Back to Signal Feed
CodeTracked since May 19, 2026

OpenHands enables org-level LLM profile storage and management for SaaS users

This PR shifts LLM profile ownership from user-level storage to an organization-level store for SaaS/Cloud users, introducing org-scoped profile APIs and UI hooks so personal-org admins can create, update, list, activate, rename, and delete shared profiles.

org.llm_profilesEncryptedJSONorg_profiles routerorg-level LLM profiles

What Happened

  • This PR shifts LLM profile ownership from user-level storage to an organization-level store for SaaS/Cloud users, introducing org-scoped profile APIs and UI hooks so personal-org admins can create, update, list, activate, rename, and delete shared profiles.
  • This PR shifts LLM profile ownership from user-level storage to an organization-level store for SaaS/Cloud users, introducing org-scoped profile APIs and UI hooks so personal-org admins can create, update, list, activate, rename, and delete shared profiles.
  • 1 evidence item attached for review.

What is Different

Before

Scattered source updates, isolated context, and manual follow-up across multiple feeds.

Now

Introduced a concrete org-scoped LLM profile capability: a new database column on `org`, permissioned org-level profile endpoints, and frontend managers for listing, editing, activating, renaming, and deleting profiles, replacing the prior user-level storage path.

Why Track This

Why It Matters

Organization admins and members on OpenHands SaaS can now keep LLM settings in one org place, so shared model credentials and runtime preferences can be reused across users instead of being recreated per account, which should reduce setup inconsistency and misconfiguration risk. The change migrates profiles to `org.llm_profiles` (EncryptedJSON), exposes org routes for profile lifecycle actions, and adds UI plumbing in the LLM settings screen for personal orgs with role-based access (owner/admin write, members read/activate). Watch next for rollout behavior in existing accounts: whether legacy per-user profile data is migrated cleanly, whether role checks hold under real org membership changes, and how team-org UI gaps affect users not yet supported by this first version.

Impact

Organization admins and members on OpenHands SaaS can now keep LLM settings in one org place, so shared model credentials and runtime preferences can be reused across users instead of being recreated per account, which should reduce setup inconsistency and misconfiguration risk. The change migrates profiles to `org.llm_profiles` (EncryptedJSON), exposes org routes for profile lifecycle actions, and adds UI plumbing in the LLM settings screen for personal orgs with role-based access (owner/admin write, members read/activate). Watch next for rollout behavior in existing accounts: whether legacy per-user profile data is migrated cleanly, whether role checks hold under real org membership changes, and how team-org UI gaps affect users not yet supported by this first version.

What To Watch Next

  • Watch whether org.llm_profiles becomes a repeated pattern.
  • Track follow-up changes around LLMOps.
  • Compare future signals against this evidence trail.
  • Re-check risk flags: legacy_user_profile_migration_gaps, org_role_permission_regression.
Open Topic TimelineOpen Technical EventOpen Original Sourcelegacy_user_profile_migration_gaps / org_role_permission_regression / team_org_ui_not_covered_yet / encrypted_profile_retrieval_failures

Supporting Evidence

GITHUB PULL REQUESTHigh Trust

all-hands-ai/openhands PR #14406: feat: Add org-level LLM profiles for SaaS users

Adds `llm_profiles` (EncryptedJSON) to `org` via migration 113, plus org profile CRUD/activate/rename endpoints and frontend management screens.