Back to Activepieces

Platform & Multi-tenancy

.agents/contexts/platform/CONTEXT.md

0.86.01.7 KB
Original Source

Platform & Multi-tenancy

The tenancy hierarchy and its governance: Platform → Project → User, plus the plans, roles, and keys that gate access and features.

Language

Platform: The top-level tenant entity that owns projects, users, billing, branding, and feature configuration. Avoid: tenant, organization, workspace

Project: A workspace within a platform that contains flows, tables, connections, and members. Avoid: workspace, environment

PlatformPlan: The 40+ column entity controlling feature flags, quotas, billing state, and AI credit configuration per platform. Avoid: plan, subscription

Edition: The product variant: Community (CE, open-source), Enterprise (EE, self-hosted licensed), or Cloud (hosted SaaS). Avoid: plan type, tier

License Key: An activation key for self-hosted Enterprise that maps features to PlatformPlan flags with expiration tracking.

PlatformRole: A user's role within a platform: ADMIN (full control), MEMBER (own projects), or OPERATOR (all projects except others' personal).

ProjectMember: An association between a user and a project with an assigned role for RBAC enforcement. Avoid: team member, collaborator

ProjectRole: A set of permissions (26 total) assigned to project members — 3 defaults (ADMIN/EDITOR/VIEWER) plus custom roles.

API Key: A platform-scoped authentication token (hashed, sk- prefixed) for programmatic API access. Avoid: service key, token

Custom Domain: A white-label domain mapped to a platform, verified via DNS (CNAME/TXT) with PENDING/ACTIVE lifecycle.

Signing Key: An RSA-4096 key pair used to sign/verify JWTs for the embedded authentication (Managed Auth) flow.