Phase 1 — Foundation
The foundation phase establishes multi-tenancy, authentication for both login types, the onboarding wizard, and the base layout structure that all other phases build on.
What It Does
Phase 1 creates the core multi-tenant infrastructure. Every business that registers gets a tenant account. The tenant has a unique slug used in webhook URLs. Two completely separate auth guards handle World Users (business owners) and Super Admins (platform owner).
Key Routes
| URL | Description |
|---|---|
GET /register | World User registration form |
POST /register | Create world user + tenant record |
GET /login | World User login |
GET /onboarding | Post-registration wizard (business name, phone, industry, timezone) |
GET /dashboard | World User dashboard |
GET /super-admin/login | Super Admin login |
GET /super-admin/dashboard | Platform-wide Super Admin view |
GET /super-admin/tenants | All tenant list |
Key Files
| Type | Path |
|---|---|
| Model | app/Models/Tenant.php |
| Model | app/Models/User.php |
| Model | app/Models/SuperAdmin.php |
| Controller | app/Http/Controllers/Auth/ |
| Controller | app/Http/Controllers/SuperAdmin/DashboardController.php |
| Middleware | app/Http/Middleware/OwnerOnly.php |
| View | resources/views/layouts/app.blade.php |
| View | resources/views/dashboard/index.blade.php |
| View | resources/views/super-admin/dashboard.blade.php |
| Migration | database/migrations/*_create_tenants_table.php |
| Config | config/auth.php — defines super_admin guard |
What's Complete
- Multi-tenant DB with
tenant_idon all core tables - World User registration, login, email verification, password reset
- Post-registration onboarding wizard (business name, phone, country, timezone, industry)
- Tenant slug auto-generated from business name (unique, URL-safe)
- Super Admin auth at separate guard and URL prefix
- World User dashboard skeleton with sidebar navigation
- Super Admin dashboard with platform stats (tenant count, call count, revenue)
- Super Admin tenant list with search and status filters
- User roles: owner / admin / staff — with
isOwner(),isAdmin()helpers - OwnerOnly middleware protecting billing and security routes
What's Deferred
- Two-factor authentication (2FA) — Phase 13 future
- Team invites (owner inviting staff by email) — partially built in later phases
- Single sign-on (SSO) — not planned for v1