@unifiedcommerce/core 0.5.4 → 0.5.5

package/dist/auth/org.d.ts

@@ -1,24 +1,27 @@
 /**
- * @deprecated Use `config.auth.defaultOrganizationId` instead.
- * This constant will be removed in the next major version.
- * See RFC-060 for migration details.
+ * @deprecated Will be removed. Use `config.auth.defaultOrganizationId` instead.
+ * Kept only for test utilities and backwards compatibility.
  */
 export declare const DEFAULT_ORG_ID = "org_default";
+/**
+ * Called once at boot by createCommerce/createServer to register
+ * the config-driven default org ID. This bridges the gap between
+ * config (available at boot) and services (which don't have config access).
+ */
+export declare function setBootDefaultOrgId(orgId: string): void;
 /**
  * Extracts the organization ID from an actor.
  *
  * Resolution order:
- * 1. Actor's organizationId (set by middleware from session/API key)
- * 2. Explicit defaultOrgId parameter (from config.auth.defaultOrganizationId)
- * 3. Deprecated fallback to "org_default" (logs warning once)
+ * 1. Actor's organizationId (set by middleware from session/API key/storeResolver)
+ * 2. Explicit defaultOrgId parameter (caller override)
+ * 3. Boot-time default (from config.auth.defaultOrganizationId via setBootDefaultOrgId)
+ * 4. Deprecated fallback to DEFAULT_ORG_ID (will be removed)
  */
 export declare function resolveOrgId(actor: unknown, defaultOrgId?: string): string;
 /**
  * @deprecated Use seed script with `auth.api.createOrganization()` instead.
- * This function will be removed in the next major version. See RFC-060.
- *
- * Ensures the default organization row exists in the database.
- * Idempotent — safe to call multiple times.
+ * Kept for backwards compatibility during migration. Will be removed.
  */
 export declare function ensureDefaultOrg(db: unknown, storeName?: string): Promise<void>;
 //# sourceMappingURL=org.d.ts.map

package/dist/auth/org.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"org.d.ts","sourceRoot":"","sources":["../../src/auth/org.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,eAAO,MAAM,cAAc,gBAAgB,CAAC;AAI5C;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,OAAO,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,CAiB1E;AAED;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CACpC,EAAE,EAAE,OAAO,EACX,SAAS,SAAkB,GAC1B,OAAO,CAAC,IAAI,CAAC,CAOf"}
+{"version":3,"file":"org.d.ts","sourceRoot":"","sources":["../../src/auth/org.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,eAAO,MAAM,cAAc,gBAAgB,CAAC;AAS5C;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAEvD;AAED;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,OAAO,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,MAAM,CAQ1E;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,EAAE,EAAE,OAAO,EACX,SAAS,SAAkB,GAC1B,OAAO,CAAC,IAAI,CAAC,CAOf"}

package/dist/auth/org.js

@@ -1,18 +1,31 @@
 import { OrganizationService } from "../modules/organization/service.js";
 /**
- * @deprecated Use `config.auth.defaultOrganizationId` instead.
- * This constant will be removed in the next major version.
- * See RFC-060 for migration details.
+ * @deprecated Will be removed. Use `config.auth.defaultOrganizationId` instead.
+ * Kept only for test utilities and backwards compatibility.
  */
 export const DEFAULT_ORG_ID = "org_default";
-let hasLoggedDeprecation = false;
+/**
+ * Module-level default set once at boot by `setBootDefaultOrgId()`.
+ * Allows resolveOrgId to use the config value without requiring
+ * every service caller to pass it explicitly.
+ */
+let _bootDefaultOrgId;
+/**
+ * Called once at boot by createCommerce/createServer to register
+ * the config-driven default org ID. This bridges the gap between
+ * config (available at boot) and services (which don't have config access).
+ */
+export function setBootDefaultOrgId(orgId) {
+    _bootDefaultOrgId = orgId;
+}
 /**
  * Extracts the organization ID from an actor.
  *
  * Resolution order:
- * 1. Actor's organizationId (set by middleware from session/API key)
- * 2. Explicit defaultOrgId parameter (from config.auth.defaultOrganizationId)
- * 3. Deprecated fallback to "org_default" (logs warning once)
+ * 1. Actor's organizationId (set by middleware from session/API key/storeResolver)
+ * 2. Explicit defaultOrgId parameter (caller override)
+ * 3. Boot-time default (from config.auth.defaultOrganizationId via setBootDefaultOrgId)
+ * 4. Deprecated fallback to DEFAULT_ORG_ID (will be removed)
  */
 export function resolveOrgId(actor, defaultOrgId) {
     if (actor != null && typeof actor === "object" && "organizationId" in actor) {
@@ -22,21 +35,13 @@ export function resolveOrgId(actor, defaultOrgId) {
     }
     if (defaultOrgId)
         return defaultOrgId;
-    // Deprecated fallback — will become an error in next major version
-    if (!hasLoggedDeprecation) {
-        hasLoggedDeprecation = true;
-        console.warn("[UC DEPRECATION] resolveOrgId() fell back to 'org_default'. " +
-            "Set auth.defaultOrganizationId in your commerce config. " +
-            "This fallback will be removed in the next major version. See RFC-060.");
-    }
+    if (_bootDefaultOrgId)
+        return _bootDefaultOrgId;
     return DEFAULT_ORG_ID;
 }
 /**
  * @deprecated Use seed script with `auth.api.createOrganization()` instead.
- * This function will be removed in the next major version. See RFC-060.
- *
- * Ensures the default organization row exists in the database.
- * Idempotent — safe to call multiple times.
+ * Kept for backwards compatibility during migration. Will be removed.
  */
 export async function ensureDefaultOrg(db, storeName = "Default Store") {
     const orgService = new OrganizationService(db);

