ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects 1 Releases Wiki Activity
e1136ac6e9
TenantAtlas/docs/product/implementation-ledger.md
ahmido e1136ac6e9
Some checks failed
Main Confidence / confidence (push) Failing after 54s
Details
Merge platform-dev into dev (automated) (#309) 
Automatischer Commit und PR erstellt auf Anfrage.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #309
2026-04-30 14:41:01 +00:00

30 KiB
Raw Blame History

TenantPilot Implementation Ledger

Status: Active
Last reviewed: 2026-04-30
Use for: Repo-based implementation status and product-surface maturity assessment
Do not use for: Roadmap priority, spec priority, or proof that tests were executed in the current branch

Purpose

Dieses Dokument beschreibt den aktuellen repo-basierten Implementierungsstand von TenantPilot. Es ergaenzt roadmap.md und spec-candidates.md, ersetzt sie aber nicht.

Bewertungsregeln fuer dieses Ledger:

  • Repo-basiert only: Aussagen zaehlen nur, wenn Code, Datenmodell, Workflow, UI-Adoption oder Test-Artefakte im Repo belastbar darauf hinweisen.
  • Keine Roadmap- oder Spec-Absicht ohne Repo-Evidence.
  • sellable wird nur dort verwendet, wo UI, Workflow, Datenmodell, RBAC/Audit und passende Test-Artefakte plausibel zusammenpassen.
  • Backend-only bleibt foundation-only.
  • UI-only gilt nicht als fertig.
  • Wenn Tests unten als vorhanden markiert sind, bedeutet das: passende Test-Dateien existieren im Repo. Sie wurden fuer dieses Ledger nicht ausgefuehrt.

Current Product Position

TenantPilot ist aktuell ein starkes internes Governance- und Operations-Produkt mit belastbaren Foundations fuer Execution Truth, Baselines/Drift, Findings, Evidence, Reviews, Review Packs, Supportability, Telemetry und Safety Controls sowie einer repo-real umgesetzten ersten Customer-Review-Surface, Risk-Acceptance/Exception-Workflow, Findings-/Governance-Inboxen und einer DE/EN-Locale-Foundation. Die Repo-Wahrheit liegt damit klar ueber einer simplen Lesart von "R1 done / R2 partial". Gleichzeitig ist das Produkt noch nicht voll als kundenseitig konsumierbare Portfolio- und Commercial-Plattform ausgereift: Die Customer-Review-Surface ist noch eher eine operator-led customer delivery view im Admin-Kontext als eine voll produktisierte, kundensichere Governance-of-Record Consumption-Flache; dazu bleiben Cross-Tenant-Workflows, Compare/Promotion, Billing-/Lifecycle-Reife und Private-AI-Governance unvollstaendig. Zusaetzlich zeigt der Repo-Stand weiterhin eine schmale Findings-Cleanup-Lane: sichtbare Lifecycle-Backfill-Runtime-Surfaces, acknowledged-Kompatibilitaet und fehlende explizite Creation-Time-Invariant-Absicherung sollten als getrennte Folgespecs behandelt werden.

Status Model

  • planned: nur in Roadmap oder Kandidatenliste, ohne belastbare Repo-Evidence
  • specified: als Spec oder Draft angelegt, aber nicht repo-verifiziert umgesetzt
  • implemented_partial: Teilumsetzung vorhanden, aber noch nicht als fertig bewertbar
  • implemented_backend: belastbare Backend- oder Modelllogik vorhanden, aber keine ausreichende UI-Adoption
  • implemented_ui: sichtbare UI vorhanden, aber Workflow- oder Backend-Proof ist noch zu schwach
  • implemented_verified: Code, Modell, Workflow und Test-Artefakte sind plausibel vorhanden
  • adopted: implementiert und bereits in zentrale Produktoberflaechen oder Kernablaeufe uebernommen
  • deferred: bewusst verschoben
  • obsolete: durch neuere Repo-Realitaet oder andere Implementierung ueberholt

Evidence-Level im Dokument:

  • none: keine belastbare Repo-Evidence
  • weak: duenne Code- oder Doc-Spur, aber kein belastbarer Gesamtworkflow
  • medium: mehrere Repo-Signale, aber noch nicht durchgaengig
  • strong: Datenmodell, Workflow, UI- oder Test-Spur greifen konsistent ineinander

