From d934ca94e8ae2f90742a1b26ae2cfd1113b8d27c Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 5 Feb 2026 22:56:19 +0000
Subject: [PATCH 1/2] Initial plan


From bcbfc18c02f8b479a80f93f77de31848d30db75c Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 5 Feb 2026 23:01:12 +0000
Subject: [PATCH 2/2] Update Scope comment to clarify dual authentication
 purpose

Co-authored-by: jeroenrinzema <3440116+jeroenrinzema@users.noreply.github.com>
---
 internal/claim/rbac/rbac.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/internal/claim/rbac/rbac.go b/internal/claim/rbac/rbac.go
index 79e1befc..26b8c280 100644
--- a/internal/claim/rbac/rbac.go
+++ b/internal/claim/rbac/rbac.go
@@ -10,7 +10,8 @@ type contextKey string
 
 const scopeKey contextKey = "admin"
 
-// Scope represents an authenticated user in the context
+// Scope represents an authenticated user or API key in the context.
+// It is used for both the management API (JWT authentication) and the client API (API key authentication).
 type Scope struct {
 	OrganizationID uuid.UUID
 	ProjectID      uuid.UUID