@madebylars.com/mbl-order 0.1.0 → 1.0.1

package/README.md

@@ -17,6 +17,7 @@ Handles the full lifecycle: **Quote → Order → Dispatch → Delivery → Invo
 
 - **Two order types** — transport (A→B jobs) and storage (recurring warehouse rental)
 - **Full status lifecycle** — per order type, enforced via Supabase RLS
+- **Multitenancy** — tenant isolation at the DB level via RLS; `tenant_id` resolved from JWT only, never from client input
 - **Role-based access** — customer / driver / dispatcher / admin extending `mbl-auth` RBAC
 - **Invoice generation** — draft invoices with VAT line items; accounting export is a future phase
 - **Fleet view** — active drivers with last-known GPS position (integrates with `mbl-whereabout`)
@@ -71,20 +72,24 @@ export default defineNuxtConfig({
 })
 ```
 
-### 3. Run the database migration
+### 3. Run the database migrations
 
-Apply `src/runtime/server/migrations/001_transport_schema.sql` to your Supabase project.
+Apply the two migration files to your Supabase project in order:
 
-**Via Supabase CLI:**
-```bash
-supabase db push
 ```
+src/runtime/server/migrations/001_transport_schema.sql   ← tables, RLS, indexes
+src/runtime/server/migrations/002_add_multitenancy.sql   ← tenants, JWT hook, tenant isolation
+```
+
+**Via Supabase SQL editor:** paste each file and run it in sequence.
+
+After running `002_add_multitenancy.sql` you must also **register the Custom Access Token Hook** in the Supabase dashboard:
 
-**Or paste directly** into the Supabase SQL editor.
+> **Authentication → Hooks → Custom Access Token** → select `public.custom_access_token_hook`
 
-The migration creates a dedicated `transport` schema with seven tables, indexes, RLS policies, and a role helper function. It is safe to run on a fresh project; it will fail if the schema already exists.
+The hook injects `tenant_id` and `user_role` as top-level JWT claims. All RLS policies depend on these claims — without the hook registered, no data will be accessible (fail closed by design).
 
-> **Important:** The RLS policies rely on `mbl-auth` storing the user role in `auth.users.app_metadata` as `{ "role": "customer" | "driver" | "dispatcher" | "admin" }`. Confirm this matches your `mbl-auth` setup before running.
+> **Note on roles:** `user_role` is the JWT claim name (not `role`, which is reserved by Supabase). The fallback chain is: hook claim → `user_role` in `app_metadata` → `'customer'`.
 
 ---
 
@@ -144,14 +149,26 @@ const { data: fleet }  = await useFleet()
 const { data: orders } = await useDriverOrders(driverId)
 ```
 
+### Tenant
+
+```ts
+const { data: tenant, tenantId, pending, error } = useTenant()
+// tenant    — full Tenant record (name, slug, locale, currency, vatStandard, …)
+// tenantId  — decoded from JWT access_token (never from URL or localStorage)
+```
+
+`tenantId` is a computed ref that re-evaluates when the Supabase session changes. All data composables watch it and re-fetch automatically on login/logout.
+
 ### Locale
 
 ```ts
-const { t, formatCurrency, formatDate, locale } = useOrderLocale()
+const { t, formatCurrency, formatDate, locale, setLocale } = useOrderLocale()
 
 t('mblOrder.status.in_transit')  // → 'In transit' or 'Under transport'
 formatCurrency(1250)              // → '£1,250.00' or '1 250,00 kr'
 formatDate('2026-06-10')         // → '10 June 2026' or '10 juni 2026'
+
+setLocale('sv')                  // switch locale for the session
 ```
 
 ### KPIs (for `mbl-graph`)
@@ -203,7 +220,7 @@ Supports periodic invoice generation (monthly or custom interval via `periodicBi
 | `dispatcher` | Assign jobs, manage queue, live fleet view |
 | `admin` | Full access, invoice generation, KPIs |
 
-Roles extend the `mbl-auth` RBAC system. The JWT `app_metadata.role` field is used by Supabase RLS to enforce access at the database level.
+Roles extend the `mbl-auth` RBAC system. The `user_role` JWT claim (injected by the Custom Access Token Hook) is used by Supabase RLS to enforce access at the database level. The claim is a top-level JWT field — not nested under `app_metadata`.
 
 ---
 
@@ -231,7 +248,14 @@ If `@nuxtjs/i18n` is absent, use `useOrderLocale()` directly — it works standa
 
 ## Database schema
 
-Seven tables in the `transport` Supabase schema:
+**Tenant schema (multitenancy):**
+
+| Table | Purpose |
+|---|---|
+| `tenant.tenants` | Tenant registry — name, slug, locale, currency, VAT rate |
+| `tenant.tenant_users` | Links `auth.users` to a tenant with a transport role |
+
+**Transport schema (order data):**
 
 | Table | Purpose |
 |---|---|
@@ -243,7 +267,7 @@ Seven tables in the `transport` Supabase schema:
 | `transport.drivers` | Driver profiles linked to auth users |
 | `transport.vehicles` | Vehicle registry |
 
-All tables have RLS enabled. See the migration file for full column definitions, indexes, and policies.
+All transport tables carry a `tenant_id` column. RLS policies are fail-closed — a missing or unrecognised `tenant_id` in the JWT denies all access. See the migration files for full column definitions, indexes, and policies.
