ahmido
b159dacd36
## Summary - remove legacy tenant-scoped routing and middleware paths in favor of the current environment/workspace context flow - update Filament pages and resources to use the cleaned-up admin surface and environment filter context - add the related spec 317 artifacts and targeted tests for environment filter state and legacy context cleanup ## Testing - not run as part of this commit/push/PR workflow Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #372
371 lines
46 KiB
Markdown
371 lines
46 KiB
Markdown
# TenantPilot Implementation Ledger
|
|
|
|
> **Status:** Active
|
|
> **Last reviewed:** 2026-05-15
|
|
> **Use for:** Repo-based implementation status and product-surface maturity assessment
|
|
> **Do not use for:** Roadmap priority, spec priority, or proof that tests were executed in the current branch
|
|
> **Scoped maintenance:** 2026-05-15 Spec 310 product-truth/docs-drift reconciliation after Specs 307-309; 2026-05-15 Spec 309 RBAC role matrix and access boundary hardening update; 2026-05-15 Spec 308 customer-safe Decision Summary and Review Pack inclusion update; 2026-05-15 Decision Register proof-link implementation update after Spec 307; 2026-05-15 Decision Register reconciliation update after Spec 306; 2026-05-15 Tenant Panel dead-code retirement guardrail update after Spec 304; 2026-05-12 roadmap/ledger alignment after the admin workspace navigation and tenant-owned surface repair candidate intake from the repo-verified navigation/panel audit; 2026-05-06 ledger conflict cleanup plus alignment with `docs/product/roadmap.md` and `docs/product/spec-candidates.md` after the cross-domain indicator candidate intake and the current manual-promotion backlog review.
|
|
|
|
## Purpose
|
|
|
|
Dieses Dokument beschreibt den aktuellen repo-basierten Implementierungsstand von TenantPilot. Es ergaenzt `docs/product/roadmap.md` und `docs/product/spec-candidates.md`, ersetzt sie aber nicht.
|
|
|
|
Bewertungsregeln fuer dieses Ledger:
|
|
|
|
- Repo-basiert only: Aussagen zaehlen nur, wenn Code, Datenmodell, Workflow, UI-Adoption oder Test-Artefakte im Repo belastbar darauf hinweisen.
|
|
- Keine Roadmap- oder Spec-Absicht ohne Repo-Evidence.
|
|
- Produkt-Posture nutzt als Basis `foundation-only`, `implemented but not productized`, `fast sellable`, `sellable` oder `not implemented`; seit Spec 310 duerfen belegte Product-Truth-Labels wie `repo-real`, `open gap`, `historical` oder `security-hardening completed` in Statusnotizen oder kombinierten Tabellenzellen ergaenzen.
|
|
- `sellable` wird nur dort verwendet, wo UI, Workflow, Datenmodell, RBAC/Audit und passende Test-Artefakte plausibel zusammenpassen.
|
|
- `fast sellable` bedeutet: repo-real und kunden- oder operatornah genug, aber die letzte produktisierte Delivery-, Packaging- oder Self-Serve-Schicht fehlt noch.
|
|
- `implemented but not productized` bedeutet: reale Oberflaechen oder Workflows existieren, aber sie sind noch nicht als ruhige, wiederholbare Produkt-Slice zusammengezogen.
|
|
- `foundation-only` bleibt fuer Enablement-, Control-, Policy- oder technische Tragschichten reserviert.
|
|
- Wenn Tests unten als vorhanden markiert sind, bedeutet das: passende Test-Dateien existieren im Repo. Sie wurden fuer dieses Ledger nicht ausgefuehrt.
|
|
|
|
## Current Product Position
|
|
|
|
TenantPilot ist aktuell ein starkes internes Governance- und Operations-Produkt mit belastbaren Foundations fuer Execution Truth, Baselines/Drift, Findings, Evidence, Reviews, Review Packs, Supportability, Telemetry, Safety Controls und eine repo-reale governed AI policy foundation. Darauf sitzen inzwischen mehrere repo-real productization slices: eine customer-safe Review-/Governance-Package-Surface im Admin-Kontext, released-review detail handoff, customer-safe Decision Summary und Review Pack inclusion aus Spec 308, compliance interpretation overlays, bounded external support-desk handoff, commercial lifecycle state handling mit read-only gating, eine kanonische cross-tenant compare preview mit promotion preflight sowie ein repo-verifizierter operatorseitiger Decision Register ueber bestehender FindingException-Decision-Truth mit direkter proof/run link polish. Die Repo-Wahrheit liegt damit klar ueber einer simplen Lesart von "R1 done / R2 partial" und auch ueber einer rein foundation-only Interpretation fuer Reviews, Support und Portfolio-Preparation. Gleichzeitig ist das Produkt noch nicht voll als kundenseitig konsumierbare Portfolio- und Commercial-Plattform ausgereift: Es fehlen die letzte customer-safe self-serve productization ueber der Review-Surface, actual portfolio promotion execution, Decision-Based Governance Inbox completion, wiederholbare Billing-/Subscription-Truth, eine klarere Stored-Reports-Surface und der erste governed AI runtime consumer ueber der bereits repo-realen AI policy foundation.
|
|
|
|
## Runtime Guardrails
|
|
|
|
- 2026-05-15 / Spec 304: Active Tenant Panel runtime is absent and guarded. `bootstrap/providers.php` registers no Tenant Panel provider, no active `TenantPanelProvider.php` exists under the platform app runtime paths, no `/admin/t` or legacy `/admin/tenants` route family is registered, and focused tests guard canonical workspace/environment link emission. Workspace remains the active Filament admin runtime context while Managed Environment surfaces stay under canonical workspace/environment routes.
