Tenant Service — AI Integration
Status: populated Owner: TBD Last updated: 2026-04-18 Companion: Service Template · ai-gateway-service · 03 platform-services
1. AI Integration Status
Minimal — no direct AI calls.
The tenant-service has no current integration with ai-gateway-service or any AI/ML inference endpoint.
2. Rationale
| Reason | Explanation |
|---|---|
| Determinism required for authorization | The evaluate() endpoint resolves RBAC/ABAC decisions. These must be deterministic, auditable, and reproducible. Probabilistic AI outputs are incompatible with authorization semantics — a "maybe permitted" answer is not acceptable. |
| Tenant lifecycle is transactional | Tenant create, activate, suspend, and terminate are explicit, rule-based workflows. There is no ambiguity to resolve with inference. |
| Configuration is strictly typed | Tenant config KV pairs are validated against an allow-list and type schema. Natural language interpretation of config values is not needed. |
| Org hierarchy is explicit | HierarchyNode trees are created and managed by tenant administrators. Structural inferences from AI are not appropriate for governance-sensitive hierarchy decisions. |
3. Future Scope (Not Committed)
| Potential future capability | Prerequisites before enabling |
|---|---|
| Onboarding wizard suggestions | During tenant onboarding, AI could suggest default role definitions, org hierarchy structure, and configuration values based on the tenant's declared facility type (hospital, clinic, outreach) and country profile. This would be advisory only — the tenant admin must confirm all suggestions before creation. Requires ai-gateway-service Tier B integration + HITL confirmation gate. |
| ABAC policy authoring assistance | AI-assisted drafting of ABAC condition expressions (e.g., "suggest a policy that restricts access to ICU records to providers with an active ICU assignment"). Must go through legal and security review; policy takes effect only after explicit admin approval. |
| Anomalous membership detection | Flag unusual patterns in org membership assignments (e.g., a user suddenly added to all nodes across all facilities) for security review. Advisory only; no automated revocation. |
All future AI features require platform AI governance review, ai-gateway-service Tier classification, and security team sign-off before activation.