docs(docs): Document multi-org OSS and the upgrade path

[jp-agenta]

Context

The multi-org convergence PRs (#4671, #4673, #4674, #4675, #4676) change what self-hosted OSS operators experience: open signup replaces invite-only, organizations can be created and managed in OSS, and the AGENTA_ACCESS_* variables are now enforced in both editions. The docs still describe organization-creation restriction as an Enterprise feature under a legacy variable name, and nothing warns operators about the signup posture flip.

Changes

• self-host/guides/06-restrict-organization-creation.mdx: rewritten as "Restrict Sign-ups and Organization Creation" (URL unchanged). Drops the Enterprise-only banner, uses the canonical AGENTA_ACCESS_ALLOWED_OWNER_EMAILS (legacy aliases noted), and now also covers sign-up restriction via allowed/blocked domains and emails, how restricted users join, and a reference table of the four variables.
• New self-host/upgrades/multi-org-migration.mdx: migration page for OSS operators. What to set before upgrading (the posture flip), what the migration does to existing data (membership backfill, constraint tightening, legacy-table drop), what changes day to day, and a rollback note.
• self-host/03-upgrading.mdx: pre-upgrade caution pointing at the migration page.
• self-host/01-quick-start.mdx: note that sign-ups are open by default, with a link to the restriction guide.
• self-host/02-configuration.mdx: the four access vars are marked as applying to both editions; plan/role vars stay Enterprise-only.
• self-host/04-dynamic-access-controls.mdx: clarifies the split between Enterprise-only plan/role overrides and the both-editions access vars.
• misc/01-opensource.mdx: feature table gains "Multiple Organizations" as available in OSS; the commercial-only list now reads RBAC, SSO, domain verification.
• administration/access-control/01-organizations.mdx: notes multi-org applies to self-hosted OSS; RBAC and domain verification stay plan-gated. The sso/rbac/domain-verification pages needed no change.
• AGENTS.md: new "Branching and PRs with GitButler" section (workspace mode, lanes and stacks, hook behavior, but push + gh pr create flow, absorb).

Notes

• Should merge together with or after the feature PRs; the content describes post-merge behavior.
• The migration page is version-agnostic ("the multi-organization release"); pin the version number when the release is cut.

🤖 Generated with Claude Code

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
agenta-documentation	Ready	Preview, Comment	Jun 14, 2026 6:34pm

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Summary by CodeRabbit

• Documentation
  • Added contributor guidance for branching and PR workflows using a workspace CLI, including PR creation, updating already-committed changes, and recovery “gotchas.”
  • Updated Open Source vs. Commercial docs for multi-organization availability and clarified team-management wording.
  • Expanded self-hosted access-control documentation to clarify which environment variables apply to each edition.
  • Added/updated self-hosted guides for restricting sign-ups and organization creation, multi-organization OSS migration, and switching OSS to EE in place (including cautions and rollback notes).

Walkthrough

This PR introduces documentation for Agenta's multi-organization support in open-source editions and GitButler workspace branching instructions. Changes include feature availability clarification across editions, access control variable documentation, implementation guides for restricting sign-ups and organization creation, comprehensive migration guidance for instances upgrading to multi-organization support, procedures for switching from OSS to Enterprise Edition, and contributing instructions for managing Git workflows in GitButler.

Changes

GitButler Workspace Branching

Layer / File(s)	Summary
GitButler workspace branching and PR instructions AGENTS.md	Added comprehensive guidance for managing branch creation, commits, and pull request creation using GitButler workspace mode and the but CLI, including stacked PR workflows, file amendments with but absorb, targeted branch commits with but rub, and recovery procedures using but oplog for undoing botched operations.

Multi-Organization OSS Support

Layer / File(s)	Summary
Feature availability clarification docs/docs/misc/01-opensource.mdx, docs/docs/administration/access-control/01-organizations.mdx	Added "Multiple Organizations" to the feature parity table between open-source and commercial editions; updated the "Team Management" commercial-only description to specify role-based access control, SSO, and domain verification; clarified that organization creation applies to both Cloud and self-hosted deployments.
Access control variable edition applicability docs/docs/self-host/02-configuration.mdx, docs/docs/self-host/04-dynamic-access-controls.mdx	Documented which environment variables apply to both editions (sign-up and organization-creation controls) versus Enterprise-only (plan/role/entitlement overrides), with links to behavior guides for each category.
Implementing access control restrictions docs/docs/self-host/guides/06-restrict-organization-creation.mdx	Updated the guide to cover both organization creation and sign-up restrictions using AGENTA_ACCESS_ALLOWED_OWNER_EMAILS, domain allowlisting (AGENTA_ACCESS_ALLOWED_DOMAINS), and email/domain blocklists (AGENTA_ACCESS_BLOCKED_EMAILS, AGENTA_ACCESS_BLOCKED_DOMAINS), including precedence rules and invitation flow for restricted users.
Multi-organization migration and upgrade awareness docs/docs/self-host/01-quick-start.mdx, docs/docs/self-host/03-upgrading.mdx, docs/docs/self-host/upgrades/multi-org-migration.mdx	Added quick-start notice about open sign-ups enabled by default; added upgrade caution about the flip from invite-only to open signup; provided comprehensive migration guide documenting pre-upgrade preparation, database schema changes (membership table creation/backfill, constraint tightening, legacy table drops), expected behavioral changes (organization switcher, owner management, explicit membership tracking), and rollback limitations for downgrade operations.
OSS to Enterprise Edition upgrade guide docs/docs/self-host/upgrades/oss-to-ee-switch.mdx	Introduced step-by-step guide for switching a self-hosted deployment from open-source to Enterprise Edition while preserving data, covering prerequisites, database naming behavior, Docker Compose and Kubernetes deployment procedures, post-switch state expectations, and rollback instructions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• Agenta-AI/agenta#4543: Both PRs modify the root AGENTS.md documentation—chore(agents): compartmentalize AGENTS.md into scoped files and skills #4543 restructures/shortens it while this PR adds a new "Branching and PRs with GitButler" section in that same file.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title concisely captures the main objective: documenting multi-org OSS and the upgrade path, which directly aligns with the file changes and description.
Description check	✅ Passed	The description is comprehensive and relates directly to the changeset, covering context, specific file changes, and implementation notes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch docs/oss-multi-org-docs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

