Skip to content

docs(connectors): connection ownership + act-as-artist authority contract#271

Merged
sweetmantech merged 2 commits into
mainfrom
docs/connector-ownership-contract
Jul 9, 2026
Merged

docs(connectors): connection ownership + act-as-artist authority contract#271
sweetmantech merged 2 commits into
mainfrom
docs/connector-ownership-contract

Conversation

@sweetmantech

@sweetmantech sweetmantech commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

Summary

Contract-first PR of the P1 connector re-key chain for recoupable/chat#1860. Merge order: docs → database → api — this contract merges first, before the api re-key implements it.

Documents the connection-ownership + authority model decided in chat#1860 (2026-07-08):

  • Association ≠ authority — an artist on an account's roster (account_artist_ids) or in an org grants read/analytics only.
  • Connections are scoped per (account, artist), or per (org, artist) when org-shared — keyed on the join row, never on the bare canonical artist. Whoever establishes a connection owns it; roster membership never inherits it.
  • Authorize / execute / disconnect — owning account only (or members of the owning org for org-shared); admin override is Recoup-staff (Recoup internal org admin) only.
  • Artists stay canonical/shared; isolation lives on the connection.

Changes

  • New concept page connectors/ownership.mdx (Connectors tab → Concepts group in docs.json).
  • The page explicitly flags that the current connector endpoint reference (account-scoped) describes pre-contract shipped behavior and that this page is the authority contract until the re-keyed API ships. Endpoint OpenAPI descriptions were deliberately left untouched — they accurately describe what is live today.

Deliberately not documented

The open design decision (join-row id vs (owner, artist) pair in request/response shapes) is intentionally omitted — the api re-key PR is not designed yet. This page stays at the ownership/authority-model level.

🤖 Generated with Claude Code


Summary by cubic

Adds a concept doc that defines connector connection ownership and act-as-artist authority for the P1 re-key. Connections are owned per (account, artist) or (org, artist); roster is read/analytics only; only the owner/owning org can authorize, execute, or disconnect (Recoup staff override only).

  • Migration
    • This page is the source of truth until the re-keyed API ships.
    • Current endpoint docs remain account-scoped; re-keyed request/response shapes are TBD.
    • No production behavior change in this PR (contract-first docs only).

Written for commit 125cdbb. Summary will update on new commits.

Review in cubic

…ract

Documents the connector connection-ownership and authority model decided
in recoupable/chat#1860: association grants read/analytics only,
connections are scoped per (account, artist) or (org, artist) join row,
and authorize/execute/disconnect authority stays with the owning account
or org (Recoup-staff admin override only).

Contract-first PR of the P1 re-key chain (docs -> database -> api).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@cursor

cursor Bot commented Jul 8, 2026

Copy link
Copy Markdown

Bugbot is not enabled for your account, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@sweetmantech, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 45 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9c80848d-deb7-4211-830f-35e07a32b46c

📥 Commits

Reviewing files that changed from the base of the PR and between f441eca and 125cdbb.

📒 Files selected for processing (2)
  • connectors/ownership.mdx
  • docs.json
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch docs/connector-ownership-contract

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 issue found across 2 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="connectors/ownership.mdx">

<violation number="1" location="connectors/ownership.mdx:50">
P1: The authority matrix is ambiguous about who owns an org-shared connection. The text says an org member establishing a connection becomes 'the owner,' but for org-shared connections the scope is (organization, artist), and execute/disconnect rights go to members of the owning org — implying the org, not the individual member, should be the owner. Clarifying whether the org member acts on behalf of the org (and the org becomes the owner) would remove this ambiguity for downstream implementers.</violation>
</file>

Reply with feedback, questions, or to request a fix.

Re-trigger cubic

Comment thread connectors/ownership.mdx Outdated
| Capability | Who has it |
|------------|-----------|
| Read / analytics on an artist | Any account or org member with the artist in their roster |
| Authorize a new connection | The account (or org member, for org-shared) establishing the connection — they become the owner |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1: The authority matrix is ambiguous about who owns an org-shared connection. The text says an org member establishing a connection becomes 'the owner,' but for org-shared connections the scope is (organization, artist), and execute/disconnect rights go to members of the owning org — implying the org, not the individual member, should be the owner. Clarifying whether the org member acts on behalf of the org (and the org becomes the owner) would remove this ambiguity for downstream implementers.

Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At connectors/ownership.mdx, line 50:

<comment>The authority matrix is ambiguous about who owns an org-shared connection. The text says an org member establishing a connection becomes 'the owner,' but for org-shared connections the scope is (organization, artist), and execute/disconnect rights go to members of the owning org — implying the org, not the individual member, should be the owner. Clarifying whether the org member acts on behalf of the org (and the org becomes the owner) would remove this ambiguity for downstream implementers.</comment>

<file context>
@@ -0,0 +1,65 @@
+| Capability | Who has it |
+|------------|-----------|
+| Read / analytics on an artist | Any account or org member with the artist in their roster |
+| Authorize a new connection | The account (or org member, for org-shared) establishing the connection — they become the owner |
+| Execute actions through a connection | The owning account only; for org-shared connections, members of the owning org |
+| Disconnect a connection | The owning account only; for org-shared connections, members of the owning org |
</file context>

@sweetmantech

Copy link
Copy Markdown
Collaborator Author

Local preview verification — Mintlify mint dev

Ran the branch locally (npx mintlify@latest dev, head 1c870c4) and exercised the changed pages.

Checks

Check Result
Dev server boots, no build/MDX errors ✅ (console clean apart from the Socket.io hot-reload notice)
New page renders GET /connectors/ownership HTTP 200, title "Connection Ownership - Recoup"
docs.json nav wiring ✅ new Concepts group with Connection Ownership, sitting above the existing Connectors group in the Connectors tab
Frontmatter (title + description) ✅ renders as H1 + subtitle
Mintlify components <Warning> and <Note> callouts + both Markdown tables render
TOC ("On this page") anchors ✅ all five sections incl. the heading anchor
Internal links → /api-reference/connectors/list ✅ resolve (2 links: "Connectors API reference", "Connectors endpoint reference")
Sibling pages still build / and /api-reference/connectors/list both HTTP 200

Contract ↔ live-behavior reconciliation

The page's authority model matches what I verified live on the merged P0b cut (api#772): roster/association = read/analytics only, and authorize/execute/disconnect are owner-scoped (a roster-only account got 403 on all three). The page also correctly flags that the current endpoint reference stays account-scoped and is the pre-contract shipped behavior — consistent with the endpoints as they run today. No drift.

Screenshots (local mint dev)

Full page — sidebar Concepts group, both tables, Warning/Note callouts, TOC:

Connection Ownership — full page

Top / navigation — the new Concepts → Connection Ownership entry above Connectors:

Connection Ownership — nav + header

Verdict

Renders cleanly, nav is wired, content is accurate and reconciles with live API behavior. No issues found. Contract-first docs only — no runtime/API change in this PR.

Screenshots hosted on a throwaway branch screenshots/pr-271-verification (deletable after review); not part of this PR.

🤖 Generated with Claude Code

Rewrite em-dash clauses as natural punctuation (periods, colons, commas,
parentheses) so the copy doesn't read as machine-written. No content change.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@cursor

cursor Bot commented Jul 9, 2026

Copy link
Copy Markdown

Bugbot is not enabled for your account, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

@sweetmantech sweetmantech merged commit 668158d into main Jul 9, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant