapshot.php; app/Services/Evidence/EvidenceSnapshotService.php; tests/Feature/Evidence/*
Tenant reviews	fast sellable	yes	yes	repo tests, not run	yes	yes	app/Models/TenantReview.php; app/Services/TenantReviews/TenantReviewService.php; tests/Feature/TenantReview/*
Review pack generation and export	fast sellable	yes	yes	repo tests, not run	yes	yes	specs/109-review-pack-export/spec.md; specs/308-decision-register-summary-review-pack/plan.md; app/Models/ReviewPack.php; app/Services/ReviewPackService.php; app/Jobs/GenerateReviewPackJob.php; tests/Feature/ReviewPack/*
Decision Summary in reviews and Review Packs	fast sellable / repo-real	yes	yes	repo tests, not run	yes	yes	specs/308-decision-register-summary-review-pack/spec.md; specs/308-decision-register-summary-review-pack/plan.md; app/Services/EnvironmentReviews/EnvironmentReviewComposer.php; app/Jobs/GenerateReviewPackJob.php; tests/Feature/EnvironmentReview/EnvironmentReviewExecutivePackTest.php; tests/Feature/ReviewPack/EnvironmentReviewDerivedReviewPackTest.php
Customer review workspace	fast sellable / repo-real / implemented	yes	yes	repo tests, not run	yes	near	specs/258-customer-review-productization/spec.md; specs/312-customer-review-workspace-v1-completion/spec.md; specs/342-customer-review-workspace-final-consumption-productization/spec.md; app/Filament/Pages/Reviews/CustomerReviewWorkspace.php; tests/Feature/Reviews/*; tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php
Management Report PDF generation	implemented but not productized / repo-real / open gap	yes	yes	repo tests, not run	yes	no	specs/378-management-report-pdf-v1/spec.md; specs/379-management-report-pdf-runtime/spec.md; app/Services/ManagementReports/ManagementReportPdfService.php; app/Jobs/GenerateManagementReportPdfJob.php; app/Http/Controllers/ManagementReportPdfDownloadController.php; app/Filament/Resources/ReviewPackResource/Pages/ViewReviewPack.php; tests/Feature/ReviewPack/Spec379ManagementReportPdfTest.php; tests/Browser/Spec379ManagementReportPdfSmokeTest.php; runtime gate requires staging/Dokploy validation before production enablement
Governance package delivery surface	implemented but not productized	yes	yes	repo tests, not run	yes	no	specs/260-governance-service-packaging/spec.md; app/Filament/Pages/Reviews/CustomerReviewWorkspace.php; app/Filament/Resources/TenantReviewResource.php; tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php; tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php
Compliance evidence mapping overlay	implemented but not productized	yes	yes	repo tests, not run	partial	no	specs/259-compliance-evidence-mapping/spec.md; app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php; app/Services/TenantReviews/TenantReviewSectionFactory.php; tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php
Alerts and notification routing	sellable	yes	partial	repo tests, not run	yes	yes	app/Services/Alerts/AlertDispatchService.php; tests/Feature/*Alert*
Provider health, onboarding readiness and required permissions	fast sellable	yes	yes	repo tests, not run	yes	yes	app/Jobs/ProviderConnectionHealthCheckJob.php; app/Services/Onboarding/OnboardingLifecycleService.php; app/Filament/Pages/TenantRequiredPermissions.php
Permission posture reporting	sellable	yes	yes	repo tests, not run	yes	yes	app/Services/PermissionPosture/PermissionPostureFindingGenerator.php; tests/Feature/PermissionPosture/*
Entra admin roles reporting	sellable	yes	yes	repo tests, not run	yes	yes	app/Services/EntraAdminRoles/EntraAdminRolesReportService.php; tests/Feature/EntraAdminRoles/*
Stored reports substrate and artifact surface	implemented but not productized / repo-real	yes	partial	repo tests, not run	partial	no	specs/277-stored-reports-surface/spec.md; app/Models/StoredReport.php; current working-tree Spec 379 management PDF artifact fields; tests/Feature/PermissionPosture/StoredReportModelTest.php; tests/Feature/EntraAdminRoles/StoredReportFingerprintTest.php; tests/Feature/ReviewPack/Spec379ManagementReportPdfTest.php
Support diagnostics	fast sellable	yes	yes	repo tests, not run	yes	yes	app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php; app/Filament/Pages/TenantDashboard.php; tests/Feature/SupportDiagnostics/*
In-app support requests	fast sellable	yes	yes	repo tests, not run	yes	yes	app/Models/SupportRequest.php; app/Support/SupportRequests/*; tests/Feature/SupportRequests/*
External support-desk handoff	implemented but not productized	yes	yes	repo tests, not run	yes	no	app/Support/SupportRequests/ExternalSupportDeskHandoffService.php; app/Support/SupportRequests/SupportRequestSubmissionService.php; tests/Unit/Support/SupportRequests/ExternalSupportDeskHandoffServiceTest.php