|
|
|
|
## Status Model
|
|
|
|
- `foundation-only`: belastbare technische, policy- oder control-layer foundation ohne hinreichende Produktisierung
|
|
- `implemented but not productized`: reale Oberflaeche oder Workflow vorhanden, aber noch keine ruhige wiederholbare Produktschicht
|
|
- `fast sellable`: repo-real, kunden- oder operatornah und nah an wiederholbarer Delivery, aber letzte Produktisierungsluecken bleiben
|
|
- `sellable`: belastbare UI-, Workflow-, RBAC/Audit- und Test-Spur mit wiederholbarem Produktversprechen
|
|
- `not implemented`: noch kein belastbarer repo-real Slice fuer das eigentliche Ziel
|
|
|
|
Spec-310-Truth-Labels fuer Statusnotizen:
|
|
|
|
- `repo-real`: Code, Runtime-Oberflaeche, Tests oder akzeptierte Spec-Close-out-Evidence belegen den Slice im Repo
|
|
- `implemented`: Runtime existiert, Produktreife kann aber variieren
|
|
- `spec-backed`: formaler Spec existiert, Implementierung ist nicht automatisch vollstaendig
|
|
- `historical`: abgeschlossen, promoted oder nur noch Sequencing-Kontext
|
|
- `superseded`: durch spaetere Spec- oder Runtime-Wahrheit ersetzt
|
|
- `open gap`: braucht weiterhin Produkt- oder Technikarbeit
|
|
- `security-hardening completed`: Sicherheits-/Access-Hardening wurde spezifisch verifiziert und adressiert
|
|
- `decision needed`: Produkt- oder Architekturentscheidung vor Umsetzung noetig
|
|
|
|
Evidence-Level im Dokument:
|
|
|
|
- `none`: keine belastbare Repo-Evidence
|
|
- `weak`: duenne Code- oder Doc-Spur, aber kein belastbarer Gesamtworkflow
|
|
- `medium`: mehrere Repo-Signale, aber noch nicht durchgaengig
|
|
- `strong`: Datenmodell, Workflow, UI- oder Test-Spur greifen konsistent ineinander
|
|
|
|
## Roadmap Coverage Summary
|
|
|
|
| Roadmap Area | Product posture | Evidence Level | UI Ready | Tested | Sellable | Notes |
|
|
|---|---|---:|---|---|---|---|
|
|
| R1 Golden Master Governance | sellable | strong | yes | repo tests, not run | yes | Baselines, Drift, Findings und OperationRun-Truth sind breit im Produkt verankert. |
|
|
| R2 Tenant Reviews, Evidence & Control Foundation | fast sellable | strong | yes | repo tests, not run | yes | Reviews, Evidence, Review Packs, Customer Review Workspace, governance-package delivery, customer-safe Decision Summary / Review Pack inclusion, compliance interpretation overlays und Control-/Exception-Layer greifen als reale Governance-Surface zusammen; die letzte customer-safe self-serve productization bleibt offen. |
|
|
| Alert escalation + notification routing | sellable | strong | partial | repo tests, not run | yes | Alert-Regeln, Dispatch, Cooldown und Quiet Hours sind real. |
|
|
| Governance & Architecture Hardening | foundation-only | strong | partial | repo tests, not run | no | Viele Hardening-Slices sind bereits im Code; Spec 309 ist als `security-hardening completed` fuer RBAC role matrix und admin/system access boundary abgeschlossen, waehrend breitere Support Access Governance separat offen bleibt. |
|
|
| UI & Product Maturity Polish | implemented but not productized | strong | partial | partial repo tests, not run | no | Empty States, Navigation, Localization und read-only Review-Polish sind real, aber kein geschlossenes Theme-Completion-Signal; admin workspace navigation drift remains explicit manual-promotion follow-through. |
|
|
| Secret & Security Hardening | fast sellable | strong | yes | repo tests, not run | yes | Provider-Verifikation, Permission-Diagnostics und Redaction sind belastbar. |
|
|
| Baseline Drift Engine (Cutover) | sellable | strong | yes | repo tests, not run | yes | Compare- und Drift-Workflow wirken als produktive Kernfunktion. |
|
|
| R1.9 Platform Localization v1 | foundation-only | strong | yes | repo tests, not run | no | Locale-Resolver, Override/Praeferenz, Workspace-Default, Fallback und lokalisierte Notifications sind repo-real; `specs/252-platform-localization-v1/spec.md` ist die historische Foundation. |
|
|
| Product Scalability & Self-Service Foundation | fast sellable | strong | yes | repo tests, not run | yes | Onboarding, Support, Help, Entitlements, commercial lifecycle state handling und bounded support-desk handoff sind repo-real; Billing-, Trial- und Demo-Truth bleiben offen. |
|
|
| R2.0 Canonical Control Catalog Foundation | foundation-only | strong | partial | repo tests, not run | no | Bereits implementiert und in Evidence/Reviews referenziert, aber kein eigenstaendiger Kundennutzen-Surface. |
|
|
| R2 Completion: customer review, support, help | fast sellable | strong | yes | repo tests, not run | yes | Customer Review Workspace, released-review detail handoff, governance-package delivery, Support Diagnostics/Requests und Help-Katalog sind repo-real, aber die finale customer-safe productization ist noch nicht vollstaendig. |
|
|
| Compliance Evidence Mapping v1 | implemented but not productized | strong | yes | repo tests, not run | no | Canonical control interpretation is rendered in tenant reviews and the customer review workspace, but broader framework coverage and auditor-facing mapping remain open. |
|
|
| Governance-as-a-Service Packaging v1 | implemented but not productized | strong | yes | repo tests, not run | no | Governance package status, download messaging und current review-pack reuse sind repo-real, aber recurring delivery workflows und breitere management packaging remain open. |
|
|
| Findings Workflow v2 / Execution Layer | fast sellable | strong | yes | repo tests, not run | yes | Triage, Ownership, My Work, Intake, Governance Inbox, Exceptions und Alerts/Hygiene sind real; Cross-Tenant-Decisioning bleibt spaeter. |
|
|
| Provider-missing policy visibility follow-up | not implemented | weak | no | no | no | `specs/261-provider-missing-policy-visibility/spec.md` bleibt ein schmaler policy-only Follow-up; die breitere Lifecycle-Taxonomie ist getrennt. |
|
|
| Platform Operations Maturity | implemented but not productized | strong | yes | repo tests, not run | no | System Panel, Control Tower und Ops Controls sind real; CSV/Raw Drilldowns bleiben offen. |
|
|
| Product Usage, Customer Health & Operational Controls | implemented but not productized | strong | yes | repo tests, not run | no | Diese Mid-term-Lane ist im Repo bereits substanziell vorhanden, bleibt aber vor allem operatorseitige Produktisierung. |
|
|
