Add org-scoped data isolation across all server actions to
prevent cross-org data leakage. Add read-only demo mode with
mutation guards on all write endpoints.
Multi-tenancy:
- org filter on executeDashboardQueries (all query types)
- org boundary checks on getChannel, joinChannel
- searchMentionableUsers derives org from session
- getConversationUsage scoped to user, not org-wide for admins
- organizations table, members, org switcher component
Demo mode:
- /demo route sets strict sameSite cookie
- isDemoUser guards on all mutation server actions
- demo banner, CTA dialog, and gate components
- seed script for demo org data
Also: exclude scripts/ from tsconfig (fixes build), add
multi-tenancy architecture documentation.
Co-authored-by: Nicholai <nicholaivogelfilms@gmail.com>
* feat(schema): add auth, people, and financial tables
Add users, organizations, teams, groups, and project
members tables. Extend customers/vendors with netsuite
fields. Add netsuite schema for invoices, bills,
payments, and credit memos. Include all migrations,
seeds, new UI primitives, and config updates.
* feat(auth): add WorkOS authentication system
Add login, signup, password reset, email verification,
and invitation flows via WorkOS AuthKit. Includes auth
middleware, permission helpers, dev mode fallbacks,
and auth page components.
* feat(people): add people management system
Add user, team, group, and organization management
with CRUD actions, dashboard pages, invite dialog,
user drawer, and role-based filtering. Includes
WorkOS invitation integration.
* ci: retrigger build
* fix: add mobile-list-card dependency for people-table
---------
Co-authored-by: Nicholai <nicholaivogelfilms@gmail.com>
