TenantAtlas/docs/product/implementation-ledger.md

TenantPilot Implementation Ledger

Purpose

Dieses Dokument beschreibt den aktuellen repo-basierten Implementierungsstand von TenantPilot. Es ergaenzt roadmap.md und spec-candidates.md, ersetzt sie aber nicht.

Bewertungsregeln fuer dieses Ledger:

• Repo-basiert only: Aussagen zaehlen nur, wenn Code, Datenmodell, Workflow, UI-Adoption oder Test-Artefakte im Repo belastbar darauf hinweisen.
• Keine Roadmap- oder Spec-Absicht ohne Repo-Evidence.
• sellable wird nur dort verwendet, wo UI, Workflow, Datenmodell, RBAC/Audit und passende Test-Artefakte plausibel zusammenpassen.
• Backend-only bleibt foundation-only.
• UI-only gilt nicht als fertig.
• Wenn Tests unten als vorhanden markiert sind, bedeutet das: passende Test-Dateien existieren im Repo. Sie wurden fuer dieses Ledger nicht ausgefuehrt.

Current Product Position

TenantPilot ist aktuell ein starkes internes Governance- und Operations-Produkt mit belastbaren Foundations fuer Execution Truth, Baselines/Drift, Findings, Evidence, Reviews, Review Packs, Supportability, Telemetry und Safety Controls und inzwischen repo-real umgesetzten Customer-safe Review Consumption, Risk-Acceptance/Exception-Workflow, Findings-/Governance-Inboxen und einer DE/EN-Locale-Foundation. Die Repo-Wahrheit liegt damit klar ueber einer simplen Lesart von "R1 done / R2 partial". Gleichzeitig ist das Produkt noch nicht voll als kundenseitig konsumierbare Portfolio- und Commercial-Plattform ausgereift: Cross-Tenant-Workflows, Compare/Promotion, Billing-/Lifecycle-Reife und Private-AI-Governance bleiben unvollstaendig. Zusaetzlich zeigt der Repo-Stand weiterhin eine schmale Findings-Cleanup-Lane: sichtbare Lifecycle-Backfill-Runtime-Surfaces, acknowledged-Kompatibilitaet und fehlende explizite Creation-Time-Invariant-Absicherung sollten als getrennte Folgespecs behandelt werden.

Status Model

• planned: nur in Roadmap oder Kandidatenliste, ohne belastbare Repo-Evidence
• specified: als Spec oder Draft angelegt, aber nicht repo-verifiziert umgesetzt
• implemented_partial: Teilumsetzung vorhanden, aber noch nicht als fertig bewertbar
• implemented_backend: belastbare Backend- oder Modelllogik vorhanden, aber keine ausreichende UI-Adoption
• implemented_ui: sichtbare UI vorhanden, aber Workflow- oder Backend-Proof ist noch zu schwach
• implemented_verified: Code, Modell, Workflow und Test-Artefakte sind plausibel vorhanden
• adopted: implementiert und bereits in zentrale Produktoberflaechen oder Kernablaeufe uebernommen
• deferred: bewusst verschoben
• obsolete: durch neuere Repo-Realitaet oder andere Implementierung ueberholt

Evidence-Level im Dokument:

• none: keine belastbare Repo-Evidence
• weak: duenne Code- oder Doc-Spur, aber kein belastbarer Gesamtworkflow
• medium: mehrere Repo-Signale, aber noch nicht durchgaengig
• strong: Datenmodell, Workflow, UI- oder Test-Spur greifen konsistent ineinander

