Skip to content
AM

AICOOScope (accounting | full | unlimited)

AICOOScope is the tenant policy’s coarse pillar boundary for AI COO and MCP tools. It is one visibility gate, not a replacement for pillar, feature, entitlement, role, permission, persona, or approval checks.

Scope values

ScopeMCP pillars allowed by the scope gate
accountingaccounting, reporting, portal
fullevery MCP pillar except studio
unlimitedevery MCP pillar

unlimited means all catalog pillars can pass this gate. It does not mean experimental access, bypass authorization, or bypass risk-tier controls.

Tier mapping

Subscription tierAI COO scope
Coreaccounting
Growthfull
Scaleunlimited
Enterpriseunlimited
Practiceaccounting

The billing tier configuration establishes this mapping. The Worker receives the resolved value in tenant agent policy and evaluates it for each tool’s pillar.

Enforcement

The Worker uses the same scope semantics as the shared Go billing package:

switch (scope) {
case "unlimited":
return true;
case "full":
return pillar !== "studio";
case "accounting":
return pillar === "accounting" || pillar === "reporting" || pillar === "portal";
default:
return false;
}

An unknown scope fails closed. A known scope only passes this one gate; the tenant must also have the pillar enabled and satisfy all tool-specific visibility requirements.

Tenant context

Scope comes from the selected tenant’s policy. A practice user working in the practice tenant therefore receives the Practice policy. When the user changes to a linked client tenant, discovery must be repeated with that client’s tenant ID and policy.

Clients should not assume a scope from a user’s identity or reuse one tenant’s tool list for another tenant. Send X-Tenant-ID on tenant-scoped requests and rediscover tools after switching context.