Sprint history — Foundation & platform

What shipped

The platform's spine: the solution skeleton, multi-tenancy, RBAC, audit, and user management.

• Walking skeleton (MIQ-103) — stood up the empty solution (API + Web + Mobile + CI + Postgres) so every layer proved it talks to its neighbour. The mobile project has stayed a health-check skeleton since (sheet 20).
• Organizational hierarchy (MIQ-004) — business_units as the tenant root + the org tables.
• RBAC (MIQ-003) — the permission catalog, roles, role/user grants, and runtime enforcement (baseline 40 permissions / 7 roles; later grew to 97 / 9 — see the RBAC matrix).
• Audit (MIQ-005) — the append-only audit_events log; selective/manual, not an all-writes interceptor (corrected in Phase 0).
• Tenancy runtime wiring (MIQ-105) — users + credentials and the real CurrentTenantProvider + Postgres RLS, replacing the historical stub. The runtime provider is real, not stubbed (Phase-0 correction).
• User management (UM-01–06) — login, password change/policy, lockout, admin user/role administration.
• Infrastructure repair (A1, A2) — the local-environment runbook and the Hangfire schema-bootstrap fix (the ops source of truth, see Operations).

Key decisions

• Two connection strings — owner (BYPASSRLS, migrations) vs runtime (RLS-bound); runtime can never bypass isolation.
• FORCE ROW LEVEL SECURITY — RLS binds even table owners.
• Audit is application-enforced append-only — no DB INSERT-only role yet (deferred post-MVP).

Build status

Available — tenancy (filters + stamping + RLS), RBAC, audit, and user management are all live. See Multi-tenancy, Auth & RBAC, Audit & soft-delete.

Related

• Architecture overview · RBAC matrix
• Fact sheet 01 (foundation); reports MIQ-103/003/004/005/105, UM-01–06, A1/A2.