Skip to content

fix: simplify organization scope ownership#41

Merged
JannikJung merged 1 commit into
mainfrom
codex/plusone-312-simplify-receiver
Jun 23, 2026
Merged

fix: simplify organization scope ownership#41
JannikJung merged 1 commit into
mainfrom
codex/plusone-312-simplify-receiver

Conversation

@JannikJung

Copy link
Copy Markdown
Collaborator

Summary

Organization scope ownership now uses the existing organization_id consistently: it remains publisher attribution for public and paid skills, and becomes both attribution and the access boundary for organization skills. This removes the unnecessary second organization column while preserving the pre-existing public/paid publishing model.

Plus One bootstrap-time organization provisioning remains intact. Production linkage is deliberately a direct, conditional D1 update, and the deployment workflow is restored to its previous state.

Key decisions

  • Organization access requires organization_id; public and paid skills may retain it for attribution.
  • Unknown signed workspace references still provision organizations during first-party bootstrap and reconcile membership/admin role.
  • The existing org_every row will be linked directly to T0AGH2EFKBN after migration 0014 is applied.
  • Cache and authorization protections from the receiver implementation are unchanged.

Validation

  • npm test — 25 files, 115 tests passed
  • npm run build — passed
  • npm run runtime:export — passed
  • git diff --check — passed
  • Structured migration/security review — no actionable findings

Post-Deploy Monitoring & Validation

  • Before migration, query organization for org_every and any existing T0AGH2EFKBN owner; stop on a conflicting row.
  • After migration/linkage, verify exactly one row has plusOneWorkspaceId = 'T0AGH2EFKBN' and it is org_every.
  • Keep PLUS_ONE_ORGANIZATION_SCOPE_ENFORCEMENT disabled.
  • Smoke public catalog, registry, raw skill, and ZIP endpoints; then verify an organization fixture remains absent without current membership.
  • Watch Cloudflare Worker errors and D1 constraint/query failures for 30 minutes after deploy. Any authorization leak, elevated 5xx rate, or migration integrity error is a rollback trigger; owner is the deployer.

References


Compound Engineering
GPT-5

@JannikJung JannikJung merged commit 7ee4d66 into main Jun 23, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant