commonknowledge · joaquimds · Apr 16, 2026 · Apr 16, 2026 · Apr 16, 2026 · Apr 16, 2026
diff --git a/AGENTS.md b/AGENTS.md
@@ -109,6 +109,18 @@ Use tRPC as the bridge between client components and server logic:
 
 All database access belongs in `src/server/repositories/`. Build queries with Kysely's query builder; avoid raw SQL (`sql` template tag) unless there is no alternative.
 
+### CamelCasePlugin
+
+A `CamelCasePlugin` translates between camelCase (used in the Kysely query builder) and snake_case (used in the actual PostgreSQL columns). Use **camelCase** in the query builder API and **snake_case** in raw SQL (`sql` template tag / migrations with raw SQL).
+
+```ts
+// ✅ Query builder — camelCase
+db.selectFrom("invitation").where("invitation.senderOrganisationId", "=", id);
+
+// ✅ Raw SQL — snake_case
+sql`UPDATE invitation SET sender_organisation_id = ${id}`;
+```
+
 ### JSONPlugin
 
 The database is configured with a custom `JSONPlugin` that automatically serialises JavaScript objects and arrays into JSONB when writing to the database. **Do not call `JSON.stringify()` on values passed to Kysely queries** — it's handled for you and double-encoding will corrupt the data.

diff --git a/bin/cmd.ts b/bin/cmd.ts
@@ -112,12 +112,15 @@ program
   .option("--email <email>")
   .option("--name <name>")
   .option("--organisationId <organisationId>")
+  .option("--senderOrganisationId <senderOrganisationId>")
   .description("Create an invitation for a user")
   .action(async (options) => {
     const invitation = await createInvitation({
       email: options.email,
       name: options.name,
       organisationId: options.organisationId,
+      senderOrganisationId:
+        options.senderOrganisationId || options.organisationId,
     });
 
     logger.info(`Created invitation ${invitation.id}`);
@@ -151,6 +154,7 @@ program
         email: user.email,
         name: user.name,
         organisationId: orgs[0].id,
+        senderOrganisationId: orgs[0].id,
       });
 
       logger.info(`Created invitation ${invitation.id}`);

diff --git a/migrations/1774658921005_invitation_sender_organisation.ts b/migrations/1774658921005_invitation_sender_organisation.ts
@@ -0,0 +1,50 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+import { sql } from "kysely";
+import type { Kysely } from "kysely";
+
+export async function up(db: Kysely<any>): Promise<void> {
+  // Add nullable column first
+  await db.schema
+    .alterTable("invitation")
+    .addColumn("senderOrganisationId", "uuid")
+    .execute();
+
+  // Backfill: assign all existing invitations to the admin organisation
+  await sql`
+    UPDATE invitation
+    SET "sender_organisation_id" = (
+      SELECT id FROM organisation WHERE name = 'Common Knowledge' LIMIT 1
+    )
-  // Backfill: assign all existing invitations to the admin organisation
-  await sql`
-    UPDATE invitation
-    SET "sender_organisation_id" = (
-      SELECT id FROM organisation WHERE name = 'Common Knowledge' LIMIT 1
-    )
+  // Backfill from existing invitation data to avoid relying on a specific organisation seed
+  await sql`
+    UPDATE invitation
+    SET "sender_organisation_id" = "organisation_id"
-  // Backfill: assign all existing invitations to the admin organisation
-  await sql`
-    UPDATE invitation
-    SET "sender_organisation_id" = (
-      SELECT id FROM organisation WHERE name = 'Common Knowledge' LIMIT 1
-    )
+  // Backfill from existing invitation data to avoid relying on a specific organisation seed
+  await sql`
+    UPDATE invitation
+    SET "sender_organisation_id" = "organisation_id"
+    WHERE "sender_organisation_id" IS NULL
+  `.execute(db);
+
-  // Backfill: assign all existing invitations to the admin organisation
-  await sql`
-    UPDATE invitation
-    SET "sender_organisation_id" = (
-      SELECT id FROM organisation WHERE name = 'Common Knowledge' LIMIT 1
-    )
-    WHERE "sender_organisation_id" IS NULL
-  `.execute(db);
+  // Backfill deterministically from the invitation's existing organisation
+  await sql`
+    UPDATE invitation
+    SET "sender_organisation_id" = "organisation_id"
+    WHERE "sender_organisation_id" IS NULL
+  `.execute(db);
+
+  const remainingNullSenderOrganisationIds = await sql<{ count: string }>`
+    SELECT COUNT(*)::text AS count
+    FROM invitation
+    WHERE "sender_organisation_id" IS NULL
+  `.execute(db);
+
+  if (Number(remainingNullSenderOrganisationIds.rows[0]?.count ?? 0) > 0) {
+    throw new Error(
+      "Migration 1774658921005_invitation_sender_organisation failed: some invitation rows do not have an organisation_id to backfill sender_organisation_id",
+    );
+  }
-  // Backfill: assign all existing invitations to the admin organisation
-  await sql`
-    UPDATE invitation
-    SET "sender_organisation_id" = (
-      SELECT id FROM organisation WHERE name = 'Common Knowledge' LIMIT 1
-    )
-    WHERE "sender_organisation_id" IS NULL
-  `.execute(db);
+  // Backfill deterministically from the invitation's existing organisation
+  await sql`
+    UPDATE invitation
+    SET "sender_organisation_id" = "organisation_id"
+    WHERE "sender_organisation_id" IS NULL
+  `.execute(db);
+
+  const remainingNullSenderOrganisationIds = await sql<{ count: string }>`
+    SELECT COUNT(*)::text AS count
+    FROM invitation
+    WHERE "sender_organisation_id" IS NULL
+  `.execute(db);
+
+  if (Number(remainingNullSenderOrganisationIds.rows[0]?.count ?? 0) > 0) {
+    throw new Error(
+      "Migration 1774658921005_invitation_sender_organisation failed: some invitation rows do not have an organisation_id to backfill sender_organisation_id",
+    );
+  }
+  // Add foreign key constraint
+  await db.schema
+    .alterTable("invitation")
+    .addForeignKeyConstraint(
+      "invitationSenderOrganisationIdFKey",
+      ["senderOrganisationId"],
+      "organisation",
+      ["id"],
+      (cb) => cb.onDelete("cascade").onUpdate("cascade"),
+    )
+    .execute();
+
+  // Make column not null after backfill
+  await db.schema
+    .alterTable("invitation")
+    .alterColumn("senderOrganisationId", (col) => col.setNotNull())
+    .execute();
+}
+
+export async function down(db: Kysely<any>): Promise<void> {
+  await db.schema
+    .alterTable("invitation")
+    .dropConstraint("invitationSenderOrganisationIdFKey")
+    .execute();
+
+  await db.schema
+    .alterTable("invitation")
+    .dropColumn("senderOrganisationId")
+    .execute();
+}
diff --git a/resources/areaSets/index.ts b/resources/areaSets/index.ts
@@ -162,4 +162,13 @@ export const areaSetsMetadata: AreaSetMetadata[] = [
     codeKey: "DioNumber",
     nameKey: "Diocese",
   },
+  {
+    code: AreaSetCode.ICB22,
+    name: "NHS Integrated Care Boards 2022",
+    filename: "icb_2022.geojson",
+    link: "https://open-geography-portalx-ons.hub.arcgis.com/api/download/v1/items/92362df594aa408aaa7a581ac83fb348/geojson?layers=0",
+    isNationalGridSRID: true,
+    codeKey: "ICB22CD",
+    nameKey: "ICB22NM",
+  },
 ];
diff --git a/src/app/(private)/(dashboards)/invite-organisation/CreateInvitationModal.tsx b/src/app/(private)/(dashboards)/invite-organisation/CreateInvitationModal.tsx
@@ -5,6 +5,7 @@ import { PlusIcon } from "lucide-react";
 import { type FormEvent, useMemo, useState } from "react";
 import { toast } from "sonner";
 import FormFieldWrapper from "@/components/forms/FormFieldWrapper";
+import { useOrganisations } from "@/hooks/useOrganisations";
 import { useTRPC } from "@/services/trpc/react";
 import { Button } from "@/shadcn/ui/button";
 import { Checkbox } from "@/shadcn/ui/checkbox";
@@ -43,6 +44,7 @@ export default function CreateInvitationModal() {
     Set<string>
   >(new Set());
 
+  const { organisationId: senderOrganisationId } = useOrganisations();
   const trpc = useTRPC();
   const client = useQueryClient();
 
@@ -62,9 +64,7 @@ export default function CreateInvitationModal() {
         client.invalidateQueries({
           queryKey: trpc.organisation.listAll.queryKey(),
         });
-        client.invalidateQueries({
-          queryKey: trpc.invitation.list.queryKey(),
-        });
+        client.invalidateQueries(trpc.invitation.list.queryFilter());
       },
       onError: (error) => {
         toast.error("Failed to create invitation.", {
@@ -169,6 +169,7 @@ export default function CreateInvitationModal() {
     }
 
     createInvitationMutate({
+      senderOrganisationId: senderOrganisationId ?? "",
       organisationId,
       organisationName,
       email,

diff --git a/src/app/(private)/(dashboards)/invite-organisation/page.tsx b/src/app/(private)/(dashboards)/invite-organisation/page.tsx
@@ -3,6 +3,7 @@
 import { useQuery } from "@tanstack/react-query";
 import { redirect } from "next/navigation";
 import { useCurrentUser } from "@/hooks";
+import { useOrganisations } from "@/hooks/useOrganisations";
 import { UserRole } from "@/models/User";
 import { useTRPC } from "@/services/trpc/react";
 import {
@@ -17,13 +18,17 @@ import CreateInvitationModal from "./CreateInvitationModal";
 
 export default function InviteOrganisationPage() {
   const { currentUser } = useCurrentUser();
+  const { organisationId } = useOrganisations();
   const trpc = useTRPC();
   const isAllowed =
     currentUser?.role === UserRole.Advocate ||
     currentUser?.role === UserRole.Superadmin;
 
   const { data: invitations, isPending: invitationsLoading } = useQuery(
-    trpc.invitation.list.queryOptions(undefined, { enabled: isAllowed }),
+    trpc.invitation.list.queryOptions(
+      { senderOrganisationId: organisationId ?? "" },
+      { enabled: isAllowed && Boolean(organisationId) },
+    ),
   );
 
   if (!isAllowed) {

diff --git a/src/app/(private)/map/[id]/components/Choropleth/configs.ts b/src/app/(private)/map/[id]/components/Choropleth/configs.ts
@@ -256,6 +256,19 @@ export const CHOROPLETH_LAYER_CONFIGS: Record<
       },
     },
   ],
+  ICB22: [
+    {
+      areaSetCode: AreaSetCode.ICB22,
+      minZoom: 0,
+      requiresBoundingBox: false,
+      mapbox: {
+        featureCodeProperty: "ICB22CD",
+        featureNameProperty: "ICB22NM",
+        layerId: "icb_2022-7ehb90",
+        sourceId: "commonknowledge.4x90o7q9",
+      },
+    },
+  ],
 };
 
 export const HEX_CHOROPLETH_LAYER_CONFIG: ChoroplethLayerConfig = {

diff --git a/src/labels.ts b/src/labels.ts
@@ -37,6 +37,7 @@ export const AreaSetCodeLabels: Record<AreaSetCode, string> = {
   SDZ22: "Scottish Data Zone",
   SIZ22: "Scottish Intermediate Zone",
   COED26: "Church of England Diocese",
+  ICB22: "NHS Integrated Care Board",
 };
 
 export const AreaSetCodeYears: Record<AreaSetCode, string> = {
@@ -57,6 +58,7 @@ export const AreaSetCodeYears: Record<AreaSetCode, string> = {
   SDZ22: "2022 &mdash; present",
   SIZ22: "2022 &mdash; present",
   COED26: "2026 &mdash; present",
+  ICB22: "2022 &mdash; present",
 };
 
 export const AreaSetGroupCodeLabels: Record<AreaSetGroupCode, string> = {
@@ -73,6 +75,7 @@ export const AreaSetGroupCodeLabels: Record<AreaSetGroupCode, string> = {
   SENC22: "Senedd Constituency",
   SOA22: "Scottish Inter. Zone ➔ Data Zone ➔ Output Area",
   COED26: "Church of England Diocese",
+  ICB22: "NHS Integrated Care Board",
 };
 
 export const AreaSetGroupCodeYears: Record<AreaSetGroupCode, string> = {
@@ -89,6 +92,7 @@ export const AreaSetGroupCodeYears: Record<AreaSetGroupCode, string> = {
   SENC22: "2022 &mdash; present",
   SOA22: "2022 &mdash; present",
   COED26: "2026 &mdash; present",
+  ICB22: "2022 &mdash; present",
 };
 
 export const FilterTypeLabels: Record<

diff --git a/src/models/AreaSet.ts b/src/models/AreaSet.ts
@@ -18,6 +18,7 @@ export enum AreaSetCode {
   SPC22 = "SPC22",
   SENC22 = "SENC22",
   COED26 = "COED26",
+  ICB22 = "ICB22",
 }
 export const areaSetCodes = Object.values(AreaSetCode);
 
