docs: separate tenants (infrastructure) from orgs (customers)

2026-03-15 11:30:46 -03:00 · 2026-03-15 11:30:46 -03:00 · 2d2fae1a43
commit 2d2fae1a43
parent 32e974db2c
1 changed files with 50 additions and 18 deletions
--- a/prompts/pass.md
+++ b/prompts/pass.md
@ -1,15 +1,16 @@
 # VAULT MIGRATION PLAN - Multi-Tenant Structure
-## Hierarchy (from schema)
+## Hierarchy
 ```
-tenant/org (org_id) ← TOP LEVEL (tenant)
+tenant (cluster/deployment) ← INFRASTRUCTURE
-    └── bot (bot_id)
+    └── org (customer organization)
-            └── user (user_id) ← via sessions
+        ├── bot
        └── user
 ```
-**Correct path: tenant first**
+**tenant ≠ org**
- `gbo/tenants/{org_id}/bots/{bot_id}/...`
+- **tenant** = deployment cluster (dev, staging, prod)
- `gbo/tenants/{org_id}/users/{user_id}/...`
+- **org** = customer organization inside a tenant
 ---
@ -17,17 +18,48 @@ tenant/org (org_id) ← TOP LEVEL (tenant)
 ```
 gbo/
-├── tenants/                       # PER-TENANT (org_id = tenant)
+├── tenants/                          # PER-TENANT (cluster/deployment)
-│   ├── {org_id}/
+│   └── {tenant_id}/                  # dev, staging, prod
-│   │   ├── config/                # Tenant-level settings
+│       ├── infrastructure/           # TENANT INFRASTRUCTURE
-│   │   │   ├── name
+│       │   ├── tables/             # host, port, username, password
-│   │   │   ├── domain
+│       │   ├── drive/             # host, port, accesskey, secret
-│   │   │   └── settings
+│       │   ├── cache/             # host, port, password
-│   │   │
+│       │   ├── email/             # smtp host, port, user, pass
-│   │   ├── bots/
+│       │   ├── directory/          # Zitadel url
-│   │   │   ├── {bot_id}/
+│       │   ├── llm/               # LLM endpoint
-│   │   │   │   ├── email/       # Bot email credentials
+│       │   └── models/            # Model server url
-│   │   │   │   │   ├── smtp-host
+│       │
 │       └── config/                 # Tenant settings
 │           ├── name
 │           ├── domain
 │           └── settings
 │
 ├── orgs/                            # PER-ORGANIZATION (customer)
 │   └── {org_id}/
 │       ├── bots/
 │       │   └── {bot_id}/
 │       │       ├── email/         # Bot email credentials
 │       │       ├── whatsapp/
 │       │       ├── llm/           # Bot-specific LLM override
 │       │       └── api-keys/
 │       │
 │       └── users/
 │           └── {user_id}/
 │               ├── email/         # User email credentials
 │               └── oauth/
 │
 └── system/                          # GLOBAL FALLBACK
    ├── jwt/secret
    ├── tables/                      # Fallback if tenant not set
    ├── drive/
    ├── cache/
    ├── email/
    ├── llm/
    ├── directory/
    ├── security/
    ├── alm/
    ├── cloud/
    └── app/
 │   │   │   │   │   ├── smtp-port
 │   │   │   │   │   ├── smtp-user
 │   │   │   │   │   ├── smtp-password