 
 ---
 

package/dist/module.json

@@ -1,7 +1,7 @@
 {
   "name": "mbl-order",
   "configKey": "mblOrder",
-  "version": "0.1.0",
+  "version": "1.0.1",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/module.mjs

@@ -33,8 +33,8 @@ const module$1 = defineNuxtModule({
         register({
           langDir: resolver.resolve("./runtime/locales"),
           locales: [
-            { code: "en", file: "en.ts" },
-            { code: "sv", file: "sv.ts" }
+            { code: "en", file: "en.js" },
+            { code: "sv", file: "sv.js" }
           ]
         });
       }

package/dist/runtime/composables/useDriverOrders.js

@@ -1,10 +1,12 @@
 export function useDriverOrders(driverId) {
+  const { tenantId } = useTenant();
   return useAsyncData(`mbl-order:driver-orders:${driverId}`, async () => {
+    if (!tenantId.value) return [];
     const client = useSupabaseClient();
     const config = useRuntimeConfig();
     const schema = config.public.mblOrder.supabaseSchema;
-    const { data, error } = await client.schema(schema).from("orders").select("*").eq("assigned_driver_id", driverId).in("status", ["assigned", "collected", "in_transit"]).order("scheduled_pickup_at", { ascending: true });
+    const { data, error } = await client.schema(schema).from("orders").select("*").eq("assigned_driver_id", driverId).eq("tenant_id", tenantId.value).in("status", ["assigned", "collected", "in_transit"]).order("scheduled_pickup_at", { ascending: true });
     if (error) throw error;
     return data ?? [];
-  });
+  }, { watch: [tenantId] });
 }

package/dist/runtime/composables/useFleet.js

@@ -1,5 +1,7 @@
 export function useFleet() {
+  const { tenantId } = useTenant();
   return useAsyncData("mbl-order:fleet", async () => {
+    if (!tenantId.value) return [];
     const client = useSupabaseClient();
     const config = useRuntimeConfig();
     const schema = config.public.mblOrder.supabaseSchema;
@@ -9,8 +11,8 @@ export function useFleet() {
         orders!assigned_driver_id (
           id, order_number, status, pickup_address, delivery_address
         )
-      `);
+      `).eq("tenant_id", tenantId.value);
     if (error) throw error;
     return data ?? [];
-  });
+  }, { watch: [tenantId] });
 }

package/dist/runtime/composables/useInvoice.js

@@ -1,10 +1,12 @@
 export function useInvoice(orderId) {
+  const { tenantId } = useTenant();
   return useAsyncData(`mbl-order:invoice:${orderId}`, async () => {
+    if (!tenantId.value) return null;
     const client = useSupabaseClient();
     const config = useRuntimeConfig();
     const schema = config.public.mblOrder.supabaseSchema;
-    const { data, error } = await client.schema(schema).from("invoices").select("*").eq("order_id", orderId).order("created_at", { ascending: false }).limit(1).maybeSingle();
+    const { data, error } = await client.schema(schema).from("invoices").select("*").eq("order_id", orderId).eq("tenant_id", tenantId.value).order("created_at", { ascending: false }).limit(1).maybeSingle();
     if (error) throw error;
     return data;
-  });
+  }, { watch: [tenantId] });
 }

package/dist/runtime/composables/useInvoiceActions.js

@@ -1,14 +1,20 @@
 export function useInvoiceActions() {
+  const { tenantId } = useTenant();
   const client = useSupabaseClient();
   const config = useRuntimeConfig();
   const schema = config.public.mblOrder.supabaseSchema;
+  function noTenant() {
+    return { data: null, error: new Error("No tenant in session \u2014 cannot perform invoice action") };
+  }
   async function generateInvoice(payload) {
+    if (!tenantId.value) return noTenant();
     try {
       const { data, error } = await client.schema(schema).from("invoices").insert({
         order_id: payload.orderId,
         due_at: payload.dueAt ?? null,
         status: "draft",
         currency: config.public.mblOrder.currency,
+        tenant_id: tenantId.value,
         accounting_provider: null,
         external_id: null,
         // TODO: compute from order lines
@@ -23,12 +29,13 @@ export function useInvoiceActions() {
     }
   }
   async function markPaid(invoiceId, paidAt) {
+    if (!tenantId.value) return noTenant();
     try {
       const { data, error } = await client.schema(schema).from("invoices").update({
         status: "paid",
         paid_at: paidAt ?? (/* @__PURE__ */ new Date()).toISOString(),
         updated_at: (/* @__PURE__ */ new Date()).toISOString()
-      }).eq("id", invoiceId).select().single();
+      }).eq("id", invoiceId).eq("tenant_id", tenantId.value).select().single();
       if (error) throw error;
       return { data, error: null };
     } catch (err) {

package/dist/runtime/composables/useOrder.js

@@ -1,5 +1,7 @@
 export function useOrder(id) {
+  const { tenantId } = useTenant();
   return useAsyncData(`mbl-order:order:${id}`, async () => {
+    if (!tenantId.value) return null;
     const client = useSupabaseClient();
     const config = useRuntimeConfig();
     const schema = config.public.mblOrder.supabaseSchema;
@@ -11,8 +13,8 @@ export function useOrder(id) {
         storage_periods (*),
         drivers (*),
         vehicles (*)
-      `).eq("id", id).single();
+      `).eq("id", id).eq("tenant_id", tenantId.value).single();
     if (error) throw error;
     return data;
-  });
+  }, { watch: [tenantId] });
 }

package/dist/runtime/composables/useOrderActions.js

@@ -1,12 +1,18 @@
 export function useOrderActions() {
+  const { tenantId } = useTenant();
   const client = useSupabaseClient();
   const config = useRuntimeConfig();
   const schema = config.public.mblOrder.supabaseSchema;
