Handbook
Prompt 16 — Integrations, billing, entitlements, and enterprise governance
Implement the enterprise control surfaces that make Capablio sellable and operable. Use the actual vendors and stack discovered in the repository; do not create pretend connectors.
Updated
Required context
- Plan and entitlement matrix
11-offerings-pricing-and-entitlements.md- Tenant/global admin workspaces
- Existing identity, notifications, import, API, and billing services
- Security/data-governance decisions
Prompt
Implement the enterprise control surfaces that make Capablio sellable and operable. Use the actual vendors and stack discovered in the repository; do not create pretend connectors.
1. Entitlement service
Create one server-side source of truth for:
- Plan capabilities
- Limits
- Add-ons
- Tenant overrides
- Effective dates
- Trial/grace state
- Usage counters
Expose a safe client capability view. UI gating is not enforcement. Feature flags remain separate from commercial access.
Map marketing pricing and application upgrade prompts to the same source.
2. Billing and usage
Implement according to the approved commercial model:
- Active subject seat definition
- Seat allocation/use
- Guest rater non-billing
- Plan/trial status
- Invoices/payment portal if supported
- Upgrade/downgrade/renewal behavior
- Overage or hard-limit behavior
- Leaver/archive policy
- Billing contacts and audit
Do not implement payment flows without secure provider integration and legal/tax decisions.
3. SSO and SCIM
Where entitled and supported:
- Setup wizard
- Domain verification
- Metadata/config exchange
- Test mode
- Staged enforcement
- Break-glass accounts
- SCIM token lifecycle
- Attribute/group mapping
- Sync status/errors/retry
- Deprovision behavior and retention implications
- Audit
4. HRIS and directory integrations
Provide connector framework and released connectors only. Include:
- Mapping
- Scope
- Preview/dry run
- Conflict policy
- Incremental/full sync
- Job status
- Error details safe for admins
- Retry and reconciliation
- Source-of-truth indicator
- Audit and deletion behavior
5. Collaboration and notifications
Email, Slack, Microsoft Teams, or other released channels require:
- Tenant authorization
- Template/localization
- Channel preference and fallback
- Delivery status/retry
- Deep links with safe return URLs
- Uninstall/revoke handling
- No sensitive ratings/comments in notification payloads
6. API and webhooks
- Scoped authentication
- Versioning
- Rate limits
- Idempotency for writes
- Pagination/filtering
- Tenant isolation
- Webhook signing, replay protection, retries, and delivery logs
- OpenAPI/schema documentation
- Entitlement gates
- Audit
7. Data governance
Build admin controls for released capabilities:
- Retention presets/custom policy
- Export
- Deletion/anonymization
- Legal hold where entitled
- Region/residency where actually supported
- Key mode where approved
- Audit retention
- AI provider/data-use policy
Explain consequences and preview affected data. Exposure cooldown is not a retention setting.
8. Tests and docs
- Entitlement bypass attempts
- Seat counting and guest raters
- Effective-date changes
- Billing-provider failure/reconciliation
- SSO lockout prevention
- SCIM/HRIS deprovision and rehire
- Webhook signature/replay/retry
- Integration secret protection
- Governance policy application
Acceptance gates
- Every plan promise is machine-enforced and documented.
- Tenant admins can see limits and health without support tickets.
- Integration failures are diagnosable and recoverable.
- Data-governance settings match actual data lifecycle behavior.