| Private AI Execution Governance Foundation | foundation-only | strong | partial | repo tests, not run | no | `specs/248-private-ai-policy-foundation/spec.md` ist repo-real in Policy, Boundary, Settings und Ops Controls; der erste Runtime-Consumer fehlt noch. |
|
|
| MSP Portfolio & Operations | implemented but not productized | strong | yes | repo tests, not run | no | Portfolio-Triage, canonical compare preview, preflight audit and launch continuity are repo-real; actual promotion execution and the broader decision workboard remain open. |
|
|
| Human-in-the-Loop Autonomous Governance | not implemented | weak | no | no | no | Kein repo-verifizierter Decision-Pack- oder Approval-Workflow jenseits des jetzigen Exception-/Review-Layers. |
|
|
| Drift & Change Governance | fast sellable | strong | yes | repo tests, not run | yes | Drift review, accepted-risk governance, exception validity und Governance-Inbox-Surfaces sind repo-real; portfolio-weite Eskalation bleibt offen. |
|
|
| Standardization & Policy Quality | not implemented | none | no | no | no | Keine starke Repo-Evidence fuer eine Intune-Linting- oder Policy-Quality-Oberflaeche. |
|
|
| PSA / Ticketing Handoff | implemented but not productized | strong | yes | repo tests, not run | no | Support Requests include bounded external create/link handoff on the current tenant and operation-run contexts; broader multi-provider ITSM expansion remains separate work. |
|
|
|
|
## Implemented Capabilities
|
|
|
|
| Capability | Product posture | Backend | UI | Tests | RBAC/Audit | Sellable | Evidence |
|
|
|---|---|---|---|---|---|---|---|
|
|
| OperationRun truth layer | foundation-only | yes | partial | repo tests, not run | yes | no | `app/Models/OperationRun.php`; `tests/Feature/System/*`; `tests/Feature/ReviewPack/*` |
|
|
| Baseline profiles, snapshots and compare | sellable | yes | yes | repo tests, not run | yes | yes | `app/Models/BaselineProfile.php`; `app/Models/BaselineSnapshot.php`; `app/Services/Baselines/BaselineCompareService.php` |
|
|
| Drift findings and governance pressure | sellable | yes | yes | repo tests, not run | yes | yes | `app/Models/Finding.php`; `app/Filament/Widgets/Dashboard/RecentDriftFindings.php`; `tests/Feature/Findings/*` |
|
|
| Findings inboxes and governance inbox | fast sellable | yes | yes | repo tests, not run | yes | yes | `app/Filament/Pages/Findings/MyFindingsInbox.php`; `app/Filament/Pages/Findings/FindingsIntakeQueue.php`; `app/Filament/Pages/Governance/GovernanceInbox.php`; `tests/Feature/Findings/MyWorkInboxTest.php`; `tests/Feature/Governance/*` |
|
|
| Finding exceptions and risk acceptance workflow | fast sellable | yes | yes | repo tests, not run | yes | yes | `app/Models/FindingException.php`; `app/Services/Findings/FindingExceptionService.php`; `app/Filament/Resources/FindingExceptionResource.php`; `tests/Feature/Findings/FindingExceptionWorkflowTest.php` |
|
|
| Decision Register operator surface | implemented but not productized / repo-real | yes | yes | repo tests, run in Specs 306/307 | yes | no | `specs/265-decision-register-approval/spec.md`; `specs/306-decision-register-reconciliation/decision-register-reconciliation.md`; `specs/307-decision-register-evidence-operationrun-link-polish/spec.md`; `app/Filament/Pages/Governance/DecisionRegister.php`; `app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php`; `tests/Feature/Governance/DecisionRegisterPageTest.php`; `tests/Feature/Findings/FindingExceptionDecisionRegisterNavigationTest.php`; `tests/Feature/Findings/FindingExceptionDecisionRegisterBoundariesTest.php` |
|
|
| Decision Register proof/run links | fast sellable / repo-real | yes | yes | repo tests, run in Spec 307 | yes | no | `specs/307-decision-register-evidence-operationrun-link-polish/spec.md`; `specs/307-decision-register-evidence-operationrun-link-polish/tasks.md`; `app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php`; `app/Filament/Pages/Governance/DecisionRegister.php`; `tests/Unit/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilderTest.php`; `tests/Feature/Governance/DecisionRegisterPageTest.php` |
|
|
| Restore workflow with safety gates | sellable | yes | yes | repo tests, not run | yes | yes | `app/Models/OperationRun.php`; restore gates and tests in `tests/Feature/Restore/*` |
|
|
| Evidence snapshots | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Models/EvidenceSnapshot.php`; `app/Services/Evidence/EvidenceSnapshotService.php`; `tests/Feature/Evidence/*` |
|
|
| Tenant reviews | fast sellable | yes | yes | repo tests, not run | yes | yes | `app/Models/TenantReview.php`; `app/Services/TenantReviews/TenantReviewService.php`; `tests/Feature/TenantReview/*` |
|
|
| Review pack generation and export | fast sellable | yes | yes | repo tests, not run here; Spec 308 validation recorded | yes | yes | `specs/109-review-pack-export/spec.md`; `specs/308-decision-register-summary-review-pack/plan.md`; `app/Models/ReviewPack.php`; `app/Services/ReviewPackService.php`; `app/Jobs/GenerateReviewPackJob.php`; `tests/Feature/ReviewPack/*` |
|
|
| Decision Summary in reviews and Review Packs | fast sellable / repo-real | yes | yes | repo tests, run in Spec 308 | yes | yes | `specs/308-decision-register-summary-review-pack/spec.md`; `specs/308-decision-register-summary-review-pack/plan.md`; `app/Services/EnvironmentReviews/EnvironmentReviewComposer.php`; `app/Jobs/GenerateReviewPackJob.php`; `tests/Feature/EnvironmentReview/EnvironmentReviewExecutivePackTest.php`; `tests/Feature/ReviewPack/EnvironmentReviewDerivedReviewPackTest.php` |
|
|
| Customer review workspace | fast sellable / repo-real, v1 completion open gap | yes | yes | repo tests, not run here; Spec 308 validation recorded for summary/pack inclusion | yes | no | `specs/258-customer-review-productization/spec.md`; `specs/308-decision-register-summary-review-pack/spec.md`; `app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`; `tests/Feature/Reviews/*`; `tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php` |
|
|
| Governance package delivery surface | implemented but not productized | yes | yes | repo tests, not run | yes | no | `specs/260-governance-service-packaging/spec.md`; `app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`; `app/Filament/Resources/TenantReviewResource.php`; `tests/Feature/Reviews/CustomerReviewWorkspacePackAccessTest.php`; `tests/Feature/TenantReview/TenantReviewExplanationSurfaceTest.php` |
|
|