Roadmap Coverage Summary

Roadmap Area Status Evidence Level UI Ready Tested Sellable Notes
R1 Golden Master Governance adopted strong yes repo tests, not run yes Baselines, Drift, Findings und OperationRun-Truth sind breit im Produkt verankert.
R2 Tenant Reviews, Evidence & Control Foundation adopted strong yes repo tests, not run almost Reviews, Evidence, Review Packs, Customer Review Workspace und Control-/Exception-Layer greifen als reale Governance-Surface zusammen, aber die Customer-Consumption-Productization bleibt unvollstaendig.
Alert escalation + notification routing implemented_verified strong partial repo tests, not run yes Alert-Regeln, Dispatch, Cooldown und Quiet Hours sind real.
Governance & Architecture Hardening implemented_partial strong partial repo tests, not run foundation-only Viele Hardening-Slices sind bereits im Code, die Lane bleibt aber aktiv.
UI & Product Maturity Polish implemented_partial strong partial partial repo tests, not run no Empty States, Navigation, Localization und read-only Review-Polish sind real, aber kein geschlossenes Theme-Completion-Signal.
Secret & Security Hardening implemented_verified strong yes repo tests, not run almost Provider-Verifikation, Permission-Diagnostics und Redaction sind belastbar.
Baseline Drift Engine (Cutover) adopted strong yes repo tests, not run yes Compare- und Drift-Workflow wirken als produktive Kernfunktion.
R1.9 Platform Localization v1 implemented_verified strong yes repo tests, not run foundation-only Locale-Resolver, Override/Praeferenz, Workspace-Default, Fallback und lokalisierte Notifications sind repo-real.
Product Scalability & Self-Service Foundation implemented_partial strong yes repo tests, not run almost Onboarding, Support, Help und Entitlements sind weit; Billing, Trial und Demo-Reife fehlen.
R2.0 Canonical Control Catalog Foundation implemented_verified strong partial repo tests, not run foundation-only Bereits implementiert und in Evidence/Reviews referenziert, aber kein eigenstaendiger Kundennutzen-Surface.
R2 Completion: customer review, support, help implemented_partial strong yes repo tests, not run almost Customer Review Workspace, Support Diagnostics/Requests und Help-Katalog sind repo-real, aber die Customer-Review-Consumption ist noch nicht voll productized.
Findings Workflow v2 / Execution Layer adopted strong yes repo tests, not run almost Triage, Ownership, My Work, Intake, Governance Inbox, Exceptions und Alerts/Hygiene sind real; Cross-Tenant-Decisioning bleibt spaeter.
Policy Lifecycle / Ghost Policies specified weak no no no Als Richtung sichtbar, aber nicht als repo-verifizierter Workflow.
Platform Operations Maturity implemented_partial strong yes repo tests, not run almost System Panel, Control Tower und Ops Controls sind real; CSV/Raw Drilldowns bleiben offen.
Product Usage, Customer Health & Operational Controls adopted strong yes repo tests, not run almost Diese Mid-term-Lane ist im Repo bereits substanziell vorhanden.
Private AI Execution Governance Foundation planned none no no no Keine belastbare AI-Governance-Foundation im Repo.
MSP Portfolio & Operations implemented_partial medium partial repo tests, not run foundation-only Portfolio-Triage ist da; Compare/Promotion und Decision Workboard fehlen.
Human-in-the-Loop Autonomous Governance planned none no no no Kein repo-verifizierter Decision-Pack- oder Approval-Workflow jenseits des jetzigen Exception-/Review-Layers.
Drift & Change Governance implemented_partial strong yes repo tests, not run almost Drift review, accepted-risk governance, exception validity und Governance-Inbox-Surfaces sind repo-real; portfolio-weite Eskalation bleibt offen.
Standardization & Policy Quality planned none no no no Keine starke Repo-Evidence fuer eine Intune-Linting- oder Policy-Quality-Oberflaeche.
PSA / Ticketing Handoff planned none no no no Support Requests existieren, externe Handoff-Integration aber nicht.

