# GovOPlaN Organizations Codex Guide ## Scope This repository owns the canonical GovOPlaN organizational model: tenant-local organization units, parallel structures, functions, and identity-held function assignments. The module describes responsibility in the institution. It does not decide which rights those responsibilities grant; `govoplan-access` maps organization facts to roles, rights, permission decisions, and explainability. ## Boundaries - Depend on kernel contracts from `govoplan-core`. - Depend on `govoplan-tenancy` for tenant ownership. - Depend on identity only through kernel capabilities when resolving account to identity relationships. - Do not import access, admin, identity, postbox, workflow, or portal internals. - Expose integration through manifests, capabilities, API routes, events, and typed DTOs. - Treat function assignment as organizational responsibility, not as a login permission by itself. - Keep the organization modelling UI as a standalone module route. Admin-only organization controls should be contributed by this module through the platform `admin.sections` WebUI capability. ## Local Workflow Use Gitea issues as the canonical backlog and state log. The shared workflow is installed under `.gitea/`, with labels in `docs/gitea-labels.json`. Focused verification is still driven from `/mnt/DATA/git/govoplan-core` for cross-repository behavior.