How Administration Works

The control plane behind every setting, permission, and feature flag in the platform

Cascade Control Plane

Hierarchical inheritance governs every configurable surface

Every setting, theme, menu item, and feature flag flows through the Cascade tree. Admin mode gives you control over this inheritance. Parent nodes set defaults; child nodes override only what they need to.

platform-rootGlobal defaults for every tenant

constructionIndustry vertical overrides

insuranceIndustry vertical overrides

financeIndustry vertical overrides

velocity (solution)Solution-level config

mace-group (tenant)Tenant-specific overrides

58 Cascade domains across 6 categories. Each domain has a merge strategy that controls how parent and child values combine.

FLOOR_MERGE

Parent sets a floor. Child can only strengthen, never weaken.

Security policies: parent requires 8-char password, child can raise to 12 but never lower to 6.

UNION

Parent items + child items combined, deduplicated. Additive only.

Menu items: parent has Dashboard + Reports, child adds Analytics. Result: all three.

INTERSECT

Only items in BOTH parent AND child survive. The authority-scoping strategy.

Agent authority: parent grants [read, write, delete], agent config has [read, write]. Agent gets [read, write] only.

REPLACE

Child completely overrides parent.

Branding: tenant replaces platform logo with their own.

MERGE

Deep-merge objects. Child keys win on collision, parent keys preserved.

Theme: parent sets font + color, child overrides color only. Font inherited.

APPEND

Child appended to parent. Order preserved.

Audit logs: parent events + child events in chronological order.

Role & Permission Architecture

Three role systems, one unified access decision

Roles define what actions you can take. Stakeholder roles define what you see. Three independent systems resolve in parallel and merge into a single TenantAccessPayload.

Platform Roles

global-admin, platform-admin

Source: Entra + platform_roles table

Ledger Roles

community-admin, partner-admin, member

Source: ledger-api role assignments

Stakeholder Roles

project-manager, estimator, field-engineer...

Source: stakeholder_roles table (dynamic)

Role Hierarchy

global-adminPlatformFull platform access. Can manage all tenants, roles, and Cascade config.

platform-adminPlatformManages platform-level settings, factories, and intelligence networks.

community-adminCommunityManages community features, content, and member onboarding.

partner-adminTenantManages their organization's users, projects, and config overrides.

memberTenantStandard access. Sees only what their stakeholder role + ABAC rules allow.

Permission Map

131 permissions across 15 domains

cascade12

roles8

features9

agents11

projects14

finance10

commerce8

documents7

intelligence9

compliance6

provisioning8

marketplace7

website6

tokens9

operations7

ABAC Rule Evaluation

Attribute-based access control with AND logic

Every API request flows through the ABAC pipeline. All rules evaluate with AND logic: every rule must pass for the request to proceed.

Request + JWT

Incoming request with signed JWT token

Role Resolution

Platform + Ledger + Stakeholder roles resolved in parallel

Permission Check

Handler's requirePermission() verified against resolved roles

ABAC Rule Evaluation

All attribute rules evaluated with AND logic (all must pass)

Cascade Visibility

Cascade tree scoping via INTERSECT limits visible resources

Response

Only authorized, scoped data returned

9 Attribute Types

permission

Has specific permission

has("cascade.write")

stakeholder

Has stakeholder role

eq("project-manager")

tier

Subscription tier check

gte("contributor")

industry

Industry vertical match

eq("construction")

feature

Feature flag enabled

has("dynamic_layout")

role

Platform role match

in(["global-admin","partner-admin"])

solution

Active solution type

has("velocity")

factory

Factory access granted

has("website_factory")

portal

Portal-scoped check

eq("velocity")

Rules combine with AND logic. A request must satisfy every rule to proceed. Operators available: has, notHas, eq, gte, in, notIn.

Tenant Lifecycle

From creation to go-live in five steps

Create Tenant

Provision a new organization node in the Cascade tree under the correct vertical.

Assign Members

Invite users via Entra sync or email. Each gets a stakeholder role and permissions.

Activate Solutions

Enable solution types (e.g., Velocity, SuretyBind). Each activates its Cascade domains.

Configure Branding

Set logo, accent color, portal name. Theme inherits from vertical, overrides allowed.

Go Live

Tenant is active. TenantAccessPayload is the single source of truth for all decisions.

TenantAccessPayload

The single source of truth for all downstream decisions. Contains: tenant ID, resolved roles, stakeholder roles, active solutions, feature flags, Cascade node path, credit balance, and agent delegation grants. Computed once per request, cached per-session.

Agent Governance

Autonomy tiers, sponsor inheritance, and INTERSECT scoping

Agents inherit their sponsor's access and can never exceed it. Agent access is the INTERSECT of sponsor permissions and agent configuration.

Sponsor Access

read, write, delete, approve, configure

INTERSECT

Agent Config

read, write, approve

Agent Access

read, write, approve

Autonomy Tiers

T0Disabled

Agent cannot act. All requests queued for human review.

T1Suggest

Agent can suggest actions but cannot execute. Human approves each action.

T2Auto-low

Agent can execute low-risk actions automatically. High-risk actions require approval.

T3Auto-high

Agent can execute most actions. Only irreversible or high-value actions need approval.

T4Full Auto

Agent acts autonomously within its INTERSECT-scoped authority. Emergency stop available.

HenryT3

Sponsor: Don (Construction)

Access = min(sponsor access, agent config) via INTERSECT

GeorgeT2

Sponsor: Pat (Insurance)

Access = min(sponsor access, agent config) via INTERSECT

FranklinT2

Sponsor: System (Finance)

Access = min(sponsor access, agent config) via INTERSECT

Admin Principle

Every administrative action flows through the same pipeline as user actions: JWT validation, role resolution, ABAC evaluation, Cascade scoping, and provenance logging. There are no backdoors. The Cascade tree is the single control plane.