package/dist/runtime/commerce.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"commerce.d.ts","sourceRoot":"","sources":["../../src/runtime/commerce.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAG1C,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,kBAAkB,CAAC;AACjE,OAAO,EAAgB,KAAK,MAAM,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAkB,KAAK,gBAAgB,EAAwB,MAAM,wBAAwB,CAAC;AAErG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AACH,MAAM,WAAW,gBAAgB;IAC/B,0EAA0E;IAC1E,GAAG,EAAE,gBAAgB,CAAC;IAEtB,8DAA8D;IAC9D,MAAM,EAAE,MAAM,CAAC;IAEf,mDAAmD;IACnD,EAAE,EAAE,OAAO,CAAC;IAEZ,yDAAyD;IACzD,IAAI,EAAE,YAAY,CAAC;IAEnB,aAAa;IACb,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;;;;;;;;OAYG;IACH,SAAS,CAAC,KAAK,EAAE,KAAK,GAAG,gBAAgB,CAAC;IAE1C;;;;;;;;;;OAUG;IACH,eAAe,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,KAAK,GAAG,IAAI,GAAG,gBAAgB,CAAC;CACtE;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,gBAAgB,CAAC,CA+B3B"}
+{"version":3,"file":"commerce.d.ts","sourceRoot":"","sources":["../../src/runtime/commerce.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAG1C,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,kBAAkB,CAAC;AACjE,OAAO,EAAgB,KAAK,MAAM,EAAE,MAAM,aAAa,CAAC;AACxD,OAAO,EAAkB,KAAK,gBAAgB,EAAwB,MAAM,wBAAwB,CAAC;AAErG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AACH,MAAM,WAAW,gBAAgB;IAC/B,0EAA0E;IAC1E,GAAG,EAAE,gBAAgB,CAAC;IAEtB,8DAA8D;IAC9D,MAAM,EAAE,MAAM,CAAC;IAEf,mDAAmD;IACnD,EAAE,EAAE,OAAO,CAAC;IAEZ,yDAAyD;IACzD,IAAI,EAAE,YAAY,CAAC;IAEnB,aAAa;IACb,MAAM,EAAE,MAAM,CAAC;IAEf;;;;;;;;;;;;OAYG;IACH,SAAS,CAAC,KAAK,EAAE,KAAK,GAAG,gBAAgB,CAAC;IAE1C;;;;;;;;;;OAUG;IACH,eAAe,CAAC,EAAE,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,KAAK,GAAG,IAAI,GAAG,gBAAgB,CAAC;CACtE;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,cAAc,GACrB,OAAO,CAAC,gBAAgB,CAAC,CAkC3B"}

