Value Stories

How multi-tenant org management creates value. Each story is an intent flow: a scenario triggers an intention, actions produce artifacts, outcomes prove value.

Action — Human-initiatedCron — ScheduledHook — Event-triggered

Org Lifecycle

Can the operator create and manage customer orgs without a developer?

S1Action

When

Superadmin needs to onboard a second customer. No self-serve signup exists. /org/new returns 404. Manual DB INSERT is the only path.

I need to

Create a new customer organisation via /admin/orgs/new form.

So I get

New org exists in database within 30s of form submit. Org appears in org list at /admin and is selectable via org picker at login.

Not

Org created but only visible after page refresh. Org creator auto-added as member without explicit invitation. Any non-superadmin can reach /admin/orgs/new.

S2Hook

When

User with 2+ org memberships completes sign-in. Current login goes straight to dashboard — no org picker, no switching.

I need to

Select which organisation to enter at login.

So I get

Org picker renders listing all orgs user belongs to. Selection redirects to correct org dashboard.

Not

Single-org user sees org picker and gets confused. Org picker shows orgs the user is not a member of. Picker renders for users with exactly 1 org.

Reference Data

Can the operator add new entity types without a developer deploy?

S3Action

When

Platform adds a new domain (e.g. Projects) that needs its own permission resource type. Currently requires code change, DB migration, and deploy.

I need to

Add a new resource type via /admin/reference-data without developer intervention.

So I get

New resource type code appears in governance roles permission matrix within current session, without re-deploy.

Not

Resource type added but requires seed re-run to appear. Resource type code collides with existing code silently. Org admins can add resource types.

Access Control

Does the boundary between operator and tenant hold?

S4Action

When

Org-level admin navigates to /admin. No role distinction exists — everyone is org-level admin.

I need to

Prevent org-level admins from reaching the admin portal.

So I get

Redirect to /dashboard with no error message. No 403 page. No evidence admin portal exists.

Not

403 page reveals admin portal exists. Org admin can view /admin with blank data. 500 error on access attempt.

Build Contract

9 build rows across 4 jobs. Each row maps to a feature ID and a story.

#	Job	Feature	Function	State
B1	Superadmin Identity	AUTHZ-004	Add role=superadmin custom claim to auth session for designated users	Gap
B2	Superadmin Identity	AUTHZ-004	Extend Next.js middleware to allow superadmin bypass of organisationId scoping	Gap
B3	Org Lifecycle	ORG-001	Superadmin lists all organisations at /admin	Gap
B4	Org Lifecycle	ORG-001	Superadmin creates new organisation via form	Gap
B5	Org Lifecycle	ORG-003	Superadmin suspends or archives an organisation	Gap
B6	Multi-Org Login	ORG-002	Show org picker post-login when user belongs to multiple orgs	Gap
B7	Reference Data UI	REF-001	Superadmin views all resource types at /admin/reference-data	Gap
B8	Reference Data UI	REF-001	Superadmin adds new resource type via form	Gap
B9	Reference Data UI	REF-001	Superadmin soft-deactivates a resource type	Gap