alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 15 Packages Projects Releases Wiki Activity
PSA/ee/docs/plans/2026-05-08-temporal-product-bootstrap/PRD.md
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

2.6 KiB
Raw Blame History

Temporal Product-Aware Tenant Bootstrap

Problem

Temporal tenant creation currently runs one PSA-oriented onboarding seed set for every tenant. Algadesk tenants can therefore receive visible PSA roles and permissions such as Finance, Project Manager, billing, invoice, project, service, and workflow permissions. Product route/API gates prevent most PSA feature access, but the seeded role and permission vocabulary can still leak into onboarding and settings.

Goals

  • Make Temporal tenant creation choose bootstrap data by tenant productCode.
  • Preserve existing PSA tenant creation behavior.
  • Add an Algadesk bootstrap that seeds a minimal help-desk role and permission model.
  • Fail clearly for unknown product codes instead of silently using the wrong bootstrap.

Non-goals

  • Rework product route or API gates.
  • Change billing subscription, Stripe, or Apple IAP logic.
  • Build a full role-management redesign.
  • Backfill existing tenants.

Target flows

  1. New PSA tenant signup runs the full existing PSA onboarding seed set.
  2. New Algadesk tenant signup records tenants.product_code = 'algadesk' and runs the Algadesk seed set.
  3. Missing product code defaults to PSA for backward compatibility.
  4. Invalid product code fails tenant creation with an actionable error.

Data and integration notes

  • TenantCreationInput.productCode already exists and is already passed to createTenant.
  • createTenantInDB already writes tenants.product_code when provided.
  • The product-blind seam is run_onboarding_seeds, which currently only receives tenantId.
  • Seed files are copied into the Temporal worker image under dist/seeds/onboarding.

Algadesk bootstrap scope

Algadesk should seed only the roles and permissions that support the help desk surface.

MSP roles:

  • Admin
  • Agent

Client portal roles:

  • Admin
  • User

The client portal role names remain Admin and User for compatibility with existing portal invitation code; UI context differentiates MSP and client roles.

Algadesk should not seed PSA-only permission domains such as billing, invoices, credits, contracts, service catalog, projects, project tasks, assets, workflows, time management, or PSA billing settings.

Acceptance criteria

  • PSA product code selects the PSA seed set.
  • Algadesk product code selects the Algadesk seed set.
  • Missing product code selects PSA.
  • Unknown product code throws a clear error.
  • Temporal workflow passes product code into the onboarding seed activity.
  • Algadesk seed files do not create visible PSA-only role names or permissions.
  • Existing Docker copy behavior includes both seed sets.