TenantAtlas/docs/product/implementation-ledger.md

TenantPilot Implementation Ledger

Purpose

Dieses Dokument beschreibt den aktuellen repo-basierten Implementierungsstand von TenantPilot. Es ergaenzt roadmap.md und spec-candidates.md, ersetzt sie aber nicht.

Bewertungsregeln fuer dieses Ledger:

• Repo-basiert only: Aussagen zaehlen nur, wenn Code, Datenmodell, Workflow, UI-Adoption oder Test-Artefakte im Repo belastbar darauf hinweisen.
• Keine Roadmap- oder Spec-Absicht ohne Repo-Evidence.
• sellable wird nur dort verwendet, wo UI, Workflow, Datenmodell, RBAC/Audit und passende Test-Artefakte plausibel zusammenpassen.
• Backend-only bleibt foundation-only.
• UI-only gilt nicht als fertig.
• Wenn Tests unten als vorhanden markiert sind, bedeutet das: passende Test-Dateien existieren im Repo. Sie wurden fuer dieses Ledger nicht ausgefuehrt.

Current Product Position

TenantPilot ist aktuell ein starkes internes Governance- und Operations-Produkt mit belastbaren Foundations fuer Execution Truth, Baselines/Drift, Findings, Evidence, Reviews, Review Packs, Supportability, Telemetry und Safety Controls. Die Repo-Wahrheit liegt damit ueber einer simplen Lesart von "R1 done / R2 partial". Gleichzeitig ist das Produkt noch nicht voll als kundenseitig konsumierbare Review- und Portfolio-Plattform ausgereift: Customer-safe Review Consumption, Cross-Tenant-Workflows und kommerzielle Lifecycle-Reife sind noch unvollstaendig.

Status Model

• planned: nur in Roadmap oder Kandidatenliste, ohne belastbare Repo-Evidence
• specified: als Spec oder Draft angelegt, aber nicht repo-verifiziert umgesetzt
• implemented_partial: Teilumsetzung vorhanden, aber noch nicht als fertig bewertbar
• implemented_backend: belastbare Backend- oder Modelllogik vorhanden, aber keine ausreichende UI-Adoption
• implemented_ui: sichtbare UI vorhanden, aber Workflow- oder Backend-Proof ist noch zu schwach
• implemented_verified: Code, Modell, Workflow und Test-Artefakte sind plausibel vorhanden
• adopted: implementiert und bereits in zentrale Produktoberflaechen oder Kernablaeufe uebernommen
• deferred: bewusst verschoben
• obsolete: durch neuere Repo-Realitaet oder andere Implementierung ueberholt

Evidence-Level im Dokument:

• none: keine belastbare Repo-Evidence
• weak: duenne Code- oder Doc-Spur, aber kein belastbarer Gesamtworkflow
• medium: mehrere Repo-Signale, aber noch nicht durchgaengig
• strong: Datenmodell, Workflow, UI- oder Test-Spur greifen konsistent ineinander

