# Corporate Phase 7.5 Operational Audit ## Scope Reviewed Reviewed the corporate routes, existing dashboard component, Phase 6/7 docs, RBAC catalog, policies, and regression tests before implementing Phase 7.5. ## Findings ### Routes - Public B2B entry points exist: - `/b2b` - `/corporate` redirects to `/b2b` - `/institutions` redirects to `/b2b` - Admin corporate operational routes exist for: - B2B leads - proposals - agreements - corporate cohorts - reports - invoices - payments - receivables - credit notes - Organization portal routes exist for: - `/org/programs` - `/org/reports` - `/org/invoices` Gap: - `/admin/corporate-dashboard` is not currently registered. ### Existing Dashboard `app/Livewire/Admin/Corporate/CorporateDashboard.php` exists, but it currently behaves like an organization directory: - lists `Organization` records, - exposes an organization create modal, - uses `$companies` variable naming even though `Organization` is canonical, - contains hardcoded French UI text, - does not expose executive metrics, alerts, or finance visibility checks. Decision: - Reuse the existing component path but convert it into an executive dashboard. - Keep detailed organization CRUD in existing organization/B2B pages rather than adding new CRUD here. ### Security - Finance-sensitive pages already rely on explicit permissions such as `corporate_finance.view` and `corporate_receivables.view`. - Org portal invoice/report downloads go through policies and selected organization tenancy checks. - Active code routes inspected do not reference `App\Models\Company`. - Legacy `companies` migrations and docs remain only for compatibility/history and are not used as the active corporate model. Gap: - Need `corporate_dashboard.view` permission and route guard. - Dashboard finance cards must hide values unless the user has `corporate_finance.view`. ### QA Coverage Existing tests cover: - Phase 1 lead submission and organization conversion, - proposal workflow, - agreement workflow, - cohort/report private file flow, - invoicing/payment allocation, - credit notes/reversals/receipt downloads. Gap: - Need a single operational E2E test covering the complete Phase 1-7 chain including invoice, payment, credit note, reversal, receivables, and org-scoped visibility. - Need route/security regression tests for the new dashboard. ## Phase 7.5 Implementation Direction - Add `corporate_dashboard.view`. - Register `/admin/corporate-dashboard` with `auth` + permission. - Convert `CorporateDashboard` into a read-only executive dashboard. - Add dashboard widgets for leads, proposals, agreements, cohorts, attendance, finance, and operational alerts. - Add operational checklist panels to detail pages with low-risk view-only computations. - Add tests before implementation for route access and dashboard finance visibility.