Roadmap Coverage Summary

Roadmap Area	Status	Evidence Level	UI Ready	Tested	Sellable	Notes
R1 Golden Master Governance	adopted	strong	yes	repo tests, not run	yes	Baselines, Drift, Findings und OperationRun-Truth sind breit im Produkt verankert.
R2 Tenant Reviews, Evidence & Control Foundation	adopted	strong	yes	repo tests, not run	yes	Reviews, Evidence, Review Packs, Customer Review Workspace und Control-/Exception-Layer greifen als reale Governance-Surface zusammen.
Alert escalation + notification routing	implemented_verified	strong	partial	repo tests, not run	yes	Alert-Regeln, Dispatch, Cooldown und Quiet Hours sind real.
Governance & Architecture Hardening	implemented_partial	strong	partial	repo tests, not run	foundation-only	Viele Hardening-Slices sind bereits im Code, die Lane bleibt aber aktiv.
UI & Product Maturity Polish	implemented_partial	strong	partial	partial repo tests, not run	no	Empty States, Navigation, Localization und read-only Review-Polish sind real, aber kein geschlossenes Theme-Completion-Signal.
Secret & Security Hardening	implemented_verified	strong	yes	repo tests, not run	almost	Provider-Verifikation, Permission-Diagnostics und Redaction sind belastbar.
Baseline Drift Engine (Cutover)	adopted	strong	yes	repo tests, not run	yes	Compare- und Drift-Workflow wirken als produktive Kernfunktion.
R1.9 Platform Localization v1	implemented_verified	strong	yes	repo tests, not run	foundation-only	Locale-Resolver, Override/Praeferenz, Workspace-Default, Fallback und lokalisierte Notifications sind repo-real.
Product Scalability & Self-Service Foundation	implemented_partial	strong	yes	repo tests, not run	almost	Onboarding, Support, Help und Entitlements sind weit; Billing, Trial und Demo-Reife fehlen.
R2.0 Canonical Control Catalog Foundation	implemented_verified	strong	partial	repo tests, not run	foundation-only	Bereits implementiert und in Evidence/Reviews referenziert, aber kein eigenstaendiger Kundennutzen-Surface.
R2 Completion: customer review, support, help	adopted	strong	yes	repo tests, not run	yes	Customer Review Workspace, Support Diagnostics/Requests und Help-Katalog sind repo-real.
Findings Workflow v2 / Execution Layer	adopted	strong	yes	repo tests, not run	almost	Triage, Ownership, My Work, Intake, Governance Inbox, Exceptions und Alerts/Hygiene sind real; Cross-Tenant-Decisioning bleibt spaeter.
Policy Lifecycle / Ghost Policies	specified	weak	no	no	no	Als Richtung sichtbar, aber nicht als repo-verifizierter Workflow.
Platform Operations Maturity	implemented_partial	strong	yes	repo tests, not run	almost	System Panel, Control Tower und Ops Controls sind real; CSV/Raw Drilldowns bleiben offen.
Product Usage, Customer Health & Operational Controls	adopted	strong	yes	repo tests, not run	almost	Diese Mid-term-Lane ist im Repo bereits substanziell vorhanden.
Private AI Execution & Usage Governance Foundation	planned	none	no	no	no	Keine belastbare AI-Governance-Foundation im Repo.
MSP Portfolio & Operations	implemented_partial	medium	partial	repo tests, not run	foundation-only	Portfolio-Triage ist da; Compare/Promotion und Decision Workboard fehlen.
Human-in-the-Loop Autonomous Governance	planned	none	no	no	no	Kein repo-verifizierter Decision-Pack- oder Approval-Workflow jenseits des jetzigen Exception-/Review-Layers.
Drift & Change Governance	implemented_partial	strong	yes	repo tests, not run	almost	Drift review, accepted-risk governance, exception validity und Governance-Inbox-Surfaces sind repo-real; portfolio-weite Eskalation bleibt offen.
Standardization & Policy Quality	planned	none	no	no	no	Keine starke Repo-Evidence fuer eine Intune-Linting- oder Policy-Quality-Oberflaeche.
PSA / Ticketing Handoff	planned	none	no	no	no	Support Requests existieren, externe Handoff-Integration aber nicht.

