ControlLayer
Review tenant module rollout state, dependency checks, plan locks, and affected navigation with durable API-backed toggle persistence and no provider side effects.
Review module availability, dependency warnings, plan locks, and affected routes from the API-backed tenant settings source used by route and module gates.
Tenant context
Primary attention
Billing preview is disabled by governance hold
Next review
Daily governance review
Enabled modules
9
9 of 16 tenant modules are available now
Partial rollouts
5
pilot and preview modules need explicit reviewer handoff
Governance holds
2
disabled modules preserve data while blocking new module actions
Dependency checks
12
7 plan or usage locks are also visible in this workspace
Toggle reviews are submitted through /v1/settings/commands and update the tenant module gate used by navigation and direct-route guards. Existing records are preserved.
These rows come from the repository-backed settings toggle records and add route, dependency, and safety context for tenant admins.
Admin settings
Tenant admin controls, workspace roles, reminder defaults, and module configuration posture.
Reason
Tenant Default
Platform governance
Quarterly access certification
Cadence
Quarterly access certification
Keep enabled
Ready for tenant-admin use.
Safe boundary
Settings changes stay behind reviewed API commands; this rollout workspace is read-only.
Contract repository
Contract lists, lifecycle metadata, documents, related suppliers, and repository detail handoffs.
Reason
Tenant Default
Contract operations
Weekly repository health review
Cadence
Weekly repository health review
Keep enabled
Repository routes are ready for tenant operators.
Safe boundary
Repository access stays tenant-scoped and does not expose signed URLs or hidden document bodies through toggle copy.
Supplier directory
Supplier profiles, contract relationships, evidence posture, and assurance follow-up.
Reason
Tenant Default
Supplier management
Weekly supplier assurance review
Cadence
Weekly supplier assurance review
Keep enabled
Supplier directory routes are ready.
Safe boundary
Supplier-facing sends and upload links remain behind explicit preview/provider boundaries.
Sites and coverage
Site/property/location coverage, supplier service mapping, and operational gap review.
Reason
Tenant Default
Property operations
Weekly coverage review
Cadence
Weekly coverage review
Keep enabled
Site coverage routes are ready.
Safe boundary
Site-scoped permissions remain enforced before route or data access is allowed.
Renewals and reminders
Notice-date review, reminder defaults, renewal decision preparation, and owner escalation posture.
Reason
Tenant Default
Operations
Daily at 08:00 UTC
Cadence
Daily at 08:00 UTC
Keep enabled
Reminder defaults are ready.
Safe boundary
The workspace may preview reminders, but no external reminder is sent without an approved provider path.
Tasks and follow-up
Manual and generated tasks, due windows, owner load, and linked entity follow-up.
Reason
Tenant Default
Operations
Daily queue review
Cadence
Daily queue review
Keep enabled
Task queues are ready.
Safe boundary
Task previews do not mutate live assignments unless a reviewed command path explicitly does so.
Reports and exports
Saved views, filtered reports, export previews, and leadership handoff packs.
Reason
Tenant Default
Operations reporting
Monthly reporting review
Cadence
Monthly reporting review
Keep enabled
Reports are ready with export review guardrails.
Safe boundary
No file is written, signed URL issued, or external delivery triggered by this rollout state.
Search
Permission-aware search across operational records with preview-safe indexing posture.
Reason
Tenant Default
Platform search
Weekly index posture review
Cadence
Weekly index posture review
Keep enabled
Search route is ready in preview mode.
Safe boundary
Search gating never reveals hidden records or raw index payloads.
Compliance review
Evidence board, expiry watch, missing-pack follow-up, and supplier assurance review posture.
Reason
Tenant Default
Compliance
Weekdays at 07:30 UTC
Cadence
Weekdays at 07:30 UTC
Keep enabled
Evidence queues are available.
Safe boundary
Waivers and evidence decisions remain human-reviewed; this surface does not provide legal advice.