Roadmap Coverage Summary

Roadmap Area	Status	Evidence Level	UI Ready	Tested	Sellable	Notes
R1 Golden Master Governance	adopted	strong	yes	repo tests, not run	yes	Baselines, Drift, Findings und OperationRun-Truth sind breit im Produkt verankert.
R2 Tenant Reviews, Evidence & Control Foundation	adopted	strong	yes	repo tests, not run	almost	Review-, Evidence- und Control-Foundations sind stark; Customer Review Workspace fehlt noch.
Alert escalation + notification routing	implemented_verified	strong	partial	repo tests, not run	yes	Alert-Regeln, Dispatch, Cooldown und Quiet Hours sind real.
Governance & Architecture Hardening	implemented_partial	strong	partial	repo tests, not run	foundation-only	Viele Hardening-Slices sind bereits im Code, die Lane bleibt aber aktiv.
UI & Product Maturity Polish	implemented_partial	medium	partial	partial repo tests, not run	no	Einzelne Polishing-Slices sind da, aber kein geschlossenes "fertig"-Signal auf Theme-Ebene.
Secret & Security Hardening	implemented_verified	strong	yes	repo tests, not run	almost	Provider-Verifikation, Permission-Diagnostics und Redaction sind belastbar.
Baseline Drift Engine (Cutover)	adopted	strong	yes	repo tests, not run	yes	Compare- und Drift-Workflow wirken als produktive Kernfunktion.
R1.9 Platform Localization v1	planned	none	no	no	no	Keine belastbare Locale-Foundation im Repo gefunden.
Product Scalability & Self-Service Foundation	implemented_partial	strong	yes	repo tests, not run	almost	Onboarding, Support, Help und Entitlements sind weit; Billing, Trial und Demo-Reife fehlen.
R2.0 Canonical Control Catalog Foundation	implemented_verified	strong	partial	repo tests, not run	foundation-only	Bereits implementiert und in Evidence/Reviews referenziert, aber kein eigenstaendiger Kundennutzen-Surface.
R2 Completion: customer review, support, help	implemented_partial	strong	yes	repo tests, not run	almost	Support und Help sind real; kundensichere Review-Consumption ist noch offen.
Findings Workflow v2 / Execution Layer	implemented_partial	strong	yes	repo tests, not run	almost	Triage, Ownership, Alerts und Hygiene sind vorhanden; der naechste Operator-Layer fehlt.
Policy Lifecycle / Ghost Policies	specified	weak	no	no	no	Als Richtung sichtbar, aber nicht als repo-verifizierter Workflow.
Platform Operations Maturity	implemented_partial	strong	yes	repo tests, not run	almost	System Panel, Control Tower und Ops Controls sind real; CSV/Raw Drilldowns bleiben offen.
Product Usage, Customer Health & Operational Controls	adopted	strong	yes	repo tests, not run	almost	Diese Mid-term-Lane ist im Repo bereits substanziell vorhanden.
Private AI Execution & Usage Governance Foundation	planned	none	no	no	no	Keine belastbare AI-Governance-Foundation im Repo.
MSP Portfolio & Operations	implemented_partial	medium	partial	repo tests, not run	foundation-only	Portfolio-Triage ist da; Compare/Promotion und Decision Workboard fehlen.
Human-in-the-Loop Autonomous Governance	planned	none	no	no	no	Kein repo-verifizierter Decision-Pack- oder Approval-Workflow.
Drift & Change Governance	specified	weak	no	no	no	Einzelne Foundations existieren, die thematische Produkt-Lane aber nicht.
Standardization & Policy Quality	planned	none	no	no	no	Keine starke Repo-Evidence fuer eine Intune-Linting- oder Policy-Quality-Oberflaeche.
PSA / Ticketing Handoff	planned	none	no	no	no	Support Requests existieren, externe Handoff-Integration aber nicht.