| Compliance evidence mapping overlay | implemented but not productized | yes | yes | repo tests, not run | partial | no | `specs/259-compliance-evidence-mapping/spec.md`; `app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php`; `app/Services/TenantReviews/TenantReviewSectionFactory.php`; `tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php` |
|
|
| Alerts and notification routing | sellable | yes | partial | repo tests, not run | yes | yes | `app/Services/Alerts/AlertDispatchService.php`; `tests/Feature/*Alert*` |
|
|
| Provider health, onboarding readiness and required permissions | fast sellable | yes | yes | repo tests, not run | yes | yes | `app/Jobs/ProviderConnectionHealthCheckJob.php`; `app/Services/Onboarding/OnboardingLifecycleService.php`; `app/Filament/Pages/TenantRequiredPermissions.php` |
|
|
| Permission posture reporting | sellable | yes | yes | repo tests, not run | yes | yes | `app/Services/PermissionPosture/PermissionPostureFindingGenerator.php`; `tests/Feature/PermissionPosture/*` |
|
|
| Entra admin roles reporting | sellable | yes | yes | repo tests, not run | yes | yes | `app/Services/EntraAdminRoles/EntraAdminRolesReportService.php`; `tests/Feature/EntraAdminRoles/*` |
|
|
| Stored reports substrate | foundation-only | yes | partial | repo tests, not run | partial | no | `app/Models/StoredReport.php`; `tests/Feature/PermissionPosture/StoredReportModelTest.php`; `tests/Feature/EntraAdminRoles/StoredReportFingerprintTest.php` |
|
|
| Support diagnostics | fast sellable | yes | yes | repo tests, not run | yes | yes | `app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php`; `app/Filament/Pages/TenantDashboard.php`; `tests/Feature/SupportDiagnostics/*` |
|
|
| In-app support requests | fast sellable | yes | yes | repo tests, not run | yes | yes | `app/Models/SupportRequest.php`; `app/Support/SupportRequests/*`; `tests/Feature/SupportRequests/*` |
|
|
| External support-desk handoff | implemented but not productized | yes | yes | repo tests, not run | yes | no | `app/Support/SupportRequests/ExternalSupportDeskHandoffService.php`; `app/Support/SupportRequests/SupportRequestSubmissionService.php`; `tests/Unit/Support/SupportRequests/ExternalSupportDeskHandoffServiceTest.php` |
|
|
| Product knowledge and contextual help | implemented but not productized | yes | yes | repo tests, not run | partial | no | `app/Support/ProductKnowledge/ContextualHelpCatalog.php`; `tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php` |
|
|
| Localization foundation | foundation-only | yes | yes | repo tests, not run | partial | no | `specs/252-platform-localization-v1/spec.md`; `app/Services/Localization/LocaleResolver.php`; `app/Http/Controllers/LocalizationController.php`; `tests/Feature/Localization/*` |
|
|
| Product telemetry | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Models/ProductUsageEvent.php`; `app/Filament/System/Widgets/ProductTelemetryKpis.php`; `tests/Feature/System/ProductTelemetry/*` |
|
|
| Customer health scoring | foundation-only | yes | yes | repo tests, not run | partial | no | `app/Filament/System/Widgets/CustomerHealthKpis.php`; `app/Filament/System/Widgets/CustomerHealthTopWorkspaces.php`; `tests/Feature/System/CustomerHealth/*` |
|
|
| Operational controls | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Models/OperationalControlActivation.php`; `app/Support/OperationalControls/*`; `tests/Feature/System/OpsControls/*` |
|
|
| Governed AI policy foundation | foundation-only | yes | partial | repo tests, not run | yes | no | `specs/248-private-ai-policy-foundation/spec.md`; `app/Support/Ai/AiUseCaseCatalog.php`; `app/Support/Ai/GovernedAiExecutionBoundary.php`; `app/Support/Ai/AiDecisionAuditMetadataFactory.php`; `app/Filament/Pages/Settings/WorkspaceSettings.php`; `tests/Unit/Support/Ai/*`; `tests/Feature/SettingsFoundation/WorkspaceAiPolicySettingsTest.php`; `tests/Feature/System/OpsControls/AiExecutionOperationalControlTest.php` |
|
|
| Workspace entitlements | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Services/Entitlements/WorkspaceEntitlementResolver.php`; `tests/Feature/Filament/Settings/WorkspaceEntitlementsSettingsPageTest.php` |
|
|
| Commercial lifecycle state handling | foundation-only | yes | yes | repo tests, not run | yes | no | `specs/251-commercial-entitlements-billing-state/spec.md`; `app/Services/Entitlements/WorkspaceCommercialLifecycleResolver.php`; `app/Filament/System/Pages/Directory/ViewWorkspace.php`; `tests/Feature/System/ViewWorkspaceEntitlementsTest.php`; `tests/Unit/Entitlements/WorkspaceCommercialLifecycleResolverTest.php` |
|
|
| Capability-first RBAC | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Services/Auth/CapabilityResolver.php`; `app/Services/Auth/RoleCapabilityMap.php`; many `tests/Feature/Rbac/*` |
|
|
| RBAC role matrix and access boundary hardening | security-hardening completed / repo-real | yes | yes | repo tests, run in Spec 309 | yes | no | `specs/309-rbac-role-matrix-access-boundary-audit/tasks.md`; `app/Services/Auth/WorkspaceRoleCapabilityMap.php`; `app/Models/User.php`; `tests/Feature/Rbac/RoleMatrix/ManagerAccessTest.php`; `tests/Feature/Rbac/PanelAccess/AdminPanelAccessBoundaryTest.php`; `tests/Feature/Rbac/PanelAccess/SystemPanelAccessBoundaryTest.php` |
|
|
| Audit log foundation | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Models/AuditLog.php`; `app/Services/Audit/WorkspaceAuditLogger.php`; many audit-focused feature tests |
|
|
| Canonical control catalog | foundation-only | yes | partial | repo tests, not run | partial | no | `app/Support/Governance/Controls/CanonicalControlCatalog.php`; `config/canonical_controls.php`; `tests/Unit/Governance/*` |
|
|
| Portfolio triage continuity | foundation-only | yes | yes | repo tests, not run | yes | no | `app/Services/PortfolioTriage/TenantTriageReviewService.php`; `app/Support/PortfolioTriage/*`; `tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php` |
|
|
| Cross-tenant compare preview and promotion preflight | fast sellable | yes | yes | repo tests, not run | yes | yes | `specs/043-cross-tenant-compare-and-promotion/spec.md`; `app/Filament/Pages/CrossTenantComparePage.php`; `app/Support/PortfolioCompare/CrossTenantComparePreviewBuilder.php`; `app/Support/PortfolioCompare/CrossTenantPromotionPreflight.php`; `tests/Feature/PortfolioCompare/*`; `tests/Unit/Support/PortfolioCompare/*` |
|
|
|
|
## Foundation-Only Capabilities
|
|
|
|
- OperationRun truth and canonical operation typing: starke Execution-Foundation, aber kein eigenstaendiger Kundennutzen-Surface.
