CloudNativeBergen
diff --git a/‎.prettierignore‎
Lines changed: 1 addition & 0 deletions b/‎.prettierignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎AGENTS.md‎
Lines changed: 14 additions & 0 deletions b/‎AGENTS.md‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎__tests__/api/trpc/middleware.test.ts‎
Lines changed: 5 additions & 5 deletions b/‎__tests__/api/trpc/middleware.test.ts‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎__tests__/api/trpc/volunteer.test.ts‎
Lines changed: 2 additions & 2 deletions b/‎__tests__/api/trpc/volunteer.test.ts‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎__tests__/app/cli/login/cli-login-client.test.tsx‎
Lines changed: 55 additions & 8 deletions b/‎__tests__/app/cli/login/cli-login-client.test.tsx‎
Lines changed: 55 additions & 8 deletions
diff --git a/‎__tests__/lib/proposal/schemas.test.ts‎
Lines changed: 0 additions & 12 deletions b/‎__tests__/lib/proposal/schemas.test.ts‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎__tests__/lib/sponsor-crm/contract-schemas.test.ts‎
Lines changed: 5 additions & 29 deletions b/‎__tests__/lib/sponsor-crm/contract-schemas.test.ts‎
Lines changed: 5 additions & 29 deletions
diff --git a/‎docs/TRPC_SERVER_ARCHITECTURE.md‎
Lines changed: 27 additions & 0 deletions b/‎docs/TRPC_SERVER_ARCHITECTURE.md‎
Lines changed: 27 additions & 0 deletions
diff --git a/‎eslint.config.js‎
Lines changed: 1 addition & 0 deletions b/‎eslint.config.js‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/app/(admin)/admin/settings/page.tsx‎
Lines changed: 0 additions & 1 deletion b/‎src/app/(admin)/admin/settings/page.tsx‎
Lines changed: 0 additions & 1 deletion
@@ -7,3 +7,4 @@ coverage
 .turbo
 node_modules
 .vercel
+cli
@@ -303,6 +303,7 @@ This applies to any component using `formatDistanceToNow`, `getDaysPending`, or
   - Complete CRUD operations for sponsors and sponsor tiers
   - Conference-sponsor assignment management (add/remove sponsors)
   - Proper query invalidation and optimistic updates
+- **Conference Resolution:** Never accept `conferenceId` as client input. Use `resolveConferenceId()` from `/src/server/trpc.ts` to derive it server-side from the request's Host header via `getConferenceForCurrentDomain()`. This ensures multi-tenant isolation and prevents clients from accessing data across conferences.
 - **Input Validation:** Zod schemas in `/src/server/schemas/` for type-safe input validation
 - **Error Handling:** Consistent TRPCError usage with proper HTTP status codes and user-friendly messages
 - **Performance:** React Query integration provides automatic caching, background updates, and optimistic UI updates
@@ -329,6 +330,19 @@ This applies to any component using `formatDistanceToNow`, `getDaysPending`, or
 - **Qodo Review:** `pnpm qodo:review` - Review PR suggestions from Qodo Merge (auto-detects current branch PR, or pass PR number like `pnpm qodo:review 332`).
 - Run sanity commands with `pnpm sanity {command}` (e.g., `pnpm sanity deploy`) - do not use `npx sanity` directly.
 
+#### CLI (`cli/` — Rust)
+
+The `cnctl` CLI lives in `cli/` as a standalone Cargo project. It uses mise for toolchain management.
+
+- **Full Check:** `cd cli && mise run check` - Runs clippy, format check, and tests in parallel.
+- **Clippy:** `cd cli && mise run clippy` - Runs clippy with pedantic lints, warnings as errors.
+- **Format:** `cd cli && mise run fmt` - Formats code with rustfmt.
+- **Format Check:** `cd cli && mise run fmt-check` - Checks formatting without modifying files.
+- **Tests:** `cd cli && mise run test` - Runs all tests.
+- **Tests (Verbose):** `cd cli && mise run test-verbose` - Runs tests with output.
+- **Build:** `cd cli && mise run build` - Builds release binary.
+- **Clean:** `cd cli && mise run clean` - Removes build artifacts.
+
 ## Code Organization & Refactoring
 
 ### Component Structure
 
@@ -40,8 +40,8 @@ describe('tRPC middleware', () => {
     it('should reject unauthenticated requests', async () => {
       const caller = createAnonymousCaller()
 