Implemented Capabilities

Capability	Status	Backend	UI	Tests	RBAC/Audit	Sellable	Evidence
OperationRun truth layer	implemented_verified	yes	partial	repo tests, not run	yes	foundation-only	app/Models/OperationRun.php; tests/Feature/System/*; tests/Feature/ReviewPack/*
Baseline profiles, snapshots and compare	implemented_verified	yes	yes	repo tests, not run	yes	yes	app/Models/BaselineProfile.php; app/Models/BaselineSnapshot.php; app/Services/Baselines/BaselineCompareService.php
Drift findings and governance pressure	adopted	yes	yes	repo tests, not run	yes	yes	app/Models/Finding.php; app/Filament/Widgets/Dashboard/RecentDriftFindings.php; tests/Feature/Findings/*
Restore workflow with safety gates	implemented_verified	yes	yes	repo tests, not run	yes	yes	app/Models/OperationRun.php; restore gates and tests in tests/Feature/Restore/*
Evidence snapshots	implemented_verified	yes	yes	repo tests, not run	yes	foundation-only	app/Models/EvidenceSnapshot.php; app/Services/Evidence/EvidenceSnapshotService.php; tests/Feature/Evidence/*
Tenant reviews	implemented_verified	yes	yes	repo tests, not run	yes	almost	app/Models/TenantReview.php; app/Services/TenantReviews/TenantReviewService.php; tests/Feature/TenantReview/*
Review pack generation and export	implemented_verified	yes	yes	repo tests, not run	yes	yes	app/Models/ReviewPack.php; app/Services/ReviewPackService.php; tests/Feature/ReviewPack/*
Alerts and notification routing	implemented_verified	yes	partial	repo tests, not run	yes	yes	app/Services/Alerts/AlertDispatchService.php; tests/Feature/*Alert*
Provider health, onboarding readiness and required permissions	adopted	yes	yes	repo tests, not run	yes	almost	app/Jobs/ProviderConnectionHealthCheckJob.php; app/Services/Onboarding/OnboardingLifecycleService.php; app/Filament/Pages/TenantRequiredPermissions.php
Permission posture reporting	implemented_verified	yes	yes	repo tests, not run	yes	yes	app/Services/PermissionPosture/PermissionPostureFindingGenerator.php; tests/Feature/PermissionPosture/*
Entra admin roles reporting	implemented_verified	yes	yes	repo tests, not run	yes	yes	app/Services/EntraAdminRoles/EntraAdminRolesReportService.php; tests/Feature/EntraAdminRoles/*
Stored reports substrate	implemented_verified	yes	partial	repo tests, not run	partial	foundation-only	app/Models/StoredReport.php; tests/Feature/PermissionPosture/StoredReportModelTest.php; tests/Feature/EntraAdminRoles/StoredReportFingerprintTest.php
Support diagnostics	adopted	yes	yes	repo tests, not run	yes	almost	app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php; app/Filament/Pages/TenantDashboard.php; tests/Feature/SupportDiagnostics/*
In-app support requests	implemented_verified	yes	yes	repo tests, not run	yes	almost	app/Models/SupportRequest.php; app/Support/SupportRequests/*; tests/Feature/SupportRequests/*
Product knowledge and contextual help	implemented_partial	yes	yes	repo tests, not run	partial	almost	app/Support/ProductKnowledge/ContextualHelpCatalog.php; tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php
Product telemetry	implemented_verified	yes	yes	repo tests, not run	yes	almost	app/Models/ProductUsageEvent.php; app/Filament/System/Widgets/ProductTelemetryKpis.php; tests/Feature/System/ProductTelemetry/*
Customer health scoring	implemented_verified	yes	yes	repo tests, not run	partial	almost	app/Filament/System/Widgets/CustomerHealthKpis.php; app/Filament/System/Widgets/CustomerHealthTopWorkspaces.php; tests/Feature/System/CustomerHealth/*
Operational controls	implemented_verified	yes	yes	repo tests, not run	yes	almost	app/Models/OperationalControlActivation.php; app/Support/OperationalControls/*; tests/Feature/System/OpsControls/*
Workspace entitlements	implemented_verified	yes	yes	repo tests, not run	yes	foundation-only	app/Services/Entitlements/WorkspaceEntitlementResolver.php; tests/Feature/Filament/Settings/WorkspaceEntitlementsSettingsPageTest.php
Capability-first RBAC	adopted	yes	yes	repo tests, not run	yes	foundation-only	app/Services/Auth/CapabilityResolver.php; app/Services/Auth/RoleCapabilityMap.php; many tests/Feature/Rbac/*
Audit log foundation	adopted	yes	yes	repo tests, not run	yes	foundation-only	app/Models/AuditLog.php; app/Services/Audit/WorkspaceAuditLogger.php; many audit-focused feature tests
Canonical control catalog	implemented_verified	yes	partial	repo tests, not run	partial	foundation-only	app/Support/Governance/Controls/CanonicalControlCatalog.php; config/canonical_controls.php; tests/Unit/Governance/*
Portfolio triage continuity	implemented_verified	yes	yes	repo tests, not run	yes	foundation-only	app/Services/PortfolioTriage/TenantTriageReviewService.php; app/Support/PortfolioTriage/*; tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php

Foundation-Only Capabilities

• OperationRun truth and canonical operation typing: starke Execution-Foundation, aber kein eigenstaendiger Kundennutzen-Surface.
• Audit log foundation: breit genutzt und wichtig fuer Governance, aber allein nicht verkaufbar.
• Capability-first RBAC: belastbar und testnah, bleibt aber Enablement-Layer.
• Workspace entitlements: reale Gate- und Override-Logik, aber noch keine volle Commercial Lifecycle Story.
• Canonical control catalog: starke semantische Foundation fuer Evidence, Findings und Reviews.
• Stored reports substrate: wichtig fuer Reports, Evidence und Diagnostics, aber kein eigenstaendiges Produktversprechen.
• Evidence snapshot substrate: tragende technische Basis fuer Reviews und Exports.
• Operational control registry and evaluator: starke Safety-Control-Foundation, primar operatorseitig.
• Customer health scoring: reale interne SaaS-Operations-Layer, aber noch keine eigenstaendige Kundenoberflaeche.
• Portfolio triage continuity: sinnvoller Multi-Tenant-Unterbau, aber noch kein vollstaendiges Portfolio-Produkt.

