{"success":true,"filters":{"layer":"tenant","visibility":null,"search":null},"summary":{"profiles":1,"layers":1,"visibilityModes":4,"roles":5,"apiScopes":4,"evidenceItems":3},"profiles":[{"id":"access-tenant","layer":"tenant","name":"Tenant isolation","purpose":"Keep company academies, custom scenarios, manager reports, and private evidence inside the owning organization.","enforcementPoint":"resolveEnterpriseOrgId, assertEnterpriseOrgAccess, orgId-scoped content reads and writes","failClosedRule":"Tenant admins cannot request or mutate another org's resources; platform admins need explicit org context.","visibilityModes":[{"mode":"public","learnerAccess":"Active global content can be browsed without tenant context.","managerAccess":"Managers can use public content as academy defaults.","adminAccess":"Only platform admins can publish true public content."},{"mode":"org-only","learnerAccess":"Learners can read active content assigned to their organization.","managerAccess":"Managers can inspect team evidence inside their organization.","adminAccess":"Tenant admins and instructors can manage content inside their organization."},{"mode":"private","learnerAccess":"Only the creator or permitted manager can inspect the artifact.","managerAccess":"Managers use private evidence for coaching, not broad publishing.","adminAccess":"Admins can manage private content only inside their allowed tenant boundary."},{"mode":"draft","learnerAccess":"Learners cannot use drafts as readiness evidence.","managerAccess":"Managers can review drafts only when they are content managers.","adminAccess":"Admins and instructors review drafts before publishing."}],"roles":[{"role":"owner","permissions":["billing","branding","identity","all academy settings"],"boundary":"Own organization or platform scope when explicitly platform-admin."},{"role":"admin","permissions":["content approval","integration setup","org reports"],"boundary":"Own organization and assigned academy surfaces."},{"role":"manager","permissions":["team dashboards","coaching reports","export readiness evidence"],"boundary":"Own organization and assigned academy surfaces."},{"role":"instructor","permissions":["scenario drafts","rubric drafts","learner feedback"],"boundary":"Own organization and assigned academy surfaces."},{"role":"viewer","permissions":["read-only dashboards","credential registry"],"boundary":"Own organization and assigned academy surfaces."}],"apiScopes":["teams:read","teams:write","reports:read","analytics:read"],"evidence":["Company-generated training uses org-only visibility by default","Manager reports remain scoped to team and organization","Enterprise exports include tenant identifiers"],"implementationRefs":["src/lib/enterprise-access.ts","src/lib/content-access.ts","src/lib/readiness/service.ts","src/lib/platform/company-academy.ts"]}]}