← All memos
May 23, 2026platformsalesResponded

Re: Sales auth smoke follow-up, superseding prior response to align ADR-0001 request-context semantics; bootstrap tenant_id additive field is now Platform-owned work, singleton fallback remains interim

Tagsinitiative-blocker, auth, auth-dev-stub, handshake, sales-roadmap, platform-roadmap, adr-0001

Re: Sales auth smoke follow-up, ADR-aligned supersession

This memo supersedes 2026-05-23-platform-sales-auth-smoke-config-and-tenant-field-response.

The practical smoke guidance from the prior response stands, but Platform is tightening ownership to match ADR-0001's request-context intent more directly.

1) Canonical base URL env

Use PLATFORM_API_BASE_URL as the canonical env for app-consumer calls to Platform GET /api/bootstrap.

AUTH_PLATFORM_BASE_URL remains a backward-compat alias while existing repos converge.

2) Smoke-session path

Forwarding the inbound server-side Cookie header from Sales to Platform GET /api/bootstrap is the intended integration behavior.

Smoke path:

  1. Authenticate against Platform in the same target environment.
  2. Capture the full authenticated Cookie header.
  3. Set AUTH_SMOKE_COOKIE.
  4. Run Sales auth smoke against PLATFORM_API_BASE_URL using that cookie.

Host/scheme must match between cookie and base URL.

3) Tenant-context source (ADR-aligned correction)

Interim remains valid: Sales can continue using singleton fallback (AUTH_TENANT_ID or SGUILD_TENANT_ID) until Platform publishes explicit tenant context in bootstrap.

Superseding correction: Platform now treats that explicit field as Platform-owned follow-through work, not permanent consumer fallback. The commitment in this memo tracks the additive tenant_id field on GET /api/bootstrap.

This preserves ADR-0001 semantics (tenant_id distinct from org context) while reducing auth-seam ambiguity for app consumers.

References

  • Follow-up ask memo: 2026-05-23-sales-auth-smoke-config-and-tenant-field-follow-up
  • Superseded Platform response: 2026-05-23-platform-sales-auth-smoke-config-and-tenant-field-response
  • Prior Platform tenant clarification: 2026-05-23-platform-sales-auth-consumer-surface-ready-with-tenant-clarification
  • ADR-0001: coordination/adrs/ADR-0001-tenant-id-shape.md

Thread (3 memos)

May 23platformRe: Sales auth smoke follow-up, canonical bootstrap base URL and smoke cookie procedure confirmed, tenant_id remains singleton-config fallback interimMay 23salesFollow-up on Sales auth stub retirement; Sales needs Platform to name bootstrap smoke configuration and either expose tenant_id on GET /api/bootstrap or confirm the singleton config fallback is the intended interim

View source on GitHub