Organizations
Create and configure organizations with workspace settings, feature flags, and secrets management.
Organizations
An organization is the top-level container in ProxifAI. Everything — projects, teams, members, billing — lives inside an organization. Most teams need a single organization; larger companies may create separate organizations for business units or subsidiaries.
Creating an Organization
In the OSS build, the first organization is seeded automatically as default (db.SeedAdminUser on startup). Most single-tenant deployments leave it as-is — every member, project, and repo lives under that one org. Multi-org is supported in the same binary and is the model the SaaS distribution uses.
On the SaaS distribution
Sign up via the marketing site; your first organization is created automatically during onboarding.
On a self-hosted deployment
The default org exists from boot. Create additional orgs with POST /api/v1/orgs (or pfai org create <name>) — the calling user becomes that org’s owner.
Organization Settings
Configure organization-wide defaults from Settings → General:
| Setting | Description |
|---|---|
| Name | Display name shown across the platform |
| URL slug | Unique identifier used in URLs and API calls |
| Default branch | Default branch name for new repositories |
| Avatar | Organization logo displayed in the sidebar and member lists |
Data residency / regions are a SaaS-only concern — when you self-host the OSS binary, your data lives wherever you deploy it. ProxifAI Cloud adds virtual-cluster management on top, with cluster-manager handling provisioning, deploys, and observability.
Feature Flags
Organization-level feature flags live in the org_features table and gate UI surfaces + handler-level checks. Manage them at Settings → Features or via pfai org features set <name> <bool>. Flags currently exposed:
| Flag | Effect |
|---|---|
| AI Gateway | Hides the LLM gateway settings page; gateway routes return 404 |
| Agent Execution | Blocks agent dispatch and the agents UI |
| Workflows | Hides Flows, blocks workflow create/run endpoints |
| Container Registry | Hides Packages tab; /v2/* routes still respond |
| Code Intelligence | Disables the codeintel index/search APIs |
| ProxifAI Cloud | Hides the Cloud tab; /api/v1/cloud/* endpoints return 404 |
Flags take effect immediately — toggling refreshes both the UI and the route guard.
Workspace Configuration
Each organization has workspace-level configuration that applies to all projects:
- Default labels — define a shared label set across all projects
- Issue templates — create templates that appear when members open new issues
- PR templates — standardize pull request descriptions
- Branch naming conventions — enforce naming patterns for branches
Secrets & Credentials
Manage sensitive values that need to be available across projects:
- Organization secrets — encrypted key-value pairs available to all projects and pipelines
- Project secrets — scoped to a single project, overriding organization-level values with the same key
- Provider credentials — API keys for external integrations (BYOK keys, SCM tokens)
Secrets are encrypted at rest and masked in logs. Once created, secret values cannot be read back — only overwritten or deleted.
All secrets are injected as environment variables during pipeline and agent execution. They are never exposed in the UI or API responses.