Implemented Capabilities

Capability Status Backend UI Tests RBAC/Audit Sellable Evidence
OperationRun truth layer implemented_verified yes partial repo tests, not run yes foundation-only app/Models/OperationRun.php; tests/Feature/System/*; tests/Feature/ReviewPack/*
Baseline profiles, snapshots and compare implemented_verified yes yes repo tests, not run yes yes app/Models/BaselineProfile.php; app/Models/BaselineSnapshot.php; app/Services/Baselines/BaselineCompareService.php
Drift findings and governance pressure adopted yes yes repo tests, not run yes yes app/Models/Finding.php; app/Filament/Widgets/Dashboard/RecentDriftFindings.php; tests/Feature/Findings/*
Findings inboxes and governance inbox implemented_verified yes yes repo tests, not run yes almost app/Filament/Pages/Findings/MyFindingsInbox.php; app/Filament/Pages/Findings/FindingsIntakeQueue.php; app/Filament/Pages/Governance/GovernanceInbox.php; tests/Feature/Findings/MyWorkInboxTest.php; tests/Feature/Governance/*
Finding exceptions and risk acceptance workflow implemented_verified yes yes repo tests, not run yes almost app/Models/FindingException.php; app/Services/Findings/FindingExceptionService.php; app/Filament/Resources/FindingExceptionResource.php; tests/Feature/Findings/FindingExceptionWorkflowTest.php
Restore workflow with safety gates implemented_verified yes yes repo tests, not run yes yes app/Models/OperationRun.php; restore gates and tests in tests/Feature/Restore/*
Evidence snapshots implemented_verified yes yes repo tests, not run yes foundation-only app/Models/EvidenceSnapshot.php; app/Services/Evidence/EvidenceSnapshotService.php; tests/Feature/Evidence/*
Tenant reviews implemented_verified yes yes repo tests, not run yes almost app/Models/TenantReview.php; app/Services/TenantReviews/TenantReviewService.php; tests/Feature/TenantReview/*
Review pack generation and export implemented_verified yes yes repo tests, not run yes yes app/Models/ReviewPack.php; app/Services/ReviewPackService.php; tests/Feature/ReviewPack/*
Customer review workspace implemented_partial yes yes repo tests, not run yes almost app/Filament/Pages/Reviews/CustomerReviewWorkspace.php; tests/Feature/Reviews/*; tests/Browser/Reviews/CustomerReviewWorkspaceSmokeTest.php
Alerts and notification routing implemented_verified yes partial repo tests, not run yes yes app/Services/Alerts/AlertDispatchService.php; tests/Feature/*Alert*
Provider health, onboarding readiness and required permissions adopted yes yes repo tests, not run yes almost app/Jobs/ProviderConnectionHealthCheckJob.php; app/Services/Onboarding/OnboardingLifecycleService.php; app/Filament/Pages/TenantRequiredPermissions.php
Permission posture reporting implemented_verified yes yes repo tests, not run yes yes app/Services/PermissionPosture/PermissionPostureFindingGenerator.php; tests/Feature/PermissionPosture/*
Entra admin roles reporting implemented_verified yes yes repo tests, not run yes yes app/Services/EntraAdminRoles/EntraAdminRolesReportService.php; tests/Feature/EntraAdminRoles/*
Stored reports substrate implemented_verified yes partial repo tests, not run partial foundation-only app/Models/StoredReport.php; tests/Feature/PermissionPosture/StoredReportModelTest.php; tests/Feature/EntraAdminRoles/StoredReportFingerprintTest.php
Support diagnostics adopted yes yes repo tests, not run yes almost app/Support/SupportDiagnostics/SupportDiagnosticBundleBuilder.php; app/Filament/Pages/TenantDashboard.php; tests/Feature/SupportDiagnostics/*
In-app support requests implemented_verified yes yes repo tests, not run yes almost app/Models/SupportRequest.php; app/Support/SupportRequests/*; tests/Feature/SupportRequests/*
Product knowledge and contextual help implemented_partial yes yes repo tests, not run partial almost app/Support/ProductKnowledge/ContextualHelpCatalog.php; tests/Feature/Onboarding/ProductKnowledgeOnboardingHelpTest.php
Localization foundation implemented_verified yes yes repo tests, not run partial foundation-only app/Services/Localization/LocaleResolver.php; app/Http/Controllers/LocalizationController.php; tests/Feature/Localization/*
Product telemetry implemented_verified yes yes repo tests, not run yes almost app/Models/ProductUsageEvent.php; app/Filament/System/Widgets/ProductTelemetryKpis.php; tests/Feature/System/ProductTelemetry/*
Customer health scoring implemented_verified yes yes repo tests, not run partial almost app/Filament/System/Widgets/CustomerHealthKpis.php; app/Filament/System/Widgets/CustomerHealthTopWorkspaces.php; tests/Feature/System/CustomerHealth/*
Operational controls implemented_verified yes yes repo tests, not run yes almost app/Models/OperationalControlActivation.php; app/Support/OperationalControls/*; tests/Feature/System/OpsControls/*
Workspace entitlements implemented_verified yes yes repo tests, not run yes foundation-only app/Services/Entitlements/WorkspaceEntitlementResolver.php; tests/Feature/Filament/Settings/WorkspaceEntitlementsSettingsPageTest.php
Capability-first RBAC adopted yes yes repo tests, not run yes foundation-only app/Services/Auth/CapabilityResolver.php; app/Services/Auth/RoleCapabilityMap.php; many tests/Feature/Rbac/*
Audit log foundation adopted yes yes repo tests, not run yes foundation-only app/Models/AuditLog.php; app/Services/Audit/WorkspaceAuditLogger.php; many audit-focused feature tests
Canonical control catalog implemented_verified yes partial repo tests, not run partial foundation-only app/Support/Governance/Controls/CanonicalControlCatalog.php; config/canonical_controls.php; tests/Unit/Governance/*
Portfolio triage continuity implemented_verified yes yes repo tests, not run yes foundation-only app/Services/PortfolioTriage/TenantTriageReviewService.php; app/Support/PortfolioTriage/*; tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php

