Skip to content

fix: authorize organizations from live memberships#42

Merged
JannikJung merged 1 commit into
mainfrom
codex/plusone-312-live-memberships
Jun 24, 2026
Merged

fix: authorize organizations from live memberships#42
JannikJung merged 1 commit into
mainfrom
codex/plusone-312-live-memberships

Conversation

@JannikJung

Copy link
Copy Markdown
Collaborator

Summary

OAuth users now see and can act through every organization they currently belong to, matching Commons. A NULL grant reference no longer produces an empty publisher profile, and a populated reference no longer narrows discovery or submission; the reference remains inert metadata.

Organization destinations are selected explicitly and validated against live local membership. Removing membership immediately hides that organization's profiles, skills, metadata, feeds, registry entries, MCP resources, raw files, and ZIPs while leaving the OAuth grant valid.

Public and paid behavior, hidden-resource responses, private/no-store caching, direct organization publication, bootstrap provisioning, and disabled Plus One claim enforcement are unchanged. No migration or CI change is included.

Validation

  • npm test — 25 files, 120 tests passed
  • npm run build
  • npm run runtime:export
  • Local browser smoke: / and /skills
  • Security review: no actionable findings

Linear: PLUSONE-312


Compound Engineering
Codex

@JannikJung JannikJung merged commit e918150 into main Jun 24, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant