TenantAtlas/specs/175-workspace-governance-attention/spec.md

# Feature Specification: Spec 175 - Workspace Governance Attention Foundation

**Feature Branch**: `175-workspace-governance-attention`  
**Created**: 2026-04-04  
**Status**: Draft  
**Input**: User description: "Spec 175 — Workspace Governance Attention Foundation"

## Spec Scope Fields *(mandatory)*

- **Scope**: workspace + canonical-view
- **Primary Routes**:
  - `/admin` as the workspace-level overview where `WorkspaceOverview`, `WorkspaceSummaryStats`, `WorkspaceNeedsAttention`, and `WorkspaceRecentOperations` establish the first portfolio triage impression
  - `/admin/choose-workspace` as the default workspace-switch recovery surface for zero-tenant or wrong-workspace states
  - `/admin/choose-tenant` as the deliberate tenant-entry surface when the operator needs to move from workspace triage into one tenant
  - `/admin/t/{tenant}` as the tenant dashboard destination for tenant-wide recovery when a workspace attention item needs a broad tenant landing point
  - `/admin/t/{tenant}/findings` and tenant finding detail routes as the primary findings and governance drill-through destinations
  - `/admin/t/{tenant}/baseline-compare-landing` as the compare-posture destination for stale, failed, or materially degraded compare states
  - `/admin/alerts` as the canonical alert overview and delivery follow-up destination for workspace alert issues
  - `/admin/operations` and canonical operation detail routes as the operations and execution follow-up destinations
  - `/admin/t/{tenant}/evidence` and `/admin/t/{tenant}/reviews` only when an attention item is backed by already-visible evidence or review truth that is more precise than a generic tenant landing
- **Data Ownership**:
  - Workspace-owned: workspace context, workspace home composition, workspace-scoped recent operations, and alert-delivery history already summarized on the workspace home
  - Tenant-owned but workspace-filtered: visible tenant governance state, findings workflow state, evidence and review truth, and tenant-scoped compare posture that may be promoted into workspace attention
  - This feature introduces no new workspace summary record; workspace attention, calmness, and governance stats remain derived over existing workspace and tenant truth
- **RBAC**:
  - Workspace membership remains required to render `/admin` and all workspace-level overview aggregates
  - Only tenants that are visible within the current operator's entitled workspace scope may contribute to workspace counts, calmness suppression, or attention items
  - Alert-related destinations continue to require the existing alert visibility permission, while tenant drill-through destinations continue to require the current tenant-level inspection capability for that surface; baseline compare currently rides on general `tenant.view` rather than a dedicated compare-specific capability
  - Non-members or out-of-scope actors remain deny-as-not-found, and the workspace home must not leak hidden tenant posture through counts, wording, or drill-through affordances

For canonical-view specs, the spec MUST define:

- **Default filter behavior when tenant-context is active**: The workspace home remains workspace-scoped even if a tenant was selected earlier in the session. The overview itself must not silently collapse into one tenant. Any drill-through launched from workspace attention or governance stats must preserve the originating tenant and problem family through tenant context or an equivalent pre-applied destination filter.
- **Explicit entitlement checks preventing cross-tenant leakage**: Workspace counts, calmness claims, priority order, and drill-through destinations must be computed only from visible tenants and visible truth surfaces. Inaccessible tenants must not contribute to `needs attention`, governance-risk stats, or empty-state suppression. If a precise destination is not authorized for the current in-scope user, the workspace surface must use an allowed fallback or remove the clickable affordance instead of hinting at hidden data.

