Module source, digest, runtime, and manifest review happen before tenant enablement.
Central MSP plane
Platform overview
Not checked
Not signed in
Tenant-specific connectors, AI providers, delivery, jobs, and audit remain separate.
Approved manifest versions are displayed separately from deployed image tags.
Operating model
Platform management owns trust. Tenant management owns enablement.
Platform management
- Module catalog import and package trust review
- Global AI policy records and governance defaults
- APIM/API boundary and operator access
- Platform audit and module lifecycle decisions
Tenant management
- Tenant registration and readiness
- Tenant-specific module enablement
- Connector, AI provider, delivery, and trigger configuration
- Tenant jobs, artifacts, and audit trail
Setup surface
Delegated BYOAI links are minted by the platform API from deployment configuration.
Configured tenants
Deployment-time tenant selector entries. Backend authorization remains authoritative.
Selected tenant
Tenant workspace actions should be performed only inside this context.
Platform module catalog
Import reviews validate package trust before a module enters the platform catalog.
Import module package
Guided fields generate the release JSON. Advanced operators can edit the manifest directly.
Tenant module readiness
Review whether a tenant can safely enable an approved module version.
Review tenant enablement
Tenant-specific readiness is separate from platform module import.
AI provider setup
Review delegated client-managed setup before a provider key can be entered through a scoped setup link.
Review provider setup
The management UI creates the setup request only. Provider secrets are entered later through the delegated setup surface.
Policy records
Structured AI policy records become runtime enforcement input.
Create policy
Policy records are scoped at platform, tenant, module, or tenant/module level.