+  function noTenant() {
+    return { data: null, error: new Error("No tenant in session \u2014 cannot perform order action") };
+  }
   async function createOrder(payload) {
+    if (!tenantId.value) return noTenant();
     try {
       const { data, error } = await client.schema(schema).from("orders").insert({
         /* TODO: map payload to snake_case */
-        ...payload
+        ...payload,
+        tenant_id: tenantId.value
       }).select().single();
       if (error) throw error;
       return { data, error: null };
@@ -15,8 +21,9 @@ export function useOrderActions() {
     }
   }
   async function updateStatus(orderId, status) {
+    if (!tenantId.value) return noTenant();
     try {
-      const { data, error } = await client.schema(schema).from("orders").update({ status, updated_at: (/* @__PURE__ */ new Date()).toISOString() }).eq("id", orderId).select().single();
+      const { data, error } = await client.schema(schema).from("orders").update({ status, updated_at: (/* @__PURE__ */ new Date()).toISOString() }).eq("id", orderId).eq("tenant_id", tenantId.value).select().single();
       if (error) throw error;
       return { data, error: null };
     } catch (err) {
@@ -24,13 +31,14 @@ export function useOrderActions() {
     }
   }
   async function assignDriver(orderId, driverId, vehicleId) {
+    if (!tenantId.value) return noTenant();
     try {
       const { data, error } = await client.schema(schema).from("orders").update({
         assigned_driver_id: driverId,
         assigned_vehicle_id: vehicleId ?? null,
         status: "assigned",
         updated_at: (/* @__PURE__ */ new Date()).toISOString()
-      }).eq("id", orderId).select().single();
+      }).eq("id", orderId).eq("tenant_id", tenantId.value).select().single();
       if (error) throw error;
       return { data, error: null };
     } catch (err) {
@@ -38,13 +46,14 @@ export function useOrderActions() {
     }
   }
   async function cancelOrder(orderId, reason) {
+    if (!tenantId.value) return noTenant();
     try {
       const { data, error } = await client.schema(schema).from("orders").update({
         status: "draft",
         // placeholder — actual cancel status TBD
         notes: reason ?? null,
         updated_at: (/* @__PURE__ */ new Date()).toISOString()
-      }).eq("id", orderId).select().single();
+      }).eq("id", orderId).eq("tenant_id", tenantId.value).select().single();
       if (error) throw error;
       return { data, error: null };
     } catch (err) {

package/dist/runtime/composables/useOrderKpis.js

@@ -1,10 +1,25 @@
 export function useOrderKpis(filters) {
+  const { tenantId } = useTenant();
   const key = `mbl-order:kpis:${JSON.stringify(filters ?? {})}`;
   return useAsyncData(key, async () => {
+    if (!tenantId.value) {
+      return {
+        totalOrders: 0,
+        activeOrders: 0,
+        deliveredOrders: 0,
+        cancelledOrders: 0,
+        averageDeliveryTimeHours: null,
+        totalRevenue: 0,
+        pendingInvoices: 0,
+        overdueInvoices: 0,
+        activeStorageContracts: 0,
+        fleetUtilisationPercent: null
+      };
+    }
     const client = useSupabaseClient();
     const config = useRuntimeConfig();
     const schema = config.public.mblOrder.supabaseSchema;
-    const { data, error } = await client.schema(schema).from("orders").select("status, type, created_at");
+    const { data, error } = await client.schema(schema).from("orders").select("status, type, created_at").eq("tenant_id", tenantId.value);
     if (error) throw error;
     const rows = data ?? [];
     const kpis = {
@@ -26,5 +41,5 @@ export function useOrderKpis(filters) {
       // TODO: compute from fleet + active orders
     };
     return kpis;
-  });
+  }, { watch: [tenantId] });
 }

package/dist/runtime/composables/useOrderLocale.d.ts

@@ -1,7 +1,8 @@
 import type { Locale } from '../../types.js';
 export declare function useOrderLocale(): {
     t: (key: string) => string;
-    formatCurrency: (amount: number) => string;
+    formatCurrency: (amount: number, currencyOverride?: string) => string;
     formatDate: (dateStr: string) => string;
-    locale: Locale;
+    locale: any;
+    setLocale: (newLocale: Locale) => void;
 };

package/dist/runtime/composables/useOrderLocale.js

@@ -10,23 +10,29 @@ function resolve(obj, path) {
 }
 export function useOrderLocale() {
   const config = useRuntimeConfig();
-  const locale = config.public.mblOrder?.locale ?? "en";
-  const messages = LOCALES[locale] ?? LOCALES.en;
+  const locale = useState(
+    "mbl-order:locale",
+    () => config.public.mblOrder?.locale ?? "en"
+  );
+  const messages = computed(() => LOCALES[locale.value] ?? LOCALES.en);
+  function setLocale(newLocale) {
+    locale.value = newLocale;
+  }
   function t(key) {
-    return resolve(messages, key);
+    return resolve(messages.value, key);
   }
-  function formatCurrency(amount) {
-    const currency = config.public.mblOrder?.currency ?? "GBP";
-    const intlLocale = locale === "sv" ? "sv-SE" : "en-GB";
+  function formatCurrency(amount, currencyOverride) {
+    const currency = currencyOverride ?? (config.public.mblOrder?.currency ?? "GBP");
+    const intlLocale = locale.value === "sv" ? "sv-SE" : "en-GB";
     return new Intl.NumberFormat(intlLocale, { style: "currency", currency }).format(amount);
   }
   function formatDate(dateStr) {
-    const intlLocale = locale === "sv" ? "sv-SE" : "en-GB";
+    const intlLocale = locale.value === "sv" ? "sv-SE" : "en-GB";
     return new Intl.DateTimeFormat(intlLocale, {
