Audit & Best-Practices Review 2026-07-02

Reconciled read-only snapshot of two multi-agent reviews of the whole repo — a 6-lens defect audit and a fresh-eyes ops / de-brand / installer best-practices pass. Both are advisory (ADR-0008): GK owns every call. Source: docs/AUDIT-FINDINGS-2026-07-02.md + docs/BEST-PRACTICES-REVIEW-2026-07-02.md. Triaged into backlog items 1.226–1.246.

147raw findings
21filed items
7P1
4epics
≈6pages to trim
Headline · leanness

“Width not depth” confirmed — but merge, don’t cut

The disease is overlap + shallowness, not dead pages — almost nothing answers nothing. Cure: 24 → ~18-19 pages by collapsing the TU (33% of the report) and SP-Access clones, zero persona value lost.

Then redeploy the freed surface into the one place depth is thinnest and matters most — the buyer. The CISO is served by one page that under-delivers the filed ask. Biggest single lever: 1.236 (deepen Admin Access, ~30 min, on a golden page).

Headline · the one-way door

Split the Gen1 storage substrate — sequence the cloud leg first

AD leg → keep Gen1. Folding the LDAP crawl into the dataset risks the 2-hr Pro timeout; migrate it last, only if Microsoft forces a cutoff.

Cloud leg → investigate folding away (1.239): the 10 Phase-2 dataflows do almost nothing but cost the product its most error-prone manual step.

AD-leg migration is the only 1-way door in the report

The reconciled priority ladder

21 filed items, ranked by leverage × distance-to-the-cheque. Filter by tier, lane, or priority.

Tier
Lane
Priority

Where the best-practices pass reframes the audit

The two reviews agree; the fresh-eyes pass mostly turns the audit’s scattered findings into a few coherent programs — several got bigger and cheaper than they looked alone.

Audit findingBest-practice verdictNet effect

Wheels that already fit — do not change

GK asked specifically not to reinvent good wheels. These are already best practice — several exceed typical implementations. Leave them alone; guard their invariants.