Product knowledge and contextual help	implemented but not productized	yes	yes	repo tests, not run	partial	no	app/Support/ProductKnowledge/ContextualHelpCatalog.php; tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php
Localization foundation	foundation-only	yes	yes	repo tests, not run	partial	no	specs/252-platform-localization-v1/spec.md; app/Services/Localization/LocaleResolver.php; app/Http/Controllers/LocalizationController.php; tests/Feature/Localization/*
Product telemetry	foundation-only	yes	yes	repo tests, not run	yes	no	app/Models/ProductUsageEvent.php; app/Filament/System/Widgets/ProductTelemetryKpis.php; tests/Feature/System/ProductTelemetry/*
Customer health scoring	foundation-only	yes	yes	repo tests, not run	partial	no	app/Filament/System/Widgets/CustomerHealthKpis.php; app/Filament/System/Widgets/CustomerHealthTopWorkspaces.php; tests/Feature/System/CustomerHealth/*
Operational controls	foundation-only	yes	yes	repo tests, not run	yes	no	app/Models/OperationalControlActivation.php; app/Support/OperationalControls/*; tests/Feature/System/OpsControls/*
Governed AI policy foundation	foundation-only	yes	partial	repo tests, not run	yes	no	specs/248-private-ai-policy-foundation/spec.md; app/Support/Ai/AiUseCaseCatalog.php; app/Support/Ai/GovernedAiExecutionBoundary.php; app/Support/Ai/AiDecisionAuditMetadataFactory.php; app/Filament/Pages/Settings/WorkspaceSettings.php; tests/Unit/Support/Ai/*; tests/Feature/SettingsFoundation/WorkspaceAiPolicySettingsTest.php; tests/Feature/System/OpsControls/AiExecutionOperationalControlTest.php
Workspace entitlements	foundation-only	yes	yes	repo tests, not run	yes	no	app/Services/Entitlements/WorkspaceEntitlementResolver.php; tests/Feature/Filament/Settings/WorkspaceEntitlementsSettingsPageTest.php
Commercial lifecycle state handling	implemented but not productized / repo-real	yes	yes	repo tests, not run	yes	no	specs/251-commercial-entitlements-billing-state/spec.md; specs/274-billing-subscription-truth/spec.md; app/Services/Entitlements/WorkspaceCommercialLifecycleResolver.php; app/Filament/System/Pages/Directory/ViewWorkspace.php; tests/Feature/System/ViewWorkspaceEntitlementsTest.php; tests/Unit/Entitlements/WorkspaceCommercialLifecycleResolverTest.php
Capability-first RBAC	foundation-only	yes	yes	repo tests, not run	yes	no	app/Services/Auth/CapabilityResolver.php; app/Services/Auth/RoleCapabilityMap.php; many tests/Feature/Rbac/*
RBAC role matrix and access boundary hardening	security-hardening completed / repo-real	yes	yes	repo tests, not run	yes	no	specs/309-rbac-role-matrix-access-boundary-audit/tasks.md; app/Services/Auth/WorkspaceRoleCapabilityMap.php; app/Models/User.php; tests/Feature/Rbac/RoleMatrix/ManagerAccessTest.php; tests/Feature/Rbac/PanelAccess/AdminPanelAccessBoundaryTest.php; tests/Feature/Rbac/PanelAccess/SystemPanelAccessBoundaryTest.php
Workspace / Environment Surface Scope Contract	foundation-only / repo-real / implemented	yes	yes	repo tests, not run	yes	no	specs/311-workspace-environment-surface-scope-contract/spec.md; bootstrap/providers.php; routes/web.php; active /admin and /system; no active /admin/t; environment_id filter semantics
Provider Connection scope hardening	security-hardening completed / repo-real	yes	yes	repo tests, not run	yes	no	specs/339-provider-connection-scope-hardening/spec.md; app/Filament/Resources/ProviderConnectionResource.php; app/Policies/ProviderConnectionPolicy.php; tests/Feature/ProviderConnections/*
Canonical link / query cleanup	implemented / repo-real	yes	yes	repo tests, not run	partial	no	specs/341-canonical-link-query-cleanup/spec.md; app/Support/Workspaces/WorkspaceHubNavigation.php; app/Filament/Pages/Reviews/CustomerReviewWorkspace.php; route/link guard tests
Audit log foundation	foundation-only	yes	yes	repo tests, not run	yes	no	app/Models/AuditLog.php; app/Services/Audit/WorkspaceAuditLogger.php; many audit-focused feature tests
Canonical control catalog	foundation-only	yes	partial	repo tests, not run	partial	no	app/Support/Governance/Controls/CanonicalControlCatalog.php; config/canonical_controls.php; tests/Unit/Governance/*
Portfolio triage continuity	foundation-only	yes	yes	repo tests, not run	yes	no	app/Services/PortfolioTriage/TenantTriageReviewService.php; app/Support/PortfolioTriage/*; tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php
Cross-tenant compare preview and promotion preflight	fast sellable	yes	yes	repo tests, not run	yes	yes	specs/043-cross-tenant-compare-and-promotion/spec.md; app/Filament/Pages/CrossTenantComparePage.php; app/Support/PortfolioCompare/CrossTenantComparePreviewBuilder.php; app/Support/PortfolioCompare/CrossTenantPromotionPreflight.php; tests/Feature/PortfolioCompare/*; tests/Unit/Support/PortfolioCompare/*