Partial Capabilities

• Customer-facing review consumption: Tenant Reviews, Evidence Snapshots und Review Packs sind stark, aber ein repo-verifizierter Customer Review Workspace fehlt.
• Findings Workflow v2: Triage, Assignment, Hygiene und Notifications sind vorhanden, aber kein konsolidierter Decision-/Inbox-Layer.
• Product scalability and self-service: Onboarding, Support, Help und Entitlements sind weit, Billing-, Trial- und Demo-Reife aber nicht.
• MSP portfolio operations: Portfolio-Triage ist vorhanden, Cross-Tenant Compare und Promotion fehlen.
• Platform operations maturity: Control Tower und Ops Controls sind stark, aber einige geplante operatorseitige Drilldowns/Exports fehlen noch.
• Product knowledge rollout: Help-Katalog und Resolver sind real, aber noch nicht breit genug adoptiert fuer "fertig".

Planned But Not Implemented

• Platform Localization v1
• Private AI Execution & Usage Governance Foundation
• Human-in-the-Loop Autonomous Governance
• Standardization & Policy Quality / Intune Linting
• PSA / Ticketing Handoff
• Customer Review Workspace v1
• Cross-Tenant Compare and Promotion v1
• Later compliance overlays beyond the current control/evidence foundation

Release Readiness

Release / Theme	Readiness	Notes
R1 Golden Master Governance	implemented	Die zentrale Governance- und Execution-Layer ist repo-verifiziert und breit adoptiert.
R2 Tenant Reviews & Evidence Packs	partially implemented	Reviews, Evidence Snapshots und Review Packs sind stark; kundensichere Consumption fehlt noch.
R3 MSP Portfolio OS	foundation only	Portfolio-Triage ist da, aber Compare/Promotion und Decision Workflows fehlen.
Later Compliance Light	foundation only	Canonical Controls, Evidence und Exceptions existieren als Grundlage; ein Compliance-Produkt ist nicht repo-proven.

Commercial Readiness

Demo-ready

• Baseline compare and drift walkthroughs
• Review pack generation and export
• Provider health, onboarding readiness and required permissions
• Support diagnostics
• Permission posture and Entra admin roles reporting

Almost sellable

• Review-driven governance workflow around tenant reviews and review packs
• Baseline drift and restore governance
• Alerting and run visibility for governance operations
• Support requests with contextual diagnostics
• Provider readiness and permission posture reporting

Foundation-only

• OperationRun truth layer
• Audit foundation
• Capability-first RBAC
• Workspace entitlements
• Canonical control catalog
• Stored reports substrate
• Evidence snapshot substrate
• Product telemetry
• Customer health scoring
• Operational controls
• Portfolio triage continuity

Not sellable yet

• Customer Review Workspace v1
• Cross-Tenant Compare and Promotion v1
• Localization v1
• Private AI Execution Governance Foundation
• External Support Desk / PSA Handoff
• Compliance Light product layer

Open Gaps & Blockers

Gap	Type	Impact	Roadmap Area	Recommended Spec
Customer-safe review workspace is missing	Release blocker	Existing review and evidence assets cannot yet be consumed as a clear customer-facing surface	R2 completion / Tenant Reviews	P0 Customer Review Workspace v1
No consolidated operator decision inbox	UX blocker	Operators still move between findings, runs, alerts and portfolio surfaces to act	Findings Workflow / MSP Portfolio	P0 Decision-Based Governance Inbox v1
Cross-tenant compare and promotion is not repo-proven	Release blocker	MSP portfolio story remains partial	MSP Portfolio & Operations	P1 Cross-Tenant Compare and Promotion v1
Localization foundation is absent	UX blocker	Product polish and DACH-readiness remain limited	R1.9 Platform Localization v1	P1 Localization v1
Entitlements stop short of full commercial lifecycle	Commercialization blocker	Plan gating exists, but trial, grace and suspension semantics remain incomplete	Product Scalability & Self-Service Foundation	P2 Commercial Entitlements and Billing-State Maturity
Support requests do not hand off to an external desk	Commercialization blocker	Support operations still depend on manual follow-through outside the product	R2 completion / Support	P2 External Support Desk / PSA Handoff
AI governance foundation is absent	Architecture blocker	Future AI features would risk trust and policy drift if added directly	Private AI Execution & Usage Governance	P3 Private AI Execution Governance Foundation
Roadmap understates current repo truth	Architecture blocker	Prioritization can drift because strategy docs lag implementation	Product planning / roadmap maintenance	none - docs alignment
Test files were not executed for this ledger update	Testing blocker	This document relies on code plus test presence, not live runtime validation	all areas	none - run targeted suites

Recommended Next Specs

• P0 Customer Review Workspace v1: turns existing reviews, evidence and review-pack outputs into a customer-safe read-only product surface.
• P0 Decision-Based Governance Inbox v1: consolidates existing findings, runs, alerts and triage signals into one operator work surface.
• P1 Cross-Tenant Compare and Promotion v1: needed to move from portfolio visibility to portfolio action.
• P1 Localization v1: still absent in repo and becomes more expensive the later it lands.
• P2 Commercial Entitlements and Billing-State Maturity: extends the already real entitlement substrate into a usable commercial lifecycle.
• P2 External Support Desk / PSA Handoff: extends support requests beyond internal persistence.
• P3 Private AI Execution Governance Foundation: should exist before feature-level AI adoption, not after it.