Workflow approvals
Fixed V1 workflow templates, simple approval lanes, module dependency checks, and safe worker inspection previews.
Reason
Configuration Required
Operations governance
Daily governance review
Cadence
Daily governance review
Complete rollout review
Template previews are available; live workflow mutation remains disabled.
Safe boundary
Workflow previews do not create live tasks, persist approvals, call providers, or send supplier-facing messages.
Notifications release center
Preview-safe notification outbox, recipient policy, dedupe, quiet-hours holds, provider posture, and release review.
Reason
Configuration Required
Operations / Compliance
Daily release review
Cadence
Daily release review
Complete rollout review
Provider credentials remain disabled; release decisions stay preview-only.
Safe boundary
No email, webhook, in-app, Slack, Teams, or supplier-facing send is triggered without provider setup and human approval.
Imports queue
Spreadsheet staging, mapping review, intake triage, and extraction handoff for messy contract folders.
Reason
Pilot Cohort
Platform
Pilot cohort only
Cadence
Pilot cohort only
Complete rollout review
Staging rules are limited to the pilot cohort.
Safe boundary
Imports remain preview/stub safe; no unapproved upload, OCR, or provider job is triggered here.
Integrations
CSV-first imports/exports, safe sync replay, webhook posture, and provider-readiness review.
Reason
Configuration Required
Platform integrations
Weekly integration review
Cadence
Weekly integration review
Complete rollout review
Provider credentials remain behind preview boundaries.
Safe boundary
No provider credential, webhook send, remote sync, or customer data transfer is triggered here.
AI assistant
Ask-a-contract and clause-summary preview with source-span, human review, and no-legal-advice guardrails.
Reason
Configuration Required
Legal ops
Manual reviewer unlock
Cadence
Manual reviewer unlock
Complete rollout review
Human-review prompts are still required.
Safe boundary
The assistant must not provide legal advice, fabricate metadata, or make silent decisions.
Billing preview
Usage previews, invoice posture, plan-limit guardrails, and export-readiness controls.
Reason
Governance Hold
Tenant finance owner
Blocked pending finance owner confirmation
Cadence
Finance owner confirmation
Confirm governance hold
Finance approver invite is still pending.
Safe boundary
No invoice posting, payment collection, or provider-backed billing action is triggered by this workspace.
Supplier portal
Supplier-facing upload tokens, request posture, and future external portal readiness.
Reason
Governance Hold
Supplier assurance
Deferred V2 supplier portal review
Cadence
Deferred V2 supplier portal review
Confirm governance hold
Full supplier portal remains outside the V1 boundary.
Safe boundary
No supplier-facing account, invite, upload token, or external send is issued from this toggle state.
Route visibility should follow module state without breaking direct links or deleting tenant data.
Admin settings
4 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Contract repository
3 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Supplier directory
2 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Sites and coverage
2 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Renewals and reminders
3 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Tasks and follow-up
2 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Reports and exports
2 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Search
1 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Compliance review
3 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Workflow approvals
3 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Notifications release center
3 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Imports queue
3 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Integrations
2 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
AI assistant
3 route surfaces affected
Direct-route behavior
Direct routes can stay available to permitted users while this workspace explains the current rollout state.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Billing preview
3 route surfaces affected
Direct-route behavior
Existing usage and invoice preview data remains visible to authorized users while new billing actions stay blocked.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Supplier portal
2 route surfaces affected
Direct-route behavior
Supplier upload intake previews remain available to internal users while the full portal stays disabled.
Data preservation
Module toggles change visibility and safe actions; they do not delete tenant records or bypass permissions.
Dependencies are advisory rollout checks. They explain why a module should stay in pilot, preview, or governance review before it is widened.
Workflow approvals depends on Approval owner settings
Workflow approvals need tenant-owned reviewer roles and escalation owners before live mutation is trusted.
Current state
Admin settings is enabled
Next action
Document why the dependency is healthy before changing this module's availability.
Workflow approvals depends on Renewal source events
Renewal notice workflows depend on verified renewal dates before a reminder or task handoff can be previewed.
