Skip to content

Class MultiTenancyGovernanceOptions

Namespace: Cephalon.MultiTenancy.Governance.Configuration
Assembly: Cephalon.MultiTenancy.Governance.dll

Configures the tenant-governance companion package.

public sealed class MultiTenancyGovernanceOptions

objectMultiTenancyGovernanceOptions

object.Equals(object?), object.Equals(object?, object?), object.GetHashCode(), object.GetType(), object.ReferenceEquals(object?, object?), object.ToString()

These options seed the host-owned governance baseline. Installed modules can still contribute additional memberships, invitations, domain ownership descriptors, and governance actions through contributor contracts.

Initializes a new instance of the class.

public MultiTenancyGovernanceOptions()

AllowInsecureDomainOwnershipHttpProofCollection

Section titled “ AllowInsecureDomainOwnershipHttpProofCollection”

Gets or sets a value indicating whether HTTP proof collection may use non-HTTPS URLs.

public bool AllowInsecureDomainOwnershipHttpProofCollection { get; set; }

bool

DomainOwnershipDnsTxtProofCollectionMaxResponseBytes

Section titled “ DomainOwnershipDnsTxtProofCollectionMaxResponseBytes”

Gets or sets the maximum response body size, in bytes, accepted by DNS TXT proof collection.

public int DomainOwnershipDnsTxtProofCollectionMaxResponseBytes { get; set; }

int

DomainOwnershipDnsTxtProofCollectionTimeoutSeconds

Section titled “ DomainOwnershipDnsTxtProofCollectionTimeoutSeconds”

Gets or sets the default timeout, in seconds, used by DNS TXT proof collection.

public int DomainOwnershipDnsTxtProofCollectionTimeoutSeconds { get; set; }

int

DomainOwnershipDnsTxtProofResolverEndpoint

Section titled “ DomainOwnershipDnsTxtProofResolverEndpoint”

Gets or sets the optional DNS-over-HTTPS resolver endpoint used by DNS TXT proof collection.

public Uri? DomainOwnershipDnsTxtProofResolverEndpoint { get; set; }

Uri?

When omitted, callers can still provide a per-request resolver endpoint. Cephalon does not use a hidden public resolver by default.

DomainOwnershipHttpProofCollectionMaxResponseBytes

Section titled “ DomainOwnershipHttpProofCollectionMaxResponseBytes”

Gets or sets the maximum response body size, in bytes, accepted by HTTP proof collection.

public int DomainOwnershipHttpProofCollectionMaxResponseBytes { get; set; }

int

DomainOwnershipHttpProofCollectionTimeoutSeconds

Section titled “ DomainOwnershipHttpProofCollectionTimeoutSeconds”

Gets or sets the default timeout, in seconds, used by HTTP proof collection.

public int DomainOwnershipHttpProofCollectionTimeoutSeconds { get; set; }

int

DomainOwnershipProofBackgroundPollingIntervalSeconds

Section titled “ DomainOwnershipProofBackgroundPollingIntervalSeconds”

Gets or sets the proof background polling interval, in seconds.

public int DomainOwnershipProofBackgroundPollingIntervalSeconds { get; set; }

int

Values less than one are coerced to the default interval.

DomainOwnershipProofBackgroundPollingRunOnStartup

Section titled “ DomainOwnershipProofBackgroundPollingRunOnStartup”

Gets or sets a value indicating whether proof background polling should run once during hosted-service startup.

public bool DomainOwnershipProofBackgroundPollingRunOnStartup { get; set; }

bool

DomainOwnershipProofBackgroundPollingSource

Section titled “ DomainOwnershipProofBackgroundPollingSource”

Gets or sets the source recorded on proof polling requests created by the background polling hosted service.

public string DomainOwnershipProofBackgroundPollingSource { get; set; }

string

DomainOwnershipProofChallengeDnsTxtRecordPrefix

Section titled “ DomainOwnershipProofChallengeDnsTxtRecordPrefix”

Gets or sets the default DNS TXT record prefix used by proof challenge issuance.

public string DomainOwnershipProofChallengeDnsTxtRecordPrefix { get; set; }

string

DomainOwnershipProofChallengeHttpFilePath

Section titled “ DomainOwnershipProofChallengeHttpFilePath”

Gets or sets the default HTTP path used by proof challenge issuance.

public string DomainOwnershipProofChallengeHttpFilePath { get; set; }

string

Gets or sets the default maximum number of tenant-domain ownership declarations polled in one runner pass.

public int DomainOwnershipProofPollingMaxItems { get; set; }

int

Gets or sets the optional JSON file path used for Cephalon-managed durable tenant-domain ownership state.

public string? DomainOwnershipStoreFilePath { get; set; }

string?