## UI/UX Surface Classification *(mandatory when operator-facing surfaces are changed)*

| Surface | Surface Type | Primary Inspect/Open Model | Row Click | Secondary Actions Placement | Destructive Actions Placement | Canonical Collection Route | Canonical Detail Route | Scope Signals | Canonical Noun | Critical Truth Visible by Default | Exception Type |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Workspace overview page | Workspace landing page | The page itself is the canonical workspace entry and hosts the embedded triage surfaces | forbidden | quick actions section only | none | `/admin` | none | Active workspace identity stays visible and embedded items must keep tenant labels explicit | Overview | Whether the workspace currently has governance attention and how that differs from raw activity | Singleton landing surface |
| Workspace `Needs Attention` | Embedded triage summary | Each attention item opens one matching working surface for the named tenant problem | required | none | none | `/admin` | Existing tenant dashboard, findings, baseline compare, evidence, review, or operation detail destination depending on item type | Tenant name, problem family, and urgency must be visible on the item before navigation | Attention / Attention item | The most important visible tenant problems and where to go next | Multi-destination triage surface |
| Workspace summary stats | Embedded status summary / drill-in surface | Each stat opens one matching destination or remains intentionally passive when no actionable set exists | forbidden | none | none | `/admin` | Matching destination for the metric, such as choose tenant, findings, compare, or operations | Workspace identity and a clear split between governance risk and activity volume | Governance attention and Operations | Portfolio risk counts are separated from portfolio activity counts | Mixed metric summary surface |
| Workspace recent operations | Embedded diagnostic recency surface | Each operation row or card opens the canonical operation detail | required | none | none | `/admin/operations` | Existing canonical operation detail route | Workspace context plus visible tenant label on each operation keeps the recency list anchored to one tenant when relevant | Operations / Operation | Recent execution context without pretending to be the main portfolio-risk summary | Diagnostic recency surface |

## Operator Surface Contract *(mandatory when operator-facing surfaces are changed)*

| Surface | Primary Persona | Surface Type | Primary Operator Question | Default-visible Information | Diagnostics-only Information | Status Dimensions Used | Mutation Scope | Primary Actions | Dangerous Actions |
|---|---|---|---|---|---|---|---|---|---|
| Workspace overview page | Workspace operator | Workspace landing page | Which tenants need attention first, and is this workspace actually calm or only operationally quiet? | Workspace identity, governance-aware summary stats, prioritized attention, and recent activity as supporting context | Deep run metadata, raw compare internals, and low-level workflow detail remain on downstream pages | governance attention, compare posture, findings pressure, evidence or review trust where already available, operations activity | none | Choose tenant, open an attention item destination, open operations | none |
| Workspace `Needs Attention` | Workspace operator | Embedded triage summary | Which tenant needs attention now, why, and where should I jump? | Tenant label, problem family, urgency, and one clear next destination | Low-level evidence payloads, verbose status histories, and raw query context remain secondary | governance issue, findings issue, compare issue, evidence or review issue, operations issue | none | Open the matching tenant dashboard, findings list, compare landing, evidence or review surface, or operation detail | none |
| Workspace summary stats | Workspace operator | Embedded status summary / drill-in surface | How much of this workspace is active, and how much of it is governance risk? | Small set of trustworthy counts with explicit governance versus activity meaning | Full tenant-by-tenant breakdown and historical trends remain outside the stat strip | governance attention volume, activity volume | none | Open the matching aggregate destination or tenant entry point | none |
| Workspace recent operations | Workspace operator | Embedded diagnostic recency surface | What has run recently if I need execution context? | Recent operations with tenant label, status, outcome, and recency | Full operation timeline, payload diagnostics, and longer history remain in operations surfaces | recency, execution status, execution outcome | none | Open the selected operation detail | none |

## Proportionality Review *(mandatory when structural complexity is introduced)*

- **New source of truth?**: No. Existing tenant governance, findings, compare, evidence, review, operations, and alert truth remain authoritative.
- **New persisted entity/table/artifact?**: No. This feature explicitly avoids a new workspace posture record or aggregate table.
- **New abstraction?**: No. The narrow change is to tighten workspace aggregation and presentation semantics on existing surfaces.
- **New enum/state/reason family?**: No. Existing governance, compare, findings, and operations state families remain authoritative.
- **New cross-domain UI framework/taxonomy?**: No. The feature aligns existing workspace and tenant surfaces without creating a new posture framework or score system.
- **Current operator problem**: The workspace home can look calm while visible tenants already have governance-critical conditions, which makes the portfolio entry point weaker than the tenant truth operators already rely on.
- **Existing structure is insufficient because**: The current workspace overview summarizes operations and alert activity well enough, but it does not promote tenant governance truth strongly enough to stop false calmness or answer which tenant to open first.
- **Narrowest correct implementation**: Reuse existing tenant governance, findings, compare, and already-available evidence or review truth to harden workspace stats, attention, and empty-state semantics on the current workspace home.
- **Ownership cost**: The repo takes on stricter workspace aggregation rules, a modest amount of copy tightening, and regression coverage for priority order, calmness suppression, and drill-through continuity.
- **Alternative intentionally rejected**: A full portfolio matrix, a workspace posture score, a major workspace redesign, or a new persisted posture model was rejected because the immediate gap is truth propagation on the existing workspace entry point.
- **Release truth**: Current-release truth. The semantic risk already exists on the shipped workspace overview.

