coulomb/user-engine
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1cd15cf79fb857adde91bed4b357546990cbc172
user-engine/workplans/USER-WP-0003-multi-tenancy.md

2.3 KiB
Raw Blame History

id, type, title, domain, repo, status, owner, topic_slug, planning_priority, planning_order, created, updated, depends_on, state_hub_workstream_id
id type title domain repo status owner topic_slug planning_priority planning_order created updated depends_on state_hub_workstream_id
USER-WP-0003 workplan User Engine Multi-Tenancy netkingdom user-engine ready codex netkingdom high 3 2026-05-22 2026-05-22
USER-WP-0002
88a11922-7064-4373-9afe-b280bdd4359a

USER-WP-0003 - User Engine Multi-Tenancy

Goal

Extend the MVP into a tenant-aware service with explicit platform-vs-tenant boundaries, tenant profiles, tenant memberships, tenant-scoped admin actions, and tenant isolation tests.

Tasks

id: USER-WP-0003-T1
status: todo
priority: high
state_hub_task_id: "3b6d67cc-be4d-4da3-b08c-f5919c1cb167"

Implement tenant identifiers, tenant context resolution, and request validation.

id: USER-WP-0003-T2
status: todo
priority: high
state_hub_task_id: "9b8cb25a-eae5-4c6d-abdb-87fa73ba2cc6"

Add tenant-scoped account state, profile values, memberships, and persistence constraints.

id: USER-WP-0003-T3
status: todo
priority: high
state_hub_task_id: "a7abd6b0-c35a-4b3a-ae60-1d7db41398f8"

Implement tenant admin operations while denying platform-root operations to tenant admins.

id: USER-WP-0003-T4
status: todo
priority: high
state_hub_task_id: "9deb9f46-d214-4311-9b19-7f61d75b4aaa"

Extend authorization requests with tenant, target user, membership, assurance, and scope facts.

id: USER-WP-0003-T5
status: todo
priority: medium
state_hub_task_id: "ea8d4127-7ef1-4a7a-80fb-11c8f00c25c3"

Add tenant-aware audit records and outbox events.

id: USER-WP-0003-T6
status: todo
priority: high
state_hub_task_id: "7d1071a2-c85f-4a21-9842-fcb826c0172d"

Add tests for cross-tenant denial, tenant admin allowed actions, tenant admin platform-root denial, tenant profile precedence, and tenant membership changes.

id: USER-WP-0003-T7
status: todo
priority: medium
state_hub_task_id: "6c9e6b82-9a8f-4017-96c3-5df9f3185154"

Add tenant onboarding diagnostics for memberships, policy bindings, catalog scopes, and audit readiness.

Acceptance Criteria

  • Tenant context is explicit on every tenant-scoped operation.
  • Tenant data is isolated by constraints and authorization.
  • Tenant admins cannot modify platform-root resources.
  • Tests cover allowed and denied tenant paths.
Reference in New Issue View Git Blame Copy Permalink