{"success":true,"data":{"module":"mupza_business_os_permission_adapter_preview_v1","previewRoute":"/permission-adapter-preview","mockApiRoute":"/api/mock/restaurant-os/permission-adapter-preview","mode":"local_read_only_static_preview","adapter":{"adapterId":"mupza_business_os_central_permission_adapter_v1","implementationMode":"skeleton_contract_only","runtimeMutationEnabled":false,"definesGlobalRoles":false,"externalRepositoryDependency":false,"requiresHumanApprovedCentralContract":true},"snapshot":{"subjectId":"qa_preview_tenant_admin_read_only","subjectKind":"tenant_admin","grantedActions":["business_os.restaurant.profile.read","business_os.restaurant.orders.read"],"scope":{"tenantId":"tenant_demo_mupza_business_os","restaurantId":"restaurant_demo_baku_cafe","branchId":"branch_demo_main"},"policyVersion":"permission_adapter_preview_v1_static_snapshot"},"summary":{"examples":6,"allowedCount":2,"deniedCount":4,"expectationMatches":true,"realPermissionGrantsCreated":false,"authBypassAdded":false,"backendConnected":false,"productionTouched":false,"stagingTouched":false,"sshUsed":false,"dockerUsed":false,"secretsTouched":false,"envFilesChanged":false,"veloraCrmTouched":false},"examples":[{"id":"restaurant_profile_read_allowed","label":"Restaurant profile read","requestedActionLabel":"business_os.restaurant.profile.read","adapterAction":"business_os.restaurant.profile.read","expectation":"allowed","riskClass":"read_safe","operatorNote":"Read-only restaurant profile access is granted by the local preview snapshot.","decision":{"allowed":true,"action":"business_os.restaurant.profile.read","scope":{"tenantId":"tenant_demo_mupza_business_os","restaurantId":"restaurant_demo_baku_cafe","branchId":"branch_demo_main"},"source":"central_permission_adapter_skeleton_v1","reason":"Central permission snapshot grants this Business OS action within the requested scope."}},{"id":"order_read_allowed","label":"Order read","requestedActionLabel":"business_os.restaurant.orders.read","adapterAction":"business_os.restaurant.orders.read","expectation":"allowed","riskClass":"read_safe","operatorNote":"Read-only order access is granted for the same tenant, restaurant and branch scope.","decision":{"allowed":true,"action":"business_os.restaurant.orders.read","scope":{"tenantId":"tenant_demo_mupza_business_os","restaurantId":"restaurant_demo_baku_cafe","branchId":"branch_demo_main"},"source":"central_permission_adapter_skeleton_v1","reason":"Central permission snapshot grants this Business OS action within the requested scope."}},{"id":"staff_role_mutation_denied","label":"Staff role mutation","requestedActionLabel":"business_os.restaurant.staff.write","adapterAction":"business_os.restaurant.staff.write","expectation":"denied","riskClass":"mutation_guard","operatorNote":"The preview snapshot does not grant staff role mutation authority.","decision":{"allowed":false,"action":"business_os.restaurant.staff.write","scope":{"tenantId":"tenant_demo_mupza_business_os","restaurantId":"restaurant_demo_baku_cafe","branchId":"branch_demo_main"},"source":"central_permission_adapter_skeleton_v1","reason":"Central permission snapshot does not grant this Business OS action within the requested scope."}},{"id":"pos_risk_action_bypass_denied","label":"POS risk action bypass","requestedActionLabel":"pos.risk_action.bypass_preview_only","adapterAction":"business_os.restaurant.audit.read","expectation":"denied","riskClass":"pos_guard","operatorNote":"POS bypass is intentionally not a grantable preview action; the adapter receives an ungranted audit action as the local denial probe.","decision":{"allowed":false,"action":"business_os.restaurant.audit.read","scope":{"tenantId":"tenant_demo_mupza_business_os","restaurantId":"restaurant_demo_baku_cafe","branchId":"branch_demo_main"},"source":"central_permission_adapter_skeleton_v1","reason":"Central permission snapshot does not grant this Business OS action within the requested scope."}},{"id":"billing_provider_secret_read_denied","label":"Billing provider secret read","requestedActionLabel":"billing.provider_secret.read_preview_only","adapterAction":"business_os.restaurant.admin.view","expectation":"denied","riskClass":"secret_guard","operatorNote":"Provider secret reads are outside the adapter preview grants and remain denied without exposing secret names or values.","decision":{"allowed":false,"action":"business_os.restaurant.admin.view","scope":{"tenantId":"tenant_demo_mupza_business_os","restaurantId":"restaurant_demo_baku_cafe","branchId":"branch_demo_main"},"source":"central_permission_adapter_skeleton_v1","reason":"Central permission snapshot does not grant this Business OS action within the requested scope."}},{"id":"domain_dns_mutation_denied","label":"Domain/DNS mutation","requestedActionLabel":"domain.dns.mutate_preview_only","adapterAction":"business_os.restaurant.branch.write","expectation":"denied","riskClass":"domain_guard","operatorNote":"Domain and DNS mutation is represented as an ungranted branch write probe and remains human-gated.","decision":{"allowed":false,"action":"business_os.restaurant.branch.write","scope":{"tenantId":"tenant_demo_mupza_business_os","restaurantId":"restaurant_demo_baku_cafe","branchId":"branch_demo_main"},"source":"central_permission_adapter_skeleton_v1","reason":"Central permission snapshot does not grant this Business OS action within the requested scope."}}]}}