Shareable invite codes (e.g. hps-k7m2x9) let anyone
join an org after authenticating. Admins create/revoke
links from Settings > Team. Public /join/[code] route
handles acceptance with expiry and max-use limits.
The demo cookie deletion in getCurrentUser() was a no-op from
Server Component context (cookies().delete() only works in
Server Actions and Route Handlers). The cookie persisted for
its full 24h lifetime, causing middleware to short-circuit auth
checks even when a real WorkOS session existed.
- Middleware: real session now takes priority over demo cookie,
stale cookie actively deleted via Set-Cookie on response
- auth.ts: remove early demo-first check and dead deletion code,
WorkOS session checked before demo fallback
- /demo route: clear compass-active-org so demo doesn't inherit
a real user's workspace selection
Co-authored-by: Nicholai <nicholaivogelfilms@gmail.com>
Add org-scoped data isolation across all server actions to
prevent cross-org data leakage. Add read-only demo mode with
mutation guards on all write endpoints.
Multi-tenancy:
- org filter on executeDashboardQueries (all query types)
- org boundary checks on getChannel, joinChannel
- searchMentionableUsers derives org from session
- getConversationUsage scoped to user, not org-wide for admins
- organizations table, members, org switcher component
Demo mode:
- /demo route sets strict sameSite cookie
- isDemoUser guards on all mutation server actions
- demo banner, CTA dialog, and gate components
- seed script for demo org data
Also: exclude scripts/ from tsconfig (fixes build), add
multi-tenancy architecture documentation.
Co-authored-by: Nicholai <nicholaivogelfilms@gmail.com>
Add local daemon that routes inference through user's own Anthropic
API key with filesystem and terminal access. Includes WebSocket
transport, MCP tool adapter, and API key auth.
Key components:
- compass-bridge package: local daemon with tool registry
- WebSocket transport for agent communication
- MCP API key management with HMAC auth and scoped permissions
- Usage tracking (tool calls, duration, success/failure)
- Settings UI for Claude Code configuration
- Migration 0019: mcp_api_keys and mcp_usage tables
- Test suite for auth and transport layers
Co-authored-by: Nicholai <nicholaivogelfilms@gmail.com>
- Wire up real user data to sidebar, header, and account modal
- Add functional profile editing (first name, last name) via WorkOS API
- Add password change functionality via WorkOS API
- Add logout functionality to sidebar and header dropdowns
- Migrate from manual WorkOS SDK to @workos-inc/authkit-nextjs
- Add server-side input validation with Zod schemas for all auth routes
- Add shared validation schemas for auth, users, teams, schedule, financial
- Fix 30-second auto-logout by properly handling refresh tokens
- Add SidebarUser type and toSidebarUser helper for UI components
- Add getInitials utility for avatar fallbacks
- Document rate limiting configuration for Cloudflare WAF
- Fix login page Suspense boundary for Next.js 15 compatibility
- Remove obsolete workos-client.ts in favor of authkit helpers
Co-authored-by: Nicholai <nicholaivogelfilms@gmail.com>
* ci: retrigger build
* ci: retrigger build
* fix(auth): use AuthKit hosted login instead of custom forms
* fix(auth): replace AuthKit with direct JWT session
and add SSO providers
Remove authkit-nextjs dependency from middleware and
auth.ts. Custom login forms now set a raw JWT cookie
that middleware and getCurrentUser() read directly via
JWT payload decode. Add Google, Microsoft, GitHub, and
Apple SSO via WorkOS getAuthorizationUrl + code exchange
callback. Login route now upserts users in DB after
authentication.
---------
Co-authored-by: Nicholai <nicholaivogelfilms@gmail.com>