       day: "numeric",
       month: "long",
       year: "numeric"
     }).format(new Date(dateStr));
   }
-  return { t, formatCurrency, formatDate, locale };
+  return { t, formatCurrency, formatDate, locale, setLocale };
 }

package/dist/runtime/composables/useOrders.js

@@ -1,11 +1,13 @@
 export function useOrders(filters) {
+  const { tenantId } = useTenant();
   const key = `mbl-order:orders:${JSON.stringify(filters ?? {})}`;
   return useAsyncData(key, async () => {
+    if (!tenantId.value) return [];
     const client = useSupabaseClient();
     const config = useRuntimeConfig();
     const schema = config.public.mblOrder.supabaseSchema;
-    const { data, error } = await client.schema(schema).from("orders").select("*");
+    const { data, error } = await client.schema(schema).from("orders").select("*").eq("tenant_id", tenantId.value);
     if (error) throw error;
     return data ?? [];
-  });
+  }, { watch: [tenantId] });
 }

package/dist/runtime/composables/useQuote.js

@@ -1,10 +1,12 @@
 export function useQuote(orderId) {
+  const { tenantId } = useTenant();
   return useAsyncData(`mbl-order:quote:${orderId}`, async () => {
+    if (!tenantId.value) return null;
     const client = useSupabaseClient();
     const config = useRuntimeConfig();
     const schema = config.public.mblOrder.supabaseSchema;
-    const { data, error } = await client.schema(schema).from("quotes").select("*").eq("order_id", orderId).order("created_at", { ascending: false }).limit(1).maybeSingle();
+    const { data, error } = await client.schema(schema).from("quotes").select("*").eq("order_id", orderId).eq("tenant_id", tenantId.value).order("created_at", { ascending: false }).limit(1).maybeSingle();
     if (error) throw error;
     return data;
-  });
+  }, { watch: [tenantId] });
 }

package/dist/runtime/composables/useQuoteActions.js

@@ -1,10 +1,20 @@
 export function useQuoteActions() {
+  const { tenantId } = useTenant();
   const client = useSupabaseClient();
   const config = useRuntimeConfig();
   const schema = config.public.mblOrder.supabaseSchema;
+  function noTenant() {
+    return { data: null, error: new Error("No tenant in session \u2014 cannot perform quote action") };
+  }
   async function createQuote(payload) {
+    if (!tenantId.value) return noTenant();
     try {
-      const { data, error } = await client.schema(schema).from("quotes").insert({ order_id: payload.orderId, expires_at: payload.expiresAt, notes: payload.notes ?? null }).select().single();
+      const { data, error } = await client.schema(schema).from("quotes").insert({
+        order_id: payload.orderId,
+        expires_at: payload.expiresAt,
+        notes: payload.notes ?? null,
+        tenant_id: tenantId.value
+      }).select().single();
       if (error) throw error;
       return { data, error: null };
     } catch (err) {
@@ -12,8 +22,9 @@ export function useQuoteActions() {
     }
   }
   async function acceptQuote(quoteId) {
+    if (!tenantId.value) return noTenant();
     try {
-      const { data, error } = await client.schema(schema).from("quotes").update({ accepted_at: (/* @__PURE__ */ new Date()).toISOString(), updated_at: (/* @__PURE__ */ new Date()).toISOString() }).eq("id", quoteId).select().single();
+      const { data, error } = await client.schema(schema).from("quotes").update({ accepted_at: (/* @__PURE__ */ new Date()).toISOString(), updated_at: (/* @__PURE__ */ new Date()).toISOString() }).eq("id", quoteId).eq("tenant_id", tenantId.value).select().single();
       if (error) throw error;
       return { data, error: null };
     } catch (err) {
@@ -21,8 +32,9 @@ export function useQuoteActions() {
     }
   }
   async function expireQuote(quoteId) {
+    if (!tenantId.value) return noTenant();
     try {
-      const { data, error } = await client.schema(schema).from("quotes").update({ rejected_at: (/* @__PURE__ */ new Date()).toISOString(), updated_at: (/* @__PURE__ */ new Date()).toISOString() }).eq("id", quoteId).select().single();
+      const { data, error } = await client.schema(schema).from("quotes").update({ rejected_at: (/* @__PURE__ */ new Date()).toISOString(), updated_at: (/* @__PURE__ */ new Date()).toISOString() }).eq("id", quoteId).eq("tenant_id", tenantId.value).select().single();
       if (error) throw error;
       return { data, error: null };
     } catch (err) {

package/dist/runtime/composables/useStorageActions.js

@@ -1,12 +1,17 @@
 export function useStorageActions() {
+  const { tenantId } = useTenant();
   const client = useSupabaseClient();
   const config = useRuntimeConfig();
   const schema = config.public.mblOrder.supabaseSchema;
+  function noTenant() {
+    return { data: null, error: new Error("No tenant in session \u2014 cannot perform storage action") };
+  }
   async function extendPeriod(payload) {
+    if (!tenantId.value) return noTenant();
     try {
-      const { data: existing, error: fetchError } = await client.schema(schema).from("storage_periods").select("id").eq("order_id", payload.orderId).order("start_date", { ascending: false }).limit(1).single();
+      const { data: existing, error: fetchError } = await client.schema(schema).from("storage_periods").select("id").eq("order_id", payload.orderId).eq("tenant_id", tenantId.value).order("start_date", { ascending: false }).limit(1).single();
       if (fetchError) throw fetchError;
-      const { data, error } = await client.schema(schema).from("storage_periods").update({ end_date: payload.newEndDate, updated_at: (/* @__PURE__ */ new Date()).toISOString() }).eq("id", existing.id).select().single();
