Multi-Tenant System Design

## Prompt: Design a Production-Grade Multi-Tenant Business Management System

You are a **principal software architect and senior backend engineer**.
Design a **production-ready, multi-tenant Business Management System** using **microservices architecture**.

### Core Stack (Do NOT generate code)

* Backend: **Spring Boot**
* Frontend: **ReactJS**
* Database: **MySQL**
* Cache: **Redis**
* Auth Providers:
  * Local username/password
  * Google via **Firebase Authentication**
  * **Azure Active Directory (Azure AD)**
* Architecture style: **Microservices**
* Deployment: **Containerized (Docker → Kubernetes)**

---

## 1. System Overview

Design **three core microservices**:

1. **Tenant Service**
   * Multi-tenant lifecycle management
2. **User Service**
   * Authentication, authorization, RBAC
3. **Business Service**
   * Customers, tasks, tickets, invoices

All data must be **strictly tenant-isolated**.

---

## 2. Tenant Service – Multi-Tenant Management

Design the Tenant Service to handle:

### Tenant Lifecycle

* Public tenant registration
* Unique tenant slug generation and validation
* Trial provisioning (14 days)
* Subscription tiers:
  * Starter
  * Professional
  * Enterprise
  * Custom
* Status management:
  * TRIAL
  * ACTIVE
  * SUSPENDED
  * EXPIRED

### Tenant Resolution

Resolve tenant per request using priority:

1. Subdomain
2. URL path slug
3. Custom request header

Store tenant context in a request-scoped holder and clear after request completion.

### Tenant Configuration

* Key-value configuration store
* Feature flags
* Security policies
* Notification preferences
* External integrations
* Support encrypted values
* Redis cache (TTL: 10 minutes)

### Domain Mapping

* Custom domains
* DNS verification tokens
* SSL certificate provisioning
* Multiple domains per tenant

### Subscription & Billing

* Trial expiration handling
* Upgrades/downgrades with proration
* Renewal tracking
* Scheduled expiration jobs
* Email notifications

### Usage Tracking

Track per tenant:

* Active users
* Storage usage
* API calls
* Customers, tasks, tickets, invoices
* Threshold alerts at 80%, 90%, 100%

### Caching Strategy

* Tenant metadata cached (30 min)
* Redis pub/sub for cache invalidation across instances

---

## 3. User Service – Authentication & Authorization

Design the User Service with:

### User Registration

* Self-registration with email verification
* Admin-created users
* Invitation-based onboarding
* Token expiry enforcement

### Authentication Methods

* Local email/username + password
* Google login via Firebase ID tokens
* Azure AD OAuth 2.0 Authorization Code Flow

### Password Security

* BCrypt hashing (strength ≥ 12)
* Complexity rules
* Password history (last 5)
* Expiry policies (tenant-configurable)

### Token & Session Management

* JWT access tokens (15 min)
* Refresh tokens (30 days, HTTP-only cookies)
* Session tracking with device & IP metadata
* User-visible session management
* Admin-forced revocation

### Role-Based Access Control (RBAC)

* Permission model: `resource.action`
* Tenant-scoped roles
* System roles + custom roles
* Permission inheritance via groups
* Redis permission cache (10 min TTL)

### Group Management

* Users belong to multiple groups
* Groups can have roles
* Optional group hierarchy
* Group managers without full admin rights

### User Profiles

* Personal info
* Localization
* Notification preferences
* Custom tenant fields
* Avatar upload & optimization

### Activity & Audit Logging

Track:

* Auth events
* Permission failures
* Profile changes
* Role/group updates
* Business actions

### Account Security

* Failed login tracking
* Account lockout & backoff
* Security alerts
* MFA-ready data model (future)

---

## 4. Business Service – Core Business Operations

All entities are **tenant-scoped**.

---

### 4.1 Customer Management

* Individual vs business customers
* Structured addresses (billing & shipping)
* Financial fields (tax ID, VAT, credit limit)
* Tags, ratings, lifecycle status
* Assignable account owners
* Custom fields (JSON)
* Multiple contacts per customer
* Notes timeline & attachments
* Advanced search & filtering
* Metrics:
  * Lifetime value
  * Outstanding balance
  * Activity counts
* Bulk import/export

---

### 4.2 Company Management

* Vendors, partners, suppliers, competitors
* Legal entity data
* Encrypted bank details
* Relationship tracking
* Transaction summaries

---

### 4.3 Task Management

* Task types (task, bug, feature)
* Status workflows
* Priority levels
* Projects, sprints, milestones
* Parent-child tasks
* Assignments & watchers
* Time tracking (billable & non-billable)
* Comments, mentions, attachments
* Full change history
* Kanban, list, calendar views

---

### 4.4 Ticket Management

* Customer support workflows
* SLA tracking (response & resolution)
* Email-to-ticket integration
* Agent & group assignment
* Internal vs public messages
* Customer satisfaction surveys
* Ticket merging & escalation

---

### 4.5 Invoice Management

* Invoice lifecycle (draft → paid)
* Line items, taxes, discounts
* PDF generation with templates
* Payment tracking
* Partial payments
* Recurring invoices
* Aging reports
* Automated reminders
* Voiding & audit retention

---

## 5. Cross-Cutting Concerns

### Multi-Tenant Data Isolation

* `tenant_id` on all tenant data tables
* Composite indexes with tenant_id
* ORM-level tenant filters
* Service-level validation

### Caching

* Redis shared cache
* TTL by data type
* Pattern-based invalidation
* Pub/sub synchronization

### Event-Driven Architecture

* Domain events for:
  * Tenant lifecycle
  * User changes
  * Business actions
* Asynchronous consumers (email, analytics, metrics)

### Security

* Spring Security with method-level authorization
* HTTPS + TLS
* Security headers
* Input validation & sanitization
* Rate limiting using Redis
* OWASP best practices

### Logging & Monitoring

* Structured JSON logging
* Correlation IDs
* Tenant & user context in logs
* Metrics via Micrometer
* Health checks via Actuator
* Alerts for SLA, errors, infra health

### Testing

* Unit tests (≥80% critical logic)
* Integration tests (DB, Redis, auth)
* Security tests
* Performance tests (load, stress, endurance)

### Deployment & Operations

* Dockerized services
* Kubernetes orchestration
* CI/CD pipelines
* Flyway migrations
* Blue-green deployments
* Backup & disaster recovery
* Observability with logs, metrics, tracing

---

## Output Expectations

Produce:

* **High-level architecture**
* **Service responsibilities**
* **Data boundaries**
* **Security & isolation model**
* **Caching & event strategy**
* **Operational readiness considerations**

Do **NOT** generate code.
Focus on **design clarity, production readiness, and enterprise best practices**.