Multi-Tenancy (Organizations)

How It Works

• A default organization is created automatically when a user signs up (is_default = true)
• Users can create multiple organizations
• The org switcher in the top-left corner switches the current org
• All requests identify the current org via the x-tenant-id header
• JwtAuthGuard verifies the user is a member of that org
• All billing data (subscriptions, credits, invoices) is isolated by organization

Invitation Flow

1. Owner enters an email in /org/settings > Invitations
2. Backend creates an invitation record and sends an email with a link
3. Invitee clicks the link → /invite?token=xxx
4. Not logged in → redirect to login/signup → back to invite page
5. Verify email matches → join organization
6. Create member credit limit record
7. Invitation status updated to accepted

Invitation links expire after 7 days. Existing members cannot be invited again.

Member Management

Owners can manage members at /org/settings?tab=members:

• View all members (email, role, credit usage)
• Change member roles (cannot set to owner)
• Remove members
• Click credit numbers to view details, set limits, view usage history

Member Credit Limits

• Initial limit can be set when inviting
• Owners can modify limits anytime in member details
• Credit deduction checks: used_credits >= credit_limit → reject
• A single request may exceed the limit (token consumption is unpredictable), but the next request will be rejected

User Deletion Cleanup

Deleting a user automatically:

1. Deletes all invitations sent by the user
2. Deletes the user’s credit limit records
3. Removes membership from all organizations
4. Deletes all organizations owned by the user (including their members and invitations)

Frontend Pages