-      await expect(caller.speakers.list({})).rejects.toThrow(TRPCError)
-      await expect(caller.speakers.list({})).rejects.toMatchObject({
+      await expect(caller.speakers.list()).rejects.toThrow(TRPCError)
+      await expect(caller.speakers.list()).rejects.toMatchObject({
         code: 'UNAUTHORIZED',
       })
     })
@@ -50,8 +50,8 @@ describe('tRPC middleware', () => {
       const regularUser = speakers.find((s) => !s.isOrganizer)!
       const caller = createAuthenticatedCaller(regularUser._id)
 
-      await expect(caller.speakers.list({})).rejects.toThrow(TRPCError)
-      await expect(caller.speakers.list({})).rejects.toMatchObject({
+      await expect(caller.speakers.list()).rejects.toThrow(TRPCError)
+      await expect(caller.speakers.list()).rejects.toMatchObject({
         code: 'FORBIDDEN',
       })
     })
@@ -60,7 +60,7 @@ describe('tRPC middleware', () => {
       const caller = createAdminCaller()
       // Should not throw UNAUTHORIZED or FORBIDDEN — may throw due to missing mock data
       try {
-        await caller.speakers.list({})
+        await caller.speakers.list()
       } catch (error) {
         expect(error).toBeInstanceOf(TRPCError)
         expect((error as TRPCError).code).not.toBe('UNAUTHORIZED')
 
@@ -132,15 +132,15 @@ describe('volunteer router', () => {
   describe('list', () => {
     it('should reject unauthenticated requests', async () => {
       const caller = createAnonymousCaller()
-      await expect(caller.volunteer.list({})).rejects.toMatchObject({
+      await expect(caller.volunteer.list()).rejects.toMatchObject({
         code: 'UNAUTHORIZED',
       })
     })
 
     it('should reject non-admin users', async () => {
       const regularUser = speakers.find((s) => !s.isOrganizer)!
       const caller = createAuthenticatedCaller(regularUser._id)
-      await expect(caller.volunteer.list({})).rejects.toMatchObject({
+      await expect(caller.volunteer.list()).rejects.toMatchObject({
         code: 'FORBIDDEN',
       })
     })
 
@@ -9,18 +9,25 @@ import CLILoginClient, {
 
 describe('buildCallbackUrl', () => {
   it('should build a valid localhost callback URL', () => {
-    const url = buildCallbackUrl('8080', 'my-token', 'my-state', 'Alice')
+    const url = buildCallbackUrl(
+      '8080',
+      'my-token',
+      'my-state',
+      'Alice',
+      'conf-123',
+    )
     expect(url.hostname).toBe('localhost')
     expect(url.port).toBe('8080')
     expect(url.pathname).toBe('/callback')
     expect(url.searchParams.get('token')).toBe('my-token')
     expect(url.searchParams.get('state')).toBe('my-state')
     expect(url.searchParams.get('name')).toBe('Alice')
+    expect(url.searchParams.get('conference_id')).toBe('conf-123')
   })
 
   it('should reject non-localhost hosts', () => {
     // buildCallbackUrl hardcodes localhost, so this tests the safety check
-    expect(() => buildCallbackUrl('8080', 't', 's', 'n')).not.toThrow()
+    expect(() => buildCallbackUrl('8080', 't', 's', 'n', 'c')).not.toThrow()
   })
 })
 
@@ -37,7 +44,13 @@ describe('CLILoginClient', () => {
   })
 
   it('should show confirm screen initially', () => {
-    render(<CLILoginClient userName="Test User" userEmail="test@example.com" />)
+    render(
+      <CLILoginClient
+        userName="Test User"
+        userEmail="test@example.com"
+        conferenceId="conf-123"
+      />,
+    )
     expect(screen.getByText(/requesting access/i)).toBeInTheDocument()
     expect(
       screen.getByRole('button', { name: /authorize cli/i }),
@@ -54,7 +67,13 @@ describe('CLILoginClient', () => {
       json: () => Promise.resolve({ token: 'jwt-token-value' }),
     })
 