+      const { data, error } = await client.schema(schema).from("storage_periods").update({ end_date: payload.newEndDate, updated_at: (/* @__PURE__ */ new Date()).toISOString() }).eq("id", existing.id).eq("tenant_id", tenantId.value).select().single();
       if (error) throw error;
       return { data, error: null };
     } catch (err) {
@@ -14,13 +19,14 @@ export function useStorageActions() {
     }
   }
   async function endPeriod(orderId, endDate) {
+    if (!tenantId.value) return noTenant();
     try {
-      const { data: existing, error: fetchError } = await client.schema(schema).from("storage_periods").select("id").eq("order_id", orderId).order("start_date", { ascending: false }).limit(1).single();
+      const { data: existing, error: fetchError } = await client.schema(schema).from("storage_periods").select("id").eq("order_id", orderId).eq("tenant_id", tenantId.value).order("start_date", { ascending: false }).limit(1).single();
       if (fetchError) throw fetchError;
       const { data, error } = await client.schema(schema).from("storage_periods").update({
         end_date: endDate ?? (/* @__PURE__ */ new Date()).toISOString().split("T")[0],
         updated_at: (/* @__PURE__ */ new Date()).toISOString()
-      }).eq("id", existing.id).select().single();
+      }).eq("id", existing.id).eq("tenant_id", tenantId.value).select().single();
       if (error) throw error;
       return { data, error: null };
     } catch (err) {

package/dist/runtime/composables/useStoragePeriod.js

@@ -1,10 +1,12 @@
 export function useStoragePeriod(orderId) {
+  const { tenantId } = useTenant();
   return useAsyncData(`mbl-order:storage-period:${orderId}`, async () => {
+    if (!tenantId.value) return null;
     const client = useSupabaseClient();
     const config = useRuntimeConfig();
     const schema = config.public.mblOrder.supabaseSchema;
-    const { data, error } = await client.schema(schema).from("storage_periods").select("*").eq("order_id", orderId).order("start_date", { ascending: false }).limit(1).maybeSingle();
+    const { data, error } = await client.schema(schema).from("storage_periods").select("*").eq("order_id", orderId).eq("tenant_id", tenantId.value).order("start_date", { ascending: false }).limit(1).maybeSingle();
     if (error) throw error;
     return data;
-  });
+  }, { watch: [tenantId] });
 }

package/dist/runtime/composables/useTenant.d.ts

@@ -0,0 +1,6 @@
+export declare function useTenant(): {
+    data: any;
+    pending: any;
+    error: any;
+    tenantId: any;
+};

package/dist/runtime/composables/useTenant.js

@@ -0,0 +1,30 @@
+function decodeTenantId(accessToken) {
+  try {
+    const payload = JSON.parse(
+      atob(accessToken.split(".")[1].replace(/-/g, "+").replace(/_/g, "/"))
+    );
+    return payload.tenant_id ?? null;
+  } catch {
+    return null;
+  }
+}
+export function useTenant() {
+  const session = useSupabaseSession();
+  const client = useSupabaseClient();
+  const tenantId = computed(() => {
+    const token = session.value?.access_token;
+    if (!token) return null;
+    return decodeTenantId(token);
+  });
+  const { data, pending, error } = useAsyncData(
+    "mbl-order:tenant",
+    async () => {
+      if (!tenantId.value) return null;
+      const { data: data2, error: error2 } = await client.schema("tenant").from("tenants").select("*").eq("id", tenantId.value).single();
+      if (error2) throw error2;
+      return data2;
+    },
+    { watch: [tenantId] }
+  );
+  return { data, pending, error, tenantId };
+}

package/dist/runtime/locales/en.d.ts

@@ -34,6 +34,7 @@ declare const en: {
             readonly driverUnavailable: "Driver is not available";
             readonly invoiceAlreadyExists: "An invoice already exists for this order";
             readonly periodNotFound: "No active storage period found";
+            readonly noTenant: "Tenant not found — please sign in again";
         };
         readonly invoice: {
             readonly title: "Invoice";

package/dist/runtime/locales/en.js

@@ -33,7 +33,8 @@ const en = {
       quoteExpired: "This quote has expired",
       driverUnavailable: "Driver is not available",
       invoiceAlreadyExists: "An invoice already exists for this order",
-      periodNotFound: "No active storage period found"
+      periodNotFound: "No active storage period found",
+      noTenant: "Tenant not found \u2014 please sign in again"
     },
     invoice: {
       title: "Invoice",

package/dist/runtime/locales/sv.js

@@ -33,7 +33,8 @@ const sv = {
       quoteExpired: "Offerten har g\xE5tt ut",
       driverUnavailable: "F\xF6raren \xE4r inte tillg\xE4nglig",
       invoiceAlreadyExists: "En faktura finns redan f\xF6r denna order",
-      periodNotFound: "Ingen aktiv lagringsperiod hittades"
+      periodNotFound: "Ingen aktiv lagringsperiod hittades",
+      noTenant: "Klient hittades inte \u2014 v\xE4nligen logga in igen"
     },
     invoice: {
       title: "Faktura",

package/dist/runtime/server/migrations/002_add_multitenancy.sql

@@ -0,0 +1,330 @@
+-- mbl-order: multitenancy
+-- Apply AFTER 001_transport_schema.sql
+--
+-- ─── MANUAL STEP REQUIRED ────────────────────────────────────────────────────
+-- After running this migration, register the hook in the Supabase dashboard:
+--   Authentication → Hooks → Customize Access Token (JWT) Claims
+--   → Select function: public.custom_access_token_hook
+--
+-- Without this hook, transport.current_tenant_id() always returns NULL and
+-- all RLS policies deny every request (fail closed — not fail open).