Foundation-Only Capabilities

• OperationRun truth and canonical operation typing: starke Execution-Foundation, aber kein eigenstaendiger Kundennutzen-Surface.
• Audit log foundation: breit genutzt und wichtig fuer Governance, aber allein nicht verkaufbar.
• Capability-first RBAC: belastbar und testnah, bleibt aber Enablement-Layer; Spec 309 ist die abgeschlossene security-hardening completed Korrektur fuer Owner-only membership management und admin/system panel boundaries, nicht die Support Access Governance Productization.
• Workspace entitlements und commercial lifecycle policy engine: reale Gate-, Lifecycle-, Billing-State- und Override-Logik; volle Self-Service-Billing-/Subscription-Ops bleiben spaetere Produktisierung.
• Canonical control catalog: starke semantische Foundation fuer Evidence, Findings und Reviews.
• Stored reports substrate: wichtig fuer Reports, Evidence, Diagnostics und Management Report PDF artifacts; Produktreife haengt weiter an lifecycle/retention semantics und Runtime-Validierung.
• Evidence snapshot substrate: tragende technische Basis fuer Reviews und Exports.
• Localization foundation: resolved locale precedence, Workspace-Default, User-Praeferenz/Override und Notification-Formatting sind real, aber Enablement statt eigener Produkt-Surface.
• Governed AI policy foundation: Use-Case-Katalog, Boundary, Audit-Metadata, Workspace-Policy-Surface und Ops-Control-Integration sind repo-real, aber noch ohne ersten Runtime-Consumer.
• Workspace / Environment Surface Scope Contract: completed foundation fuer route-owned scope; nicht als offener Produkt-Slice behandeln.
• Operational control registry and evaluator: starke Safety-Control-Foundation, primar operatorseitig.
• Product telemetry und customer health scoring: reale operatorseitige SaaS-Operations-Layer, aber noch keine eigenstaendige sellable Oberflaeche.
• Portfolio triage continuity: sinnvoller Multi-Tenant-Unterbau, aber noch kein vollstaendiges Portfolio-Produkt.