Implemented Capabilities

Capability	Status	Backend	UI	Tests	RBAC/Audit	Sellable	Evidence
OperationRun truth layer	implemented_verified	yes	partial	repo tests, not run	yes	foundation-only	app/Models/OperationRun.php; tests/Feature/System/*; tests/Feature/ReviewPack/*
Baseline profiles, snapshots and compare	implemented_verified	yes	yes	repo tests, not run	yes	yes	app/Models/BaselineProfile.php; app/Models/BaselineSnapshot.php; app/Services/Baselines/BaselineCompareService.php
Drift findings and governance pressure	adopted	yes	yes	repo tests, not run	yes	yes	app/Models/Finding.php; app/Filament/Widgets/Dashboard/RecentDriftFindings.php; tests/Feature/Findings/*
Findings inboxes and governance inbox	implemented_verified	yes	yes	repo tests, not run	yes	almost	app/Filament/Pages/Findings/MyFindingsInbox.php; app/Filament/Pages/Findings/FindingsIntakeQueue.php; app/Filament/Pages/Governance/GovernanceInbox.php; tests/Feature/Findings/MyWorkInboxTest.php; tests/Feature/Governance/*
Finding exceptions and risk acceptance workflow	implemented_verified	yes	yes	repo tests, not run	yes	almost	app/Models/FindingException.php; app/Services/Findings/FindingExceptionService.php; app/Filament/Resources/FindingExceptionResource.php; tests/Feature/Findings/FindingExceptionWorkflowTest.php
Restore workflow with safety gates	implemented_verified	yes	yes	repo tests, not run	yes	yes	app/Models/OperationRun.php; restore gates and tests in tests/Feature/Restore/*
Evidence snapshots	implemented_verified	yes	yes	repo tests, not run	yes	foundation-only	app/Models/EvidenceSnapshot.php; app/Services/Evidence/EvidenceSnapshotService.php; tests/Feature/Evidence/*
Tenant reviews	implemented_verified	yes	yes	repo tests, not run	yes	almost	app/Models/TenantReview.php; app/Services/TenantReviews/TenantReviewService.php; tests/Feature/TenantReview/*
Review pack generation and export	implemented_verified	yes	yes	repo tests, not run	yes	yes	app/Models/ReviewPack.php; app/Services/ReviewPackService.php; tests/Feature/ReviewPack/*
Customer review workspace	implemented_verified	yes	yes	repo tests, not run	yes	yes	app/Filament/Pages/Reviews/CustomerReviewWorkspace.php; tests/Feature/Reviews/*; tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php
Alerts and notification routing	implemented_verified	yes	partial	repo tests, not run	yes	yes	app/Services/Alerts/AlertDispatchService.php; tests/Feature/*Alert*
Provider health, onboarding readiness and required permissions	adopted	yes	yes	repo tests, not run	yes	almost	app/Jobs/ProviderConnectionHealthCheckJob.php; app/Services/Onboarding/OnboardingLifecycleService.php; app/Filament/Pages/TenantRequiredPermissions.php
Permission posture reporting	implemented_verified	yes	yes	repo tests, not run	yes	yes	app/Services/PermissionPosture/PermissionPostureFindingGenerator.php; tests/Feature/PermissionPosture/*
Entra admin roles reporting	implemented_verified	yes	yes	repo tests, not run	yes	yes	app/Services/EntraAdminRoles/EntraAdminRolesReportService.php; tests/Feature/EntraAdminRoles/*
Stored reports substrate	implemented_verified	yes	partial	repo tests, not run	partial	foundation-only	app/Models/StoredReport.php; tests/Feature/PermissionPosture/StoredReportModelTest.php; tests/Feature/EntraAdminRoles/StoredReportFingerprintTest.php
Support diagnostics	adopted	yes	yes	repo tests, not run	yes	almost	app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php; app/Filament/Pages/TenantDashboard.php; tests/Feature/SupportDiagnostics/*
In-app support requests	implemented_verified	yes	yes	repo tests, not run	yes	almost	app/Models/SupportRequest.php; app/Support/SupportRequests/*; tests/Feature/SupportRequests/*
Product knowledge and contextual help	implemented_partial	yes	yes	repo tests, not run	partial	almost	app/Support/ProductKnowledge/ContextualHelpCatalog.php; tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php
Localization foundation	implemented_verified	yes	yes	repo tests, not run	partial	foundation-only	app/Services/Localization/LocaleResolver.php; app/Http/Controllers/LocalizationController.php; tests/Feature/Localization/*
Product telemetry	implemented_verified	yes	yes	repo tests, not run	yes	almost	app/Models/ProductUsageEvent.php; app/Filament/System/Widgets/ProductTelemetryKpis.php; tests/Feature/System/ProductTelemetry/*
Customer health scoring	implemented_verified	yes	yes	repo tests, not run	partial	almost	app/Filament/System/Widgets/CustomerHealthKpis.php; app/Filament/System/Widgets/CustomerHealthTopWorkspaces.php; tests/Feature/System/CustomerHealth/*
Operational controls	implemented_verified	yes	yes	repo tests, not run	yes	almost	app/Models/OperationalControlActivation.php; app/Support/OperationalControls/*; tests/Feature/System/OpsControls/*
Workspace entitlements	implemented_verified	yes	yes	repo tests, not run	yes	foundation-only	app/Services/Entitlements/WorkspaceEntitlementResolver.php; tests/Feature/Filament/Settings/WorkspaceEntitlementsSettingsPageTest.php
Capability-first RBAC	adopted	yes	yes	repo tests, not run	yes	foundation-only	app/Services/Auth/CapabilityResolver.php; app/Services/Auth/RoleCapabilityMap.php; many tests/Feature/Rbac/*
Audit log foundation	adopted	yes	yes	repo tests, not run	yes	foundation-only	app/Models/AuditLog.php; app/Services/Audit/WorkspaceAuditLogger.php; many audit-focused feature tests
Canonical control catalog	implemented_verified	yes	partial	repo tests, not run	partial	foundation-only	app/Support/Governance/Controls/CanonicalControlCatalog.php; config/canonical_controls.php; tests/Unit/Governance/*
Portfolio triage continuity	implemented_verified	yes	yes	repo tests, not run	yes	foundation-only	app/Services/PortfolioTriage/TenantTriageReviewService.php; app/Support/PortfolioTriage/*; tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php