+-- ─────────────────────────────────────────────────────────────────────────────
+
+-- ─── Tenant schema ───────────────────────────────────────────────────────────
+
+CREATE SCHEMA IF NOT EXISTS tenant;
+
+-- ─── Tenants ─────────────────────────────────────────────────────────────────
+
+CREATE TABLE tenant.tenants (
+  id            uuid        PRIMARY KEY DEFAULT gen_random_uuid(),
+  name          text        NOT NULL,
+  slug          text        NOT NULL UNIQUE,
+  locale        text        NOT NULL DEFAULT 'en' CHECK (locale IN ('en', 'sv')),
+  currency      text        NOT NULL DEFAULT 'GBP' CHECK (currency IN ('GBP', 'SEK')),
+  vat_standard  numeric     NOT NULL DEFAULT 0.20,
+  created_at    timestamptz NOT NULL DEFAULT now()
+);
+
+ALTER TABLE tenant.tenants ENABLE ROW LEVEL SECURITY;
+
+-- ─── Tenant users ─────────────────────────────────────────────────────────────
+-- Stores the many-to-one relationship between auth users and tenants.
+-- Also stores the transport role for this user within the tenant.
+-- mbl-auth must insert here when provisioning a new user to a tenant.
+
+CREATE TABLE tenant.tenant_users (
+  user_id    uuid NOT NULL REFERENCES auth.users(id)      ON DELETE CASCADE,
+  tenant_id  uuid NOT NULL REFERENCES tenant.tenants(id)  ON DELETE CASCADE,
+  role       text NOT NULL DEFAULT 'customer'
+             CHECK (role IN ('customer', 'driver', 'dispatcher', 'admin')),
+  created_at timestamptz NOT NULL DEFAULT now(),
+  PRIMARY KEY (user_id, tenant_id)
+);
+
+ALTER TABLE tenant.tenant_users ENABLE ROW LEVEL SECURITY;
+
+-- Users can read their own membership row (needed by useTenant() composable)
+CREATE POLICY "tenant_users_own_read" ON tenant.tenant_users
+  FOR SELECT USING (user_id = auth.uid());
+
+-- Authenticated users can read only their own tenant (defined after tenant_users exists)
+CREATE POLICY "tenants_own_read" ON tenant.tenants
+  FOR SELECT USING (
+    id IN (SELECT tenant_id FROM tenant.tenant_users WHERE user_id = auth.uid())
+  );
+
+-- ─── Custom Access Token Hook ─────────────────────────────────────────────────
+-- Injects tenant_id and user_role as top-level JWT claims on every login/refresh.
+-- MUST be registered manually in the Supabase dashboard (see top of file).
+-- The hook function must reside in the public schema (Supabase requirement).
