Supabase Auth session
The gate requires a bearer session and rejects missing or expired tokens before any tenant lookup runs.
Tenant access
AIRCITE workspace gate
Customer-specific command center data must pass Supabase Auth and an AIRCITE product-membership check before it can be shown. This page exposes the boundary; the APIs enforce it.
Boundary
Customer data opens only after auth and product access pass
The current gate is intentionally conservative while checkout and tenant provisioning are being finished. A missing session returns 401, a valid user without an AIRCITE grant returns 403, and no response includes tenant records or secret values.
Membership scope
The gate checks shared platform membership and AIRCITE product grants before a workspace can open.
No tenant data returned
The gate and tenant summary return booleans, gate labels, and aggregate counts only. Tenant names, domains, records, PHI, and secret values stay out.
API
Tenant gate contract
/api/aircite/tenant-gate
Requires an Authorization bearer token from Supabase Auth. Checks business_member_products first, then business_members plus tenant_products for an enabled AIRCITE product grant. Returns only sanitized gate status and evidence flags.
Missing sessionNo bearer token supplied
401Missing AIRCITE grantUser is valid but not product-scoped
403Tenant accessSession and AIRCITE product membership pass
200/api/aircite/tenant-summary
Uses the same access resolver, then returns tenant-scoped aggregate counts from the growth engine: runs, GEO observations, SEO pages, social events, attribution rollups, and latest run metadata.
Data shapeAggregate counts only
No PHITenant identityNames and domains are not returned
HiddenSecret valuesNever included in responses
Blocked