Capablio

Prompt 16 — Integrations, billing, entitlements, and enterprise governance

Implement the enterprise control surfaces that make Capablio sellable and operable. Use the actual vendors and stack discovered in the repository; do not create pretend connectors.

Updated

Required context

  • Plan and entitlement matrix
  • 11-offerings-pricing-and-entitlements.md
  • Tenant/global admin workspaces
  • Existing identity, notifications, import, API, and billing services
  • Security/data-governance decisions

Prompt

Implement the enterprise control surfaces that make Capablio sellable and operable. Use the actual vendors and stack discovered in the repository; do not create pretend connectors.

1. Entitlement service

Create one server-side source of truth for:

  • Plan capabilities
  • Limits
  • Add-ons
  • Tenant overrides
  • Effective dates
  • Trial/grace state
  • Usage counters

Expose a safe client capability view. UI gating is not enforcement. Feature flags remain separate from commercial access.

Map marketing pricing and application upgrade prompts to the same source.

2. Billing and usage

Implement according to the approved commercial model:

  • Active subject seat definition
  • Seat allocation/use
  • Guest rater non-billing
  • Plan/trial status
  • Invoices/payment portal if supported
  • Upgrade/downgrade/renewal behavior
  • Overage or hard-limit behavior
  • Leaver/archive policy
  • Billing contacts and audit

Do not implement payment flows without secure provider integration and legal/tax decisions.

3. SSO and SCIM

Where entitled and supported:

  • Setup wizard
  • Domain verification
  • Metadata/config exchange
  • Test mode
  • Staged enforcement
  • Break-glass accounts
  • SCIM token lifecycle
  • Attribute/group mapping
  • Sync status/errors/retry
  • Deprovision behavior and retention implications
  • Audit

4. HRIS and directory integrations

Provide connector framework and released connectors only. Include:

  • Mapping
  • Scope
  • Preview/dry run
  • Conflict policy
  • Incremental/full sync
  • Job status
  • Error details safe for admins
  • Retry and reconciliation
  • Source-of-truth indicator
  • Audit and deletion behavior

5. Collaboration and notifications

Email, Slack, Microsoft Teams, or other released channels require:

  • Tenant authorization
  • Template/localization
  • Channel preference and fallback
  • Delivery status/retry
  • Deep links with safe return URLs
  • Uninstall/revoke handling
  • No sensitive ratings/comments in notification payloads

6. API and webhooks

  • Scoped authentication
  • Versioning
  • Rate limits
  • Idempotency for writes
  • Pagination/filtering
  • Tenant isolation
  • Webhook signing, replay protection, retries, and delivery logs
  • OpenAPI/schema documentation
  • Entitlement gates
  • Audit

7. Data governance

Build admin controls for released capabilities:

  • Retention presets/custom policy
  • Export
  • Deletion/anonymization
  • Legal hold where entitled
  • Region/residency where actually supported
  • Key mode where approved
  • Audit retention
  • AI provider/data-use policy

Explain consequences and preview affected data. Exposure cooldown is not a retention setting.

8. Tests and docs

  • Entitlement bypass attempts
  • Seat counting and guest raters
  • Effective-date changes
  • Billing-provider failure/reconciliation
  • SSO lockout prevention
  • SCIM/HRIS deprovision and rehire
  • Webhook signature/replay/retry
  • Integration secret protection
  • Governance policy application

Acceptance gates

  • Every plan promise is machine-enforced and documented.
  • Tenant admins can see limits and health without support tickets.
  • Integration failures are diagnosable and recoverable.
  • Data-governance settings match actual data lifecycle behavior.