Greptile Summary

This PR represents a comprehensive refactoring to remove legacy tenancy configuration patterns throughout the Stack Auth codebase. The changes migrate from a dual configuration system (with both config and completeConfig properties) to a unified, hierarchical configuration structure.

The key architectural changes include:

1. Configuration Structure Modernization: The PR eliminates the legacy completeConfig property from tenancy objects and consolidates all configuration access through the config property, which now directly contains the rendered organization configuration.

2. Hierarchical Configuration Schema: The flat configuration structure has been replaced with a nested organization where related settings are grouped logically:

   • Authentication settings moved from credential_enabled, sign_up_enabled, passkey_enabled to auth.password.allowSignIn, auth.allowSignUp, auth.passkey.allowSignIn
   • Domain configuration restructured from flat arrays to domains.trustedDomains objects with baseUrl and handlerPath properties
   • OAuth providers reorganized from arrays to keyed objects under auth.oauth.providers
   • Email configuration moved from email_config.type to emails.server.isShared

3. API Simplification: Functions like validateRedirectUrl have been updated to accept entire tenancy objects instead of individual configuration parameters, centralizing configuration access logic and reducing parameter coupling.

4. Transformation Layer: The renderedOrganizationConfigToProjectCrud function is now used to transform the new organization config format into the expected project CRUD interface format for API responses, maintaining backward compatibility while supporting the new internal structure.

5. New Environment Config CRUD: A new environment configuration management system has been introduced with proper CRUD operations, supporting the transition from legacy tenancy-based configuration to environment-level configuration management.

The changes affect authentication flows (password, OTP, passkey, OAuth), email systems, domain validation, API key management, team creation, user management, and various internal configuration endpoints. All modifications maintain functional equivalence while adopting the cleaner, more maintainable configuration architecture.

Confidence score: 3/5

• This PR has significant architectural changes that could introduce subtle bugs if configuration transformations are incorrect
• The migration from legacy to new config structure requires careful validation to ensure all property mappings are accurate
• Files like apps/backend/src/app/api/latest/auth/otp/send-sign-in-code/route.tsx have inconsistent error messaging and several files use generic yupMixed() validation that lacks type safety

_{46 files reviewed, 6 comments}

_{Edit Code Review Bot Settings | Greptile}