Jeden Skill in Manus ausführen
mit einem Klick

Jeden Skill in Manus mit einem Klick ausführen

unity-erp-tenancy

Sterne0

Forks1

Aktualisiert25. Februar 2026 um 09:30

Use when implementing or modifying multi-tenant (organization/org_id) behavior in Unity ERP. Covers the staged rollout approach, verification queries, and common pitfalls like missing org membership causing null nested relations.

Installation

Mit Codex oder Claude installieren Kopieren Sie diesen Prompt, fügen Sie ihn in Codex, Claude oder einen anderen Assistant ein und lassen Sie die Skill-Seite prüfen und installieren.

In Manus ausführen

Quelle

MaierG74

MaierG74/unity-erp

GitHub-Repository öffnen Creator-Repositorys ansehen

Download

In Manus ausführen

Verwandte BerufeSOC

Basierend auf der SOC-Berufsklassifikation

DatenbankarchitektenInformatik- und Mathematikberufe·SOC 15-1243

Datei-Explorer

2 Dateien

SKILL.md

readonly

name	unity-erp-tenancy
description	Use when implementing or modifying multi-tenant (organization/org_id) behavior in Unity ERP. Covers the staged rollout approach, verification queries, and common pitfalls like missing org membership causing null nested relations.

Unity ERP Tenancy Skill

Start Here (docs)

docs/README.md
docs/operations/tenant-data-isolation-zero-downtime-runbook.md
docs/operations/tenant-module-entitlements-runbook.md

Default Approach (safe for live systems)

Expand-only first: add org_id nullable + backfill + defaults + indexes + NOT VALID FKs.
Verify data consistency (org_id filled, parent/child match).
Enforce constraints later (validate FK, then NOT NULL).
Roll out RLS in baby steps (one table at a time) with explicit go/no-go checks.

Current Checkpoint (post Step 66)

Production tenancy hardening has been applied through Step 66 in docs/operations/tenant-data-isolation-zero-downtime-runbook.md.
For public tables that include org_id, the expected end-state is:
- org_id is NOT NULL
- RLS is enabled
- no broad USING true / WITH CHECK true authenticated policies
Before doing new tenancy work, run the org-scope audit from the runbook and confirm it returns no rows.

Timekeeper Scanner Compatibility (2026-02-25)

External Timekeeper scanner currently uses anon Supabase access (no user login).
Production hotfix chain applied:
- 20260225073626_timekeeper_anon_read_hotfix_qbutton.sql
- 20260225074120_timekeeper_anon_insert_policy_fix.sql
- 20260225074246_timekeeper_anon_policy_uuid_lock_fix.sql
- 20260225074503_timekeeper_trigger_security_definer_fix.sql
These restore scanner read/insert for active Qbutton staff while keeping authenticated org-scoped policies intact.
Guardrail: do not remove anon policies on staff / time_clock_events without replacing scanner auth flow first.

Must-Run Checks (before tightening RLS)

Read docs/operations/tenant-data-isolation-zero-downtime-runbook.md and use the queries in:

Stage 0 (preflight)
0.2b (users missing organization_members)

Common Pitfall: Partial RLS = Null Relations

If one table is tenant-locked but a related table is not (or a user has no org membership), Supabase nested selects can return null for embedded objects.

UI must treat nested relations as nullable and avoid direct dereferences like: row.supplier_component.component.internal_code

Smoke-Test Rule

After each migration baby step:

test as a normal org user (not platform admin),
run targeted flow smoke checks for the touched domain,
update rollout docs + migration ledger immediately.

Known local/dev smoke noise (not tenancy regressions):

cutlist_material_defaults may return 406 for users with no defaults row.
some order-specific local routes can return 406/401/404 when the record/context is missing.

References

For current production state and next steps, see:

docs/overview/todo-index.md

Mehr aus diesem Repository

gleiches Repository

detail-page-depth

MaierG74/unity-erp

Blueprint for building or upgrading detail pages (entity views with tabs/sections) to match Unity ERP's visual depth standard. Use when creating a new detail page, upgrading an existing one that feels flat, or adding tabs/sections to an entity view. Covers page canvas, sticky headers, sidebar decisions, gradient stat cards, and accent borders.

