94ada11fbd
docs(04-rbac-03): complete RBAC API enforcement plan — guards, test-message endpoint, integration tests
...
- 17 portal API endpoints guarded with Depends() RBAC guards
- POST /agents/{aid}/test endpoint allows operators to QA agents
- GET /tenants/{tid}/users, GET /admin/users listing endpoints
- POST /admin/impersonate with AuditEvent audit trail
- 56 integration tests covering full RBAC matrix and invite flow
- STATE.md updated, ROADMAP.md phase 4 marked complete
Awaiting human-verify checkpoint (Task 3) before phase is fully done
2026-03-24 17:18:52 -06:00
e899b14fa7
docs(04-rbac-02): complete portal RBAC integration plan
...
- 04-02-SUMMARY.md: Auth.js JWT + role nav + tenant switcher + impersonation banner + user pages
- STATE.md: advanced to plan 3, metrics recorded, base-ui decisions added
- ROADMAP.md: phase 4 updated to 2/3 plans complete
- REQUIREMENTS.md: RBAC-05 marked complete
2026-03-24 17:08:50 -06:00
1fa4c3e3ad
docs(04-rbac-01): complete RBAC foundation plan — migration, guards, invitations, tests
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-03-24 13:57:17 -06:00
2aecc5c787
fix(04-rbac): revise plans based on checker feedback
2026-03-24 13:46:03 -06:00
bf4adf0b21
docs(04-rbac): create phase plan — 3 plans in 3 waves
2026-03-24 13:37:36 -06:00
4706a87355
docs(04): add research and validation strategy
2026-03-24 13:28:17 -06:00
0dc21c6ee5
docs(04-rbac): research phase RBAC domain
2026-03-24 13:27:22 -06:00
52a30dd8e1
docs(04): capture phase context
2026-03-24 13:09:47 -06:00
7252845455
docs: add Phase 4 — RBAC with 3-tier roles and invitation flow
...
Three roles: platform admin (full SaaS), customer admin (tenant-scoped),
customer operator (read-only). Email invitation flow for tenant user
onboarding. 6 new requirements (RBAC-01 through RBAC-06).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com >
2026-03-24 12:40:43 -06:00
