WIP: move file routes under /$org and reshape auth.me#507
Draft
RhysSullivan wants to merge 3 commits intors/cloud-workspaces-05-url-contextfrom
Draft
WIP: move file routes under /$org and reshape auth.me#507RhysSullivan wants to merge 3 commits intors/cloud-workspaces-05-url-contextfrom
RhysSullivan wants to merge 3 commits intors/cloud-workspaces-05-url-contextfrom
Conversation
The cloud app moves all protected routes under a URL-addressed organisation:
* App routes mount under `/$org/...` with a layout component that resolves
the URL handle against `useAuth().organizations`, redirects to the first
membership when the URL handle is unknown, and exposes
`{ orgId, orgName, orgHandle }` via `OrgRouteContext` to descendants.
`/$org/-/billing`, `/$org/-/settings`, etc. live in flat-style files
using the bracket-escape `[-]` convention so the TanStack generator
treats the dash as a literal segment instead of an ignore prefix.
* Index route at `/` redirects to the first membership's `/$handle`.
AuthGate routes `auth.organizations.length === 0` to onboarding.
* Shell, NavItem, source links, and the org switcher all generate paths via
`useOrgRoute()` and TanStack `Link` `params={{ org }}`. The legacy
`switchOrganization` mutation and `organizationsAtom` are dropped — the
switcher now navigates to `/$org` and the URL is the source of truth.
* Cloud's protected API moves under `/api/:org/...` via an
`HttpRouter.prefixed` wrapper layered onto `ProtectedCloudApiLive`.
`ExecutionStackMiddleware` reads the URL `:org` segment, resolves it
through `resolveOrgContext`, and verifies the session user is a member
via `authorizeOrganization` — `session.organizationId` is no longer
consulted.
* The frontend executor client sets its base URL to
`${origin}/api/${orgHandle}` once the org layout resolves so existing
endpoint atoms continue to work unchanged.
* Test harness mirrors the prefix layer, lazily seeds `organizations`
rows whose handle equals the requested orgId, and rewrites outgoing
request URLs to include `/api/${orgId}`. The `x-test-org-id` header is
gone; `x-test-user-id` remains for tests that need a non-default user.
This was referenced May 4, 2026
Owner
Author
|
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
This stack of pull requests is managed by Graphite. Learn more about stacking. |
This was referenced May 4, 2026
@executor-js/codemode-core
@executor-js/runtime-quickjs
@executor-js/cli
@executor-js/config
@executor-js/execution
@executor-js/sdk
@executor-js/storage-core
@executor-js/plugin-file-secrets
@executor-js/plugin-google-discovery
@executor-js/plugin-graphql
@executor-js/plugin-keychain
@executor-js/plugin-mcp
@executor-js/plugin-onepassword
@executor-js/plugin-openapi
executor
commit: |
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
executor-marketing | 026d828 | Commit Preview URL Branch Preview URL |
May 04 2026, 05:15 PM |
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
executor-cloud | 026d828 | May 04 2026, 05:15 PM |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
WIP: move file routes under /$org and reshape auth.me
WIP: cloud routes under $org, API protected mounts under /api/$org
Cut web routes to /:org and API routes to /api/:org/...
The cloud app moves all protected routes under a URL-addressed organisation:
/$org/...with a layout component that resolvesthe URL handle against
useAuth().organizations, redirects to the firstmembership when the URL handle is unknown, and exposes
{ orgId, orgName, orgHandle }viaOrgRouteContextto descendants./$org/-/billing,/$org/-/settings, etc. live in flat-style filesusing the bracket-escape
[-]convention so the TanStack generatortreats the dash as a literal segment instead of an ignore prefix.
/redirects to the first membership's/$handle.AuthGate routes
auth.organizations.length === 0to onboarding.useOrgRoute()and TanStackLinkparams={{ org }}. The legacyswitchOrganizationmutation andorganizationsAtomare dropped — theswitcher now navigates to
/$organd the URL is the source of truth./api/:org/...via anHttpRouter.prefixedwrapper layered ontoProtectedCloudApiLive.ExecutionStackMiddlewarereads the URL:orgsegment, resolves itthrough
resolveOrgContext, and verifies the session user is a membervia
authorizeOrganization—session.organizationIdis no longerconsulted.
${origin}/api/${orgHandle}once the org layout resolves so existingendpoint atoms continue to work unchanged.
organizationsrows whose handle equals the requested orgId, and rewrites outgoing
request URLs to include
/api/${orgId}. Thex-test-org-idheader isgone;
x-test-user-idremains for tests that need a non-default user.