fotospiel-app/docs/archive/prp-addendum-2025-09-08-tenant-admin-pwa.md

PRP Addendum (2025-09-08): Tenant Admin PWA

This addendum supersedes tenant-facing Filament guidance in fotospiel_prp.md. Super Admin remains Filament (web-only). Tenant administration now lives in a separate, store-ready PWA.

Summary

• Separate React/Vite PWA for tenant admins.
• Distribution: Android via TWA, iOS via Capacitor; PWA install (A2HS) supported.
• API-first backend: /api/v1/tenant/* endpoints cover all tenant operations.
• Auth: Authorization Code + PKCE + refresh tokens; access token includes tenant_id and roles.
• Tenancy: global scope + policies; host-based resolution remains for guest PWA.
• Billing: Event credits MVP; subscriptions deferred.

Architecture Changes

• Replace tenant Filament panel with PWA + API.
• Add BelongsToTenant trait and composite uniques including tenant_id.
• Introduce apps/admin-pwa and packages/mobile directories; keep apps/super-admin for Filament.

Mobile Packaging

• Android (TWA): bind to admin.<platform-domain> with /.well-known/assetlinks.json.
• iOS (Capacitor): native wrapper, push notifications, secure storage.

Offline & Sync

• Service Worker caches app shell and essentials.
• Background sync queues mutations; conflicts resolved via ETag/If-Match.

API Surface (Tenant)

• Auth: /api/v1/tenant-auth/login, /tenant-auth/exchange, /tenant-auth/logout, /tenant-auth/me.
• Entities: events, galleries, members, uploads, settings, purchases.
• Conventions: pagination, filtering, 429 rate limits, trace IDs in errors.

Security

• Token storage in Keychain/Keystore (mobile) and IndexedDB (web) with rotation.
• Audit logs for destructive actions and impersonation.

Migration Notes

• Treat Filament tenant resources in PRP as deprecated examples. Use them to inform field definitions and validation only.
• Future task: convert fotospiel_prp.md to UTF-8 and merge this addendum into the main PRP.