Fast-Sellable Or Not-Yet-Productized Capabilities

• Customer-facing review consumption: Tenant Reviews, Evidence Snapshots, Review Packs, the Customer Review Workspace, the customer-safe released-review detail mode, governance-package delivery cues, Spec 308 Decision Summary / Review Pack inclusion, compliance interpretation overlays, commercial-lifecycle-aware access states, and post-311 Customer Review Workspace v1 completion are repo-real; future external portal/consumption would be a separate product decision.
• Findings Workflow v2: Triage, Assignment, My Work, Intake, Governance Inbox, Exceptions, notifications, and the three queue-facing cleanup/hardening follow-through packages are now repo-backed; later cross-tenant action layers remain separate work.
• Decision Register and Governance Inbox: Spec 265 operator register runtime, Spec 306 reconciliation, Spec 307 direct evidence/report plus source/evidence OperationRun proof-link polish, Spec 308 customer-safe Decision Summary / Review Pack inclusion, and Specs 327/346 Governance Inbox productization are repo-backed; do not treat Decision-Based Governance Inbox v1 as Greenfield.
• Product scalability and self-service: Onboarding, Support, Help, Entitlements, commercial lifecycle state handling, support-access slices, billing-state maturity, and external support-desk handoff are repo-real; broader trial/demo, self-serve subscription operations, and customer portal packaging remain.
• Management reporting: current working-tree management-report PDF runtime and artifact flow are repo-real, but production enablement remains gated on staging/Dokploy renderer validation.
• MSP portfolio operations: Portfolio-Triage plus cross-tenant compare preview and promotion preflight are repo-real; actual promotion execution and broader portfolio action orchestration remain open.
• Platform operations maturity: Control Tower und Ops Controls sind stark, aber einige geplante operatorseitige Drilldowns/Exports fehlen noch.
• Product knowledge rollout: Help-Katalog und Resolver sind real, aber noch nicht breit genug adoptiert fuer "fertig".

Not Implemented

• Governance Artifact Lifecycle & Retention v1
• Management Report PDF staging/Dokploy runtime validation and production enablement
• Durable self-serve Billing / Subscription Operations beyond existing entitlement and lifecycle truth
• Workspace & Tenant Closure Lifecycle runtime follow-through beyond existing taxonomy/current slices
• First Governed AI Runtime Consumer v1
• Human-in-the-Loop Autonomous Governance
• Standardization & Policy Quality / Intune Linting
• Provider-Missing Policy Visibility & Restore Continuity v1 (specs/261-provider-missing-policy-visibility/spec.md, spec-backed prep only)
• Broader compliance frameworks and auditor-facing mapping beyond the current evidence overlay

Release Readiness

Release / Theme	Readiness	Notes
R1 Golden Master Governance	sellable	Die zentrale Governance- und Execution-Layer ist repo-verifiziert und breit adoptiert.
R2 Tenant Reviews & Evidence Packs	fast sellable	Reviews, Evidence Snapshots, Review Packs, Customer Review Workspace v1 completion, released-review detail handoff, governance-package delivery, compliance interpretation overlays, Exception-/Accepted-Risk-Workflow und Management Report PDF runtime work are repo-real; PDF production enablement remains gated by staging/Dokploy renderer validation.
R3 MSP Portfolio OS	implemented but not productized	Portfolio-Triage sowie canonical compare preview/preflight sind da, aber actual promotion execution und portfolio-weite Action-Layer fehlen weiter.
Compliance Evidence Mapping v1	implemented but not productized	Compliance interpretation overlays sind repo-real in Tenant Reviews und Customer Review Workspace, aber breitere Framework-Abdeckung und auditor-facing mapping fehlen weiter.
Governance-as-a-Service Packaging v1	implemented but not productized	Governance package status, delivery messaging, current review-pack reuse, and management-report PDF artifact flow are repo-real; recurring delivery workflow and production renderer validation remain incomplete.

