Tenant Service — Service Readiness
Status: populated Owner: TBD Last updated: 2026-04-18 Companion: Service Template · TESTING_STRATEGY
1. Readiness gate checklist
1.1 Documentation
| Gate | Status |
|---|---|
| All 17 canonical docs complete | In progress |
| SERVICE_OVERVIEW reviewed by tech lead | Not started |
| API_CONTRACTS reviewed by API guild | Not started |
| SECURITY_MODEL reviewed by security team | Not started |
1.2 Code quality
| Gate | Target |
|---|---|
| ESLint + typecheck: zero errors | M0 |
| Unit coverage ≥ 80% | M0 |
| tenant-isolation, outbox, inbox tests passing | M0 |
| Pact contract tests green | M1 |
| Event schema conformance tests green | M1 |
1.3 Security
| Gate | Target |
|---|---|
| No hardcoded secrets; Snyk scan clean | M0 |
| OWASP dependency scan — zero critical CVEs | M0 |
| RLS isolation audit complete | M0 |
| GDPR data-flow review signed off | M2 |
| HIPAA Security Rule analogue checklist | M2 |
1.4 Observability
| Gate | Target |
|---|---|
| OTel traces visible in Grafana Tempo (staging) | M0 |
| SLO burn rate alerts configured | M1 |
| Activation saga metrics visible | M1 |
| On-call rotation assigned | M1 |
1.5 Deployment
| Gate | Target |
|---|---|
| Kubernetes manifests reviewed | M0 |
| HPA + PDB configured | M0 |
| Canary deploy completed (5% / 30 min) in staging | M1 |
| Subscription expiry CronJob verified | M1 |
1.6 Migration
| Gate | Target |
|---|---|
| Legacy tenant data migrated for pilot tenant | M1 |
| Legacy hierarchy data migrated | M1 |
| access-policy data migrated from identity-service | M1 |
2. Readiness levels
| Level | Description | Target |
|---|---|---|
| L2 | Tenant lifecycle, basic RBAC, hierarchy root, manual failover | M0 |
| L3 | Full hierarchy, membership, SLOs, contract tests | M1 |
| L4 | ABAC, chaos-tested saga, GDPR/HIPAA sign-off | M3 |
3. Sign-off record
| Milestone | Tech lead | SRE | Security | Date |
|---|---|---|---|---|
| M0 | — | — | — | TBD |
| M1 | — | — | — | TBD |
| M3 | — | — | — | TBD |