Workspaces

An organization is the top-level workspace. Each user owns one organization on signup. Renaming is allowed for the owner from /app/settings. Deletion is currently disabled in the UI.

organization_members links auth users to an organization. The members panel in Settings reads this table directly — there is no fake membership data.

• owner — full control, set via organizations.owner_id.
• admin — workspace administration (role string, no privilege escalation policies yet).
• member — default; full read/write within the workspace.
• viewer — read-only intent (UI restrictions only; not enforced at the database layer beyond org membership).

Today, RLS enforces "is org member" and "is org owner". Fine-grained admin/viewer enforcement is planned. Until shipped, treat the role field as a UI hint, not a security boundary.

Email-based team invitations are not yet enabled. The Settings page surfaces a "requires configuration" notice instead of a working invite flow. When shipped, this notice will be replaced.