ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
e222845a36
TenantAtlas/specs/247-plans-entitlements-billing-readiness/contracts/workspace-entitlements-foundation.logical.openapi.yaml
ahmido e222845a36
Some checks failed
Main Confidence / confidence (push) Failing after 53s
Details
247: plans entitlements billing readiness (#287) 
Automated commit and PR created by Copilot per user request.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #287
2026-04-27 17:35:04 +00:00

456 lines
14 KiB
YAML
Raw Blame History

openapi: 3.0.3
info:
title: TenantPilot Admin/System — Workspace Entitlements Foundation (Conceptual)
version: 0.1.0
description: |
Conceptual contract for the workspace-first entitlement foundation.
NOTE: These routes are implemented as existing Filament pages, widgets,
resources, and Livewire-backed actions. The exact Livewire payload shape is
not part of this contract. This file captures the user-visible routes,
logical action boundaries, and the required 404 / 403 / business-state
blocking semantics for the first slice.
servers:
- url: /admin
- url: /system
paths:
/settings/workspace:
get:
summary: View workspace entitlement settings
description: |
Renders the existing workspace settings singleton page with one new
entitlement section.
Behavior:
- No workspace selected: redirect to `/admin/choose-workspace`
- Non-member or wrong workspace: 404
- Workspace member without `workspace_settings.view`: 403
- Authorized member: render plan profile, effective entitlements,
source labels, rationale, and current usage summary
responses:
'200':
description: Workspace settings page rendered
content:
text/html:
schema:
type: string
x-logical-view-model:
$ref: '#/components/schemas/WorkspaceEntitlementSettingsView'
'302':
description: Redirect to choose-workspace when no workspace is active
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
/settings/workspace/actions/save-entitlements:
post:
summary: Save plan profile and explicit entitlement overrides
description: |
Conceptual contract for the existing singleton settings save action.
The save reuses existing workspace-setting persistence and audit logging.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/WorkspaceEntitlementSettingsCommand'
responses:
'204':
description: Settings saved successfully
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'422':
$ref: '#/components/responses/ValidationError'
/settings/workspace/actions/reset-entitlement-override/{entitlementKey}:
post:
summary: Reset one explicit entitlement override and rationale
description: |
Conceptual contract for a confirmation-protected override reset action.
Resetting returns effective truth to the selected plan profile or the
code-owned default profile.
parameters:
- $ref: '#/components/parameters/EntitlementKey'
responses:
'204':
description: Override reset successfully
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
/onboarding/{onboardingDraft}:
get:
summary: View onboarding workflow with entitlement-aware completion state
description: |
Renders the existing managed-tenant onboarding wizard. The completion
step must include managed-tenant activation entitlement truth.
parameters:
- $ref: '#/components/parameters/OnboardingDraftId'
responses:
'200':
description: Onboarding wizard rendered
content:
text/html:
schema:
type: string
x-logical-view-model:
$ref: '#/components/schemas/OnboardingEntitlementView'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
/onboarding/{onboardingDraft}/actions/complete:
post:
summary: Complete onboarding when entitlement and existing readiness allow
description: |
Conceptual contract for the existing confirmation-protected completion
action. The entitlement gate must run before any tenant activation
mutation occurs.
parameters:
- $ref: '#/components/parameters/OnboardingDraftId'
responses:
'204':
description: Onboarding completed
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/BusinessStateBlocked'
/review-packs/actions/generate:
post:
summary: Generate a review pack from the current tenant context
description: |
Conceptual contract for the tenant dashboard widget and review-pack list
generate action family. Existing dedupe and queued-start behavior remain
unchanged when entitlement allows execution.
requestBody:
required: false
content:
application/json:
schema:
$ref: '#/components/schemas/ReviewPackGenerationCommand'
responses:
'202':
description: Generation accepted or deduped through the existing flow
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/BusinessStateBlocked'
/tenant-reviews/{tenantReview}/actions/export-executive-pack:
post:
summary: Export an executive pack from an existing tenant review
description: |
Conceptual contract for the review register and tenant review detail
export action family. The entitlement gate must run before any new
`ReviewPack` or `OperationRun` is created.
parameters:
- $ref: '#/components/parameters/TenantReviewId'
responses:
'202':
description: Export accepted or deduped through the existing flow
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/BusinessStateBlocked'
/review-packs/{reviewPack}/actions/regenerate:
post:
summary: Regenerate an existing review pack
description: |
Conceptual contract for the existing review-pack detail regenerate
action. Existing confirmation and reuse behavior remain in place.
parameters:
- $ref: '#/components/parameters/ReviewPackId'
requestBody:
required: false
content:
application/json:
schema:
$ref: '#/components/schemas/ReviewPackGenerationCommand'
responses:
'202':
description: Regeneration accepted or deduped through the existing flow
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/BusinessStateBlocked'
/directory/workspaces/{workspace}:
get:
summary: View read-only workspace entitlement summary in the system plane
description: |
Renders the existing system directory workspace detail page with a
read-only entitlement summary.