Foundation-Only Capabilities

  • OperationRun truth and canonical operation typing: starke Execution-Foundation, aber kein eigenstaendiger Kundennutzen-Surface.
  • Audit log foundation: breit genutzt und wichtig fuer Governance, aber allein nicht verkaufbar.
  • Capability-first RBAC: belastbar und testnah, bleibt aber Enablement-Layer.
  • Workspace entitlements: reale Gate- und Override-Logik, aber noch keine volle Commercial Lifecycle Story.
  • Canonical control catalog: starke semantische Foundation fuer Evidence, Findings und Reviews.
  • Stored reports substrate: wichtig fuer Reports, Evidence und Diagnostics, aber kein eigenstaendiges Produktversprechen.
  • Evidence snapshot substrate: tragende technische Basis fuer Reviews und Exports.
  • Localization foundation: resolved locale precedence, Workspace-Default, User-Praeferenz/Override und Notification-Formatting sind real, aber Enablement statt eigener Produkt-Surface.
  • Operational control registry and evaluator: starke Safety-Control-Foundation, primar operatorseitig.
  • Customer health scoring: reale interne SaaS-Operations-Layer, aber noch keine eigenstaendige Kundenoberflaeche.
  • Portfolio triage continuity: sinnvoller Multi-Tenant-Unterbau, aber noch kein vollstaendiges Portfolio-Produkt.

Partial Capabilities

  • Customer-facing review consumption: Tenant Reviews, Evidence Snapshots, Review Packs und der Customer Review Workspace sind repo-real, aber die Surface bleibt noch operator-led im Admin-Kontext; customer-safe wording, evidence summarization boundaries, audit-grade access semantics und calmer consumption states brauchen ein eigenes Productization-Follow-up.
  • Findings Workflow v2: Triage, Assignment, My Work, Intake, Governance Inbox, Exceptions und Notifications sind vorhanden; spaetere Cross-Tenant-Decisioning-Layer und Cleanup debt um Lifecycle-Backfill-Surfaces, acknowledged-Kompatibilitaet und explizite Creation-Time-Invarianten bleiben offen.
  • Product scalability and self-service: Onboarding, Support, Help und Entitlements sind weit, Billing-, Trial- und Demo-Reife aber nicht.
  • MSP portfolio operations: Portfolio-Triage ist vorhanden, Cross-Tenant Compare und Promotion fehlen.
  • Platform operations maturity: Control Tower und Ops Controls sind stark, aber einige geplante operatorseitige Drilldowns/Exports fehlen noch.
  • Product knowledge rollout: Help-Katalog und Resolver sind real, aber noch nicht breit genug adoptiert fuer "fertig".