+--
+-- Claims injected:
+--   tenant_id  — uuid string  — used by transport.current_tenant_id()
+--   user_role  — text         — used by transport.current_user_role()
+--                               ('user_role' avoids overwriting Supabase's own 'role' claim)
+
+CREATE OR REPLACE FUNCTION public.custom_access_token_hook(event jsonb)
+RETURNS jsonb LANGUAGE plpgsql STABLE SECURITY DEFINER AS $$
+DECLARE
+  v_claims    jsonb;
+  v_tenant_id uuid;
+  v_role      text;
+BEGIN
+  SELECT tenant_id, role INTO v_tenant_id, v_role
+  FROM tenant.tenant_users
+  WHERE user_id = (event->>'user_id')::uuid;
+
+  v_claims := event->'claims';
+
+  IF v_tenant_id IS NOT NULL THEN
+    v_claims := jsonb_set(v_claims, '{tenant_id}', to_jsonb(v_tenant_id::text));
+    v_claims := jsonb_set(v_claims, '{user_role}', to_jsonb(coalesce(v_role, 'customer')));
+  END IF;
+
+  RETURN jsonb_set(event, '{claims}', v_claims);
+END;
+$$;
+
+-- Hook must be called by supabase_auth_admin only
+GRANT EXECUTE ON FUNCTION public.custom_access_token_hook TO supabase_auth_admin;
+REVOKE EXECUTE ON FUNCTION public.custom_access_token_hook FROM authenticated, anon, public;
+
+-- ─── Add tenant_id to all transport tables ───────────────────────────────────
+
+ALTER TABLE transport.orders
+  ADD COLUMN tenant_id uuid NOT NULL REFERENCES tenant.tenants(id);
+
+ALTER TABLE transport.order_lines
+  ADD COLUMN tenant_id uuid NOT NULL REFERENCES tenant.tenants(id);
+
+ALTER TABLE transport.quotes
+  ADD COLUMN tenant_id uuid NOT NULL REFERENCES tenant.tenants(id);
+
+ALTER TABLE transport.invoices
+  ADD COLUMN tenant_id uuid NOT NULL REFERENCES tenant.tenants(id);
+
+ALTER TABLE transport.storage_periods
+  ADD COLUMN tenant_id uuid NOT NULL REFERENCES tenant.tenants(id);
+
+ALTER TABLE transport.drivers
+  ADD COLUMN tenant_id uuid NOT NULL REFERENCES tenant.tenants(id);
+
+ALTER TABLE transport.vehicles
+  ADD COLUMN tenant_id uuid NOT NULL REFERENCES tenant.tenants(id);
+
+-- ─── Indexes ─────────────────────────────────────────────────────────────────
+
+CREATE INDEX ON transport.orders          (tenant_id);
+CREATE INDEX ON transport.orders          (tenant_id, customer_id);
+CREATE INDEX ON transport.orders          (tenant_id, status);
+CREATE INDEX ON transport.drivers         (tenant_id);
+CREATE INDEX ON transport.invoices        (tenant_id);
+CREATE INDEX ON transport.vehicles        (tenant_id);
+CREATE INDEX ON transport.order_lines     (tenant_id);
+CREATE INDEX ON transport.quotes          (tenant_id);
+CREATE INDEX ON transport.storage_periods (tenant_id);
+
+-- ─── Update helper functions ─────────────────────────────────────────────────
+
+-- Reads tenant_id from the hook-injected top-level JWT claim.
+-- PostgREST sets request.jwt.claim.<name> per individual claim (fast path).
+-- Falls back to parsing the full request.jwt.claims JSON string.
+-- Returns NULL if claim is absent → all policies fail closed.
+CREATE OR REPLACE FUNCTION transport.current_tenant_id()
+RETURNS uuid LANGUAGE sql STABLE SECURITY DEFINER AS $$
+  SELECT CASE
+    WHEN current_setting('request.jwt.claim.tenant_id', true) <> ''
+    THEN current_setting('request.jwt.claim.tenant_id', true)::uuid
+    WHEN current_setting('request.jwt.claims', true) <> ''
+    THEN (current_setting('request.jwt.claims', true)::jsonb->>'tenant_id')::uuid
+    ELSE NULL
+  END
+$$;
+
+-- Reads user_role from the hook-injected JWT claim.
+-- Falls back to app_metadata.role for backward compatibility with mbl-auth
+-- deployments that have not yet enabled the Custom Access Token Hook.
+CREATE OR REPLACE FUNCTION transport.current_user_role()
+RETURNS text LANGUAGE sql STABLE SECURITY DEFINER AS $$
+  SELECT coalesce(
+    CASE WHEN current_setting('request.jwt.claim.user_role', true) <> ''
+      THEN current_setting('request.jwt.claim.user_role', true) END,
+    CASE WHEN current_setting('request.jwt.claims', true) <> ''
+      THEN current_setting('request.jwt.claims', true)::jsonb->>'user_role' END,
+    CASE WHEN current_setting('request.jwt.claims', true) <> ''
+      THEN current_setting('request.jwt.claims', true)::jsonb->'app_metadata'->>'role' END,
+    'customer'
+  )
+$$;
+
+-- ─── Replace RLS policies with tenant-scoped versions ────────────────────────
+-- Drop all policies created in 001_transport_schema.sql and recreate with
+-- tenant isolation added to every condition.
