Skip to content

Slice 001 - Integrations & Connections (MVP)

Goal

Allow users to add Integrations and configure Connections for AWS/Azure/CyberArk Identity.

Scope

  • Integrations catalog UI + API
  • Connection create/edit/delete
  • Connection test (actionable remediation)
  • Connection detail view

Acceptance Criteria

  • Admin/Connector Builder can create and edit connections
  • Viewer/Auditor can view but cannot edit secrets
  • Integrations catalog is visible platform-wide within the tenant deployment
  • Connector instantiation is gated by permissions and entitlements
  • Test Connection returns:
  • success state
  • failure state with remediation guidance

Tenancy & Isolation Requirements

  • Connections belong to exactly one tenant_id and one workspace_id.
  • CRUD and test operations can only target connections inside caller scope.
  • Cross-tenant and cross-workspace connection access is forbidden in v0.
  • Secrets are stored and retrieved only within the owning tenant/workspace scope.

Depends on

  • 02-domain/glossary.md
  • 04-contracts/connector-spec.md
  • 03-architecture/engineering-principles.md
  • ADR 0002 terminology

Definition of Done

  • Basic UI flow works end-to-end
  • Audit events produced for connection lifecycle and tests