2026-05-070

furniture-configurator

MaierG74/unity-erp

Use when adding a new furniture template, modifying parametric parts generation, extending the configurator UI (forms, previews, edge banding), or porting the configurator pattern to another project.

2026-05-070

polygon-pitch-pamphlet

MaierG74/unity-erp

Use when building a Polygon sales document — pitch advert, capability pamphlet, product brochure, or any image-and-quote-led PDF in the spine+nervous-system visual brand. Triggers include "build a pitch pamphlet for [prospect]", "make an advert for [agent name]", revising/extending the existing Tight Factories advert or Purchasing Agent pamphlet, or porting the same pattern to a new agent (Inter-Site Transfer Agent, Daily Brief Agent, etc.).

2026-05-070

tailwind-v4

MaierG74/unity-erp

Tailwind CSS v4 and shadcn v4 reference for Unity ERP. Use when writing or editing Tailwind classes, modifying globals.css or @theme config, adding shadcn components, or any frontend styling work. Prevents writing outdated v3 syntax from training data.

2026-05-070

unity-erp-business-rules

MaierG74/unity-erp

Unity ERP domain-specific business rules. Use when working on staff/attendance/payroll, time clock logic, file storage/uploads, or any module where non-obvious business logic applies.

2026-05-070

cutlist-pdf

MaierG74/unity-erp

Cutting diagram PDF layout, dimension labels, and rendering. Use when fixing or enhancing the PDF cutting diagram — panel labels, dimension overlays, sheet dimensions, legend table, or SVG layout.

2026-05-050

name	unity-erp-tenancy
description	Use when implementing or modifying multi-tenant (organization/org_id) behavior in Unity ERP. Covers the staged rollout approach, verification queries, and common pitfalls like missing org membership causing null nested relations.

Unity ERP Tenancy Skill

Start Here (docs)

docs/README.md
docs/operations/tenant-data-isolation-zero-downtime-runbook.md
docs/operations/tenant-module-entitlements-runbook.md

Default Approach (safe for live systems)

Expand-only first: add org_id nullable + backfill + defaults + indexes + NOT VALID FKs.
Verify data consistency (org_id filled, parent/child match).
Enforce constraints later (validate FK, then NOT NULL).
Roll out RLS in baby steps (one table at a time) with explicit go/no-go checks.

Current Checkpoint (post Step 66)

Production tenancy hardening has been applied through Step 66 in docs/operations/tenant-data-isolation-zero-downtime-runbook.md.
For public tables that include org_id, the expected end-state is:
- org_id is NOT NULL
- RLS is enabled
- no broad USING true / WITH CHECK true authenticated policies
Before doing new tenancy work, run the org-scope audit from the runbook and confirm it returns no rows.

Timekeeper Scanner Compatibility (2026-02-25)

External Timekeeper scanner currently uses anon Supabase access (no user login).
Production hotfix chain applied:
- 20260225073626_timekeeper_anon_read_hotfix_qbutton.sql
- 20260225074120_timekeeper_anon_insert_policy_fix.sql
- 20260225074246_timekeeper_anon_policy_uuid_lock_fix.sql
- 20260225074503_timekeeper_trigger_security_definer_fix.sql
These restore scanner read/insert for active Qbutton staff while keeping authenticated org-scoped policies intact.
Guardrail: do not remove anon policies on staff / time_clock_events without replacing scanner auth flow first.

Must-Run Checks (before tightening RLS)

Read docs/operations/tenant-data-isolation-zero-downtime-runbook.md and use the queries in:

Stage 0 (preflight)
0.2b (users missing organization_members)

Common Pitfall: Partial RLS = Null Relations

If one table is tenant-locked but a related table is not (or a user has no org membership), Supabase nested selects can return null for embedded objects.

UI must treat nested relations as nullable and avoid direct dereferences like: row.supplier_component.component.internal_code

Smoke-Test Rule

After each migration baby step:

test as a normal org user (not platform admin),
run targeted flow smoke checks for the touched domain,
update rollout docs + migration ledger immediately.

Known local/dev smoke noise (not tenancy regressions):

cutlist_material_defaults may return 406 for users with no defaults row.
some order-specific local routes can return 406/401/404 when the record/context is missing.

References

For current production state and next steps, see:

docs/overview/todo-index.md