## User Scenarios & Testing *(mandatory)*

### User Story 1 - See The Right Tenant First (Priority: P1)

As a workspace operator, I want the workspace home to surface governance-critical tenants before operational noise so that I can start triage from the riskiest visible tenant instead of from the most recent activity.

**Why this priority**: The feature only delivers value if the workspace entry point stops feeling quieter than the visible tenant truth.

**Independent Test**: Can be fully tested by seeding multiple visible tenants with mixes of overdue findings, lapsed governance, stale, failed, or materially degraded compare posture, high-severity active findings, alert failures, and active operations, then verifying that workspace attention promotes governance-critical tenants first.

**Acceptance Scenarios**:

1. **Given** one visible tenant has lapsed governance and another only has active operations, **When** the operator opens `/admin`, **Then** the governance-critical tenant is surfaced as higher-priority workspace attention.
2. **Given** a visible tenant has overdue findings while operations and alerts look healthy, **When** the workspace home loads, **Then** the page still presents governance attention instead of an all-clear impression.
3. **Given** a visible tenant has stale, failed, or materially degraded compare posture but little recent activity, **When** the workspace home loads, **Then** compare risk remains visible on the workspace entry point.

---

### User Story 2 - Distinguish Risk From Activity (Priority: P1)

As a workspace operator, I want the workspace home to separate governance risk from operations activity so that I can tell whether the portfolio is risky, merely busy, or genuinely calm.

**Why this priority**: A workspace overview that mixes posture and activity cannot support MSP triage with confidence.

**Independent Test**: Can be fully tested by rendering the workspace home in scenarios that contain only activity, only governance risk, both, or neither, then verifying that stats, attention, and empty states describe those cases differently.

**Acceptance Scenarios**:

1. **Given** the workspace has active operations but no visible governance-critical tenant states, **When** the overview renders, **Then** activity appears without governance-risk wording.
2. **Given** the workspace has no failed runs or alert failures but visible overdue findings exist, **When** the overview renders, **Then** the page does not present a calm empty state.
3. **Given** the workspace has no visible governance-critical states and no unusual operations issues, **When** the overview renders, **Then** calm messaging may appear and must match the covered truth domains.

---

### User Story 3 - Jump Into The Right Tenant Surface (Priority: P2)

As a workspace operator, I want each attention item to carry tenant identity and a trustworthy next jump so that I can recover the same problem family immediately on a tenant-level working surface.

**Why this priority**: Workspace attention is only trustworthy if the operator can click it and rediscover the same tenant problem without guesswork.

**Independent Test**: Can be fully tested by seeding representative workspace attention cases and verifying that each item names the tenant, names the problem family, and lands on the matching tenant dashboard, findings, compare, evidence, review, or operation destination.

**Acceptance Scenarios**:

1. **Given** a workspace attention item represents overdue findings for one visible tenant, **When** the operator opens it, **Then** the destination is that tenant's findings surface or a precise allowed fallback that preserves the same problem meaning.
2. **Given** a workspace attention item represents stale, failed, or materially degraded compare posture, **When** the operator opens it, **Then** the destination is the same tenant's baseline compare landing.
3. **Given** the operator can see a tenant on the workspace home but lacks a precise downstream capability, **When** the attention surface renders, **Then** it uses an allowed fallback or a disabled non-clickable state instead of a dead-end drill-through.

### Edge Cases

- A single visible tenant may have multiple governance-critical conditions at the same time; the workspace home must stay bounded while still exposing the tenant identity and the highest-priority next action.
- A workspace may be operationally quiet while one or more visible tenants still have overdue findings, lapsed governance, high-severity active findings, or stale, failed, or materially degraded compare posture; calm messaging must stay suppressed in that case.
- A workspace may be busy but healthy from a governance perspective; governance-risk stats and attention must remain calm even when recent operations are active.
- Some visible tenants may contribute only through a broader tenant dashboard drill-through because the operator lacks a more specific downstream capability; the workspace home must not create dead-end links or authorization surprises.
- A user may belong to the workspace but have zero accessible tenants; the zero-tenant state must remain distinct from a healthy calm state and must still provide one valid next step.
- Evidence or review truth may already indicate attention for a visible tenant even when operations are quiet; if that truth is already surfaced on tenant-level pages, the workspace home should be able to promote it without inventing a parallel status language.

## Requirements *(mandatory)*

**Constitution alignment (required):** This feature introduces no new Microsoft Graph call, no new write workflow, and no new queued or scheduled operation. It hardens the workspace home by promoting already-existing tenant-level truth into existing workspace surfaces.

**Constitution alignment (PROP-001 / ABSTR-001 / PERSIST-001 / STATE-001 / BLOAT-001):** This feature is intentionally narrow. It adds no new persistence, no new abstraction layer, no new status family, and no new posture framework. The required change is truthful workspace aggregation over existing tenant truth.

**Constitution alignment (OPS-UX):** No new `OperationRun` type, progress surface, or execution path is introduced. Existing operations surfaces remain the sole execution-truth surfaces. This slice only changes how the workspace home summarizes and points to those existing operations.

**Constitution alignment (RBAC-UX):** The feature lives in the admin workspace plane at `/admin` with drill-through into tenant-context or canonical admin destinations. Non-members or out-of-scope actors remain `404`. In-scope members lacking a downstream capability remain governed by existing server-side authorization on that destination. Workspace aggregation must stay capability-safe and tenant-safe: hidden tenants must not influence visible counts or wording, and attention items must not become clickable dead ends. If the semantically correct destination is not authorized, the item may only remain if an allowed fallback still preserves tenant and problem meaning. No destructive action is introduced.

**Constitution alignment (OPS-EX-AUTH-001):** Not applicable. No authentication-handshake behavior is changed.

**Constitution alignment (BADGE-001):** Existing centralized badge or tone semantics for findings severity, compare posture, and operations status or outcome remain the semantic source. This feature may expose those existing meanings at workspace level, but it must not invent page-local badge vocabularies for calmness, risk, or urgency.

**Constitution alignment (UI-FIL-001):** The feature reuses the existing Filament page and workspace widgets, existing stat cards, and existing shared status primitives. It should harden semantics through aligned copy, ordering, and drill-through meaning rather than through custom local status markup or a new widget family.

**Constitution alignment (UI-NAMING-001):** Operator-facing vocabulary must keep `Governance`, `Findings`, `Baseline Compare`, `Evidence`, `Reviews`, `Operations`, and `Needs attention` distinct. Calm wording must not imply portfolio health when the page only proves operational quietness.

**Constitution alignment (UI-CONST-001 / UI-SURF-001 / UI-HARD-001 / UI-EX-001 / UI-REVIEW-001):** The workspace overview remains the canonical workspace landing surface. `WorkspaceNeedsAttention` is the primary workspace triage surface. `WorkspaceSummaryStats` is a supporting summary strip and must separate risk from activity. `WorkspaceRecentOperations` remains diagnostic recency, not posture. Each affected surface must keep one primary inspect or open model and must not add redundant affordances.

**Constitution alignment (OPSURF-001):** Default-visible content on `/admin` must stay operator-first. Workspace identity, governance attention, and the distinction between risk and activity must remain visible before any diagnostic detail. Mutation scope remains none for all affected surfaces.

**Constitution alignment (UI-SEM-001 / LAYER-001 / TEST-TRUTH-001):** The feature must not create a new workspace posture layer, presenter framework, or persisted summary. It should instead align workspace semantics directly on top of existing tenant governance, findings, compare, evidence, review, and operations truth. Tests must protect business consequences such as false calmness, missing tenant labels, or broken drill-through continuity.

**Constitution alignment (Filament Action Surfaces):** The Action Surface Contract remains satisfied. `WorkspaceOverview` and its widgets remain inspection and drill-through surfaces with no destructive actions, no empty action groups, and no redundant `View` actions. Embedded widgets are exempt from list-action conventions where they are not tables, but each still needs one primary open model.

**Constitution alignment (UX-001 — Layout & Information Architecture):** This feature does not add create or edit screens. It refines the existing workspace landing page. Governance attention must stay above recent operations context, and empty states must use specific, bounded wording plus exactly one next step instead of broad health claims.

