stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
5e850d056ba9d9d6348a3660ffd2e2a17d9d2536
git.stella-ops.org/docs/modules/platform/tenant-endpoint-classification.md

4.2 KiB
Raw Blame History

Platform Endpoint Tenant Classification

Scope

  • Service: src/Platform/StellaOps.Platform.WebService/Endpoints
  • Date: 2026-02-22
  • Purpose: classify endpoint files by tenant behavior and document intentional non-resolver paths.

Classification Ledger

Endpoint file Category Tenant source Auth baseline Notes
AdministrationTrustSigningMutationEndpoints.cs tenant-required business PlatformRequestContextResolver platform policy groups Tenant-scoped key/issuer/certificate operations.
AnalyticsEndpoints.cs tenant-required business PlatformRequestContextResolver PlatformPolicies.AnalyticsRead Aggregation paths require tenant context for cache keys and result shaping.
ContextEndpoints.cs tenant-required business PlatformRequestContextResolver PlatformPolicies.ContextRead/Write Context preferences keyed by (tenant, actor).
EnvironmentSettingsEndpoints.cs global/system none AllowAnonymous Setup/bootstrap configuration payload for frontend shell.
EnvironmentSettingsAdminEndpoints.cs global/system none PlatformPolicies.SetupRead/SetupAdmin DB setting overrides are setup-admin operations, not tenant business data.
EvidenceThreadEndpoints.cs tenant-required business PlatformRequestContextResolver evidence policy groups Evidence queries are tenant-scoped.
FederationTelemetryEndpoints.cs tenant-required business PlatformRequestContextResolver federation policy groups Consent/status/bundles remain tenant scoped.
FunctionMapEndpoints.cs tenant-required business PlatformRequestContextResolver function-map policy groups Tenant-scoped function map catalog and operations.
IntegrationReadModelEndpoints.cs tenant-required business PlatformRequestContextResolver PlatformPolicies.IntegrationsRead Feed/vex source projections require tenant context.
LegacyAliasEndpoints.cs tenant-required business PlatformRequestContextResolver same as canonical mapped policies Compatibility aliases enforce same tenant requirements as canonical endpoints.
MigrationAdminEndpoints.cs global/system none PlatformPolicies.SetupAdmin Migration operations are control-plane/system admin functions.
PackAdapterEndpoints.cs tenant-required business PlatformRequestContextResolver pack adapter policies Release-pack adaptation paths are tenant-scoped.
PlatformEndpoints.cs tenant-required business (plus guarded tenant-param admin reads) PlatformRequestContextResolver + route tenant parity check health/quota/onboarding/preferences/search/metadata policy groups Route tenant IDs are now validated against resolved tenant (tenant_forbidden on mismatch).
PolicyInteropEndpoints.cs tenant-required business PlatformRequestContextResolver policy interop policy groups Import/export and interop views are tenant-scoped.
ReleaseControlEndpoints.cs tenant-required business PlatformRequestContextResolver release-control policy groups Bundle/version/materialization operations use tenant-bound store calls.
ReleaseReadModelEndpoints.cs tenant-required business PlatformRequestContextResolver release-read policies Run/activity/release projections are tenant scoped.
ScoreEndpoints.cs tenant-required business PlatformRequestContextResolver score policies Score history/replay/verify operations are tenant scoped.
SecurityReadModelEndpoints.cs tenant-required business PlatformRequestContextResolver security-read policies Finding/disposition projections are tenant scoped.
SeedEndpoints.cs global/system none PlatformPolicies.SetupAdmin + STELLAOPS_ENABLE_DEMO_SEED gate Explicitly system/admin for controlled demo seeding.
SetupEndpoints.cs tenant-aware admin resolver when available; controlled bootstrap setup context when platform not initialized setup policy groups Intentional bootstrap bypass is bounded to setup lifecycle checks.
TopologyReadModelEndpoints.cs tenant-required business PlatformRequestContextResolver PlatformPolicies.TopologyRead Topology data assembled from tenant-keyed release control stores.