docs: separate tenants (infrastructure) from orgs (customers)

2026-03-15 11:30:46 -03:00 · 2026-03-15 11:30:46 -03:00 · 2d2fae1a43
commit 2d2fae1a43
parent 32e974db2c
1 changed files with 50 additions and 18 deletions
--- a/prompts/pass.md
+++ b/prompts/pass.md
@ -1,15 +1,16 @@
 # VAULT MIGRATION PLAN - Multi-Tenant Structure

-## Hierarchy (from schema)
+## Hierarchy
 ```
-tenant/org (org_id) ← TOP LEVEL (tenant)
-    └── bot (bot_id)
-            └── user (user_id) ← via sessions
+tenant (cluster/deployment) ← INFRASTRUCTURE
+    └── org (customer organization)
+        ├── bot
+        └── user
 ```

-**Correct path: tenant first**
- `gbo/tenants/{org_id}/bots/{bot_id}/...`
- `gbo/tenants/{org_id}/users/{user_id}/...`
+**tenant ≠ org**
+- **tenant** = deployment cluster (dev, staging, prod)
+- **org** = customer organization inside a tenant

 ---

@ -17,17 +18,48 @@ tenant/org (org_id) ← TOP LEVEL (tenant)

 ```
 gbo/
-├── tenants/                       # PER-TENANT (org_id = tenant)
-│   ├── {org_id}/
-│   │   ├── config/                # Tenant-level settings
-│   │   │   ├── name
-│   │   │   ├── domain
-│   │   │   └── settings
-│   │   │
-│   │   ├── bots/
-│   │   │   ├── {bot_id}/
-│   │   │   │   ├── email/       # Bot email credentials
-│   │   │   │   │   ├── smtp-host
+├── tenants/                          # PER-TENANT (cluster/deployment)
+│   └── {tenant_id}/                  # dev, staging, prod
+│       ├── infrastructure/           # TENANT INFRASTRUCTURE
+│       │   ├── tables/             # host, port, username, password
+│       │   ├── drive/             # host, port, accesskey, secret
+│       │   ├── cache/             # host, port, password
+│       │   ├── email/             # smtp host, port, user, pass
+│       │   ├── directory/          # Zitadel url
+│       │   ├── llm/               # LLM endpoint
+│       │   └── models/            # Model server url
+│       │
+│       └── config/                 # Tenant settings
+│           ├── name
+│           ├── domain
+│           └── settings
+│
+├── orgs/                            # PER-ORGANIZATION (customer)
+│   └── {org_id}/
+│       ├── bots/
+│       │   └── {bot_id}/
+│       │       ├── email/         # Bot email credentials
+│       │       ├── whatsapp/
+│       │       ├── llm/           # Bot-specific LLM override
+│       │       └── api-keys/
+│       │
+│       └── users/
+│           └── {user_id}/
+│               ├── email/         # User email credentials
+│               └── oauth/
+│
+└── system/                          # GLOBAL FALLBACK
+    ├── jwt/secret
+    ├── tables/                      # Fallback if tenant not set
+    ├── drive/
+    ├── cache/
+    ├── email/
+    ├── llm/
+    ├── directory/
+    ├── security/
+    ├── alm/
+    ├── cloud/
+    └── app/
 │   │   │   │   │   ├── smtp-port
 │   │   │   │   │   ├── smtp-user
 │   │   │   │   │   ├── smtp-password