1.6 KiB
1.6 KiB
Route Contract — Spec 080
This document defines the expected user-facing route surfaces and the required 404/403 semantics.
Canonical Management (workspace-scoped)
All of the following are under /admin/* and require:
- selected workspace context
- workspace membership (non-member → 404)
Routes:
GET /admin/tenantsGET /admin/tenants/{tenant}GET /admin/tenants/{tenant}/membershipsGET /admin/tenants/{tenant}/provider-connectionsGET /admin/tenants/{tenant}/provider-connections/{connection}/editGET /admin/tenants/{tenant}/required-permissions- (optional)
GET /admin/tenants/{tenant}/onboarding
Identifier contract:
{tenant}MUST beTenant.external_id(Entra tenant GUID)
Authorization contract:
- member without capability:
- viewing pages: allowed
- mutating actions: 403
Canonical Operate (tenant-scoped)
All of the following are under /admin/t/{tenant}/* and require:
- selected workspace context
- workspace membership
- tenant entitlement (non-entitled → 404)
Routes (contract targets for US2 tests):
GET /admin/t/{tenant}(tenant dashboard root)GET /admin/t/{tenant}/diagnostics(operational diagnostics page)
Removed Tenant-Scoped Management (must 404)
The following routes MUST NOT exist (no redirects in dev stage):
GET /admin/t/{tenant}/provider-connections*GET /admin/t/{tenant}/required-permissions*GET /admin/t/{tenant}/memberships*GET /admin/t/{tenant}/tenants*
Monitoring
GET /admin/operationsGET /admin/operations/{run}
Monitoring pages are DB-only at render time.