# Plan

1. Phase 00 — Auth forensics and tenant research.
2. Phase 01 — Data model and tenant boundary.
3. Phase 02 — Permission model and engine.
4. Phase 03 — Server guards and context resolver.
5. Phase 04 — Invite and membership lifecycle.
6. Phase 05 — Role management and owner safety.
7. Phase 06 — UI flows.
8. Phase 07 — Audit log.
9. Phase 08 — Billing/admin/API-key boundary.
10. Phase 09 — Full security and product validation.
11. Phase 10 — Migration, backfill, rollout, rollback.

Do not start implementation before Phase 00 artifacts exist and blockers are answered or explicitly marked.