feat(connector): add organization auth identity to run

[BlackHole1]

The business layer introduced organizations: a user can belong to
multiple orgs and authenticate as one. oo connector run now picks
the run identity via --organization (alias --org), an
identity.organization config default, or --personal to force the
personal identity. Precedence is flag, then config, then personal.

Only the action run request carries the identity (an organization
query parameter plus an x-oo-organization header). The schema
metadata request and its cache stay identity-free because the action
schema is identity-independent. Telemetry records only a privacy-safe
identity_source enum, never the organization name.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 06d4b87f-5c11-4fb8-a218-f6d652f9188a

📥 Commits

Reviewing files that changed from the base of the PR and between aa0abac and 7a242e0.

⛔ Files ignored due to path filters (1)

• src/application/commands/config/__snapshots__/index.cli.test.ts.snap is excluded by !**/*.snap

📒 Files selected for processing (14)

• contrib/skills/shared/oo/references/connector-execution.md
• docs/commands.md
• docs/commands.zh-CN.md
• src/application/commands/config/index.cli.test.ts
• src/application/commands/config/shared.ts
• src/application/commands/connector/identity.test.ts
• src/application/commands/connector/identity.ts
• src/application/commands/connector/index.cli.test.ts
• src/application/commands/connector/run.ts
• src/application/commands/connector/shared.test.ts
• src/application/commands/connector/shared.ts
• src/application/commands/telemetry-decisions.test.ts
• src/application/schemas/settings.ts
• src/i18n/catalog.ts

---

Summary by CodeRabbit

• New Features

  • Added identity selection for connector actions: run under personal (default), organization (--organization/--org), or force personal identity (--personal).
  • Added identity.organization configuration key to set a default organization identity for connector runs.

• Documentation

  • Updated command documentation with new identity flags and configuration option details.

Walkthrough

This PR adds organization identity support to connector execution. Users can now run connector actions under a named organization identity via --organization <name> or --org <name>, or force personal identity with --personal. A default organization can be configured via oo config set identity.organization. The feature includes input validation (non-empty org, mutually exclusive flags), settings persistence, request-level integration (URL query parameter and HTTP header), and comprehensive tests covering flag precedence, config defaults, and invalid inputs.

Sequence Diagram

sequenceDiagram
  participant User
  participant CliHandler
  participant IdentityResolver
  participant ConfigLoader
  participant ActionExecutor
  participant ConnectorEndpoint

  User->>CliHandler: oo connector run --organization acme
  CliHandler->>ConfigLoader: read identity.organization config
  ConfigLoader-->>CliHandler: (returns undefined or config value)
  CliHandler->>IdentityResolver: resolveConnectorIdentity({personalFlag, organizationFlag, configOrganization})
  IdentityResolver-->>CliHandler: {identity: {organization: "acme"}, source: "flag"}
  CliHandler->>ActionExecutor: runConnectorAction({identity, ...})
  ActionExecutor->>ActionExecutor: applyConnectorIdentityToUrl(url, identity)
  ActionExecutor->>ActionExecutor: connectorIdentityHeaders(identity)
  ActionExecutor->>ConnectorEndpoint: POST /?organization=acme (with x-oo-organization header)
  ConnectorEndpoint-->>ActionExecutor: response
  ActionExecutor-->>CliHandler: result
  CliHandler-->>User: output

Loading

Possibly related PRs

• oomol-lab/oo-cli#64: Establishes the oo connector run execution pipeline and runConnectorAction function that this PR extends with identity parameter threading and request construction.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title follows the required format and clearly describes the main change: adding organization authentication identity support to the connector run command.
Description check	✅ Passed	The description is directly related to the changeset, providing clear context about organization-scoped authentication, new CLI flags, config defaults, precedence rules, and request contracts.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch add-org-params-connector-run

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}