# Task: Organization domain foundation

## Feature

`docs/FEATURES/organizations.md`

## Goal

Add the backend foundation for organizations as the SaaS account boundary and make workspaces belong to an organization.

## Context

Current docs and code treat `Workspace` as the top-level boundary. The product model now requires `Organization` above workspace for billing, subscriptions, connectors, limits, and workspace ownership.

Existing local data does not need to be preserved.

## Scope

- Add an `Organizations` backend module or follow the existing ownership pattern if organization code belongs with `Workspaces`.
- Add an organization persistence model with name, slug/display identity, timestamps, and basic audit fields matching local conventions.
- Require every workspace to belong to exactly one organization.
- Update workspace create/list/detail APIs to include organization ownership.
- Add APIs for current user organization list and organization detail.
- Add backend validation that users cannot access organizations they have no relationship with.
- Seed or development bootstrap data should create at least one organization and owned workspace.
- Update OpenAPI after backend contracts change.

## Constraints

- Keep backend code under `backend/src/Socialize.Api`.
- Preserve FastEndpoints module structure.
- Do not implement billing provider integration in this task.
- Do not implement connector storage in this task.
- Do not implement full organization membership override behavior in this task.
- Existing development data may be wiped; do not spend scope on compatibility migration behavior.

## Likely Files

- `backend/src/Socialize.Api/Data/AppDbContext.cs`
- `backend/src/Socialize.Api/Modules/Organizations/**`
- `backend/src/Socialize.Api/Modules/Workspaces/**`
- `backend/src/Socialize.Api/Migrations/**`
- `backend/tests/Socialize.Tests/**`
- `shared/openapi/openapi.json`
- `frontend/src/api/schema.d.ts`

## Done When

- [ ] Organization entity is persisted.
- [ ] Workspace requires `OrganizationId`.
- [ ] Workspace APIs expose organization ownership.
- [ ] Current user can list accessible organizations.
- [ ] Current user can get accessible organization details.
- [ ] Unauthorized organization access is rejected.
- [ ] Development seed data creates an organization with owned workspaces.
- [ ] Backend build and tests pass.
- [ ] OpenAPI and generated frontend schema are updated.

## Validation Commands

```bash
dotnet build backend/Socialize.slnx
dotnet test backend/Socialize.slnx
./scripts/update-openapi.sh
```