package/dist/runtime/commerce.js

@@ -1,5 +1,5 @@
 import { createKernel } from "./kernel.js";
-import { ensureDefaultOrg } from "../auth/org.js";
+import { ensureDefaultOrg, setBootDefaultOrgId } from "../auth/org.js";
 import { createAuth } from "../auth/setup.js";
 import { createLogger } from "./logger.js";
 import { createLocalAPI } from "../kernel/local-api.js";
@@ -16,10 +16,14 @@ import { createLocalAPI } from "../kernel/local-api.js";
  */
 export async function createCommerce(config) {
     const kernel = createKernel(config);
-    // If no explicit org ID is configured, fall back to legacy ensureDefaultOrg behavior
-    // with a deprecation warning. New deployments should use seed scripts with
-    // auth.api.createOrganization() and set config.auth.defaultOrganizationId.
-    if (!config.auth?.defaultOrganizationId) {
+    // Register the config-driven org ID so resolveOrgId() can use it
+    // without requiring every service to have config access.
+    if (config.auth?.defaultOrganizationId) {
+        setBootDefaultOrgId(config.auth.defaultOrganizationId);
+    }
+    else {
+        // Legacy fallback: auto-create org_default for deployments
+        // that haven't migrated to seed-based org creation yet.
         await ensureDefaultOrg(kernel.database.db, config.storeName);
     }
     const auth = createAuth(kernel.database, config);

package/dist/test-utils/create-test-config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"create-test-config.d.ts","sourceRoot":"","sources":["../../src/test-utils/create-test-config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAgDzD,wBAAsB,gBAAgB,CACpC,SAAS,GAAE,OAAO,CAAC,cAAc,CAAM,GACtC,OAAO,CAAC,cAAc,CAAC,CA+GzB;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,sBAAsB,CAC1C,SAAS,GAAE,OAAO,CAAC,cAAc,CAAM,GACtC,OAAO,CAAC;IAAE,MAAM,EAAE,cAAc,CAAC;IAAC,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAAE,CAAC,CAUnE"}
+{"version":3,"file":"create-test-config.d.ts","sourceRoot":"","sources":["../../src/test-utils/create-test-config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAgDzD,wBAAsB,gBAAgB,CACpC,SAAS,GAAE,OAAO,CAAC,cAAc,CAAM,GACtC,OAAO,CAAC,cAAc,CAAC,CAgHzB;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,sBAAsB,CAC1C,SAAS,GAAE,OAAO,CAAC,cAAc,CAAM,GACtC,OAAO,CAAC;IAAE,MAAM,EAAE,cAAc,CAAC;IAAC,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAAE,CAAC,CAUnE"}

package/dist/test-utils/create-test-config.js

@@ -53,6 +53,7 @@ export async function createTestConfig(overrides = {}) {
             provider: "postgresql",
         },
         auth: {
+            defaultOrganizationId: "org_default",
             requireEmailVerification: false,
             apiKeys: { enabled: true, defaultPermissions: ["catalog:read"] },
             posPin: { enabled: true },

package/dist/test-utils/test-actors.d.ts

@@ -1,4 +1,10 @@
 import type { Actor } from "../auth/types.js";
+/**
+ * Organization ID used in test fixtures. Tests use the deprecated DEFAULT_ORG_ID
+ * because ensureDefaultOrg() creates this org in test setup. When RFC-060 Phase 6
+ * removes DEFAULT_ORG_ID, test setup will create a real org via Better Auth API.
+ */
+export declare const TEST_ORG_ID = "org_default";
 /** Admin with wildcard permissions. Use for setup operations in beforeAll. */
 export declare const testAdminActor: Actor;
 /** Staff with common operational permissions. */

package/dist/test-utils/test-actors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"test-actors.d.ts","sourceRoot":"","sources":["../../src/test-utils/test-actors.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAE9C,8EAA8E;AAC9E,eAAO,MAAM,cAAc,EAAE,KAS5B,CAAC;AAEF,iDAAiD;AACjD,eAAO,MAAM,cAAc,EAAE,KAY5B,CAAC;AAEF,wDAAwD;AACxD,eAAO,MAAM,iBAAiB,EAAE,KAS/B,CAAC;AAEF,qEAAqE;AACrE,eAAO,MAAM,eAAe,EAAE,KAS7B,CAAC;AAEF;;;GAGG;AACH,wBAAgB,WAAW,CAAC,KAAK,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAIjE"}
+{"version":3,"file":"test-actors.d.ts","sourceRoot":"","sources":["../../src/test-utils/test-actors.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAG9C;;;;GAIG;AACH,eAAO,MAAM,WAAW,gBAAiB,CAAC;AAE1C,8EAA8E;AAC9E,eAAO,MAAM,cAAc,EAAE,KAS5B,CAAC;AAEF,iDAAiD;AACjD,eAAO,MAAM,cAAc,EAAE,KAY5B,CAAC;AAEF,wDAAwD;AACxD,eAAO,MAAM,iBAAiB,EAAE,KAS/B,CAAC;AAEF,qEAAqE;AACrE,eAAO,MAAM,eAAe,EAAE,KAS7B,CAAC;AAEF;;;GAGG;AACH,wBAAgB,WAAW,CAAC,KAAK,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAIjE"}

