Audit & Best-Practices Review 2026-07-02
Reconciled read-only snapshot of two multi-agent reviews of the whole repo — a
6-lens defect audit and a fresh-eyes ops / de-brand / installer
best-practices pass. Both are advisory (ADR-0008): GK owns every call. Source:
docs/AUDIT-FINDINGS-2026-07-02.md + docs/BEST-PRACTICES-REVIEW-2026-07-02.md.
Triaged into backlog items 1.226–1.246.
“Width not depth” confirmed — but merge, don’t cut
The disease is overlap + shallowness, not dead pages — almost nothing answers nothing. Cure: 24 → ~18-19 pages by collapsing the TU (33% of the report) and SP-Access clones, zero persona value lost.
Then redeploy the freed surface into the one place depth is thinnest and matters most — the buyer. The CISO is served by one page that under-delivers the filed ask. Biggest single lever: 1.236 (deepen Admin Access, ~30 min, on a golden page).
Split the Gen1 storage substrate — sequence the cloud leg first
AD leg → keep Gen1. Folding the LDAP crawl into the dataset risks the 2-hr Pro timeout; migrate it last, only if Microsoft forces a cutoff.
Cloud leg → investigate folding away (1.239): the 10 Phase-2 dataflows do almost nothing but cost the product its most error-prone manual step.
AD-leg migration is the only 1-way door in the reportThe reconciled priority ladder
21 filed items, ranked by leverage × distance-to-the-cheque. Filter by tier, lane, or priority.
Where the best-practices pass reframes the audit
The two reviews agree; the fresh-eyes pass mostly turns the audit’s scattered findings into a few coherent programs — several got bigger and cheaper than they looked alone.
| Audit finding | Best-practice verdict | Net effect |
|---|
Wheels that already fit — do not change
GK asked specifically not to reinvent good wheels. These are already best practice — several exceed typical implementations. Leave them alone; guard their invariants.