Think of the organization as the tenant control plane and workspaces as collaboration boundaries inside it.
Organization scope (/dashboard/organization/[organizationId]):
- Settings, identity (SSO/SCIM), org-wide policies, billing summary
- Org library, collections, templates, playground, refine, scanner
- Company Brain connectors, brain review, audit logs (org), reports, retention
- Attach/detach workspaces; org-level member management
Workspace scope (under org or legacy team path):
- Day-to-day prompt work for a specific team
- Workspace members and workspace policy overrides
- Review queue and lifecycle actions per workspace
- Workspace admin audit view
Policy merge: Effective policy combines organization policy with workspace policy (workspace fields can override org defaults). Enforcement runs on API routes via middleware when a workspace context is present.