EATF Multi-Tenant Architecture Plan
Goal
Transform EATF into production-ready multi-tenant SaaS with OAuth2 + RBAC.
Scope: Developer API for team 3 (not public product). API-first architecture with minimal admin UI.
Architecture
Database Changes
- New tables: tenants, users, roles, user_tenant_roles
- Add tenant_id to: agents, audit_events, kill_switches, delegation_chains
- Foreign keys + indexes on tenant_id
Backend (Spring Boot)
- TenantContext (ThreadLocal for current tenant)
- TenantFilter (extract tenant_id from JWT)
- Update repositories (findByTenantId)
- OAuth2 config (Google, Microsoft)
- CustomOAuth2UserService (save user to DB)
Frontend (Minimal)
- Simple login page (OAuth2)
- Optional: basic admin UI for tenant management
- Primary interface: Swagger/OpenAPI docs
- Team 3 uses REST API, not UI
Roles
- ADMIN: full access, manage tenants
- OPERATOR: create agents, kill switches
- AUDITOR: read-only, export audit
Implementation Steps
Session 1: Database + Backend
- Create V17 migration (tenant tables + tenant_id)
- Create V18 migration (users, roles)
- Implement entities (Tenant, User, Role)
- Implement TenantContext + TenantFilter
- Update all services (add tenant filtering)
Session 2: OAuth2
- Add dependencies
- Configure Spring Security
- Implement CustomOAuth2UserService
- Test login flow
Session 3: API Documentation
- Add Swagger/OpenAPI
- Simple login page
- API-first focus
- Documentation for team 3
Session 4: Testing
- Unit tests (tenant isolation)
- Integration tests (cross-tenant prevention)
- Performance tests (query plans)
Implementation Priorities
API-First (for team 3):
- REST API with full CRUD operations
- OpenAPI/Swagger documentation
- OAuth2 authentication for API access
- Postman collection for team 3
Low Priority:
- Fancy UI (minimal admin interface is enough)
- Consumer-facing features
- Marketing pages
Security
- All queries filtered by tenant_id
- JWT contains tenant_id claim (signed)
- Cross-tenant access blocked
- Audit trail for all operations
- API rate limiting per tenant