Foundation-Only Capabilities

• OperationRun truth and canonical operation typing: starke Execution-Foundation, aber kein eigenstaendiger Kundennutzen-Surface.
• Audit log foundation: breit genutzt und wichtig fuer Governance, aber allein nicht verkaufbar.
• Capability-first RBAC: belastbar und testnah, bleibt aber Enablement-Layer.
• Workspace entitlements: reale Gate- und Override-Logik, aber noch keine volle Commercial Lifecycle Story.
• Canonical control catalog: starke semantische Foundation fuer Evidence, Findings und Reviews.
• Stored reports substrate: wichtig fuer Reports, Evidence und Diagnostics, aber kein eigenstaendiges Produktversprechen.
• Evidence snapshot substrate: tragende technische Basis fuer Reviews und Exports.
• Localization foundation: resolved locale precedence, Workspace-Default, User-Praeferenz/Override und Notification-Formatting sind real, aber Enablement statt eigener Produkt-Surface.
• Operational control registry and evaluator: starke Safety-Control-Foundation, primar operatorseitig.
• Customer health scoring: reale interne SaaS-Operations-Layer, aber noch keine eigenstaendige Kundenoberflaeche.
• Portfolio triage continuity: sinnvoller Multi-Tenant-Unterbau, aber noch kein vollstaendiges Portfolio-Produkt.

