From 8cf6a661548923ac7cf73262fdfaaf65a898e1f0 Mon Sep 17 00:00:00 2001
From: Michael Chihlas <michael@resolutionflow.com>
Date: Thu, 28 May 2026 12:09:27 -0400
Subject: [PATCH] feat(l1): add l1_tech role to permissions docstring

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 backend/app/core/permissions.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/backend/app/core/permissions.py b/backend/app/core/permissions.py
index 639c4af6..155f90fc 100644
--- a/backend/app/core/permissions.py
+++ b/backend/app/core/permissions.py
@@ -1,11 +1,12 @@
 """
 Centralized permission checks for ResolutionFlow.
 
-Role hierarchy: super_admin > owner > engineer > viewer
+Role hierarchy: super_admin > owner > engineer > l1_tech > viewer
 
 - super_admin: is_super_admin=True, full system access
 - owner:       account_role='owner', manage account resources
 - engineer:    account_role='engineer' (default), CRUD own trees/steps
+- l1_tech:     account_role='l1_tech', use /l1/* surface only — walk flows, resolve/escalate
 - viewer:      account_role='viewer', read-only (can browse, run sessions, rate steps)
 """
 from __future__ import annotations
@@ -23,7 +24,8 @@ ROLE_HIERARCHY = {
     "super_admin": 4,
     "owner": 3,
     "engineer": 2,
-    "viewer": 1,
+    "l1_tech": 1,
+    "viewer": 0,
 }