Current state
Renewals and reminders is enabled
Next action
Document why the dependency is healthy before changing this module's availability.
Workflow approvals depends on Notification release center
Workflow packets may reference reminders, but any external delivery remains behind the notification release preview.
Current state
Notifications release center is partially available
Next action
Keep this module in pilot or preview until the dependency owner signs off the remaining configuration.
Notifications release center depends on Recipient and quiet-hours policy
Notification release needs tenant-owned recipient defaults and working-hour policy before external providers can be trusted.
Current state
Admin settings is enabled
Next action
Document why the dependency is healthy before changing this module's availability.
Notifications release center depends on Reminder source events
Renewal reminder events provide one of the primary source lanes for the release center.
Current state
Renewals and reminders is enabled
Next action
Document why the dependency is healthy before changing this module's availability.
Notifications release center depends on Evidence expiry source events
Compliance expiry and supplier evidence prompts need verified source state before release review.
Current state
Compliance review is enabled
Next action
Document why the dependency is healthy before changing this module's availability.
Imports queue depends on Field mapping rules
Import mapping depends on tenant settings and custom fields before new records can be trusted.
Current state
Admin settings is enabled
Next action
Document why the dependency is healthy before changing this module's availability.
Integrations depends on Integration owners
Integration rollout needs tenant-owned owners and audit settings.
Current state
Admin settings is enabled
Next action
Document why the dependency is healthy before changing this module's availability.
AI assistant depends on Document intake
Assistant preview should wait until source documents and extraction queues are traceable.
Current state
Imports queue is partially available
Next action
Keep this module in pilot or preview until the dependency owner signs off the remaining configuration.
AI assistant depends on Human review settings
AI answers need tenant review prompts and no-legal-advice copy before rollout.
Current state
Admin settings is enabled
Next action
Document why the dependency is healthy before changing this module's availability.
Billing preview depends on Finance owner access
Billing preview needs a confirmed finance owner before tenant users can trust plan-limit decisions.
Current state
Admin settings is enabled
Next action
Document why the dependency is healthy before changing this module's availability.
Supplier portal depends on Supplier directory
A supplier portal cannot be trusted before supplier records and owners are configured.
Current state
Supplier directory is enabled
Next action
Document why the dependency is healthy before changing this module's availability.
Billing-backed signals stay advisory here. They explain rollout pressure without posting charges or calling providers.
Supplier directory: External share links
External share link issuance
New external links are paused because the tenant is eight links above the current monthly allowance.
Enforcement
block_new
Next action
Let existing links remain accessible, but require plan review before generating another external link.
Reports and exports: Export previews
Export approval workflow
Export overage remains advisory until provider-backed posting is wired behind the adapter boundary.
Enforcement
preview_only
Next action
Keep export-heavy planning in preview mode and do not treat charges as committed.
Compliance review: External share links
External share link issuance
New external links are paused because the tenant is eight links above the current monthly allowance.
Enforcement
block_new
Next action
Let existing links remain accessible, but require plan review before generating another external link.
Imports queue: AI review volume
AI extraction review queue
AI-assisted review volume is within two runs of the monthly plan cap.
Enforcement
warn
Next action
Stage non-urgent AI review batches until finance decides whether to widen the allowance.
AI assistant: AI review volume
AI extraction review queue
AI-assisted review volume is within two runs of the monthly plan cap.
Enforcement
warn
Next action
Stage non-urgent AI review batches until finance decides whether to widen the allowance.
Billing preview: Export previews
Export approval workflow
Export overage remains advisory until provider-backed posting is wired behind the adapter boundary.
Enforcement
preview_only
Next action
Keep export-heavy planning in preview mode and do not treat charges as committed.
Supplier portal: External share links
External share link issuance
New external links are paused because the tenant is eight links above the current monthly allowance.
Enforcement
block_new
Next action
Let existing links remain accessible, but require plan review before generating another external link.