# tenant-registry Multi-tenant glue: orgs, entitlements, API keys, audit. > Part of the **Breakpilot Platform**. For the big picture see [`platform/docs`](https://gitea.meghsakha.com/platform/docs): > [Architecture](https://gitea.meghsakha.com/platform/docs/src/branch/main/PLATFORM_ARCHITECTURE.md) · > [Infrastructure](https://gitea.meghsakha.com/platform/docs/src/branch/main/INFRASTRUCTURE.md) · > [Product Integration Spec](https://gitea.meghsakha.com/platform/docs/src/branch/main/PRODUCT_INTEGRATION_SPEC.md) · > [Implementation Plan](https://gitea.meghsakha.com/platform/docs/src/branch/main/IMPLEMENTATION_PLAN.md) ## What this is Multi-tenant glue: orgs, entitlements, API keys, audit. Scaffolded under milestone M4.1. See [`platform/docs`](https://gitea.meghsakha.com/platform/docs) for the full architecture context. **Plane:** Control **Owner:** @sharang **Status:** pre-alpha **Linked milestone:** [M4.1](https://gitea.meghsakha.com/platform/docs/src/branch/main/IMPLEMENTATION_PLAN.md) ## Run locally ```bash # Prerequisites: Go 1.25+ # Dependencies (Keycloak, pg-app) come from the dev stack — see platform/orca-platform/dev. # In one terminal — bring up dev dependencies (in the orca-platform clone): cd /path/to/platform/orca-platform && make dev-up # In another — run the service: make dev # APP_ENV=dev, listens on :8080 make test # unit tests make build # compile to ./bin/tenant-registry ``` Env vars (override at the shell): | Var | Default | Purpose | |---|---|---| | `APP_ENV` | `dev` | one of `dev`, `stage`, `prod` | | `ADDR` | `:8080` | listen address | | `KEYCLOAK_ISSUER` | `http://localhost:8080/realms/breakpilot-dev` | OIDC issuer URL | | `DATABASE_URL` | empty (in-memory store in skeleton) | Postgres DSN, wired up in the M4.1 schema PR | ## Endpoints | Method | Path | Returns | |---|---|---| | GET | `/healthz` | `{"status":"ok"}` — liveness probe | | GET | `/v1/tenants/by-slug/{slug}` | 200 with tenant JSON, 404 if missing | | GET | `/v1/tenants/{id}` | 200 with tenant JSON, 404 if missing | The skeleton's store is in-memory and pre-seeded with one tenant: ```json { "id": "00000000-0000-0000-0000-000000000001", "slug": "acme", "name": "Acme Inc.", "status": "active", "plan": "professional", "products": ["certifai", "compliance"] } ``` So `curl http://localhost:8080/v1/tenants/by-slug/acme` works the moment `make dev` is up. The full schema (tenants, tenant_products, audit_log) is committed at `migrations/0001_init.up.sql` for review, but unapplied until the M4.1 follow-up PR swaps the in-memory store for pgx-backed Postgres. ## Deployment | Env | URL | How | |---|---|---| | dev | `http://localhost:8080` | `make dev` | | stage | `https://tenant-registry.stage.breakpilot.com` | auto on merge to `main` | | prod | `https://tenant-registry.breakpilot.com` | manual: tag `vX.Y.Z` + sign-off | Rollback: `orca rollout undo tenant-registry --env={{env}}`. ## Observability - Traces, logs, metrics: [SigNoz](https://signoz.meghsakha.com) — service name `tenant-registry` - Audit events: Tenant Registry `/audit` (Retraced-shape schema) - On-call: `oncall@breakpilot.com` · runbook at `platform/docs/runbooks/tenant-registry.md` ## Contributing See [`CONTRIBUTING.md`](./CONTRIBUTING.md). TL;DR: branch from main, open a PR, 1 review + green CI, squash-merge. ## License Proprietary — all rights reserved. Copyright (c) 2026 Sharang Parnerkar and Benjamin Boenisch. See [`LICENSE`](./LICENSE).