Context Everywhere

Summary

Operational code should carry explicit context: organization or tenant scope, actor identity, run identity, environment, and the source of a decision where those concepts apply.

Problem

Hidden context is one of the fastest ways to make operational systems unsafe. If a service reads "current tenant" from nowhere, if a job cannot explain which run produced a result, or if a state change has no actor, later review becomes guesswork.

Principle

Pass context explicitly at boundaries. The platform should be able to answer who acted, for which scope, from which run or request, and with which source evidence.

Platform Shape

The repo guidance assumes multi-tenancy and audit even when current usage is internal. Jobs receive runtime params and record execution state. Review surfaces should record actors for mutations. Lakehouse and operational services should avoid unscoped reads when the data has tenant or provider scope.

The point is not boilerplate. Explicit context lets the same service function serve a CLI, scheduled job, API route, worker, or future agent without relying on hidden process state.

Source Evidence

  • AGENTS.md
  • docs/reference/architecture.md
  • docs/reference/job-layout.md
  • docs/engineering/architecture/designing-for-future-separation.md
  • docs/engineering/architecture/lakehouse-service-boundary.md