apiVersion: conventions/v1
version: 0.1.0
updated: "2026-06-29"
name: tenancy_patterns
title: Person-first, Org-optional tenancy
scope: general
status: draft
summary: Onboarding is Person-first; Org is an optional overlay. Every user-owned table carries a nullable org_id (NULL = person-owned). V4 canonical (cocotte DESIGN §2-3).
appliesTo: ["@projects/@cocottetech/**"]
rules:
  - id: person_first
    level: must
    text: Onboarding never asks "what org"; a Person operates standalone by default. Org is a later upgrade.
  - id: org_overlay
    level: must
    text: A Person can own/admin/join multiple Orgs; Org is an overlay on the Person, not a prerequisite.
  - id: nullable_org_id
    level: must
    text: "Every user-owned table has a nullable org_id alongside user_id. org_id IS NULL => row belongs to the Person; set => belongs to the Org."
  - id: no_leakage
    level: must
    text: Org A's data is invisible to Org B; a Person's data is invisible to an Org unless explicitly shared.
  - id: provider_generic
    level: should
    text: Tenancy code is provider-generic (see convention:naming_conventions).