42c63dcc6e
Foundation for a generic, multi-tenant platform (any developer, not just the built-in products). - Products carry an optional ownerId (set on create + auto-register), so a product has a tenant. GET /products/mine returns the caller's owner-scoped list; admins/super_admins see all. productsForUser() is pure + unit-tested. - requireProductAccess(): a flag-gated tenant authorization guard (FLEET_TENANT_ENFORCEMENT, default OFF). OFF = byte-for-byte current behavior; ON = a non-admin may only act on products they own (others -> 403; owner-less legacy products keep a grace allowance until migrated). Fleet routes now resolve productId through it in place of getRequestProductId. ownerId is additive/optional; enforcement is off by default, so this is a no-op for existing deployments until explicitly enabled. Generated with [Devin](https://cli.devin.ai/docs) Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| cowork-service | ||
| extraction-service | ||
| mcp-server | ||
| monitoring | ||
| platform-service | ||