Nicholai
c75b043259
* feat(security): add multi-tenancy isolation and demo mode Add org-scoped data isolation across all server actions to prevent cross-org data leakage. Add read-only demo mode with mutation guards on all write endpoints. Multi-tenancy: - org filter on executeDashboardQueries (all query types) - org boundary checks on getChannel, joinChannel - searchMentionableUsers derives org from session - getConversationUsage scoped to user, not org-wide for admins - organizations table, members, org switcher component Demo mode: - /demo route sets strict sameSite cookie - isDemoUser guards on all mutation server actions - demo banner, CTA dialog, and gate components - seed script for demo org data Also: exclude scripts/ from tsconfig (fixes build), add multi-tenancy architecture documentation. * fix(auth): real session takes priority over demo cookie The demo cookie was checked unconditionally before WorkOS auth, so logging in with real credentials after visiting /demo still returned the demo user. Now getCurrentUser() tries WorkOS first and only falls back to the demo cookie when no real session exists. Clears the stale cookie on real login. --------- Co-authored-by: Nicholai <nicholaivogelfilms@gmail.com>
Compass
An AI-native workspace platform that handles auth, deployment, and real-time collaboration -- so you can focus on building what actually matters.
Build With Direction
- AI agent built in -- every workspace ships with an intelligent assistant that understands your domain and takes action through tools you define
- Modular by design -- scheduling, financials, file management, messaging. drop in what you need, leave out what you don't
- Deploy anywhere -- self-host, ship to desktop and mobile, or deploy to the edge with Cloudflare
- Enterprise auth -- SSO, directory sync, and role-based access control out of the box
Quick Start
git clone https://github.com/High-Performance-Structures/compass.git
cd compass
bun install
cp .env.example .env.local # add your keys
bun run db:generate
bun run db:migrate:local
bun dev
See docs/ for detailed setup, environment variables, and deployment options.
Tech Stack
| Layer | Technology |
|---|---|
| Framework | Next.js 15 (App Router), React 19 |
| Language | TypeScript 5.x (strict) |
| UI | shadcn/ui, Tailwind CSS v4 |
| Database | Cloudflare D1 (SQLite) via Drizzle ORM |
| Auth | WorkOS (SSO, directory sync) |
| AI | AI SDK v6 + OpenRouter |
| Mobile | Capacitor (iOS + Android) |
| Desktop | Tauri 2.0 |
| Deployment | Cloudflare Workers via OpenNext |