|
|
- Audit log foundation: breit genutzt und wichtig fuer Governance, aber allein nicht verkaufbar.
|
|
- Capability-first RBAC: belastbar und testnah, bleibt aber Enablement-Layer; Spec 309 ist die abgeschlossene `security-hardening completed` Korrektur fuer Owner-only membership management und admin/system panel boundaries, nicht die Support Access Governance Productization.
|
|
- Workspace entitlements und commercial lifecycle policy engine: reale Gate-, Lifecycle- und Override-Logik, aber noch keine volle Billing-/Contract-Ops story.
|
|
- Canonical control catalog: starke semantische Foundation fuer Evidence, Findings und Reviews.
|
|
- Stored reports substrate: wichtig fuer Reports, Evidence und Diagnostics, aber kein eigenstaendiges Produktversprechen.
|
|
- Evidence snapshot substrate: tragende technische Basis fuer Reviews und Exports.
|
|
- Localization foundation: resolved locale precedence, Workspace-Default, User-Praeferenz/Override und Notification-Formatting sind real, aber Enablement statt eigener Produkt-Surface.
|
|
- Governed AI policy foundation: Use-Case-Katalog, Boundary, Audit-Metadata, Workspace-Policy-Surface und Ops-Control-Integration sind repo-real, aber noch ohne ersten Runtime-Consumer.
|
|
- Operational control registry and evaluator: starke Safety-Control-Foundation, primar operatorseitig.
|
|
- Product telemetry und customer health scoring: reale operatorseitige SaaS-Operations-Layer, aber noch keine eigenstaendige sellable Oberflaeche.
|
|
- Portfolio triage continuity: sinnvoller Multi-Tenant-Unterbau, aber noch kein vollstaendiges Portfolio-Produkt.
|
|
|
|
## Fast-Sellable Or Not-Yet-Productized Capabilities
|
|
|
|
- Customer-facing review consumption: Tenant Reviews, Evidence Snapshots, Review Packs, the Customer Review Workspace, the customer-safe released-review detail mode, governance-package delivery cues, Spec 308 Decision Summary / Review Pack inclusion, compliance interpretation overlays, and commercial-lifecycle-aware access states are repo-real; Customer Review Workspace v1 Completion remains an `open gap`.
|
|
- Findings Workflow v2: Triage, Assignment, My Work, Intake, Governance Inbox, Exceptions, notifications, and the three queue-facing cleanup/hardening follow-through packages are now repo-backed; later cross-tenant action layers remain separate work.
|
|
- Decision Register: Spec 265 operator register runtime, Spec 306 reconciliation, Spec 307 direct evidence/report plus source/evidence OperationRun proof-link polish, and Spec 308 customer-safe Decision Summary / Review Pack inclusion are repo-backed; the remaining gap is broader Decision-Based Governance Inbox / Customer Review Workspace completion, not a Greenfield v1.
|
|
- Product scalability and self-service: Onboarding, Support, Help, Entitlements, commercial lifecycle state handling, and external support-desk handoff are repo-real; broader trial/demo and billing-subscription truth still remain.
|
|
- MSP portfolio operations: Portfolio-Triage plus cross-tenant compare preview and promotion preflight are repo-real; actual promotion execution and broader portfolio action orchestration remain open.
|
|
- Platform operations maturity: Control Tower und Ops Controls sind stark, aber einige geplante operatorseitige Drilldowns/Exports fehlen noch.
|
|
- Product knowledge rollout: Help-Katalog und Resolver sind real, aber noch nicht breit genug adoptiert fuer "fertig".
|
|
|
|
## Not Implemented
|
|
|
|
- Auditor Pack Delivery & Executive Export v1
|
|
- Cross-Tenant Promotion Execution v1
|
|
- Governance Artifact Lifecycle & Retention v1
|
|
- Customer-Facing Localization Adoption v1
|
|
- Billing & Subscription Truth Layer v1
|
|
- Stored Reports Surface v1
|
|
- Workspace & Tenant Closure Lifecycle v1
|
|
- Enterprise Access Boundary & Support Access Governance v1
|
|
- First Governed AI Runtime Consumer v1
|
|
- Human-in-the-Loop Autonomous Governance
|
|
- Standardization & Policy Quality / Intune Linting
|
|
- Provider-Missing Policy Visibility & Restore Continuity v1 (`specs/261-provider-missing-policy-visibility/spec.md`, spec-backed prep only)
|
|
- Broader compliance frameworks and auditor-facing mapping beyond the current evidence overlay
|
|
|
|
## Release Readiness
|
|
|
|
| Release / Theme | Readiness | Notes |
|
|
|---|---|---|
|
|
| R1 Golden Master Governance | sellable | Die zentrale Governance- und Execution-Layer ist repo-verifiziert und breit adoptiert. |
|
|
| R2 Tenant Reviews & Evidence Packs | fast sellable | Reviews, Evidence Snapshots, Review Packs, Customer Review Workspace, released-review detail handoff, governance-package delivery, compliance interpretation overlays und Exception-/Accepted-Risk-Workflow sind repo-real; die finale customer-safe Productization bleibt als sellability follow-up offen. |
|
|
| R3 MSP Portfolio OS | implemented but not productized | Portfolio-Triage sowie canonical compare preview/preflight sind da, aber actual promotion execution und portfolio-weite Action-Layer fehlen weiter. |
|
|
| Compliance Evidence Mapping v1 | implemented but not productized | Compliance interpretation overlays sind repo-real in Tenant Reviews und Customer Review Workspace, aber breitere Framework-Abdeckung und auditor-facing mapping fehlen weiter. |
|
|
| Governance-as-a-Service Packaging v1 | implemented but not productized | Governance package status, delivery messaging und current review-pack reuse sind repo-real; eine wiederholbare management-taugliche Packaging-Workflow-Layer ist nicht vollstaendig. |
|
|
|
|
## Commercial Readiness
|
|
|
|
### Demo-ready
|
|
|
|
- Baseline compare and drift walkthroughs
|
|
- Review pack generation and export
|
|
- Customer review workspace walkthroughs with operator guidance
|
|
- Cross-tenant compare preview and promotion preflight walkthroughs
|
|
- Provider health, onboarding readiness and required permissions
|
|
- Support diagnostics
|
|
- Permission posture and Entra admin roles reporting
|
|
|
|
### Fast sellable
|
|
|
|
- Review-driven governance workflow rund um Tenant Reviews, Customer Review Workspace, governance-package delivery, Spec 308 Decision Summary / Review Pack inclusion, compliance interpretation overlays, accepted risks und Review Packs, aber noch nicht als vollstaendig productisierte customer-safe consumption experience
