Issues / #120
Per-org disable/enable mechanism in landconfigregistry
open
feature
Project: landconfigregistry
Reporter:
11 May 2026 09:51
Description
Grove now renders Set up / Remove tiles for optional integrations (Stripe, Google Workspace) on each org dashboard, but the Remove CTA currently links to a docs runbook because removal needs a backend.
**What's needed:**
landconfigregistry needs to support per-org container overrides so an admin can disable a container for a single org without forking the role. The render endpoint filters those out before returning the bundle to the land.
**Sketch:**
- New table `org_disabled_containers (org_slug, container_name, disabled_at)`.
- Admin endpoints: `POST /api/v1/orgs/{slug}/disabled/{container}` (disable), `DELETE` (re-enable), `GET /api/v1/orgs/{slug}/disabled` (list).
- Render-time filter in `internal/api/server.go` strips disabled containers from the rendered LandYAML and their entries from the Configs map.
- Grove's Remove tile calls the POST endpoint via a small proxy on the org's land (since grove can't talk to landconfigregistry directly from the org admin's browser without exposing the admin token).
**Out of scope:** the proxy on the org land (separate task — likely a new endpoint on myceliumproxy or nimsforestadmin).
**Affected files:**
- `landconfigregistry/internal/store/store.go` — schema + queries.
- `landconfigregistry/internal/api/server.go` — endpoints + render filter.
- `landconfigregistry/internal/cli/` — migration.
- `nimsforestgrove/internal/web/integrations.go` — tile Remove CTA wiring.
**Verification:** disable nimsforeststripe for executxr via the admin API; on next reconcile the container should be uprooted and not replanted. Re-enable; container comes back on next reconcile.
**What's needed:**
landconfigregistry needs to support per-org container overrides so an admin can disable a container for a single org without forking the role. The render endpoint filters those out before returning the bundle to the land.
**Sketch:**
- New table `org_disabled_containers (org_slug, container_name, disabled_at)`.
- Admin endpoints: `POST /api/v1/orgs/{slug}/disabled/{container}` (disable), `DELETE` (re-enable), `GET /api/v1/orgs/{slug}/disabled` (list).
- Render-time filter in `internal/api/server.go` strips disabled containers from the rendered LandYAML and their entries from the Configs map.
- Grove's Remove tile calls the POST endpoint via a small proxy on the org's land (since grove can't talk to landconfigregistry directly from the org admin's browser without exposing the admin token).
**Out of scope:** the proxy on the org land (separate task — likely a new endpoint on myceliumproxy or nimsforestadmin).
**Affected files:**
- `landconfigregistry/internal/store/store.go` — schema + queries.
- `landconfigregistry/internal/api/server.go` — endpoints + render filter.
- `landconfigregistry/internal/cli/` — migration.
- `nimsforestgrove/internal/web/integrations.go` — tile Remove CTA wiring.
**Verification:** disable nimsforeststripe for executxr via the admin API; on next reconcile the container should be uprooted and not replanted. Re-enable; container comes back on next reconcile.