Gets the host-defined tenant-domain ownership descriptors available to the governance runtime.

public IList<TenantDomainOwnershipDescriptor> DomainOwnerships { get; }

IList<TenantDomainOwnershipDescriptor>

EnableDomainOwnershipDnsTxtProofCollection

Section titled “ EnableDomainOwnershipDnsTxtProofCollection”

Gets or sets a value indicating whether the built-in tenant-domain ownership DNS TXT proof collector is active.

public bool EnableDomainOwnershipDnsTxtProofCollection { get; set; }

bool

Gets or sets a value indicating whether the built-in tenant-domain ownership HTTP proof collector is active.

public bool EnableDomainOwnershipHttpProofCollection { get; set; }

bool

EnableDomainOwnershipHttpProofPublication

Section titled “ EnableDomainOwnershipHttpProofPublication”

Gets or sets a value indicating whether the built-in tenant-domain ownership HTTP proof publisher is active.

public bool EnableDomainOwnershipHttpProofPublication { get; set; }

bool

The governance package materializes and records HTTP proof-file publication state. It does not map an ASP.NET Core endpoint by itself; HTTP serving stays in the ASP.NET Core adapter so the core package remains host-agnostic. DNS records and provider control-plane mutations remain outside this option.

EnableDomainOwnershipProofBackgroundPolling

Section titled “ EnableDomainOwnershipProofBackgroundPolling”

Gets or sets a value indicating whether the built-in tenant-domain ownership proof polling hosted service is active.

public bool EnableDomainOwnershipProofBackgroundPolling { get; set; }

bool

This option is disabled by default so installing the governance package never starts recurring HTTP or DNS proof checks without an explicit host decision. When enabled, the hosted service schedules the bounded proof polling runner; it still does not publish DNS records, host HTTP proof files, or mutate provider control planes.

EnableDomainOwnershipProofChallengeIssuance

Section titled “ EnableDomainOwnershipProofChallengeIssuance”

Gets or sets a value indicating whether the built-in tenant-domain ownership proof challenge issuer is active.

public bool EnableDomainOwnershipProofChallengeIssuance { get; set; }

bool

Gets or sets a value indicating whether the built-in tenant-domain ownership proof evaluator is active.

public bool EnableDomainOwnershipProofEvaluation { get; set; }

bool

Gets or sets a value indicating whether the built-in bounded tenant-domain ownership proof polling runner is active.

public bool EnableDomainOwnershipProofPollingRunner { get; set; }

bool

The polling runner owns one on-demand scan over pending or rejected declarations and delegates each attempt to the proof verification runner. It does not schedule background polling or publish DNS/HTTP proof values.

EnableDomainOwnershipProofPublicationPlanning

Section titled “ EnableDomainOwnershipProofPublicationPlanning”

Gets or sets a value indicating whether the built-in tenant-domain ownership proof publication planner is active.

public bool EnableDomainOwnershipProofPublicationPlanning { get; set; }

bool

EnableDomainOwnershipProofVerificationRunner

Section titled “ EnableDomainOwnershipProofVerificationRunner”

Gets or sets a value indicating whether the built-in tenant-domain ownership proof verification runner is active.

public bool EnableDomainOwnershipProofVerificationRunner { get; set; }

bool

Gets or sets a value indicating whether the built-in tenant-domain ownership validator is active.

public bool EnableDomainOwnershipValidation { get; set; }

bool

EnableDomainOwnershipVerificationWorkflow

Section titled “ EnableDomainOwnershipVerificationWorkflow”

Gets or sets a value indicating whether the built-in tenant-domain ownership verification workflow executor is active.

public bool EnableDomainOwnershipVerificationWorkflow { get; set; }

bool

Gets or sets a value indicating whether the built-in tenant-governance action decider is active.

public bool EnableGovernanceActionDecision { get; set; }

bool

Gets or sets a value indicating whether the built-in tenant-governance action workflow executor is active.

public bool EnableGovernanceActionWorkflow { get; set; }

bool

Gets or sets a value indicating whether the built-in invitation delivery dispatcher is active.

public bool EnableInvitationDeliveryDispatch { get; set; }

bool

The dispatcher owns invitation lookup, pending/expiry checks, runtime reporting, and outcome persistence. It requires a registered before any external delivery can happen.

EnableInvitationDeliveryRetryBackgroundScheduling

Section titled “ EnableInvitationDeliveryRetryBackgroundScheduling”

Gets or sets a value indicating whether the built-in invitation delivery retry hosted service is active.

public bool EnableInvitationDeliveryRetryBackgroundScheduling { get; set; }

bool

This option is disabled by default so installing the governance package never starts recurring delivery attempts without an explicit host decision. When enabled, the hosted service schedules the bounded retry runner; it still does not provide distributed queues, cross-node leases, exactly-once delivery, or provider-specific senders.

EnableInvitationDeliveryRetryExecutionCoordination

Section titled “ EnableInvitationDeliveryRetryExecutionCoordination”

Gets or sets a value indicating whether concurrent invitation delivery retry runner passes are coordinated in-process.

public bool EnableInvitationDeliveryRetryExecutionCoordination { get; set; }

bool

Process-local coordination prevents overlapping manual and background retry passes inside the same host process. It does not provide distributed queues, cross-node leases, or exactly-once delivery across multiple running nodes.