|
|
- Baseline drift and restore governance
|
|
- Findings workflow mit persönlicher Inbox, Intake, Governance Inbox und Exception-Handling
|
|
- Alerting and run visibility for governance operations
|
|
- Support requests with contextual diagnostics and bounded external create/link handoff
|
|
- Provider readiness and permission posture reporting
|
|
|
|
### Implemented but not productized
|
|
|
|
- Review pack generation and export als wiederholbare auditor-/executive-ready delivery layer
|
|
- Broader compliance evidence mapping surface
|
|
- Standalone governance-as-a-service packaging workflow
|
|
- Cross-tenant compare preview and promotion preflight without execution
|
|
- Product knowledge and contextual help rollout
|
|
|
|
### Foundation-only
|
|
|
|
- OperationRun truth layer
|
|
- Audit foundation
|
|
- Capability-first RBAC
|
|
- Workspace entitlements
|
|
- Canonical control catalog
|
|
- Stored reports substrate
|
|
- Evidence snapshot substrate
|
|
- Localization foundation
|
|
- Governed AI policy foundation
|
|
- Product telemetry
|
|
- Customer health scoring
|
|
- Operational controls
|
|
- Portfolio triage continuity
|
|
|
|
### Not implemented
|
|
|
|
- Auditor-ready executive export / auditor pack delivery
|
|
- Portfolio-wide promotion execution and governance decision-pack workflow
|
|
- Billing and subscription truth layer
|
|
- Stored reports product surface
|
|
- Customer-facing localization adoption
|
|
- Workspace and tenant closure lifecycle runtime follow-through
|
|
- First governed AI runtime consumer
|
|
|
|
## Open Gaps & Blockers
|
|
|
|
Queue audit note: no safe automatic next-best-prep target remains active. The remaining open lanes are now tracked as explicit manual promotions in `docs/product/spec-candidates.md` instead of being re-opened through automatic queue logic.
|
|
|
|
| Gap | Type | Impact | Roadmap Area | Recommended Spec |
|
|
|---|---|---|---|---|
|
|
| No safe automatic next-best-prep target is currently active | Planning boundary | `docs/product/spec-candidates.md` now keeps the active queue empty, so the next slice must be promoted deliberately instead of selected automatically | Product planning / queue hygiene | none - require explicit manual promotion |
|
|
| Workspace-first / ManagedEnvironment core cutover is not started | Strategic architecture blocker | The repo still centers many governance, support, and portfolio surfaces on `Tenant` semantics, so future multi-provider work would otherwise accumulate more tenant- and Microsoft-centric core coupling | Platform core / provider-neutral posture | `Workspace-first / ManagedEnvironment Core Cutover` pack in `docs/product/spec-candidates.md` (planned as Specs 279-287) |
|
|
| Auditor-ready executive export is still missing | Productization blocker | Review truth remains short of auditor-/executive-ready delivery, even though the dedicated follow-through is now spec-backed | R2 review delivery | `specs/263-auditor-pack-executive-export/spec.md` |
|
|
| Cross-tenant promotion execution is still missing | Product blocker | Compare preview and preflight are repo-real, but the actual portfolio action remains absent even though the execution package is now spec-backed | MSP Portfolio & Operations | `specs/264-cross-tenant-promotion-execution/spec.md` |
|
|
| Customer Review Workspace v1 completion is still open | Productization gap | Repo-real review, Decision Summary, and Review Pack inclusion now exist, but a complete customer-safe self-serve workspace with calm status, reason, impact, evidence basis, accepted risks, decision summary, review-pack download, and one primary next action still needs productization | Customer review consumption | `311-customer-review-workspace-v1-completion` |
|
|
| Decision-Based Governance Inbox v1 remains open | Productization gap | The operator Decision Register is repo-real and not Greenfield, but a broader decision-centered governance inbox remains separate from the completed proof/link and customer-safe summary slices | Decision-based operating | `313-decision-based-governance-inbox-v1` |
|
|
| Governance-artifact lifecycle runtime is still missing | Trust / auditability blocker | Lifecycle taxonomy and point retention rules exist, but governance artifacts still lack immutable-reference, hold, export, delete, and suspended/read-only runtime semantics | Lifecycle governance / enterprise trust | `Governance Artifact Lifecycle & Retention v1` |
|
|
| Cross-domain progress and indicator semantics guardrail is still missing | UX / trust guardrail | Bars, percentages, scores, readiness, risk, usage, and generation-state hints still lack one shared taxonomy and standards layer above the OperationRun-specific rules | UI semantics / product trust | `Cross-Domain Progress / Indicator Semantics candidate group` |
|
|
| Residual admin workspace navigation contract drift may remain | UX / IA repair follow-through | Specs 301-304 now cover Inventory cutover, the tenant-owned surface audit, Entra Groups cutover, and tenant-panel dead-code retirement. The remaining risk is shared contract drift between workspace-home cleanliness and environment-bound admin visibility if new regressions appear. | UI maturity / admin runtime contract | `navigation-contract-split`, only if post-Spec 301-304 drift remains |
|
|
| Customer-facing localization adoption is incomplete | Productization blocker | Locale groundwork is repo-real, but customer-safe adoption remains incomplete | Localization / review productization | `Customer-Facing Localization Adoption v1` |
|
|
| Billing and subscription truth is missing | Commercial blocker | Entitlements and lifecycle state handling stop short of a durable billing/subscription truth layer | Commercial readiness | `Billing & Subscription Truth Layer v1` |
|
|
| Stored reports still lack a clear product surface | Product blocker | Retained evidence and review artifacts remain harder to consume than they should be | Reports / evidence consumption | `Stored Reports Surface v1` |
|
|