Behavior:
- Platform user with `platform.directory.view`: 200
- Platform user without that capability: 403
- Wrong-plane or non-platform actor: 404 semantics at the panel boundary
parameters:
- $ref: '#/components/parameters/WorkspaceId'
responses:
'200':
description: System workspace detail rendered
content:
text/html:
schema:
type: string
x-logical-view-model:
$ref: '#/components/schemas/SystemWorkspaceEntitlementView'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
components:
parameters:
WorkspaceId:
name: workspace
in: path
required: true
schema:
type: integer
OnboardingDraftId:
name: onboardingDraft
in: path
required: true
schema:
type: integer
TenantReviewId:
name: tenantReview
in: path
required: true
schema:
type: integer
ReviewPackId:
name: reviewPack
in: path
required: true
schema:
type: integer
EntitlementKey:
name: entitlementKey
in: path
required: true
schema:
type: string
enum:
- managed_tenant_activation_limit
- review_pack_generation_enabled
responses:
Forbidden:
description: Member or platform user lacks the required capability in an already established scope
NotFound:
description: Wrong plane, non-member scope, or inaccessible record
BusinessStateBlocked:
description: Actor is otherwise authorized, but the workspace is not entitled for the requested action
content:
application/json:
schema:
$ref: '#/components/schemas/EntitlementBlockResponse'
ValidationError:
description: Submitted entitlement settings failed validation
schemas:
WorkspaceEntitlementSettingsCommand:
type: object
required:
- plan_profile
- entitlements
properties:
plan_profile:
type: string
nullable: true
description: Null means use the code-owned default profile
entitlements:
type: array
items:
$ref: '#/components/schemas/EntitlementOverrideInput'
EntitlementOverrideInput:
type: object
required:
- key
properties:
key:
type: string
enum:
- managed_tenant_activation_limit
- review_pack_generation_enabled
override_value:
oneOf:
- type: integer
- type: boolean
nullable: true
rationale:
type: string
nullable: true
ReviewPackGenerationCommand:
type: object
properties:
include_pii:
type: boolean
include_operations:
type: boolean
WorkspaceEntitlementSettingsView:
type: object
required:
- workspace_id
- effective_plan_profile
- entitlements
- primary_action
properties:
workspace_id:
type: integer
effective_plan_profile:
$ref: '#/components/schemas/PlanProfileSummary'
entitlements:
type: array
items:
$ref: '#/components/schemas/WorkspaceEntitlementDecision'
last_changed:
$ref: '#/components/schemas/LastChangedAttribution'
nullable: true
primary_action:
$ref: '#/components/schemas/NextAction'
OnboardingEntitlementView:
type: object
required:
- draft_id
- completion_decision
properties:
draft_id:
type: integer
completion_decision:
$ref: '#/components/schemas/WorkspaceEntitlementDecision'
primary_action:
$ref: '#/components/schemas/NextAction'
blocked_reason:
type: string
nullable: true
SystemWorkspaceEntitlementView:
type: object
required:
- workspace_id
- effective_plan_profile
- entitlements
properties:
workspace_id:
type: integer
effective_plan_profile:
$ref: '#/components/schemas/PlanProfileSummary'
entitlements:
type: array
items:
$ref: '#/components/schemas/WorkspaceEntitlementDecision'
last_changed:
$ref: '#/components/schemas/LastChangedAttribution'
nullable: true
PlanProfileSummary:
type: object
required:
- id
- label
properties:
id:
type: string
label:
type: string
description:
type: string
nullable: true
source:
type: string
enum: [workspace_selection, code_default]
WorkspaceEntitlementDecision:
type: object
required:
- key
- effective_value
- source
- is_blocked
properties:
key:
type: string
enum:
- managed_tenant_activation_limit
- review_pack_generation_enabled
effective_value:
oneOf:
- type: integer
- type: boolean
source:
type: string
enum: [plan_profile_default, workspace_override]
rationale:
type: string
nullable: true
current_usage:
type: integer
nullable: true
remaining_capacity:
type: integer
nullable: true
is_blocked:
type: boolean
block_reason:
type: string
nullable: true
LastChangedAttribution:
type: object
required:
- at
- by
properties:
at:
type: string
format: date-time
by:
type: string
EntitlementBlockResponse:
type: object
required:
- key
- reason
properties:
key:
type: string
reason:
type: string
source:
type: string
enum: [plan_profile_default, workspace_override]
current_usage:
type: integer
nullable: true
effective_value:
oneOf:
- type: integer
- type: boolean
NextAction:
type: object
required:
- label
- kind
properties:
label:
type: string
kind:
type: string
enum:
- save_entitlements
- reset_override
- complete_onboarding
- generate_pack
- export_executive_pack
- regenerate_pack
- open_admin_workspace
action_name:
type: string
nullable: true
url:
type: string
nullable: true
Reference in New Issue View Git Blame Copy Permalink