Commercial Readiness

Demo-ready

• Baseline compare and drift walkthroughs
• Review pack generation and export
• Customer review workspace walkthroughs with operator guidance
• Cross-tenant compare preview and promotion preflight walkthroughs
• Provider health, onboarding readiness and required permissions
• Support diagnostics
• Permission posture and Entra admin roles reporting

Fast sellable

• Review-driven governance workflow rund um Tenant Reviews, Customer Review Workspace, governance-package delivery, Spec 308 Decision Summary / Review Pack inclusion, compliance interpretation overlays, accepted risks und Review Packs, aber noch nicht als vollstaendig productisierte customer-safe consumption experience
• Baseline drift and restore governance
• Findings workflow mit persönlicher Inbox, Intake, Governance Inbox und Exception-Handling
• Alerting and run visibility for governance operations
• Support requests with contextual diagnostics and bounded external create/link handoff
• Provider readiness and permission posture reporting

Implemented but not productized

• Review pack generation and export als wiederholbare auditor-/executive-ready delivery layer
• Broader compliance evidence mapping surface
• Standalone governance-as-a-service packaging workflow
• Cross-tenant compare preview and promotion preflight without execution
• Product knowledge and contextual help rollout

Foundation-only

• OperationRun truth layer
• Audit foundation
• Capability-first RBAC
• Workspace entitlements
• Canonical control catalog
• Stored reports substrate
• Evidence snapshot substrate
• Localization foundation
• Governed AI policy foundation
• Product telemetry
• Customer health scoring
• Operational controls
• Portfolio triage continuity

Not implemented

• Auditor-ready executive export / auditor pack delivery
• Portfolio-wide promotion execution and governance decision-pack workflow
• Billing and subscription truth layer
• Stored reports product surface
• Customer-facing localization adoption
• Workspace and tenant closure lifecycle runtime follow-through
• First governed AI runtime consumer

Open Gaps & Blockers

Queue audit note: no safe automatic next-best-prep target remains active. The remaining open lanes are now tracked as explicit manual promotions in docs/product/spec-candidates.md instead of being re-opened through automatic queue logic.

Gap	Type	Impact	Roadmap Area	Recommended Spec
No safe automatic next-best-prep target is currently active	Planning boundary	docs/product/spec-candidates.md now keeps the active queue empty, so the next slice must be promoted deliberately instead of selected automatically	Product planning / queue hygiene	none - require explicit manual promotion
Management Report PDF production enablement remains gated	Runtime validation blocker	Current-branch Spec 379 implements the generation/download/audit flow, but staging/Dokploy Gotenberg validation must pass before enabling production runtime	Management reporting / review delivery	current Spec 379 follow-through, no new feature spec
Governance-artifact lifecycle runtime is still missing	Trust / auditability blocker	Lifecycle taxonomy and point retention rules exist, but governance artifacts still lack immutable-reference, hold, export, delete, and suspended/read-only runtime semantics	Lifecycle governance / enterprise trust	Governance Artifact Lifecycle & Retention v1
Provider readiness / onboarding polish may remain	Optional productization gap	Provider scope is hardened, but setup and resolution guidance should be promoted only if fresh operator evidence shows friction	Provider readiness	manual promotion only
Cross-domain progress and indicator runtime adoption may remain	UX / trust guardrail	Spec 278 provides the standardization path, but runtime adoption should follow only where actual indicator drift is visible	UI semantics / product trust	Cross-Domain Progress / Indicator Semantics candidate group
System-panel browser fixture/procedure remains manual	Validation follow-up	Spec 377 closed post-productization browser re-audit with no P0/P1 findings, but system-panel in-app browser fixture coverage remains procedure-dependent	Release validation	manual fixture/procedure follow-up
Durable self-serve subscription operations are not productized	Commercial productization gap	Entitlement and billing-state truth exist, but customer self-serve subscription operations, payment/invoice workflows, or commercial portal behavior remain outside the current product	Commercial readiness	manual promotion only
Future customer portal/external consumption is not productized	Productization decision	Customer Review Workspace v1 is repo-real in the admin context; a broader external customer portal is separate work	Customer consumption	manual promotion only
First governed AI runtime consumer is missing	Architecture blocker	The policy foundation exists, but there is no bounded runtime consumer proving the model end-to-end	Governed AI follow-through	First Governed AI Runtime Consumer v1