Planned But Not Implemented

  • Private AI Execution Governance Foundation
  • Human-in-the-Loop Autonomous Governance
  • Standardization & Policy Quality / Intune Linting
  • PSA / Ticketing Handoff
  • Cross-Tenant Compare and Promotion v1
  • Policy Lifecycle / Ghost Policies
  • Later compliance overlays beyond the current control/evidence foundation

Release Readiness

Release / Theme Readiness Notes
R1 Golden Master Governance implemented Die zentrale Governance- und Execution-Layer ist repo-verifiziert und breit adoptiert.
R2 Tenant Reviews & Evidence Packs implemented Reviews, Evidence Snapshots, Review Packs, Customer Review Workspace und Exception-/Accepted-Risk-Workflow sind repo-real; die Customer-Review-Productization bleibt aber als sellability follow-up offen.
R3 MSP Portfolio OS foundation only Portfolio-Triage und Governance-Surfaces sind da, aber Compare/Promotion und portfolio-weite Action-Layer fehlen.
Compliance Evidence Mapping v1 foundation only Canonical Controls, Evidence, Stored Reports und Exceptions existieren als Grundlage; eine customer-safe Mapping-Layer ist nicht repo-proven.
Governance-as-a-Service Packaging v1 foundation only Review Packs, Exports, Evidence und Accepted-Risk-Truth sind repo-real; eine wiederholbare management-taugliche Governance-Verpackung ist nicht repo-proven.

Commercial Readiness

Demo-ready

  • Baseline compare and drift walkthroughs
  • Review pack generation and export
  • Customer review workspace walkthroughs with operator guidance
  • Provider health, onboarding readiness and required permissions
  • Support diagnostics
  • Permission posture and Entra admin roles reporting

Almost sellable

  • Review-driven governance workflow rund um Tenant Reviews, Customer Review Workspace, accepted risks und Review Packs, aber noch nicht als vollstaendig productisierte customer-safe consumption experience
  • Baseline drift and restore governance
  • Findings workflow mit persönlicher Inbox, Intake, Governance Inbox und Exception-Handling
  • Alerting and run visibility for governance operations
  • Support requests with contextual diagnostics
  • Provider readiness and permission posture reporting

Foundation-only

  • OperationRun truth layer
  • Audit foundation
  • Capability-first RBAC
  • Workspace entitlements
  • Canonical control catalog
  • Stored reports substrate
  • Evidence snapshot substrate
  • Localization foundation
  • Product telemetry
  • Customer health scoring
  • Operational controls
  • Portfolio triage continuity

Not sellable yet

  • Cross-Tenant Compare and Promotion v1
  • Compliance Evidence Mapping v1
  • Governance-as-a-Service Packaging v1
  • Private AI Execution Governance Foundation
  • External Support Desk / PSA Handoff

Open Gaps & Blockers

Gap Type Impact Roadmap Area Recommended Spec
Customer review productization remains incomplete Sellability blocker The repo has a real read-only customer review surface, but it still sits too close to operator/admin semantics and does not yet enforce a fully customer-safe consumption contract for findings, evidence, accepted risks, and audit-grade access/download flows R2 completion / Customer review P0 Customer Review Workspace Productization v1
Decisioning still spans multiple repo-real inboxes UX blocker My Findings, Intake, Governance Inbox und Exception Queue sind real, aber Operators springen weiter zwischen mehreren Spezial-Surfaces und es gibt noch keinen portfolio-weiten Action-Layer Findings Workflow / MSP Portfolio P1 Governance Decision Surface Convergence
Findings lifecycle backfill runtime surfaces remain productized Cleanup blocker Runbooks, commands, capabilities and tenant actions still expose a pre-production repair path that should not ship as product truth Findings Workflow / Legacy Removal P1 Remove Findings Lifecycle Backfill Runtime Surfaces
Legacy acknowledged status compatibility still survives Semantics blocker Status helpers, filters, badges, capability aliases and tests keep non-canonical workflow semantics alive Findings Workflow / RBAC P1 Remove Legacy Acknowledged Finding Status Compatibility
Creation-time finding invariants are implied but not explicitly protected Integrity blocker Future finding generators could regress into partial lifecycle writes and recreate the need for repair tooling Findings Workflow / Data Integrity P1 Enforce Creation-Time Finding Invariants
Cross-tenant compare and promotion is not repo-proven Release blocker MSP portfolio story remains partial MSP Portfolio & Operations P1 Cross-Tenant Compare and Promotion v1
Entitlements stop short of full commercial lifecycle Commercialization blocker Plan gating exists, but trial, grace and suspension semantics remain incomplete Product Scalability & Self-Service Foundation P2 Commercial Entitlements and Billing-State Maturity
Compliance-oriented control mapping is not productized Moat blocker Canonical controls and evidence exist, but the product still lacks a bounded customer-safe layer that maps technical truth into control/readiness language Compliance Evidence Mapping P2 Compliance Evidence Mapping v1
Review truth is not yet packaged as a repeatable MSP deliverable Sellability blocker Review packs and evidence are real, but recurring management-ready governance packaging still depends on manual interpretation and presentation Governance-as-a-Service Packaging P2 Governance-as-a-Service Packaging v1
Support requests do not hand off to an external desk Commercialization blocker Support operations still depend on manual follow-through outside the product R2 completion / Support P2 External Support Desk / PSA Handoff
AI governance foundation is absent Architecture blocker Future AI features would risk trust and policy drift if added directly Private AI Execution Governance P3 Private AI Execution Governance Foundation
Roadmap understates current repo truth Architecture blocker Prioritization can drift because strategy docs still lag neuere Review-, Findings- und Localization-Surfaces Product planning / roadmap maintenance none - docs alignment
Test files were not executed for this ledger update Testing blocker This document relies on code plus test presence, not live runtime validation all areas none - run targeted suites

