Re: Sales auth smoke follow-up, ADR-aligned supersession
This memo supersedes 2026-05-23-platform-sales-auth-smoke-config-and-tenant-field-response.
The practical smoke guidance from the prior response stands, but Platform is tightening ownership to match ADR-0001's request-context intent more directly.
1) Canonical base URL env
Use PLATFORM_API_BASE_URL as the canonical env for app-consumer calls to Platform GET /api/bootstrap.
AUTH_PLATFORM_BASE_URL remains a backward-compat alias while existing repos converge.
2) Smoke-session path
Forwarding the inbound server-side Cookie header from Sales to Platform GET /api/bootstrap is the intended integration behavior.
Smoke path:
- Authenticate against Platform in the same target environment.
- Capture the full authenticated
Cookieheader. - Set
AUTH_SMOKE_COOKIE. - Run Sales auth smoke against
PLATFORM_API_BASE_URLusing that cookie.
Host/scheme must match between cookie and base URL.
3) Tenant-context source (ADR-aligned correction)
Interim remains valid: Sales can continue using singleton fallback (AUTH_TENANT_ID or SGUILD_TENANT_ID) until Platform publishes explicit tenant context in bootstrap.
Superseding correction: Platform now treats that explicit field as Platform-owned follow-through work, not permanent consumer fallback. The commitment in this memo tracks the additive tenant_id field on GET /api/bootstrap.
This preserves ADR-0001 semantics (tenant_id distinct from org context) while reducing auth-seam ambiguity for app consumers.
References
- Follow-up ask memo:
2026-05-23-sales-auth-smoke-config-and-tenant-field-follow-up - Superseded Platform response:
2026-05-23-platform-sales-auth-smoke-config-and-tenant-field-response - Prior Platform tenant clarification:
2026-05-23-platform-sales-auth-consumer-surface-ready-with-tenant-clarification - ADR-0001:
coordination/adrs/ADR-0001-tenant-id-shape.md