Recommended Manual Promotions

• Management Report PDF staging/runtime validation and release hardening -> anchored by specs/378-management-report-pdf-v1/spec.md, specs/379-management-report-pdf-runtime/spec.md, apps/platform/app/Services/ManagementReports/ManagementReportPdfService.php, apps/platform/app/Jobs/GenerateManagementReportPdfJob.php, apps/platform/app/Http/Controllers/ManagementReportPdfDownloadController.php, apps/platform/app/Models/StoredReport.php, and the Spec 379 runtime-validation artifacts.
• Governance Artifact Lifecycle & Retention runtime -> anchored by specs/158-artifact-truth-semantics/spec.md, specs/262-lifecycle-governance-taxonomy/spec.md, specs/267-artifact-lifecycle-retention/spec.md, and docs/product/standards/lifecycle-governance.md.
• Provider readiness / onboarding productization -> anchored by specs/281-provider-connection-provider-scope-microsoft-profile-extraction/spec.md, specs/339-provider-connection-scope-hardening/spec.md, specs/353-provider-connections-resolution-guidance-v1/spec.md, apps/platform/app/Filament/Resources/ProviderConnectionResource.php, and apps/platform/app/Policies/ProviderConnectionPolicy.php; promote only for fresh UX friction, not scope authority.
• Cross-Domain Progress / Indicator runtime follow-through -> anchored by specs/278-cross-domain-progress-indicator-semantics/spec.md, docs/ui/tenantpilot-enterprise-ui-standards.md, and current progress-like UI seams called out in docs/product/spec-candidates.md.
• Manual system-panel browser fixture or audit procedure -> anchored by specs/376-*, specs/377-post-productization-browser-reaudit-closeout-gate/artifacts/closeout-decision.md, and the system-panel authentication/fixture limits recorded there.
• First Governed AI Runtime Consumer v1 -> anchored by specs/248-private-ai-policy-foundation/spec.md.

Roadmap Drift Notes

• docs/product/roadmap.md and docs/product/spec-candidates.md are aligned through 2026-06-15, including Spec 311 completed surface-scope foundation, Specs 312/342/343/344/349/351/372 Customer Review Workspace v1 completion lineage, Specs 327/346 Governance Inbox lineage, Specs 339/341 provider/link cleanup, Spec 377 closeout evidence, and current working-tree Spec 379 runtime-gated Management Report PDF status.
• The remaining documentation risk is overstating current working-tree or local runtime evidence as production-ready. Management Report PDF remains disabled by runtime gate until staging/Dokploy renderer validation passes.
• This ledger therefore treats review-driven governance as fast sellable, Management Report PDF as implemented but not productized, and broad shell/scope/Decision Register/customer-review foundations as historical/completed rather than active candidates.
• Tests referenced here remain repo-present only. They were not executed for this ledger update.

Evidence Sources

Wichtigste Strategie- und Scope-Quellen:

• docs/product/roadmap.md
• docs/product/spec-candidates.md

Wichtige Plattform- und UI-Anker:

• apps/platform/bootstrap/providers.php
• apps/platform/app/Providers/Filament/AdminPanelProvider.php
• apps/platform/app/Providers/Filament/SystemPanelProvider.php
• apps/platform/app/Filament/Pages/TenantDashboard.php
• apps/platform/app/Filament/Pages/CrossTenantComparePage.php
• apps/platform/app/Filament/System/Pages/Dashboard.php
• apps/platform/app/Filament/Pages/TenantRequiredPermissions.php
• apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php
• apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php
• apps/platform/app/Filament/Pages/Findings/FindingsIntakeQueue.php
• apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php
• apps/platform/app/Filament/Pages/Monitoring/FindingExceptionsQueue.php

Wichtige Models:

