/admin · merchant-admin
Inställningar
aktiv
Tenant
Identitet och primär domän.
- Tenant id
- Visningsnamn
- Primär domän
- Locale
Team
- Medlemmar
- 0
- Owner-invites pending
- 0
Integrationer
Endast provider references. Inga credentials.
Inga integrationer
Billing
Placeholder — inga live providers anslutna.
- Plan
- —
- Billing owner
- —
Teknik
Persistence state
Admin-visible state for what is mock today and what is persistence-ready next.
- State
- local/fixture/persistent-ready
- Runtime mode
- local
- Adapter
- fixture
- Readiness
- persistent-ready
Tenant scope
- Tenant id
- unknown
- Primary domain
- not-set
- Locale
- not-set
- Configured refs
- none
RLS draft
- Status
- draft-not-applied
- Tenant-scoped tables
- 4
- Append-only tables
- 3
- Tenant setting
- true
- Role setting
- true
- Repository helpers
- 6
No-live DB guard
- Live DBoffNo production database connection is opened from admin settings.
- CredentialsabsentAdmin shows provider references only, never secrets.
- External writesblockedSettings remains read-only until migration gates are cleared.
- Customer datascopedPanel reads tenant-scoped state only; no cross-tenant customer data.
Next migration blockers
- Choose production Postgres/Supabase project and region
- Apply product persistence migration before enabling writes
- Replay RLS policy draft with trifecta.tenant_id and trifecta.role request settings
- Keep fixture adapter as the contract test oracle
- Run tenant isolation, append-only and PII guard checks against the real adapter
API-kontrakt
API-kopplingar
/admin/settings visar tenantens API- och persistence-kontrakt.
- Tenant
- unknown (unknown)
- Primary domain
- not-set
- Provider refs
- none
- Adapter
- fixture
- Repository boundary
- tenant-scoped repositories
- Write mode
- preview-or-append-only
- RLS
- draft-not-applied
- Live DB
- false
- Credentials
- false
- Deploy
- false
| Surface | Route contract | Mode | Scope | Source | Gate |
|---|---|---|---|---|---|
| Products | GET /api/v1/products/:tenantId/feed | read | product-feed:read | local fixture store | tenant envelope + path tenant match |
| Products | GET /api/v1/products/:tenantId/search-projection | read | product-search-projection:read | published local snapshot | indexable products only |
| Products | GET /api/v1/products/:tenantId/readiness | read | product-readiness:read | synthetic readiness gates | all local gates pass |
| Products | GET /api/v1/products/:tenantId/admin/summary | read | product-admin-summary:read | latest import summary | merchant-admin read |
| Knowledge | POST /api/v1/knowledge/:tenantId/retrieve | read | knowledge:customer:read or knowledge:support:read | fixture-backed knowledge store | audience visibility |
| Knowledge | GET /api/v1/knowledge/:tenantId/sources | read | knowledge:support:read or knowledge:admin:read | source metadata only | body never returned |
| Knowledge | POST /api/v1/knowledge/:tenantId/sources/preview | preview | action:preview:review-required | draft-only validation | live provider input blocked |
| Actions | POST /api/v1/actions/:tenantId/preview | preview | action:preview:review-required | local action runtime | preview-first |
| Actions | POST /api/v1/actions/:tenantId/apply | apply | action:apply:approved | approval receipt | idempotent apply + audit |
| Support | POST /api/v1/support/:tenantId/cases/:caseId/reply/:mode | preview/apply | support:case:reply | actions runtime chain | SC4/SC5 global API runtime |
Customer readiness gates
- Local-only runtimepassSettings describes tenant contracts without opening network calls.
- Tenant safepassEvery route row requires envelope tenant and path tenant to agree.
- Preview-first writespassKnowledge ingestion and actions apply remain gated by preview, approval and audit.
- Credential-freepassProvider refs are named, but secrets and live connection strings are not surfaced.
- Customer demo readinesspassBookhero launch can run on its real feed while the same contract keeps other tenants isolated.