+
+-- Orders
+DROP POLICY IF EXISTS orders_select ON transport.orders;
+DROP POLICY IF EXISTS orders_insert ON transport.orders;
+DROP POLICY IF EXISTS orders_update ON transport.orders;
+
+CREATE POLICY orders_select ON transport.orders FOR SELECT USING (
+  tenant_id = transport.current_tenant_id()
+  AND (
+    transport.current_user_role() IN ('admin', 'dispatcher', 'driver')
+    OR customer_id = auth.uid()
+  )
+);
+
+CREATE POLICY orders_insert ON transport.orders FOR INSERT WITH CHECK (
+  tenant_id = transport.current_tenant_id()
+  AND transport.current_user_role() IN ('customer', 'dispatcher', 'admin')
+);
+
+CREATE POLICY orders_update ON transport.orders FOR UPDATE
+  USING  (tenant_id = transport.current_tenant_id())
+  WITH CHECK (
+    tenant_id = transport.current_tenant_id()
+    AND (
+      transport.current_user_role() IN ('dispatcher', 'admin')
+      OR (
+        transport.current_user_role() = 'driver'
+        AND assigned_driver_id IN (
+          SELECT id FROM transport.drivers
+          WHERE user_id = auth.uid()
+            AND tenant_id = transport.current_tenant_id()
+        )
+      )
+    )
+  );
+
+-- Order lines
+DROP POLICY IF EXISTS order_lines_select ON transport.order_lines;
+DROP POLICY IF EXISTS order_lines_insert ON transport.order_lines;
+
+CREATE POLICY order_lines_select ON transport.order_lines FOR SELECT USING (
+  tenant_id = transport.current_tenant_id()
+);
+
+CREATE POLICY order_lines_insert ON transport.order_lines FOR INSERT WITH CHECK (
+  tenant_id = transport.current_tenant_id()
+  AND transport.current_user_role() IN ('dispatcher', 'admin')
+);
+
+-- Quotes
+DROP POLICY IF EXISTS quotes_select ON transport.quotes;
+DROP POLICY IF EXISTS quotes_insert ON transport.quotes;
+DROP POLICY IF EXISTS quotes_update ON transport.quotes;
+
+CREATE POLICY quotes_select ON transport.quotes FOR SELECT USING (
+  tenant_id = transport.current_tenant_id()
+  AND (
+    transport.current_user_role() IN ('admin', 'dispatcher')
+    OR order_id IN (
+      SELECT id FROM transport.orders
+      WHERE customer_id = auth.uid()
+        AND tenant_id = transport.current_tenant_id()
+    )
+  )
+);
+
+CREATE POLICY quotes_insert ON transport.quotes FOR INSERT WITH CHECK (
+  tenant_id = transport.current_tenant_id()
+  AND transport.current_user_role() IN ('dispatcher', 'admin')
+);
+
+CREATE POLICY quotes_update ON transport.quotes FOR UPDATE
+  USING  (tenant_id = transport.current_tenant_id())
+  WITH CHECK (
+    tenant_id = transport.current_tenant_id()
+    AND (
+      transport.current_user_role() IN ('dispatcher', 'admin')
+      OR order_id IN (
+        SELECT id FROM transport.orders
+        WHERE customer_id = auth.uid()
+          AND tenant_id = transport.current_tenant_id()
+      )
+    )
+  );
+
+-- Storage periods
+DROP POLICY IF EXISTS storage_periods_select ON transport.storage_periods;
+DROP POLICY IF EXISTS storage_periods_write ON transport.storage_periods;
+
+CREATE POLICY storage_periods_select ON transport.storage_periods FOR SELECT USING (
+  tenant_id = transport.current_tenant_id()
+);
+
+CREATE POLICY storage_periods_write ON transport.storage_periods FOR ALL
+  USING  (tenant_id = transport.current_tenant_id())
+  WITH CHECK (
+    tenant_id = transport.current_tenant_id()
+    AND transport.current_user_role() IN ('dispatcher', 'admin')
+  );
+
+-- Invoices
+DROP POLICY IF EXISTS invoices_select ON transport.invoices;
+DROP POLICY IF EXISTS invoices_write ON transport.invoices;
+
+CREATE POLICY invoices_select ON transport.invoices FOR SELECT USING (
+  tenant_id = transport.current_tenant_id()
+  AND (
+    transport.current_user_role() IN ('admin', 'dispatcher')
+    OR order_id IN (
+      SELECT id FROM transport.orders
+      WHERE customer_id = auth.uid()
+        AND tenant_id = transport.current_tenant_id()
+    )
+  )
+);
+
+CREATE POLICY invoices_write ON transport.invoices FOR ALL
+  USING  (tenant_id = transport.current_tenant_id())
+  WITH CHECK (
+    tenant_id = transport.current_tenant_id()
+    AND transport.current_user_role() IN ('dispatcher', 'admin')
+  );
+
+-- Drivers
+DROP POLICY IF EXISTS drivers_select ON transport.drivers;
+DROP POLICY IF EXISTS drivers_write ON transport.drivers;
+
+CREATE POLICY drivers_select ON transport.drivers FOR SELECT USING (
+  tenant_id = transport.current_tenant_id()
+  AND (
+    transport.current_user_role() IN ('admin', 'dispatcher')
+    OR user_id = auth.uid()
+  )
+);
+
+CREATE POLICY drivers_write ON transport.drivers FOR ALL
+  USING  (tenant_id = transport.current_tenant_id())
+  WITH CHECK (
+    tenant_id = transport.current_tenant_id()
+    AND transport.current_user_role() = 'admin'
+  );
+
+-- Vehicles
+DROP POLICY IF EXISTS vehicles_select ON transport.vehicles;
+DROP POLICY IF EXISTS vehicles_write ON transport.vehicles;
+
+CREATE POLICY vehicles_select ON transport.vehicles FOR SELECT
+  TO authenticated USING (tenant_id = transport.current_tenant_id());
+
+CREATE POLICY vehicles_write ON transport.vehicles FOR ALL
+  USING  (tenant_id = transport.current_tenant_id())
+  WITH CHECK (
+    tenant_id = transport.current_tenant_id()
+    AND transport.current_user_role() = 'admin'
+  );
+
+-- ─── Dev tenant seed ─────────────────────────────────────────────────────────
+
+INSERT INTO tenant.tenants (id, name, slug, locale, currency, vat_standard)
+VALUES (
+  '00000000-0000-0000-0000-000000000001',
+  'Dev Transport Co',
+  'dev',
+  'en',
+  'GBP',
+  0.20
+) ON CONFLICT (id) DO NOTHING;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@madebylars.com/mbl-order",
-  "version": "0.1.0",
+  "version": "1.0.1",
   "description": "Nuxt 4 transport-vertical order management module for the MadeByLars ecosystem",
   "repository": {
     "type": "git",