| Workspace and tenant closure follow-through is not started | Strategic blocker | The taxonomy exists, but closure/runtime semantics are not yet productized | Lifecycle governance / enterprise trust | `Workspace & Tenant Closure Lifecycle v1` |
|
|
| Support-access governance is still missing | Access governance blocker | Break-glass and support access seams exist, but customer-visible TTL, reason, approval, and export semantics are not productized | Enterprise access boundary | `Enterprise Access Boundary & Support Access Governance v1` |
|
|
| First governed AI runtime consumer is missing | Architecture blocker | The policy foundation exists, but there is no bounded runtime consumer proving the model end-to-end | Governed AI follow-through | `First Governed AI Runtime Consumer v1` |
|
|
|
|
## Recommended Manual Promotions
|
|
|
|
- `Cross-Domain Progress / Indicator Semantics candidate group` -> anchored by `specs/268-operationrun-activity-feedback/spec.md`, `specs/270-operationrun-progress-contract/spec.md`, `specs/271-counted-progress-rollout/spec.md`, `specs/272-operationrun-phase-composite-progress/spec.md`, `docs/ui/tenantpilot-enterprise-ui-standards.md`, and the current progress-like UI seams called out in `docs/product/spec-candidates.md`
|
|
- `Admin Workspace Navigation & Environment-owned Surface Repair candidate group` -> anchored by `apps/platform/app/Filament/Clusters/Inventory/InventoryCluster.php`, `apps/platform/app/Filament/Pages/InventoryCoverage.php`, `apps/platform/app/Filament/Resources/InventoryItemResource.php`, `apps/platform/app/Filament/Resources/EntraGroupResource.php`, `apps/platform/app/Filament/Concerns/WorkspaceScopedEnvironmentRoutes.php`, `apps/platform/app/Support/OperateHub/OperateHubShell.php`, and the navigation/runtime tests called out in `docs/product/spec-candidates.md`; Specs 301-304 now cover Inventory cutover, route-audit prep, groups cutover, and tenant-panel dead-code retirement, so only `navigation-contract-split` remains as a conditional follow-through if drift persists
|
|
- `Workspace-first / ManagedEnvironment Core Cutover` pack -> anchored by `docs/product/spec-candidates.md`, `docs/product/roadmap.md`, `docs/product/implementation-ledger.md`, and the tenant-centric platform seams already visible across review, support, portfolio, and governance surfaces; keep it as a clean development-stage cutover pack rather than a compatibility-layer program
|
|
- `Customer Review Workspace v1 Completion` -> anchored by `specs/258-customer-review-productization/spec.md`, `specs/308-decision-register-summary-review-pack/spec.md`, `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`, and the review/workspace tests
|
|
- `Localization v1 Customer-facing Surfaces` -> anchored by `specs/252-platform-localization-v1/spec.md`, `specs/258-customer-review-productization/spec.md`, and `specs/260-governance-service-packaging/spec.md`
|
|
- `Decision-Based Governance Inbox v1` -> anchored by `specs/250-decision-governance-inbox/spec.md`, `specs/257-governance-decision-convergence/spec.md`, `specs/265-decision-register-approval/spec.md`, `specs/306-decision-register-reconciliation/decision-register-reconciliation.md`, `specs/307-decision-register-evidence-operationrun-link-polish/spec.md`, `specs/308-decision-register-summary-review-pack/spec.md`, `apps/platform/app/Filament/Pages/Governance/DecisionRegister.php`, `apps/platform/app/Support/GovernanceDecisions/GovernanceDecisionRegisterBuilder.php`, and the focused Decision Register tests
|
|
- `Governance Artifact Lifecycle & Retention v1` -> anchored by `specs/158-artifact-truth-semantics/spec.md`, `specs/262-lifecycle-governance-taxonomy/spec.md`, and `docs/product/standards/lifecycle-governance.md`
|
|
- `Billing & Subscription Truth Layer v1` -> anchored by `specs/247-plans-entitlements-billing-readiness/spec.md` and `specs/251-commercial-entitlements-billing-state/spec.md`
|
|
- `Customer-Facing Localization Adoption v1` -> anchored by `specs/252-platform-localization-v1/spec.md`, `specs/258-customer-review-productization/spec.md`, and `specs/260-governance-service-packaging/spec.md`
|
|
- `Enterprise Access Boundary & Support Access Governance v1` -> anchored by `docs/audits/2026-03-09-enterprise-rbac-scope-audit.md`, `docs/HANDOVER.md`, `specs/065-tenant-rbac-v1/spec.md`, and `specs/066-rbac-ui-enforcement-helper/spec.md`
|
|
- `Stored Reports Surface v1` -> anchored by `specs/153-evidence-domain-foundation/spec.md`, `specs/155-tenant-review-layer/spec.md`, `specs/260-governance-service-packaging/spec.md`, and `docs/product/implementation-ledger.md`
|
|
- `Workspace & Tenant Closure Lifecycle v1` -> anchored by `specs/262-lifecycle-governance-taxonomy/spec.md`
|
|
- `First Governed AI Runtime Consumer v1` -> anchored by `specs/248-private-ai-policy-foundation/spec.md`
|
|
|
|
## Roadmap Drift Notes
|
|
|
|
- `docs/product/roadmap.md` and `docs/product/spec-candidates.md` are aligned through 2026-05-15, including Spec 304 tenant-panel dead-code retirement, Spec 306 Decision Register reconciliation, Spec 307 proof-link polish, Spec 308 customer-safe Decision Summary / Review Pack inclusion, Spec 309 RBAC role/access-boundary hardening, the earlier admin workspace navigation / tenant-owned surface repair candidate intake, the cross-domain indicator candidate intake, the current manual-promotion backlog, and the resolved ledger conflict state.
|
|
- The remaining documentation risk is no longer queue drift alone; it is understating or overstating still-open follow-through slices such as Customer Review Workspace v1 completion, localization adoption, Decision-Based Governance Inbox completion, admin workspace navigation repair, auditor-ready export, promotion execution, governance decision workflow, cross-domain indicator semantics, billing/subscription truth, stored reports surface, Support Access Governance, and the first governed AI runtime consumer.
|
|
- This ledger therefore treats review-driven governance and portfolio preparation as `fast sellable` or `implemented but not productized`, not `sellable`, until those explicit manual-promotion slices land.
|
|
- Tests referenced here remain repo-present only. They were not executed for this ledger update.
