Module source, digest, runtime, and manifest review happen before tenant enablement.
Central MSP plane
Platform overview
Not checked
Not signed in
Tenant-specific connectors, AI providers, delivery, jobs, and audit remain separate.
Approved manifest versions are displayed separately from deployed image tags.
Operating model
Platform management owns trust. Tenant management owns enablement.
Platform management
- Module catalog import and package trust review
- Global AI policy records
- Platform trust and module lifecycle decisions
- Platform audit and governance views remain follow-up slices
Tenant management
- Tenant registration and readiness
- Tenant-specific module enablement and offboarding
- Delegated AI provider setup review
- Connector, delivery, jobs, and audit views remain follow-up slices
Setup surface
Delegated BYOAI links are minted by the platform API from deployment configuration.
Configured tenants
Deployment-time tenant selector entries. Backend authorization remains authoritative.
Selected tenant
Tenant workspace actions should be performed only inside this context.
Register tenant workspace
Guided tenant registration flow for the platform tenant workspace.
Platform module catalog
Import reviews validate package trust before a module enters the platform catalog.
Import module package
Guided fields generate the release JSON. Advanced operators can edit the manifest directly.
Tenant module readiness
Review whether a tenant can safely enable an approved module version.
Review tenant enablement
Tenant-specific readiness is separate from platform module import.
Review tenant offboarding
Disablement persists tenant/module state and returns cleanup guidance for operator follow-through.
AI provider setup
Review delegated provider onboarding before a provider key can be entered through a scoped setup link.
AI provider health
Record normalized provider health after setup completes so runtime selection can use ready connections.
Existing provider connections
Tenant-owned and pooled provider connections available to the selected tenant context.
Review provider setup
The management UI creates the setup request only. Provider secrets are entered later through the delegated setup surface.
Review provider health
Select an existing provider connection, then submit a normalized health result through the platform policy gate.
Policy records
Structured AI policy records become runtime enforcement input.
Create policy
Policy records are scoped at platform, tenant, module, or tenant/module level. Provider defaults such as connection name and model stay in the AI providers workspace.