docs(08-01): complete Permission Data Models and Mapping Layer plan

- SUMMARY.md with self-check passed
- STATE.md updated to Phase 8, Plan 1 complete
- ROADMAP.md progress updated for Phase 8
- SIMP-01 and SIMP-02 requirements marked complete

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.planning/phases/08-simplified-permissions/08-01-SUMMARY.md

@@ -0,0 +1,73 @@
+---
+phase: 08-simplified-permissions
+plan: 01
+subsystem: core-models
+tags: [permissions, risk-level, mapping, data-models]
+dependency_graph:
+  requires: []
+  provides: [RiskLevel, PermissionLevelMapping, SimplifiedPermissionEntry, PermissionSummary, PermissionSummaryBuilder]
+  affects: [08-02, 08-03, 08-04, 08-05]
+tech_stack:
+  added: []
+  patterns: [wrapper-pattern, static-mapping, enum-based-classification]
+key_files:
+  created:
+    - SharepointToolbox/Core/Models/RiskLevel.cs
+    - SharepointToolbox/Core/Helpers/PermissionLevelMapping.cs
+    - SharepointToolbox/Core/Models/SimplifiedPermissionEntry.cs
+    - SharepointToolbox/Core/Models/PermissionSummary.cs
+  modified: []
+decisions:
+  - "RiskLevel enum uses ordinal ordering (High=0) so Min() gives highest risk"
+  - "Unknown/custom roles default to Medium risk (conservative — forces admin review)"
+  - "SimplifiedPermissionEntry is a class (not record) to support passthrough properties for DataGrid binding"
+  - "PermissionSummaryBuilder always returns all 4 risk levels even with count 0 for consistent UI layout"
+metrics:
+  duration: 77s
+  completed: 2026-04-07T12:06:57Z
+  tasks_completed: 2
+  tasks_total: 2
+  files_created: 4
+  files_modified: 0
+---
+
+# Phase 08 Plan 01: Permission Data Models and Mapping Layer Summary
+
+RiskLevel enum, PermissionLevelMapping static helper with 11 standard SharePoint role mappings, SimplifiedPermissionEntry wrapper preserving PermissionEntry immutability, and PermissionSummaryBuilder for grouped risk-level counts.
+
+## Tasks Completed
+
+### Task 1: Create RiskLevel enum and PermissionLevelMapping helper
+- **Commit:** f1390ea
+- **Files:** RiskLevel.cs, PermissionLevelMapping.cs
+- Created 4-value RiskLevel enum (High, Medium, Low, ReadOnly)
+- PermissionLevelMapping maps 11 standard SharePoint roles to plain-language labels
+- Case-insensitive dictionary lookup with Medium fallback for unknown roles
+- GetMapping, GetMappings, GetHighestRisk, GetSimplifiedLabels methods
+
+### Task 2: Create SimplifiedPermissionEntry wrapper and PermissionSummary model
+- **Commit:** 6609f2a
+- **Files:** SimplifiedPermissionEntry.cs, PermissionSummary.cs
+- SimplifiedPermissionEntry wraps PermissionEntry via Inner property
+- Computed SimplifiedLabels, RiskLevel, and Mappings at construction time
+- All 9 passthrough properties for DataGrid binding compatibility
+- Static WrapAll factory method for bulk conversion
+- PermissionSummary record with Label, RiskLevel, Count, DistinctUsers
+- PermissionSummaryBuilder.Build returns all 4 risk levels for consistent UI binding
+
+## Deviations from Plan
+
+None - plan executed exactly as written.
+
+## Verification Results
+
+- dotnet build succeeded with 0 errors, 0 warnings
+- RiskLevel.cs has High, Medium, Low, ReadOnly values
+- PermissionLevelMapping has 11 known role mappings
+- SimplifiedPermissionEntry wraps PermissionEntry without modifying it
+- PermissionSummaryBuilder.Build returns 4 summary entries
+- PermissionEntry.cs confirmed unmodified (git diff empty)
+
+## Self-Check: PASSED
+
+All 4 created files exist on disk. Both task commits (f1390ea, 6609f2a) verified in git log.