|
|
|
|
## Evidence Sources
|
|
|
|
Wichtigste Strategie- und Scope-Quellen:
|
|
|
|
- `docs/product/roadmap.md`
|
|
- `docs/product/spec-candidates.md`
|
|
|
|
Wichtige Plattform- und UI-Anker:
|
|
|
|
- `apps/platform/bootstrap/providers.php`
|
|
- `apps/platform/app/Providers/Filament/AdminPanelProvider.php`
|
|
- `apps/platform/app/Providers/Filament/SystemPanelProvider.php`
|
|
- `apps/platform/app/Filament/Pages/TenantDashboard.php`
|
|
- `apps/platform/app/Filament/Pages/CrossTenantComparePage.php`
|
|
- `apps/platform/app/Filament/System/Pages/Dashboard.php`
|
|
- `apps/platform/app/Filament/Pages/TenantRequiredPermissions.php`
|
|
- `apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php`
|
|
- `apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php`
|
|
- `apps/platform/app/Filament/Pages/Findings/FindingsIntakeQueue.php`
|
|
- `apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php`
|
|
- `apps/platform/app/Filament/Pages/Monitoring/FindingExceptionsQueue.php`
|
|
|
|
Wichtige Models:
|
|
|
|
- `apps/platform/app/Models/OperationRun.php`
|
|
- `apps/platform/app/Models/Finding.php`
|
|
- `apps/platform/app/Models/FindingException.php`
|
|
- `apps/platform/app/Models/FindingExceptionDecision.php`
|
|
- `apps/platform/app/Models/FindingExceptionEvidenceReference.php`
|
|
- `apps/platform/app/Models/BaselineProfile.php`
|
|
- `apps/platform/app/Models/BaselineSnapshot.php`
|
|
- `apps/platform/app/Models/EvidenceSnapshot.php`
|
|
- `apps/platform/app/Models/TenantReview.php`
|
|
- `apps/platform/app/Models/ReviewPack.php`
|
|
- `apps/platform/app/Models/StoredReport.php`
|
|
- `apps/platform/app/Models/SupportRequest.php`
|
|
- `apps/platform/app/Models/ProductUsageEvent.php`
|
|
- `apps/platform/app/Models/OperationalControlActivation.php`
|
|
- `apps/platform/app/Models/AuditLog.php`
|
|
|
|
Wichtige Services und Jobs:
|
|
|
|
- `apps/platform/app/Services/ReviewPackService.php`
|
|
- `apps/platform/app/Services/TenantReviews/TenantReviewService.php`
|
|
- `apps/platform/app/Services/Evidence/EvidenceSnapshotService.php`
|
|
- `apps/platform/app/Services/Baselines/BaselineCompareService.php`
|
|
- `apps/platform/app/Services/Entitlements/WorkspaceCommercialLifecycleResolver.php`
|
|
- `apps/platform/app/Services/Alerts/AlertDispatchService.php`
|
|
- `apps/platform/app/Services/Findings/FindingExceptionService.php`
|
|
- `apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php`
|
|
- `apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php`
|
|
- `apps/platform/app/Services/Entitlements/WorkspaceEntitlementResolver.php`
|
|
- `apps/platform/app/Services/PortfolioTriage/TenantTriageReviewService.php`
|
|
- `apps/platform/app/Support/Ai/AiUseCaseCatalog.php`
|
|
- `apps/platform/app/Support/Ai/GovernedAiExecutionBoundary.php`
|
|
- `apps/platform/app/Support/Ai/AiDecisionAuditMetadataFactory.php`
|
|
- `apps/platform/app/Support/Governance/Controls/ComplianceEvidenceMappingV1.php`
|
|
- `apps/platform/app/Support/PortfolioCompare/CrossTenantComparePreviewBuilder.php`
|
|
- `apps/platform/app/Support/PortfolioCompare/CrossTenantPromotionPreflight.php`
|
|
- `apps/platform/app/Support/SupportRequests/ExternalSupportDeskHandoffService.php`
|
|
- `apps/platform/app/Support/Governance/Controls/CanonicalControlCatalog.php`
|
|
- `apps/platform/app/Services/Audit/WorkspaceAuditLogger.php`
|
|
- `apps/platform/app/Services/Auth/CapabilityResolver.php`
|
|
- `apps/platform/app/Filament/Pages/Settings/WorkspaceSettings.php`
|
|
- `apps/platform/app/Services/Localization/LocaleResolver.php`
|
|
|
|
Wichtige Test-Anker im Repo:
|
|
|
|
- `apps/platform/tests/Feature/PortfolioCompare/*`
|
|
- `apps/platform/tests/Feature/ReviewPack/*`
|
|
- `apps/platform/tests/Feature/Evidence/*`
|
|
- `apps/platform/tests/Feature/PermissionPosture/*`
|
|
- `apps/platform/tests/Feature/EntraAdminRoles/*`
|
|
- `apps/platform/tests/Feature/SupportDiagnostics/*`
|
|
- `apps/platform/tests/Feature/SupportRequests/*`
|
|
- `apps/platform/tests/Feature/System/ViewWorkspaceEntitlementsTest.php`
|
|
- `apps/platform/tests/Feature/TenantReview/TenantReviewCanonicalControlReferenceTest.php`
|
|
- `apps/platform/tests/Feature/System/CustomerHealth/*`
|
|
- `apps/platform/tests/Feature/System/ProductTelemetry/*`
|
|
- `apps/platform/tests/Feature/System/OpsControls/*`
|
|
- `apps/platform/tests/Feature/System/OpsControls/AiExecutionOperationalControlTest.php`
|
|
- `apps/platform/tests/Feature/SettingsFoundation/WorkspaceAiPolicySettingsTest.php`
|
|
- `apps/platform/tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php`
|
|
- `apps/platform/tests/Unit/Governance/*`
|
|
- `apps/platform/tests/Unit/Support/Ai/*`
|
|
- `apps/platform/tests/Unit/Support/PortfolioCompare/*`
|
|
- `apps/platform/tests/Unit/Support/SupportRequests/ExternalSupportDeskHandoffServiceTest.php`
|
|
- `apps/platform/tests/Unit/Entitlements/*`
|
|
|
|
## Last Updated
|
|
|
|
2026-05-02 on branch `platform-dev` (ledger drift correction and alignment with `docs/product/roadmap.md` plus `docs/product/spec-candidates.md` after the manual-promotion split)
|