feat: 4-role model — owner, operator, viewer + vendor-seed
Redesign the role model from 3 roles (platform-admin, admin, member)
to 4 clear personas:
- owner (org role): full tenant control — billing, team, apps, deploy
- operator (org role): app lifecycle + observability, no billing/team
- viewer (org role): read-only observability
- saas-vendor (global role, hosted only): cross-tenant platform admin
Bootstrap changes:
- Rename org roles: admin→owner, member→operator, add viewer
- Remove platform-admin global role (moved to vendor-seed)
- admin user gets owner role, camel user gets viewer role
- Custom JWT maps: owner→server:admin, operator→server:operator,
viewer→server:viewer, saas-vendor→server:admin
New docker/vendor-seed.sh for hosted SaaS environments only.
Remove sidebar user/logout link (TopBar handles logout).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3d41d4a3da