# Capability Contracts: Tenant RBAC v1

This document defines the canonical set of capabilities for the Tenant RBAC system. Feature code MUST use these capability strings when checking permissions with Laravel Gates (e.g., `Gate::allows('tenant.members.manage')`).

## Naming Convention

Capabilities follow the format: `tenant.<domain>.<verb>`

## Capability List (v1)

### Core
-   `tenant.core.view`: View the tenant dashboard and basic information.

### Membership
-   `tenant.members.view`: View the list of members in a tenant.
-   `tenant.members.manage`: Add, remove, or change the roles of members in a tenant. (Owner-only)

### Settings
-   `tenant.settings.view`: View tenant settings.
-   `tenant.settings.manage`: Modify tenant settings.

### Providers
-   `tenant.providers.view`: View provider connections.
-   `tenant.providers.manage`: Add, edit, or remove provider connections.
-   `tenant.providers.credentials.rotate`: Rotate credentials for a provider connection.
-   `tenant.providers.run_ops`: Execute operations using a provider.

### Operations & Monitoring
-   `tenant.operations.view`: View tenant operations and monitoring data.
-   `tenant.operations.start`: Start new tenant operations.

### Inventory & Drift
-   `tenant.inventory.view`: View tenant inventory.
-   `tenant.inventory.sync`: Trigger a synchronization of the tenant inventory.
-   `tenant.drift.view`: View drift detection reports.
-   `tenant.drift.ack`: Acknowledge drift alerts.

### Policies, Backups, & Restore
-   `tenant.policies.view`: View policies.
-   `tenant.policies.sync`: Synchronize policies.
-   `tenant.policies.delete`: Delete policies.
-   `tenant.backups.manage`: Manage backups.
-   `tenant.restore.execute`: Execute a restore from a backup.
-   `tenant.danger_zone`: Access to destructive "danger zone" actions. (Owner-only)