### Functional Requirements

- **FR-175-001**: The workspace home MUST become governance-aware rather than remaining a purely operations and alerts summary.
- **FR-175-002**: Workspace attention MUST be able to surface, when present within visible scope, at least lapsed governance, overdue findings, high-severity active findings, and stale, failed, or materially degraded compare posture.
- **FR-175-003**: Workspace attention SHOULD also be able to promote already-available evidence or review truth when that truth is more actionable than a generic tenant landing.
- **FR-175-004**: Every workspace attention item MUST clearly identify the tenant, the problem family, the urgency or relevance, and one clear next jump.
- **FR-175-005**: Workspace attention MUST semantically distinguish governance issues, findings issues, compare posture issues, evidence or review issues, and operations issues rather than flattening them into one generic alert stream.
- **FR-175-006**: Governance-critical tenant states MUST rank at least as high as, and ordinarily above, active-operations-only or alert-delivery-only items in workspace attention ordering.
- **FR-175-007**: The workspace home MUST NOT appear calmer or healthier than the worst visible tenant condition covered by its workspace attention and summary surfaces.
- **FR-175-008**: Calm or empty states on the workspace home MUST only claim calmness across the signal families that were actually checked and MUST NOT imply full portfolio health merely because operations or alerts are quiet.
- **FR-175-009**: Workspace summary stats MUST include at least one real governance-risk metric such as tenants needing governance attention, tenants with overdue findings, tenants with lapsed governance, or tenants with stale, failed, or materially degraded compare posture.
- **FR-175-010**: Workspace summary stats MUST clearly separate governance attention from activity or volume so an operator can tell whether the portfolio is risky, busy, both, or neither.
- **FR-175-011**: Every workspace attention item MUST resolve to one semantically matching destination surface such as the tenant dashboard, tenant findings, tenant baseline compare, tenant evidence, tenant reviews, or canonical operations detail.
- **FR-175-012**: When the exact matching destination is not authorized for the current in-scope user, the workspace home MUST use an allowed fallback that preserves tenant and problem meaning or suppress the clickable affordance rather than exposing a dead-end drill-through.
- **FR-175-013**: Workspace aggregation MUST reuse existing tenant governance aggregate, findings workflow and governance validity truth, compare assessment, and already-shipped evidence or review truth rather than introducing a weaker parallel workspace-only interpretation.
- **FR-175-014**: `WorkspaceRecentOperations` MUST remain an activity and recency surface and MUST NOT be treated as the workspace's primary posture or governance summary.
- **FR-175-015**: Zero-tenant and low-permission workspace states MUST remain distinct from calm or healthy portfolio states and MUST still provide one valid next action. Zero-tenant recovery MUST default to `Switch workspace`, and low-permission workspace-state recovery MUST default to `Open operations` unless a more specific allowed in-scope recovery action exists.
- **FR-175-016**: The feature MUST be achievable without a new table, new persisted workspace summary model, or heavy pre-aggregated materialized view.
- **FR-175-017**: Regression coverage MUST verify governance-attention promotion, priority order, calmness suppression, tenant identification, governance-versus-operations separation, drill-through continuity, RBAC-safe omission or fallback behavior, DB-only query-bounded render behavior, and the absence of schema requirements.

## UI Action Matrix *(mandatory when Filament is changed)*

| Surface | Location | Header Actions | Inspect Affordance (List/Table) | Row Actions (max 2 visible) | Bulk Actions (grouped) | Empty-State CTA(s) | View Header Actions | Create/Edit Save+Cancel | Audit log? | Notes / Exemptions |
|---|---|---|---|---|---|---|---|---|---|---|
| Workspace overview page | `app/Filament/Pages/WorkspaceOverview.php` | Existing page chrome only; no new page-header action required | n/a | n/a | none | One bounded CTA per empty state, aligned to the specific empty condition | n/a | n/a | no new audit behavior | Singleton landing surface whose main job is truthful orientation, not mutation |
| `WorkspaceSummaryStats` | `app/Filament/Widgets/Workspace/WorkspaceSummaryStats.php` | none | Explicit stat click only when the metric has a matching actionable destination | none | none | Zero-value reassurance remains intentionally passive unless a specific next step is required | n/a | n/a | no new audit behavior | Stat meanings must stay honest about whether they represent risk or activity |
| `WorkspaceNeedsAttention` | `app/Filament/Widgets/Workspace/WorkspaceNeedsAttention.php` | none | One explicit destination or one full-item primary open model per attention item | none | none | Healthy fallback remains read-only reassurance only when no covered attention condition exists | n/a | n/a | no new audit behavior | Multi-destination triage widget; no destructive action and no redundant secondary action model |
| `WorkspaceRecentOperations` | `app/Filament/Widgets/Workspace/WorkspaceRecentOperations.php` | none | Each operation row or card opens canonical operation detail | none | none | Existing empty state remains diagnostic and must not imply broader portfolio health | n/a | n/a | no new audit behavior | Diagnostic recency surface; keeps operations context visible without redefining workspace posture |