Gets or sets a value indicating whether sender-failed invitation delivery attempts are queued for explicit retry.

public bool EnableInvitationDeliveryRetryQueue { get; set; }

bool

This queue is enabled deliberately because it can cause later delivery attempts. It stores retry intent and exposes a bounded manual runner; it does not start background delivery unless retry background scheduling is explicitly enabled, provide distributed leases, or guarantee exactly-once delivery.

EnableInvitationDeliveryStatusObservationStore

Section titled “ EnableInvitationDeliveryStatusObservationStore”

Gets or sets a value indicating whether delivery status reconciliation observations are recorded.

public bool EnableInvitationDeliveryStatusObservationStore { get; set; }

bool

Observation storage records normalized reconciliation outcomes for audit and operator review. It does not provide provider-specific callback translation, provider polling, cross-node replay protection, or distributed exactly-once delivery.

EnableInvitationDeliveryStatusReconciliation

Section titled “ EnableInvitationDeliveryStatusReconciliation”

Gets or sets a value indicating whether the built-in invitation delivery status reconciler is active.

public bool EnableInvitationDeliveryStatusReconciliation { get; set; }

bool

The reconciler owns host-agnostic status matching, metadata normalization, and persistence after a provider or receiver reports delivery status. It does not map webhooks or poll provider APIs by itself.

Gets or sets a value indicating whether the built-in invitation validator is active.

public bool EnableInvitationValidation { get; set; }

bool

Gets or sets a value indicating whether the built-in membership evaluator is active.

public bool EnableMembershipEvaluation { get; set; }

bool

Gets or sets a value indicating whether the built-in tenant-administration workflow executor is active.

public bool EnableTenantAdministrationWorkflow { get; set; }

bool

The workflow mutates Cephalon-managed membership and invitation stores through explicit host-driven commands. It does not provide public onboarding screens, tenant-admin HTTP endpoints, provider-specific delivery senders, or identity-provider sync.

Gets or sets the optional JSON file path used for Cephalon-managed durable governance-action workflow state.

public string? GovernanceActionStoreFilePath { get; set; }

string?

Gets the host-defined approval and remediation actions available to the governance runtime.

public IList<TenantGovernanceActionDescriptor> GovernanceActions { get; }

IList<TenantGovernanceActionDescriptor>

InvitationDeliveryRetryBackgroundIntervalSeconds

Section titled “ InvitationDeliveryRetryBackgroundIntervalSeconds”

Gets or sets the invitation delivery retry background scheduling interval, in seconds.

public int InvitationDeliveryRetryBackgroundIntervalSeconds { get; set; }

int

Values less than one are coerced to the default interval.

InvitationDeliveryRetryBackgroundRunOnStartup

Section titled “ InvitationDeliveryRetryBackgroundRunOnStartup”

Gets or sets a value indicating whether invitation delivery retry background scheduling should run once during hosted-service startup.

public bool InvitationDeliveryRetryBackgroundRunOnStartup { get; set; }

bool

Gets or sets the source recorded on retry requests created by the background retry hosted service.

public string InvitationDeliveryRetryBackgroundSource { get; set; }

string

Gets or sets the delay, in seconds, before a failed retry entry is due again.

public int InvitationDeliveryRetryDelaySeconds { get; set; }

int

Gets or sets the maximum dispatch attempts retained for one retry entry, including the original failed attempt.

public int InvitationDeliveryRetryMaxAttempts { get; set; }

int

Gets or sets the default maximum number of retry entries attempted by one retry runner pass.

public int InvitationDeliveryRetryMaxItems { get; set; }

int

Gets or sets the optional JSON file path used for Cephalon-managed durable invitation delivery retry entries.

public string? InvitationDeliveryRetryQueueFilePath { get; set; }

string?

Gets or sets the maximum number of invitation delivery dispatch attempts retained in the runtime catalog.

public int InvitationDeliveryRunHistoryLimit { get; set; }

int

InvitationDeliveryStatusObservationHistoryLimit

Section titled “ InvitationDeliveryStatusObservationHistoryLimit”

Gets or sets the maximum number of delivery status observations retained by the built-in observation store.

public int InvitationDeliveryStatusObservationHistoryLimit { get; set; }

int

InvitationDeliveryStatusObservationStoreFilePath

Section titled “ InvitationDeliveryStatusObservationStoreFilePath”

Gets or sets the optional JSON file path used for Cephalon-managed durable delivery status observations.

public string? InvitationDeliveryStatusObservationStoreFilePath { get; set; }

string?

Gets or sets the optional JSON file path used for Cephalon-managed durable tenant-invitation state.

public string? InvitationStoreFilePath { get; set; }

string?

Gets the host-defined tenant invitations available to the governance runtime.

public IList<TenantInvitationDescriptor> Invitations { get; }

IList<TenantInvitationDescriptor>

Gets or sets the optional JSON file path used for Cephalon-managed durable tenant-membership state.

public string? MembershipStoreFilePath { get; set; }

string?

Gets the host-defined tenant memberships available to the governance runtime.

public IList<TenantMembershipDescriptor> Memberships { get; }

IList<TenantMembershipDescriptor>