package/dist/test-utils/test-actors.js

@@ -1,3 +1,10 @@
+import { DEFAULT_ORG_ID } from "../auth/org.js";
+/**
+ * Organization ID used in test fixtures. Tests use the deprecated DEFAULT_ORG_ID
+ * because ensureDefaultOrg() creates this org in test setup. When RFC-060 Phase 6
+ * removes DEFAULT_ORG_ID, test setup will create a real org via Better Auth API.
+ */
+export const TEST_ORG_ID = DEFAULT_ORG_ID;
 /** Admin with wildcard permissions. Use for setup operations in beforeAll. */
 export const testAdminActor = {
     type: "user",
@@ -5,7 +12,7 @@ export const testAdminActor = {
     email: "admin@test.local",
     name: "Test Admin",
     vendorId: null,
-    organizationId: "org_default",
+    organizationId: TEST_ORG_ID,
     role: "admin",
     permissions: ["*:*"],
 };
@@ -16,7 +23,7 @@ export const testStaffActor = {
     email: "staff@test.local",
     name: "Test Staff",
     vendorId: null,
-    organizationId: "org_default",
+    organizationId: TEST_ORG_ID,
     role: "staff",
     permissions: [
         "catalog:read", "catalog:create", "catalog:update",
@@ -30,7 +37,7 @@ export const testCustomerActor = {
     email: "customer@test.local",
     name: "Test Customer",
     vendorId: null,
-    organizationId: "org_default",
+    organizationId: TEST_ORG_ID,
     role: "customer",
     permissions: ["catalog:read", "cart:create", "cart:read", "orders:read:own"],
 };
@@ -41,7 +48,7 @@ export const testNoPermActor = {
     email: "noperm@test.local",
     name: "No Permissions",
     vendorId: null,
-    organizationId: "org_default",
+    organizationId: TEST_ORG_ID,
     role: "customer",
     permissions: [],
 };

package/dist/testing.d.ts

@@ -9,6 +9,6 @@ export { createTestKernel } from "./test-utils/create-test-kernel.js";
 export { createTestPluginContext } from "./test-utils/create-test-plugin-context.js";
 export { createRepositoryTestHarness } from "./test-utils/create-repository-test-harness.js";
 export { createPluginTestApp, type PluginTestApp, type TestAppEnv } from "./test-utils/create-plugin-test-app.js";
-export { testAdminActor, testStaffActor, testCustomerActor, testNoPermActor, jsonHeaders, } from "./test-utils/test-actors.js";
+export { TEST_ORG_ID, testAdminActor, testStaffActor, testCustomerActor, testNoPermActor, jsonHeaders, } from "./test-utils/test-actors.js";
 export { beforeHook, afterHook } from "./test-utils/typed-hooks.js";
 //# sourceMappingURL=testing.d.ts.map

package/dist/testing.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"testing.d.ts","sourceRoot":"","sources":["../src/testing.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,EAAE,uBAAuB,EAAE,MAAM,4CAA4C,CAAC;AACrF,OAAO,EAAE,2BAA2B,EAAE,MAAM,gDAAgD,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,KAAK,aAAa,EAAE,KAAK,UAAU,EAAE,MAAM,wCAAwC,CAAC;AAClH,OAAO,EACL,cAAc,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAClE,WAAW,GACZ,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC"}
+{"version":3,"file":"testing.d.ts","sourceRoot":"","sources":["../src/testing.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,EAAE,uBAAuB,EAAE,MAAM,4CAA4C,CAAC;AACrF,OAAO,EAAE,2BAA2B,EAAE,MAAM,gDAAgD,CAAC;AAC7F,OAAO,EAAE,mBAAmB,EAAE,KAAK,aAAa,EAAE,KAAK,UAAU,EAAE,MAAM,wCAAwC,CAAC;AAClH,OAAO,EACL,WAAW,EACX,cAAc,EAAE,cAAc,EAAE,iBAAiB,EAAE,eAAe,EAClE,WAAW,GACZ,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,6BAA6B,CAAC"}

package/dist/testing.js

@@ -9,5 +9,5 @@ export { createTestKernel } from "./test-utils/create-test-kernel.js";
 export { createTestPluginContext } from "./test-utils/create-test-plugin-context.js";
 export { createRepositoryTestHarness } from "./test-utils/create-repository-test-harness.js";
 export { createPluginTestApp } from "./test-utils/create-plugin-test-app.js";
-export { testAdminActor, testStaffActor, testCustomerActor, testNoPermActor, jsonHeaders, } from "./test-utils/test-actors.js";
+export { TEST_ORG_ID, testAdminActor, testStaffActor, testCustomerActor, testNoPermActor, jsonHeaders, } from "./test-utils/test-actors.js";
 export { beforeHook, afterHook } from "./test-utils/typed-hooks.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@unifiedcommerce/core",
-  "version": "0.5.4",
+  "version": "0.5.5",
   "type": "module",
   "exports": {
     ".": {

package/src/auth/org.ts

@@ -1,21 +1,35 @@
 import { OrganizationService } from "../modules/organization/service.js";
 
 /**
- * @deprecated Use `config.auth.defaultOrganizationId` instead.
- * This constant will be removed in the next major version.
- * See RFC-060 for migration details.
+ * @deprecated Will be removed. Use `config.auth.defaultOrganizationId` instead.
+ * Kept only for test utilities and backwards compatibility.
  */
 export const DEFAULT_ORG_ID = "org_default";
 
-let hasLoggedDeprecation = false;
+/**
+ * Module-level default set once at boot by `setBootDefaultOrgId()`.
+ * Allows resolveOrgId to use the config value without requiring
+ * every service caller to pass it explicitly.
+ */
+let _bootDefaultOrgId: string | undefined;
+
+/**
+ * Called once at boot by createCommerce/createServer to register
+ * the config-driven default org ID. This bridges the gap between
+ * config (available at boot) and services (which don't have config access).
+ */
+export function setBootDefaultOrgId(orgId: string): void {
+  _bootDefaultOrgId = orgId;
+}
 
 /**
  * Extracts the organization ID from an actor.
  *
  * Resolution order:
- * 1. Actor's organizationId (set by middleware from session/API key)
- * 2. Explicit defaultOrgId parameter (from config.auth.defaultOrganizationId)
- * 3. Deprecated fallback to "org_default" (logs warning once)
+ * 1. Actor's organizationId (set by middleware from session/API key/storeResolver)
+ * 2. Explicit defaultOrgId parameter (caller override)
+ * 3. Boot-time default (from config.auth.defaultOrganizationId via setBootDefaultOrgId)
+ * 4. Deprecated fallback to DEFAULT_ORG_ID (will be removed)
  */
 export function resolveOrgId(actor: unknown, defaultOrgId?: string): string {
   if (actor != null && typeof actor === "object" && "organizationId" in actor) {
@@ -23,25 +37,13 @@ export function resolveOrgId(actor: unknown, defaultOrgId?: string): string {
     if (typeof orgId === "string") return orgId;
   }
   if (defaultOrgId) return defaultOrgId;
-
-  // Deprecated fallback — will become an error in next major version
-  if (!hasLoggedDeprecation) {
-    hasLoggedDeprecation = true;
-    console.warn(
-      "[UC DEPRECATION] resolveOrgId() fell back to 'org_default'. " +
-      "Set auth.defaultOrganizationId in your commerce config. " +
-      "This fallback will be removed in the next major version. See RFC-060.",
-    );
-  }
+  if (_bootDefaultOrgId) return _bootDefaultOrgId;
   return DEFAULT_ORG_ID;
 }
 
