@alanbraulio-plankchecks…self-serve/02a-core-infra → self-serve/01-foundation15 files · +567 −53updated 1mo agoStack order: Merge after PR 1 — Foundation.
Adds the core infrastructure for multi-tenant orgId resolution. Self-serve orgs share a single FusionAuth tenant, so queries by tenantId alone would return an arbitrary org. This PR introduces the resolution layer that all routers depend on.
// Before (enterprise-only, 1:1 tenant mapping):
where: { fusionauthTenantId: ctx.auth.tenantId }
// After (multi-tenant safe):
where: ctx.auth.orgId
? { id: ctx.auth.orgId }
: { fusionauthTenantId: ctx.auth.tenantId }
Admin server core:
trpc.ts: orgId-aware auth context extractionresolve-org-id.ts + test: centralized orgId resolver with UserMapping fallbacksession-cache.ts: multi-tenant session cachingcomposio-user.ts: orgId-aware Composio user ID builderfusionauth-tenant-key.ts: multi-tenant FusionAuth key resolutionorg-capacity.ts: assertEnterpriseTier() and seat cap helpersserver-auth.ts: updated server auth for orgId contextteam-detail-snapshot.ts: orgId-aware team detail queriesmember-onboarding-accessible-teams.ts: orgId-aware team accesstrpc.auth-context.test.ts: updated auth context testsProxy (4 files):
resolve-org-id.ts, auth-middleware.ts, team-context.ts, fusionauth-tenant-key.tsThe ternary pattern is a no-op for enterprise orgs: they don't have orgId in their JWT claims, so the fallback { fusionauthTenantId } path runs — identical to pre-existing behavior.
| # | PR | Link |
|---|---|---|
| 1 | Foundation | #458 |
| 2 | Core orgId Resolution | this PR |
| 3 | Routers: orgs, audit, onboarding | #460 |
| 4 | Routers: teams, connections, me | #461 |
| 5 | Routers: apps, auth-configs, misc | #462 |
| 6 | Self-Serve Signup Flow | #463 |
| 7 | Sign-In & Auth Broker | #464 |
| 8 | Trial UI | #465 |
| 9 | Enterprise Tier Gates | #466 |
| 10 | Trial Lifecycle | #467 |
| 11 | Proxy Trial Lock | #468 |
| 12 | Tests & Fixtures | #469 |