AGENTS.md (1)

31-32: ⚡ Quick win

Remove the hard-coded gitbutler/workspace branch reference.

This root guide is loaded repo-wide, so pinning the instructions to a specific branch will go stale as soon as the workspace branch changes or the docs land on main. Keep the guidance branch-agnostic and mention gitbutler/workspace only as an example if needed.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: d4a71e04-8557-4097-a27c-eb544895b27c

📥 Commits

Reviewing files that changed from the base of the PR and between a2e9150 and 530f4be.

📒 Files selected for processing (9)

• AGENTS.md
• docs/docs/administration/access-control/01-organizations.mdx
• docs/docs/misc/01-opensource.mdx
• docs/docs/self-host/01-quick-start.mdx
• docs/docs/self-host/02-configuration.mdx
• docs/docs/self-host/03-upgrading.mdx
• docs/docs/self-host/04-dynamic-access-controls.mdx
• docs/docs/self-host/guides/06-restrict-organization-creation.mdx
• docs/docs/self-host/upgrades/multi-org-migration.mdx

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

docs/docs/self-host/guides/06-restrict-organization-creation.mdx (1)

7-19: ⚠️ Potential issue | 🟠 Major

Keep the access-control applicability claim scoped.

This is the same cross-edition mismatch already flagged in prior review context: the docs still say the first access controls work in both editions, but the supplied evidence only showed the OSS path handling the blocking lists while the owner-email allowlist lived in EE. Please either narrow the wording to the verified OSS behavior or point to the OSS implementation that backs the broader claim.

• docs/docs/self-host/guides/06-restrict-organization-creation.mdx#L7-L19: trim the blanket “all settings on this page” statement to the controls you’ve actually verified in OSS.
• docs/docs/self-host/02-configuration.mdx#L45-L49: don’t label AGENTA_ACCESS_ALLOWED_OWNER_EMAILS as cross-edition until the OSS enforcement path is confirmed.
• docs/docs/self-host/03-upgrading.mdx#L14-L16: rephrase the upgrade caution so it doesn’t promise a capability the OSS path may not provide.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 4ae5ba13-aba4-40f1-b6e8-454bd07228d3

📥 Commits

Reviewing files that changed from the base of the PR and between 3dcdeae and 5ac06a6.

📒 Files selected for processing (10)

• AGENTS.md
• docs/docs/administration/access-control/01-organizations.mdx
• docs/docs/misc/01-opensource.mdx
• docs/docs/self-host/01-quick-start.mdx
• docs/docs/self-host/02-configuration.mdx
• docs/docs/self-host/03-upgrading.mdx
• docs/docs/self-host/04-dynamic-access-controls.mdx
• docs/docs/self-host/guides/06-restrict-organization-creation.mdx
• docs/docs/self-host/upgrades/multi-org-migration.mdx
• docs/docs/self-host/upgrades/oss-to-ee-switch.mdx

✅ Files skipped from review due to trivial changes (6)

• docs/docs/self-host/04-dynamic-access-controls.mdx
• docs/docs/self-host/upgrades/oss-to-ee-switch.mdx
• docs/docs/administration/access-control/01-organizations.mdx
• docs/docs/misc/01-opensource.mdx
• AGENTS.md
• docs/docs/self-host/upgrades/multi-org-migration.mdx

🚧 Files skipped from review as they are similar to previous changes (1)

• docs/docs/self-host/01-quick-start.mdx

[coderabbitai]

Actionable comments posted: 3

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 4a7a4ff6-efcc-46ac-bce7-bda1ee52a581

📥 Commits

Reviewing files that changed from the base of the PR and between 89399cd and c24a288.

📒 Files selected for processing (10)

• AGENTS.md
• docs/docs/administration/access-control/01-organizations.mdx
• docs/docs/misc/01-opensource.mdx
• docs/docs/self-host/01-quick-start.mdx
• docs/docs/self-host/02-configuration.mdx
• docs/docs/self-host/03-upgrading.mdx
• docs/docs/self-host/04-dynamic-access-controls.mdx
• docs/docs/self-host/guides/06-restrict-organization-creation.mdx
• docs/docs/self-host/upgrades/multi-org-migration.mdx
• docs/docs/self-host/upgrades/oss-to-ee-switch.mdx

✅ Files skipped from review due to trivial changes (5)

• docs/docs/self-host/04-dynamic-access-controls.mdx
• docs/docs/self-host/01-quick-start.mdx
• AGENTS.md
• docs/docs/self-host/upgrades/oss-to-ee-switch.mdx
• docs/docs/self-host/upgrades/multi-org-migration.mdx

🚧 Files skipped from review as they are similar to previous changes (2)

• docs/docs/administration/access-control/01-organizations.mdx
• docs/docs/misc/01-opensource.mdx