 /**
  * @deprecated Use seed script with `auth.api.createOrganization()` instead.
- * This function will be removed in the next major version. See RFC-060.
- *
- * Ensures the default organization row exists in the database.
- * Idempotent — safe to call multiple times.
+ * Kept for backwards compatibility during migration. Will be removed.
  */
 export async function ensureDefaultOrg(
   db: unknown,

package/src/runtime/commerce.ts

@@ -2,7 +2,7 @@ import type { Actor } from "../auth/types.js";
 import type { CommerceConfig } from "../config/types.js";
 import type { Kernel } from "./kernel.js";
 import { createKernel } from "./kernel.js";
-import { ensureDefaultOrg } from "../auth/org.js";
+import { ensureDefaultOrg, setBootDefaultOrgId } from "../auth/org.js";
 import { createAuth, type AuthInstance } from "../auth/setup.js";
 import { createLogger, type Logger } from "./logger.js";
 import { createLocalAPI, type CommerceLocalAPI, type LocalAPIOptions } from "../kernel/local-api.js";
@@ -121,10 +121,13 @@ export async function createCommerce(
 ): Promise<CommerceInstance> {
   const kernel = createKernel(config);
 
-  // If no explicit org ID is configured, fall back to legacy ensureDefaultOrg behavior
-  // with a deprecation warning. New deployments should use seed scripts with
-  // auth.api.createOrganization() and set config.auth.defaultOrganizationId.
-  if (!config.auth?.defaultOrganizationId) {
+  // Register the config-driven org ID so resolveOrgId() can use it
+  // without requiring every service to have config access.
+  if (config.auth?.defaultOrganizationId) {
+    setBootDefaultOrgId(config.auth.defaultOrganizationId);
+  } else {
+    // Legacy fallback: auto-create org_default for deployments
+    // that haven't migrated to seed-based org creation yet.
     await ensureDefaultOrg(kernel.database.db, config.storeName);
   }
 

package/src/test-utils/create-test-config.ts

@@ -64,6 +64,7 @@ export async function createTestConfig(
       provider: "postgresql",
     },
     auth: {
+      defaultOrganizationId: "org_default",
       requireEmailVerification: false,
       apiKeys: { enabled: true, defaultPermissions: ["catalog:read"] },
       posPin: { enabled: true },

package/src/test-utils/test-actors.ts

@@ -1,4 +1,12 @@
 import type { Actor } from "../auth/types.js";
+import { DEFAULT_ORG_ID } from "../auth/org.js";
+
+/**
+ * Organization ID used in test fixtures. Tests use the deprecated DEFAULT_ORG_ID
+ * because ensureDefaultOrg() creates this org in test setup. When RFC-060 Phase 6
+ * removes DEFAULT_ORG_ID, test setup will create a real org via Better Auth API.
+ */
+export const TEST_ORG_ID = DEFAULT_ORG_ID;
 
 /** Admin with wildcard permissions. Use for setup operations in beforeAll. */
 export const testAdminActor: Actor = {
@@ -7,7 +15,7 @@ export const testAdminActor: Actor = {
   email: "admin@test.local",
   name: "Test Admin",
   vendorId: null,
-  organizationId: "org_default",
+  organizationId: TEST_ORG_ID,
   role: "admin",
   permissions: ["*:*"],
 };
@@ -19,7 +27,7 @@ export const testStaffActor: Actor = {
   email: "staff@test.local",
   name: "Test Staff",
   vendorId: null,
-  organizationId: "org_default",
+  organizationId: TEST_ORG_ID,
   role: "staff",
   permissions: [
     "catalog:read", "catalog:create", "catalog:update",
@@ -34,7 +42,7 @@ export const testCustomerActor: Actor = {
   email: "customer@test.local",
   name: "Test Customer",
   vendorId: null,
-  organizationId: "org_default",
+  organizationId: TEST_ORG_ID,
   role: "customer",
   permissions: ["catalog:read", "cart:create", "cart:read", "orders:read:own"],
 };
@@ -46,7 +54,7 @@ export const testNoPermActor: Actor = {
   email: "noperm@test.local",
   name: "No Permissions",
   vendorId: null,
-  organizationId: "org_default",
+  organizationId: TEST_ORG_ID,
   role: "customer",
   permissions: [],
 };

package/src/testing.ts

@@ -11,6 +11,7 @@ export { createTestPluginContext } from "./test-utils/create-test-plugin-context
 export { createRepositoryTestHarness } from "./test-utils/create-repository-test-harness.js";
 export { createPluginTestApp, type PluginTestApp, type TestAppEnv } from "./test-utils/create-plugin-test-app.js";
 export {
+  TEST_ORG_ID,
   testAdminActor, testStaffActor, testCustomerActor, testNoPermActor,
   jsonHeaders,
 } from "./test-utils/test-actors.js";