coulomb/user-engine
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add implementation workplans and integration boundaries

Browse Source
This commit is contained in:
Bernd Worsch
2026-05-22 19:50:04 +02:00
parent fd088751ff
commit 1cd15cf79f
9 changed files with 791 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
workplans/USER-WP-0003-multi-tenancy.md Normal file
View File

@@ -0,0 +1,102 @@
---
id: USER-WP-0003
type: workplan
title: "User Engine Multi-Tenancy"
domain: netkingdom
repo: user-engine
status: ready
owner: codex
topic_slug: netkingdom
planning_priority: high
planning_order: 3
created: "2026-05-22"
updated: "2026-05-22"
depends_on:
- USER-WP-0002
state_hub_workstream_id: "88a11922-7064-4373-9afe-b280bdd4359a"
---
# USER-WP-0003 - User Engine Multi-Tenancy
## Goal
Extend the MVP into a tenant-aware service with explicit platform-vs-tenant
boundaries, tenant profiles, tenant memberships, tenant-scoped admin actions,
and tenant isolation tests.
## Tasks
```task
id: USER-WP-0003-T1
status: todo
priority: high
state_hub_task_id: "3b6d67cc-be4d-4da3-b08c-f5919c1cb167"
```
Implement tenant identifiers, tenant context resolution, and request validation.
```task
id: USER-WP-0003-T2
status: todo
priority: high
state_hub_task_id: "9b8cb25a-eae5-4c6d-abdb-87fa73ba2cc6"
```
Add tenant-scoped account state, profile values, memberships, and persistence
constraints.
```task
id: USER-WP-0003-T3
status: todo
priority: high
state_hub_task_id: "a7abd6b0-c35a-4b3a-ae60-1d7db41398f8"
```
Implement tenant admin operations while denying platform-root operations to
tenant admins.
```task
id: USER-WP-0003-T4
status: todo
priority: high
state_hub_task_id: "9deb9f46-d214-4311-9b19-7f61d75b4aaa"
```
Extend authorization requests with tenant, target user, membership, assurance,
and scope facts.
```task
id: USER-WP-0003-T5
status: todo
priority: medium
state_hub_task_id: "ea8d4127-7ef1-4a7a-80fb-11c8f00c25c3"
```
Add tenant-aware audit records and outbox events.
```task
id: USER-WP-0003-T6
status: todo
priority: high
state_hub_task_id: "7d1071a2-c85f-4a21-9842-fcb826c0172d"
```
Add tests for cross-tenant denial, tenant admin allowed actions, tenant admin
platform-root denial, tenant profile precedence, and tenant membership changes.
```task
id: USER-WP-0003-T7
status: todo
priority: medium
state_hub_task_id: "6c9e6b82-9a8f-4017-96c3-5df9f3185154"
```
Add tenant onboarding diagnostics for memberships, policy bindings, catalog
scopes, and audit readiness.
## Acceptance Criteria
- Tenant context is explicit on every tenant-scoped operation.
- Tenant data is isolated by constraints and authorization.
- Tenant admins cannot modify platform-root resources.
- Tests cover allowed and denied tenant paths.