Partial Capabilities

• Customer-facing review consumption: Tenant Reviews, Evidence Snapshots, Review Packs und der Customer Review Workspace sind repo-real, aber portfolio-weite Consumption- und Sharing-Patterns bleiben offen.
• Findings Workflow v2: Triage, Assignment, My Work, Intake, Governance Inbox, Exceptions und Notifications sind vorhanden; spaetere Cross-Tenant-Decisioning-Layer und Cleanup debt um Lifecycle-Backfill-Surfaces, acknowledged-Kompatibilitaet und explizite Creation-Time-Invarianten bleiben offen.
• Product scalability and self-service: Onboarding, Support, Help und Entitlements sind weit, Billing-, Trial- und Demo-Reife aber nicht.
• MSP portfolio operations: Portfolio-Triage ist vorhanden, Cross-Tenant Compare und Promotion fehlen.
• Platform operations maturity: Control Tower und Ops Controls sind stark, aber einige geplante operatorseitige Drilldowns/Exports fehlen noch.
• Product knowledge rollout: Help-Katalog und Resolver sind real, aber noch nicht breit genug adoptiert fuer "fertig".

Planned But Not Implemented

• Private AI Execution & Usage Governance Foundation
• Human-in-the-Loop Autonomous Governance
• Standardization & Policy Quality / Intune Linting
• PSA / Ticketing Handoff
• Cross-Tenant Compare and Promotion v1
• Policy Lifecycle / Ghost Policies
• Later compliance overlays beyond the current control/evidence foundation

Release Readiness

Release / Theme	Readiness	Notes
R1 Golden Master Governance	implemented	Die zentrale Governance- und Execution-Layer ist repo-verifiziert und breit adoptiert.
R2 Tenant Reviews & Evidence Packs	implemented	Reviews, Evidence Snapshots, Review Packs, Customer Review Workspace und Exception-/Accepted-Risk-Workflow sind repo-real; breitere Commercial-Polish-Themen bleiben separat.
R3 MSP Portfolio OS	foundation only	Portfolio-Triage und Governance-Surfaces sind da, aber Compare/Promotion und portfolio-weite Action-Layer fehlen.
Later Compliance Light	foundation only	Canonical Controls, Evidence und Exceptions existieren als Grundlage; ein Compliance-Produkt ist nicht repo-proven.

Commercial Readiness

Demo-ready

• Baseline compare and drift walkthroughs
• Review pack generation and export
• Customer-safe review workspace walkthroughs
• Provider health, onboarding readiness and required permissions
• Support diagnostics
• Permission posture and Entra admin roles reporting

Almost sellable

• Review-driven governance workflow rund um Tenant Reviews, Customer Review Workspace, accepted risks und Review Packs
• Baseline drift and restore governance
• Findings workflow mit persönlicher Inbox, Intake, Governance Inbox und Exception-Handling
• Alerting and run visibility for governance operations
• Support requests with contextual diagnostics
• Provider readiness and permission posture reporting

Foundation-only

• OperationRun truth layer
• Audit foundation
• Capability-first RBAC
• Workspace entitlements
• Canonical control catalog
• Stored reports substrate
• Evidence snapshot substrate
• Localization foundation
• Product telemetry
• Customer health scoring
• Operational controls
• Portfolio triage continuity

Not sellable yet

• Cross-Tenant Compare and Promotion v1
• Private AI Execution Governance Foundation
• External Support Desk / PSA Handoff
• Compliance Light product layer