Roadmap Drift Notes

• roadmap.md understates the current R2 control foundation. Canonical controls, stored reports, permission posture and Entra admin roles are already repo-real, not just near-term ideas.
• roadmap.md understates product supportability. Support diagnostics, in-app support requests and contextual help already exist in the repo.
• roadmap.md understates operational maturity. Product telemetry, customer health and operational controls are already implemented and wired into the system panel.
• roadmap.md understates commercial foundations. A workspace entitlement resolver, plan profiles and enforcement points already exist, even though full billing-state maturity does not.
• The roadmap is stronger at describing missing customer-facing consumption than missing backend foundations. Customer Review Workspace v1, Cross-Tenant Compare and Promotion, Localization and AI Governance still look genuinely unimplemented.
• The main drift pattern is underestimation, not overestimation. The only place where optimism should still be resisted is customer-facing review maturity: internal review and evidence foundations are strong, but the repo does not yet prove a finished customer review workspace.

Evidence Sources

Wichtigste Strategie- und Scope-Quellen:

• docs/product/roadmap.md
• docs/product/spec-candidates.md

Wichtige Plattform- und UI-Anker:

• apps/platform/bootstrap/providers.php
• apps/platform/app/Providers/Filament/AdminPanelProvider.php
• apps/platform/app/Providers/Filament/SystemPanelProvider.php
• apps/platform/app/Filament/Pages/TenantDashboard.php
• apps/platform/app/Filament/System/Pages/Dashboard.php
• apps/platform/app/Filament/Pages/TenantRequiredPermissions.php

Wichtige Models:

• apps/platform/app/Models/OperationRun.php
• apps/platform/app/Models/Finding.php
• apps/platform/app/Models/FindingException.php
• apps/platform/app/Models/BaselineProfile.php
• apps/platform/app/Models/BaselineSnapshot.php
• apps/platform/app/Models/EvidenceSnapshot.php
• apps/platform/app/Models/TenantReview.php
• apps/platform/app/Models/ReviewPack.php
• apps/platform/app/Models/StoredReport.php
• apps/platform/app/Models/SupportRequest.php
• apps/platform/app/Models/ProductUsageEvent.php
• apps/platform/app/Models/OperationalControlActivation.php
• apps/platform/app/Models/AuditLog.php

Wichtige Services und Jobs:

• apps/platform/app/Services/ReviewPackService.php
• apps/platform/app/Services/TenantReviews/TenantReviewService.php
• apps/platform/app/Services/Evidence/EvidenceSnapshotService.php
• apps/platform/app/Services/Baselines/BaselineCompareService.php
• apps/platform/app/Services/Alerts/AlertDispatchService.php
• apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php
• apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php
• apps/platform/app/Services/Entitlements/WorkspaceEntitlementResolver.php
• apps/platform/app/Services/PortfolioTriage/TenantTriageReviewService.php
• apps/platform/app/Support/Governance/Controls/CanonicalControlCatalog.php
• apps/platform/app/Services/Audit/WorkspaceAuditLogger.php
• apps/platform/app/Services/Auth/CapabilityResolver.php

Wichtige Test-Anker im Repo:

• apps/platform/tests/Feature/ReviewPack/*
• apps/platform/tests/Feature/Evidence/*
• apps/platform/tests/Feature/PermissionPosture/*
• apps/platform/tests/Feature/EntraAdminRoles/*
• apps/platform/tests/Feature/SupportDiagnostics/*
• apps/platform/tests/Feature/SupportRequests/*
• apps/platform/tests/Feature/System/CustomerHealth/*
• apps/platform/tests/Feature/System/ProductTelemetry/*
• apps/platform/tests/Feature/System/OpsControls/*
• apps/platform/tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php
• apps/platform/tests/Unit/Governance/*
• apps/platform/tests/Unit/Entitlements/*

Last Updated

2026-04-27 on branch 248-private-ai-policy-foundation