-    render(<CLILoginClient userName="Test User" userEmail="test@example.com" />)
+    render(
+      <CLILoginClient
+        userName="Test User"
+        userEmail="test@example.com"
+        conferenceId="conf-123"
+      />,
+    )
     fireEvent.click(screen.getByRole('button', { name: /authorize cli/i }))
 
     await waitFor(() => {
@@ -92,6 +111,7 @@ describe('CLILoginClient', () => {
         state="random-state"
         userName="Test User"
         userEmail="test@example.com"
+        conferenceId="conf-123"
       />,
     )
 
@@ -118,6 +138,7 @@ describe('CLILoginClient', () => {
         state="s"
         userName="Test User"
         userEmail="test@example.com"
+        conferenceId="conf-123"
       />,
     )
 
@@ -136,6 +157,7 @@ describe('CLILoginClient', () => {
         state="s"
         userName="Test User"
         userEmail="test@example.com"
+        conferenceId="conf-123"
       />,
     )
 
@@ -153,6 +175,7 @@ describe('CLILoginClient', () => {
         port="8080"
         userName="Test User"
         userEmail="test@example.com"
+        conferenceId="conf-123"
       />,
     )
 
@@ -171,7 +194,13 @@ describe('CLILoginClient', () => {
       json: () => Promise.resolve({ error: 'Unauthorized' }),
     })
 
-    render(<CLILoginClient userName="Test User" userEmail="test@example.com" />)
+    render(
+      <CLILoginClient
+        userName="Test User"
+        userEmail="test@example.com"
+        conferenceId="conf-123"
+      />,
+    )
     fireEvent.click(screen.getByRole('button', { name: /authorize cli/i }))
 
     await waitFor(() => {
@@ -182,7 +211,13 @@ describe('CLILoginClient', () => {
   it('should show error when fetch throws', async () => {
     fetchMock.mockRejectedValue(new Error('Network error'))
 
-    render(<CLILoginClient userName="Test User" userEmail="test@example.com" />)
+    render(
+      <CLILoginClient
+        userName="Test User"
+        userEmail="test@example.com"
+        conferenceId="conf-123"
+      />,
+    )
     fireEvent.click(screen.getByRole('button', { name: /authorize cli/i }))
 
     await waitFor(() => {
@@ -199,7 +234,13 @@ describe('CLILoginClient', () => {
     const writeText = vi.fn().mockResolvedValue(undefined)
     Object.assign(navigator, { clipboard: { writeText } })
 
-    render(<CLILoginClient userName="Test User" userEmail="test@example.com" />)
+    render(
+      <CLILoginClient
+        userName="Test User"
+        userEmail="test@example.com"
+        conferenceId="conf-123"
+      />,
+    )
     fireEvent.click(screen.getByRole('button', { name: /authorize cli/i }))
 
     await waitFor(() => {
@@ -226,7 +267,13 @@ describe('CLILoginClient', () => {
         json: () => Promise.resolve({ token: 'retry-token' }),
       })
 
-    render(<CLILoginClient userName="Test User" userEmail="test@example.com" />)
+    render(
+      <CLILoginClient
+        userName="Test User"
+        userEmail="test@example.com"
+        conferenceId="conf-123"
+      />,
+    )
     fireEvent.click(screen.getByRole('button', { name: /authorize cli/i }))
 
     await waitFor(() => {
 
@@ -266,7 +266,6 @@ describe('ProposalAdminCreateSchema', () => {
     const result = ProposalAdminCreateSchema.safeParse({
       ...fullProposal,
       speakers: ['speaker-1'],
-      conferenceId: 'conf-1',
     })
     expect(result.success).toBe(true)
   })
@@ -275,16 +274,6 @@ describe('ProposalAdminCreateSchema', () => {
     const result = ProposalAdminCreateSchema.safeParse({
       ...fullProposal,
       speakers: [],
-      conferenceId: 'conf-1',
-    })
-    expect(result.success).toBe(false)
-  })
-
-  it('requires conferenceId', () => {
-    const result = ProposalAdminCreateSchema.safeParse({
-      ...fullProposal,
-      speakers: ['s1'],
-      conferenceId: '',
     })
     expect(result.success).toBe(false)
   })
@@ -294,7 +283,6 @@ describe('ProposalAdminCreateSchema', () => {
       ...fullProposal,
       format: Format.workshop_240,
       speakers: ['s1'],
-      conferenceId: 'conf-1',
     })
     expect(result.success).toBe(false)
   })
 
