stella-ops.org/git.stella-ops.org

Files

master e746577380 wip: doctor/cli/docs/api to vector db consolidation; api hardening for descriptions, tenant, and scopes; migrations and conversions of all DALs to EF v10

2026-02-23 15:30:50 +02:00

3.7 KiB

Raw Blame History

Multi-Tenant Same-Key Service Impact Ledger

Date: 2026-02-22
Source sprint: SPRINT_20260222_053_DOCS_multi_tenant_same_api_key_contract_baseline.md
Related ADR: docs/architecture/decisions/ADR-002-multi-tenant-same-api-key-selection.md

Purpose

Provide a single implementation ledger for services affected by same-key multi-tenant selection.
Prevent contract drift across Authority, Router/Gateway, Platform, Scanner, Graph, and Web.

Change Ledger

Service	Sprint	File-level touchpoint categories	Owner role	Depends on	Verification evidence
Authority	`20260222.054`	`Console/Admin endpoints`, `OpenIddict handlers`, `Client metadata stores`, `Auth abstractions`, `Authority tests`	Developer + Test Automation	ADR-002	Targeted Authority test project pass logs for client credentials/password grant tenant selection, token validation mismatch, `/console/tenants`, and admin client CRUD tenant assignments.
Router + Gateway	`20260222.055`	`Identity header policy middleware`, `tenant override gating`, `route passthrough policy`, `middleware parity tests`	Developer + Security architect	`20260222.054`	Targeted Router and Gateway tests proving spoof stripping, no authenticated default fallback, mismatch rejection, and feature-flagged override behavior.
Platform	`20260222.056`	`Request context resolver`, `tenant-required endpoint groups`, `topology/read-model store callers`, `context preferences`, `platform integration tests`	Developer + Test Automation	`20260222.055`	Platform test project outputs validating endpoint classification, tenant parity checks, topology isolation, and tenant-scoped preference behavior.
Scanner	`20260222.057`	`Scanner request resolver`, `scan submission/coordinator`, `triage query contracts`, `webhook tenant lookup`, `unknowns endpoints`, `scanner tests`	Developer + Test Automation	`20260222.055`	Scanner tenant isolation test outputs for scan ownership, triage isolation, webhook source collision routing, unknowns isolation, and middleware partitioning.
Graph	`20260222.058`	`Graph request resolver`, `endpoint auth policies`, `scope handling`, `rate-limit/audit tenant keys`, `graph API tests`	Developer + Test Automation	`20260222.055`	Graph API test outputs covering missing tenant, cross-tenant denial, missing-scope denial, and export ownership checks.
Web Console	`20260222.059`	`Topbar tenant selector`, `console/auth/platform context stores`, `tenant interceptor`, `authority console client`, `component/unit tests`	Developer + Test Automation	`20260222.054`, `20260222.055`	Web unit/component test outputs for selector UX, state synchronization, interceptor canonical+legacy headers, switch rollback, and URL context sync.
QA / Playwright matrix	`20260222.060`	`Playwright fixtures`, `tenant-switch specs`, `Tier 2a API verification docs`, `Tier 2c artifact bundle`	QA + Test Automation	`20260222.054`..`20260222.059`	Playwright run output, traces/screenshots, and module-level API isolation evidence with explicit go/no-go decision.

Ownership and Dependency Notes

Authority is the contract anchor for selected-tenant-per-token issuance and assignment validation.
Router/Gateway establishes canonical header rewrite and anti-spoofing behavior for downstream services.
Platform, Scanner, and Graph must consume resolved tenant context and reject cross-tenant mismatches deterministically.
Web must maintain one runtime tenant source of truth and propagate it through canonical interceptor paths.

Completion Mapping

DOC-TEN-03 completion is satisfied when each ledger row has:
- explicit touchpoint categories,
- clear owner role,
- dependency reference,
- verification evidence definition.