Conversation
…d WorkOS domain When WorkOS verifies a claimable email domain on an org, set the member profile's primary_brand_domain if null. Closes the surprise where SSO members hit "Set your primary brand domain first" on the publish-agent path even though their email domain was the obvious brand identity. Existing brand-claim values are never clobbered. Adds a backfill script for profiles created before this change, and rewrites the publish-path error to be actionable instead of terse. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 6, 2026
This was referenced May 6, 2026
bokelley
added a commit
that referenced
this pull request
May 6, 2026
…fy parallel lists (#4166) * fix(server): block free-email provider domains from brand claims, unify parallel lists Extends SHARED_PLATFORM_DOMAINS with 31 high-volume free-email provider domains (Gmail, Outlook, iCloud, Proton, Yahoo, AOL, Yandex, QQ, Tutanota, etc.) as defense-in-depth for brand identity hijacking via admin overrides or future trust paths. Surfaced during security review of PR #4157. Extracts FREE_EMAIL_PROVIDER_DOMAINS as a shared exported constant and replaces five previously-diverged inline arrays across admin-tools.ts (check_domain_health + suggest_prospects), slack-db.ts, and admin/domains.ts (x2) with imports of the shared constant. Adds assertClaimableBrandDomain unit tests (the function was previously untested). Closes #4165. https://claude.ai/code/session_01Wgjm3A6JbHWgfPCyDxUmoL * fix(server): clarify duck.com comment, extend assertClaimableBrandDomain test coverage https://claude.ai/code/session_01Wgjm3A6JbHWgfPCyDxUmoL --------- Co-authored-by: Claude <noreply@anthropic.com>
This was referenced May 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
member_profiles.primary_brand_domainwhen WorkOS verifies a claimable email domain on the org and the field is null. Closes the surprise where SSO members hit the publish-agent gate even though their email domain was the obvious brand identity.Driver
Media.net escalation #321 — Warren had
media.netverified via WorkOS but couldn't publish his sales agent. Root cause:member_profiles.primary_brand_domainwas null and only the brand-domain-challenge flow (which requires publishing brand.json) ever wrote it. Members reasonably assumed "Verified" was the success state.The fix mirrors what the WorkOS webhook already does for
organizations.email_domain(auto-promote on first verified domain) andbrands(mirror viamarkBrandDomainVerified) — extends the same idea tomember_profiles.primary_brand_domain. Same gating (assertClaimableBrandDomain), so shared-platform domains can't auto-claim.Existing brand-claim values are never clobbered — only writes when NULL. Cross-org disputes and adopt-vs-fresh manifest decisions still flow through
request_brand_domain_challenge/verify_brand_domain_challenge.Out of scope (tracked separately)
organization_domains,organizations.email_domain,member_profiles.primary_brand_domain,brands.domain). Stage 3 — wants design steer.Test plan
server/tests/integration/workos-domain-auto-primary.test.tscovers: claimable single domain → auto-populate, existing value preserved, no profile yet (no-op), shared-platform domain skipped, pending state skipped.npx tsx server/scripts/backfill-primary-brand-domain.ts --dry-runagainst prod to preview, then without--dry-runto apply.🤖 Generated with Claude Code