Recommended Next Specs

  • P0 Customer Review Workspace Productization v1: turns the existing admin-plane handoff into a more explicit customer-safe review consumption contract with calmer wording, progressive disclosure, explicit access states, and auditable download/view semantics.
  • P1 Governance Decision Surface Convergence: verbindet My Findings, Intake, Governance Inbox, Customer Review Workspace und Exception Queue zu weniger Operator-Journeys und bereitet die Portfolio-Ebene vor.
  • P1 Remove Findings Lifecycle Backfill Runtime Surfaces: removes visible pre-production repair tooling from runbooks, commands, actions, capabilities and deploy/runtime hooks.
  • P1 Remove Legacy Acknowledged Finding Status Compatibility: collapses findings workflow semantics onto the canonical triaged model and removes stale RBAC/query aliases.
  • P1 Enforce Creation-Time Finding Invariants: proves that new findings are lifecycle-ready at write time so no repair backfill has to return later.
  • P1 Cross-Tenant Compare and Promotion v1: needed to move from portfolio visibility to portfolio action.
  • P2 Commercial Entitlements and Billing-State Maturity: extends the already real entitlement substrate into a usable commercial lifecycle.
  • P2 Compliance Evidence Mapping v1: should start as one bounded versioned overlay that maps existing technical truth into one customer-safe control/readiness view and one reuse path into review or export surfaces.
  • P2 Governance-as-a-Service Packaging v1: should start as one on-demand management-ready governance package built from existing review-pack, evidence, and accepted-risk truth rather than a broad recurring reporting suite.
  • P2 External Support Desk / PSA Handoff: extends support requests beyond internal persistence.
  • P3 Private AI Execution Governance Foundation: should exist before feature-level AI adoption, not after it.

Roadmap Drift Notes

  • roadmap.md understates current R2 implementation depth, but the ledger had overstated sellability. Customer Review Workspace, published review handoff, review-pack downloads und der Finding-Exception-/Risk-Acceptance-Workflow sind repo-real; the remaining gap is customer-safe productization, not review-foundation absence.
  • roadmap.md understates findings workflow maturity. My Findings, Intake, Governance Inbox und Exception Queue existieren bereits im Repo.
  • roadmap.md understates localization maturity. Locale resolution order, Workspace-Default, User-Praeferenz, lokalisierte Notifications und Fallback-Tests sind implementiert.
  • roadmap.md understates the current R2 control foundation. Canonical controls, stored reports, permission posture and Entra admin roles are already repo-real, not just near-term ideas.
  • roadmap.md understates product supportability. Support diagnostics, in-app support requests and contextual help already exist in the repo.
  • roadmap.md understates operational maturity. Product telemetry, customer health and operational controls are already implemented and wired into the system panel.
  • roadmap.md understates commercial foundations. A workspace entitlement resolver, plan profiles and enforcement points already exist, even though full billing-state maturity does not.
  • The roadmap is now better at describing still-missing portfolio- und commercial-Layer than the current state of review/findings/localization implementation. Cross-Tenant Compare and Promotion, full billing-state maturity, external PSA handoff and AI Governance still look genuinely unimplemented.
  • The main drift pattern is still underestimation, but customer-review sellability now needs a more precise reading: the missing piece is no longer basic review read-only access, but the final customer-safe productization layer over an already real surface.