Open Gaps & Blockers

Gap	Type	Impact	Roadmap Area	Recommended Spec
Decisioning still spans multiple repo-real inboxes	UX blocker	My Findings, Intake, Governance Inbox und Exception Queue sind real, aber Operators springen weiter zwischen mehreren Spezial-Surfaces und es gibt noch keinen portfolio-weiten Action-Layer	Findings Workflow / MSP Portfolio	P1 Governance Decision Surface Convergence
Findings lifecycle backfill runtime surfaces remain productized	Cleanup blocker	Runbooks, commands, capabilities and tenant actions still expose a pre-production repair path that should not ship as product truth	Findings Workflow / Legacy Removal	P1 Remove Findings Lifecycle Backfill Runtime Surfaces
Legacy acknowledged status compatibility still survives	Semantics blocker	Status helpers, filters, badges, capability aliases and tests keep non-canonical workflow semantics alive	Findings Workflow / RBAC	P1 Remove Legacy Acknowledged Finding Status Compatibility
Creation-time finding invariants are implied but not explicitly protected	Integrity blocker	Future finding generators could regress into partial lifecycle writes and recreate the need for repair tooling	Findings Workflow / Data Integrity	P1 Enforce Creation-Time Finding Invariants
Cross-tenant compare and promotion is not repo-proven	Release blocker	MSP portfolio story remains partial	MSP Portfolio & Operations	P1 Cross-Tenant Compare and Promotion v1
Entitlements stop short of full commercial lifecycle	Commercialization blocker	Plan gating exists, but trial, grace and suspension semantics remain incomplete	Product Scalability & Self-Service Foundation	P2 Commercial Entitlements and Billing-State Maturity
Support requests do not hand off to an external desk	Commercialization blocker	Support operations still depend on manual follow-through outside the product	R2 completion / Support	P2 External Support Desk / PSA Handoff
AI governance foundation is absent	Architecture blocker	Future AI features would risk trust and policy drift if added directly	Private AI Execution & Usage Governance	P3 Private AI Execution Governance Foundation
Roadmap understates current repo truth	Architecture blocker	Prioritization can drift because strategy docs still lag neuere Review-, Findings- und Localization-Surfaces	Product planning / roadmap maintenance	none - docs alignment
Test files were not executed for this ledger update	Testing blocker	This document relies on code plus test presence, not live runtime validation	all areas	none - run targeted suites

Recommended Next Specs

• P1 Governance Decision Surface Convergence: verbindet My Findings, Intake, Governance Inbox, Customer Review Workspace und Exception Queue zu weniger Operator-Journeys und bereitet die Portfolio-Ebene vor.
• P1 Remove Findings Lifecycle Backfill Runtime Surfaces: removes visible pre-production repair tooling from runbooks, commands, actions, capabilities and deploy/runtime hooks.
• P1 Remove Legacy Acknowledged Finding Status Compatibility: collapses findings workflow semantics onto the canonical triaged model and removes stale RBAC/query aliases.
• P1 Enforce Creation-Time Finding Invariants: proves that new findings are lifecycle-ready at write time so no repair backfill has to return later.
• P1 Cross-Tenant Compare and Promotion v1: needed to move from portfolio visibility to portfolio action.
• P2 Commercial Entitlements and Billing-State Maturity: extends the already real entitlement substrate into a usable commercial lifecycle.
• P2 External Support Desk / PSA Handoff: extends support requests beyond internal persistence.
• P3 Private AI Execution Governance Foundation: should exist before feature-level AI adoption, not after it.

Roadmap Drift Notes

• roadmap.md understates current R2 completion. Customer Review Workspace, published review handoff, review-pack downloads und der Finding-Exception-/Risk-Acceptance-Workflow sind bereits repo-real.
• roadmap.md understates findings workflow maturity. My Findings, Intake, Governance Inbox und Exception Queue existieren bereits im Repo.
• roadmap.md understates localization maturity. Locale resolution order, Workspace-Default, User-Praeferenz, lokalisierte Notifications und Fallback-Tests sind implementiert.
• roadmap.md understates the current R2 control foundation. Canonical controls, stored reports, permission posture and Entra admin roles are already repo-real, not just near-term ideas.
• roadmap.md understates product supportability. Support diagnostics, in-app support requests and contextual help already exist in the repo.
• roadmap.md understates operational maturity. Product telemetry, customer health and operational controls are already implemented and wired into the system panel.
• roadmap.md understates commercial foundations. A workspace entitlement resolver, plan profiles and enforcement points already exist, even though full billing-state maturity does not.
• The roadmap is now better at describing still-missing portfolio- und commercial-Layer than the current state of review/findings/localization implementation. Cross-Tenant Compare and Promotion, full billing-state maturity, external PSA handoff and AI Governance still look genuinely unimplemented.
• The main drift pattern is underestimation, not overestimation. Customer-facing review consumption is no longer the clearest missing piece; portfolio action and commercial lifecycle are.