@@ -233,21 +233,9 @@ describe('ContractTemplateIdSchema', () => {
 })
 
 describe('ContractTemplateListSchema', () => {
-  it('passes with valid conferenceId', () => {
-    const result = ContractTemplateListSchema.safeParse({
-      conferenceId: 'conf-1',
-    })
-    expect(result.success).toBe(true)
-  })
-
-  it('fails with empty conferenceId', () => {
-    const result = ContractTemplateListSchema.safeParse({ conferenceId: '' })
-    expect(result.success).toBe(false)
-  })
-
-  it('fails without conferenceId', () => {
+  it('passes with empty input', () => {
     const result = ContractTemplateListSchema.safeParse({})
-    expect(result.success).toBe(false)
+    expect(result.success).toBe(true)
   })
 })
 
@@ -290,16 +278,13 @@ describe('GenerateContractPdfSchema', () => {
 })
 
 describe('FindBestContractTemplateSchema', () => {
-  it('passes with conferenceId only', () => {
-    const result = FindBestContractTemplateSchema.safeParse({
-      conferenceId: 'conf-1',
-    })
+  it('passes with no fields', () => {
+    const result = FindBestContractTemplateSchema.safeParse({})
     expect(result.success).toBe(true)
   })
 
-  it('passes with all fields', () => {
+  it('passes with all optional fields', () => {
     const result = FindBestContractTemplateSchema.safeParse({
-      conferenceId: 'conf-1',
       tierId: 'tier-gold',
       language: 'nb',
     })
@@ -308,26 +293,17 @@ describe('FindBestContractTemplateSchema', () => {
 
   it('passes without optional tierId', () => {
     const result = FindBestContractTemplateSchema.safeParse({
-      conferenceId: 'conf-1',
       language: 'en',
     })
     expect(result.success).toBe(true)
   })
 
   it('fails with invalid language', () => {
     const result = FindBestContractTemplateSchema.safeParse({
-      conferenceId: 'conf-1',
       language: 'fr',
     })
     expect(result.success).toBe(false)
   })
-
-  it('fails with empty conferenceId', () => {
-    const result = FindBestContractTemplateSchema.safeParse({
-      conferenceId: '',
-    })
-    expect(result.success).toBe(false)
-  })
 })
 
 describe('SendContractSchema', () => {
 
@@ -59,6 +59,33 @@ export const sponsorRouter = router({
 })
 ```
 
+### Conference Resolution
+
+This site is multi-tenant — each conference runs on its own subdomain. The server must determine which conference the request is for, and **this must always happen server-side**.
+
+**Rule: Never accept `conferenceId` as client input in tRPC procedures.** Instead, use `resolveConferenceId()` from `/src/server/trpc.ts`, which derives the conference from the request's `Host` header via `getConferenceForCurrentDomain()`.
+
+```typescript
+// ✅ Correct — resolve server-side
+import { resolveConferenceId } from '../trpc'
+
+list: adminProcedure.query(async () => {
+  const conferenceId = await resolveConferenceId()
+  // use conferenceId for queries...
+})
+
+// ❌ Wrong — never accept conferenceId from client
+list: adminProcedure
+  .input(z.object({ conferenceId: z.string() }))
+  .query(async ({ input }) => {
+    // DO NOT DO THIS — clients could access other conferences
+  })
+```
+
+**Why:** Accepting `conferenceId` from the client breaks multi-tenant isolation. A malicious or misconfigured client could pass a different conference's ID and access data it shouldn't. Server-side resolution guarantees each request only accesses data belonging to the conference identified by the domain.
+
+**When you need the full conference object** (not just the ID), import and call `getConferenceForCurrentDomain()` directly.
+
 ### Input Validation
 
 ```typescript
 
@@ -30,6 +30,7 @@ const eslintConfig = [
       '__tests__/**/testdata/**',
       '__tests__/**/mocks/**',
       'storybook-static/**', // Built Storybook output
+      'cli/**',
     ],
   },
 
 
@@ -339,7 +339,6 @@ export default async function AdminSettings() {
         </InfoCard>
 
         <WorkshopRegistrationSettings
-          conferenceId={conference._id}
           workshopRegistrationStart={conference.workshopRegistrationStart}
           workshopRegistrationEnd={conference.workshopRegistrationEnd}
         />
-Original file line number
+Diff line change
 .turbo
 node_modules
 .vercel
 +cli