Evidence Sources

Wichtigste Strategie- und Scope-Quellen:

  • docs/product/roadmap.md
  • docs/product/spec-candidates.md

Wichtige Plattform- und UI-Anker:

  • apps/platform/bootstrap/providers.php
  • apps/platform/app/Providers/Filament/AdminPanelProvider.php
  • apps/platform/app/Providers/Filament/SystemPanelProvider.php
  • apps/platform/app/Filament/Pages/TenantDashboard.php
  • apps/platform/app/Filament/System/Pages/Dashboard.php
  • apps/platform/app/Filament/Pages/TenantRequiredPermissions.php
  • apps/platform/app/Filament/Pages/Reviews/CustomerReviewWorkspace.php
  • apps/platform/app/Filament/Pages/Findings/MyFindingsInbox.php
  • apps/platform/app/Filament/Pages/Findings/FindingsIntakeQueue.php
  • apps/platform/app/Filament/Pages/Governance/GovernanceInbox.php
  • apps/platform/app/Filament/Pages/Monitoring/FindingExceptionsQueue.php

Wichtige Models:

  • apps/platform/app/Models/OperationRun.php
  • apps/platform/app/Models/Finding.php
  • apps/platform/app/Models/FindingException.php
  • apps/platform/app/Models/FindingExceptionDecision.php
  • apps/platform/app/Models/FindingExceptionEvidenceReference.php
  • apps/platform/app/Models/BaselineProfile.php
  • apps/platform/app/Models/BaselineSnapshot.php
  • apps/platform/app/Models/EvidenceSnapshot.php
  • apps/platform/app/Models/TenantReview.php
  • apps/platform/app/Models/ReviewPack.php
  • apps/platform/app/Models/StoredReport.php
  • apps/platform/app/Models/SupportRequest.php
  • apps/platform/app/Models/ProductUsageEvent.php
  • apps/platform/app/Models/OperationalControlActivation.php
  • apps/platform/app/Models/AuditLog.php

Wichtige Services und Jobs:

  • apps/platform/app/Services/ReviewPackService.php
  • apps/platform/app/Services/TenantReviews/TenantReviewService.php
  • apps/platform/app/Services/Evidence/EvidenceSnapshotService.php
  • apps/platform/app/Services/Baselines/BaselineCompareService.php
  • apps/platform/app/Services/Alerts/AlertDispatchService.php
  • apps/platform/app/Services/Findings/FindingExceptionService.php
  • apps/platform/app/Jobs/ProviderConnectionHealthCheckJob.php
  • apps/platform/app/Services/Onboarding/OnboardingLifecycleService.php
  • apps/platform/app/Services/Entitlements/WorkspaceEntitlementResolver.php
  • apps/platform/app/Services/PortfolioTriage/TenantTriageReviewService.php
  • apps/platform/app/Support/Governance/Controls/CanonicalControlCatalog.php
  • apps/platform/app/Services/Audit/WorkspaceAuditLogger.php
  • apps/platform/app/Services/Auth/CapabilityResolver.php
  • apps/platform/app/Services/Localization/LocaleResolver.php

Wichtige Test-Anker im Repo:

  • apps/platform/tests/Feature/ReviewPack/*
  • apps/platform/tests/Feature/Evidence/*
  • apps/platform/tests/Feature/PermissionPosture/*
  • apps/platform/tests/Feature/EntraAdminRoles/*
  • apps/platform/tests/Feature/SupportDiagnostics/*
  • apps/platform/tests/Feature/SupportRequests/*
  • apps/platform/tests/Feature/System/CustomerHealth/*
  • apps/platform/tests/Feature/System/ProductTelemetry/*
  • apps/platform/tests/Feature/System/OpsControls/*
  • apps/platform/tests/Feature/Filament/TenantRegistryTriageReviewStateTest.php
  • apps/platform/tests/Unit/Governance/*
  • apps/platform/tests/Unit/Entitlements/*

Last Updated

2026-04-29 on branch platform-dev