Evidence Sources

Wichtigste Strategie- und Scope-Quellen:

• docs/product/roadmap.md
• docs/product/spec-candidates.md

Wichtige Plattform- und UI-Anker:

• apps/platform/bootstrap/providers.php
• apps/platform/app/Providers/Filament/AdminPanelProvider.php
• apps/platform/app/Providers/Filament/SystemPanelProvider.php
• apps/platform/app/Filament/Pages/TenantDashboard.php
• apps/platform/app/Filament/System/Pages/Dashboard.php
• apps/platform/app/Filament/Pages/TenantRequiredPermissions.php
• apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php
• apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php
• apps/platform/app/Filament/Pages/Findings/FindingsIntakeQueue.php
• apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php
• apps/platform/app/Filament/Pages/Monitoring/FindingExceptionsQueue.php

Wichtige Models:

• apps/platform/app/Models/OperationRun.php
• apps/platform/app/Models/Finding.php
• apps/platform/app/Models/FindingException.php
• apps/platform/app/Models/FindingExceptionDecision.php
• apps/platform/app/Models/FindingExceptionEvidenceReference.php
• apps/platform/app/Models/BaselineProfile.php
• apps/platform/app/Models/BaselineSnapshot.php
• apps/platform/app/Models/EvidenceSnapshot.php
• apps/platform/app/Models/TenantReview.php
• apps/platform/app/Models/ReviewPack.php
• apps/platform/app/Models/StoredReport.php
• apps/platform/app/Models/SupportRequest.php
• apps/platform/app/Models/ProductUsageEvent.php
• apps/platform/app/Models/OperationalControlActivation.php
• apps/platform/app/Models/AuditLog.php

Wichtige Services und Jobs:

• apps/platform/app/Services/ReviewPackService.php
• apps/platform/app/Services/TenantReviews/TenantReviewService.php
• apps/platform/app/Services/Evidence/EvidenceSnapshotService.php
• apps/platform/app/Services/Baselines/BaselineCompareService.php
• apps/platform/app/Services/Alerts/AlertDispatchService.php
• apps/platform/app/Services/Findings/FindingExceptionService.php
• apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php
• apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php
• apps/platform/app/Services/Entitlements/WorkspaceEntitlementResolver.php
• apps/platform/app/Services/PortfolioTriage/TenantTriageReviewService.php
• apps/platform/app/Support/Governance/Controls/CanonicalControlCatalog.php
• apps/platform/app/Services/Audit/WorkspaceAuditLogger.php
• apps/platform/app/Services/Auth/CapabilityResolver.php
• apps/platform/app/Services/Localization/LocaleResolver.php

Wichtige Test-Anker im Repo:

• apps/platform/tests/Feature/ReviewPack/*
• apps/platform/tests/Feature/Evidence/*
• apps/platform/tests/Feature/PermissionPosture/*
• apps/platform/tests/Feature/EntraAdminRoles/*
• apps/platform/tests/Feature/SupportDiagnostics/*
• apps/platform/tests/Feature/SupportRequests/*
• apps/platform/tests/Feature/System/CustomerHealth/*
• apps/platform/tests/Feature/System/ProductTelemetry/*
• apps/platform/tests/Feature/System/OpsControls/*
• apps/platform/tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php
• apps/platform/tests/Unit/Governance/*
• apps/platform/tests/Unit/Entitlements/*

Last Updated

2026-04-29 on branch platform-dev