AICOOScope (accounting | full | unlimited)
AICOOScope is the tenant policy’s coarse pillar boundary for AI COO and MCP tools. It is one visibility gate, not a replacement for pillar, feature, entitlement, role, permission, persona, or approval checks.
Scope values
| Scope | MCP pillars allowed by the scope gate |
|---|---|
accounting | accounting, reporting, portal |
full | every MCP pillar except studio |
unlimited | every MCP pillar |
unlimited means all catalog pillars can pass this gate. It does not mean experimental access, bypass authorization, or bypass risk-tier controls.
Tier mapping
| Subscription tier | AI COO scope |
|---|---|
| Core | accounting |
| Growth | full |
| Scale | unlimited |
| Enterprise | unlimited |
| Practice | accounting |
The billing tier configuration establishes this mapping. The Worker receives the resolved value in tenant agent policy and evaluates it for each tool’s pillar.
Enforcement
The Worker uses the same scope semantics as the shared Go billing package:
switch (scope) { case "unlimited": return true; case "full": return pillar !== "studio"; case "accounting": return pillar === "accounting" || pillar === "reporting" || pillar === "portal"; default: return false;}An unknown scope fails closed. A known scope only passes this one gate; the tenant must also have the pillar enabled and satisfy all tool-specific visibility requirements.
Tenant context
Scope comes from the selected tenant’s policy. A practice user working in the practice tenant therefore receives the Practice policy. When the user changes to a linked client tenant, discovery must be repeated with that client’s tenant ID and policy.
Clients should not assume a scope from a user’s identity or reuse one tenant’s tool list for another tenant. Send X-Tenant-ID on tenant-scoped requests and rediscover tools after switching context.