### Key Entities *(include if feature involves data)*

- **Visible tenant governance state**: The already-derived tenant condition that tells whether a visible tenant currently carries overdue findings, lapsed or expiring governance, stale, failed, or materially degraded compare posture, high-severity active findings, or already-surfaced evidence or review attention.
- **Workspace governance attention item**: A bounded workspace-level triage item that promotes one visible tenant problem into the workspace home with tenant identity, problem family, urgency, and a next jump.
- **Workspace governance metric**: A workspace-level count that describes how many visible tenants currently require governance attention, independent from operations volume.
- **Workspace calmness claim**: Any workspace wording or empty state that implies the portfolio is calm; it is only valid when the covered governance and activity signals are genuinely calm within visible scope.
- **Workspace drill-through contract**: The semantic promise that a workspace stat or attention item can be rediscovered on the surface it opens without losing tenant identity or problem meaning.

## Success Criteria *(mandatory)*

### Measurable Outcomes

- **SC-175-001**: In regression coverage, every seeded workspace scenario containing at least one visible tenant with lapsed governance, overdue findings, high-severity active findings, or stale, failed, or materially degraded compare posture produces at least one governance attention signal on the workspace home and no calm empty state.
- **SC-175-002**: In regression coverage, 100% of covered workspace attention items display tenant context, problem-family context, and either a matching destination or an allowed disabled or fallback state when the exact destination is not authorized.
- **SC-175-003**: In seeded operator review, an operator can identify within 10 seconds which tenant to open first, why that tenant needs attention, and whether the issue is governance or operations.
- **SC-175-004**: In regression coverage, operations-only activity scenarios do not trigger governance-risk wording, and governance-critical tenant scenarios are not ranked beneath pure activity-only or alert-delivery-only items.
- **SC-175-005**: The feature ships without a required schema migration, a new persisted workspace posture model, or a required materialized aggregate view.
- **SC-175-006**: In regression coverage, a dedicated DB-only workspace overview test proves render-time aggregation stays query-bounded for representative visible-tenant scenarios and does not rely on uncontrolled polling or unbounded per-tenant query fanout.

## Assumptions

- Existing tenant governance aggregate, findings workflow state, compare assessment, and already-available evidence or review truth are sufficient to harden the workspace home without inventing a new posture system.
- Existing tenant dashboard, findings, baseline compare, evidence, review, and operations surfaces remain the correct downstream destinations for workspace drill-through.
- The current workspace overview page structure remains in place for this slice; the work changes truth ordering and meaning, not the overall workspace information architecture.

## Non-Goals

- Building a full portfolio matrix or tenant grid
- Introducing a global workspace posture score, grade, or traffic-light system
- Redesigning the entire workspace overview layout
- Adding choose-tenant posture annotations
- Creating new persistence, materialized views, or a new workspace summary artifact
- Extending the work into cross-workspace or platform-wide operator surfaces

## Dependencies

- Existing workspace overview page and workspace widgets
- Existing tenant governance truth, compare assessment, findings governance state, and evidence or review trust work
- Existing tenant dashboard, findings, compare, evidence, review, and operations destinations used as canonical drill-through surfaces
- Existing workspace and tenant RBAC plus capability-safe query scoping

## Follow-up Spec Candidates

- **Spec 176 — Workspace Portfolio Posture Surface** for per-tenant posture summaries, risk concentration, and a first true portfolio matrix
- **Spec 177 — Choose Tenant Posture Annotation** for posture-aware tenant selection and faster triage from tenant pickers
- **Spec 178 — Workspace Portfolio Stats Redesign** for a broader governance-oriented workspace stat model that goes beyond this foundation slice

## Definition of Done

Spec 175 is complete when:

- workspace attention is no longer purely operations-centered,
- governance-relevant tenant problems are visible on the workspace home,
- workspace calmness no longer reads healthier than the worst visible tenant conditions,
- attention items carry tenant identity, problem type, and a meaningful drill-through,
- workspace summary stats include at least one real governance-risk metric and clearly separate risk from activity,
- and the improvement ships without a new persistence structure or a full workspace redesign.