InfraForge Docs

Infra Vendor Service · v0

Welcome

Select a document from the sidebar to read it.

Vendor Platform Backoffice

Scope

infra-vendor exposes a privileged read-only summary endpoint for the InfraNotes Backoffice:

GET /api/admin/platform/summary

The endpoint reports aggregate table availability and usage inventory for:

  • Vendor master data
  • Procurement
  • Accounts payable and three-way matching
  • Risk, ESG, and compliance
  • Automation, portal, reporting, benchmarking, and projections

It does not expose vendor payloads, payment amounts, documents, tenant records, or user PII.

Security

The route is outside tenant-scoped /api/v1 and intentionally does not apply TenantIsolation.

Access requires one of:

  • platform_admin role
  • platform_admin permission
  • platform:admin permission
  • platform:backoffice:read permission

Tenant admins and normal users are rejected.

Count Accuracy

infra-vendor currently enforces tenant isolation through JWT middleware and repository scoping rather than forced PostgreSQL row-level security. The Backoffice endpoint only queries a hardcoded allowlist of tables.

If row-level security is introduced later and a table forces RLS, the endpoint will return PostgreSQL catalog estimates and mark the metric as:

{
  "status": "degraded",
  "count_accuracy": "estimated"
}

Ownership Boundaries

IAM remains the source of truth for:

  • Tenant registration approvals
  • Package subscriptions
  • Seat allocations and usage
  • Entitlements
  • Tenant lifecycle state

infra-vendor contributes source-to-pay usage and service-health signals only. The Backoffice should combine this endpoint with IAM package and seat APIs before enforcing vendor-management package limits.

Rollback

Rollback is code-only:

  1. Remove the /api/admin/platform/summary route mount.
  2. Remove PlatformSummaryHandler and PlatformAdminOnly.
  3. Redeploy the previous service image.

No database migration or data rollback is required.