• apps/platform/app/Models/OperationRun.php
• apps/platform/app/Models/Finding.php
• apps/platform/app/Models/FindingException.php
• apps/platform/app/Models/FindingExceptionDecision.php
• apps/platform/app/Models/FindingExceptionEvidenceReference.php
• apps/platform/app/Models/BaselineProfile.php
• apps/platform/app/Models/BaselineSnapshot.php
• apps/platform/app/Models/EvidenceSnapshot.php
• apps/platform/app/Models/TenantReview.php
• apps/platform/app/Models/ReviewPack.php
• apps/platform/app/Models/StoredReport.php
• apps/platform/app/Models/SupportRequest.php
• apps/platform/app/Models/ProductUsageEvent.php
• apps/platform/app/Models/OperationalControlActivation.php
• apps/platform/app/Models/AuditLog.php

Wichtige Services und Jobs:

• apps/platform/app/Services/ReviewPackService.php
• apps/platform/app/Services/TenantReviews/TenantReviewService.php
• apps/platform/app/Services/Evidence/EvidenceSnapshotService.php
• apps/platform/app/Services/Baselines/BaselineCompareService.php
• apps/platform/app/Services/Entitlements/WorkspaceCommercialLifecycleResolver.php
• apps/platform/app/Services/Alerts/AlertDispatchService.php
• apps/platform/app/Services/Findings/FindingExceptionService.php
• apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php
• apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php
• apps/platform/app/Services/Entitlements/WorkspaceEntitlementResolver.php
• apps/platform/app/Services/PortfolioTriage/TenantTriageReviewService.php
• apps/platform/app/Support/Ai/AiUseCaseCatalog.php
• apps/platform/app/Support/Ai/GovernedAiExecutionBoundary.php
• apps/platform/app/Support/Ai/AiDecisionAuditMetadataFactory.php
• apps/platform/app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php
• apps/platform/app/Support/PortfolioCompare/CrossTenantComparePreviewBuilder.php
• apps/platform/app/Support/PortfolioCompare/CrossTenantPromotionPreflight.php
• apps/platform/app/Support/SupportRequests/ExternalSupportDeskHandoffService.php
• apps/platform/app/Support/Governance/Controls/CanonicalControlCatalog.php
• apps/platform/app/Services/Audit/WorkspaceAuditLogger.php
• apps/platform/app/Services/Auth/CapabilityResolver.php
• apps/platform/app/Filament/Pages/Settings/WorkspaceSettings.php
• apps/platform/app/Services/Localization/LocaleResolver.php

Wichtige Test-Anker im Repo:

• apps/platform/tests/Feature/PortfolioCompare/*
• apps/platform/tests/Feature/ReviewPack/*
• apps/platform/tests/Feature/Evidence/*
• apps/platform/tests/Feature/PermissionPosture/*
• apps/platform/tests/Feature/EntraAdminRoles/*
• apps/platform/tests/Feature/SupportDiagnostics/*
• apps/platform/tests/Feature/SupportRequests/*
• apps/platform/tests/Feature/System/ViewWorkspaceEntitlementsTest.php
• apps/platform/tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php
• apps/platform/tests/Feature/System/CustomerHealth/*
• apps/platform/tests/Feature/System/ProductTelemetry/*
• apps/platform/tests/Feature/System/OpsControls/*
• apps/platform/tests/Feature/System/OpsControls/AiExecutionOperationalControlTest.php
• apps/platform/tests/Feature/SettingsFoundation/WorkspaceAiPolicySettingsTest.php
• apps/platform/tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php
• apps/platform/tests/Unit/Governance/*
• apps/platform/tests/Unit/Support/Ai/*
• apps/platform/tests/Unit/Support/PortfolioCompare/*
• apps/platform/tests/Unit/Support/SupportRequests/ExternalSupportDeskHandoffServiceTest.php
• apps/platform/tests/Unit/Entitlements/*

Last Updated

2026-05-02 on branch platform-dev (ledger drift correction and alignment with docs/product/roadmap.md plus docs/product/spec-candidates.md after the manual-promotion split)