Fundamentals
Support Conversation Layer
Request-level conversations with strict visibility controls, role-safe access, and unread tracking foundation.
Updated May 2026
Note
INTERNAL_ONLY is security-critical
Internal notes are never exposed through client request message endpoints. Any leakage is treated as a high-severity security incident.
Operational Notes
Message visibility policy
CLIENT_VISIBLE messages are visible to client and operator roles, while INTERNAL_ONLY notes are restricted to operators only.
Role-safe endpoints
Client message routes are org-scoped and ownership-aware. Admin routes enforce technician assignment visibility rules.
Read-state baseline
Per-user lastViewedAt state per request creates a durable unread foundation for future notification surfaces.