@@ -37,6 +38,7 @@ export enum AreaSetGroupCode {
   SENC22 = "SENC22",
   SOA22 = "SOA22",
   COED26 = "COED26",
+  ICB22 = "ICB22",
 }
 export const areaSetGroupCodes = Object.values(AreaSetGroupCode);
 
@@ -58,6 +60,7 @@ export const AreaSetSizes: Record<AreaSetCode, number> = {
   [AreaSetCode.CTYUA24]: 6,
   [AreaSetCode.CAUTH25]: 6,
   [AreaSetCode.COED26]: 6,
+  [AreaSetCode.ICB22]: 6,
   [AreaSetCode.UKR18]: 8,
   [AreaSetCode.UKC24]: 12,
 };

diff --git a/src/models/Invitation.ts b/src/models/Invitation.ts
@@ -5,6 +5,7 @@ export const invitationSchema = z.object({
   email: z.string().email().trim().toLowerCase(),
   name: z.string().trim(),
   organisationId: z.string(),
+  senderOrganisationId: z.string(),
   userId: z.string().nullish(),
   createdAt: z.date(),
   updatedAt: z.date(),

diff --git a/src/server/repositories/Invitation.ts b/src/server/repositories/Invitation.ts
@@ -13,11 +13,13 @@ export function createInvitation(invitation: NewInvitation) {
     .executeTakeFirstOrThrow();
 }
 
-export function listPendingInvitations() {
+export function listPendingInvitations(senderOrganisationId: string) {
   return db
     .selectFrom("invitation")
     .leftJoin("organisation", "invitation.organisationId", "organisation.id")
     .where("invitation.userId", "is", null)
+    .where("invitation.used", "=", false)
+    .where("invitation.senderOrganisationId", "=", senderOrganisationId)
     .select([
       "invitation.id",
       "invitation.email",

diff --git a/src/server/trpc/routers/invitation.ts b/src/server/trpc/routers/invitation.ts
@@ -11,6 +11,7 @@ import {
 } from "@/server/repositories/Invitation";
 import {
   findOrganisationById,
+  findOrganisationForUser,
   upsertOrganisation,
 } from "@/server/repositories/Organisation";
 import logger from "@/server/services/logger";
@@ -24,6 +25,7 @@ export const invitationRouter = router({
         .object({
           name: z.string(),
           email: z.string().email(),
+          senderOrganisationId: z.string(),
-          senderOrganisationId: z.string(),
+          senderOrganisationId: z
+            .string()
+            .trim()
+            .min(1, "Sender organisation is required"),
-          senderOrganisationId: z.string(),
+          senderOrganisationId: z
+            .string()
+            .trim()
+            .min(1, "Sender organisation is required"),
           organisationId: z.string().nullish(),
           organisationName: z.string().nullish(),
           mapSelections: z
@@ -40,8 +42,19 @@ export const invitationRouter = router({
           path: ["organisationId", "organisationName"],
         }),
     )
-    .mutation(async ({ input }) => {
+    .mutation(async ({ input, ctx }) => {
       try {
+        const senderOrg = await findOrganisationForUser(
+          input.senderOrganisationId,
+          ctx.user.id,
+        );
+        if (!senderOrg) {
+          throw new TRPCError({
+            code: "FORBIDDEN",
+            message: "You do not belong to the sender organisation",
+          });
+        }
+
         let org;
         if (input.organisationId) {
           org = await findOrganisationById(input.organisationId);
@@ -66,6 +79,7 @@ export const invitationRouter = router({
           email: input.email.toLowerCase().trim(),
           name: input.name,
           organisationId: org.id,
+          senderOrganisationId: senderOrg.id,
         });
 
         const secret = new TextEncoder().encode(process.env.JWT_SECRET || "");
@@ -87,7 +101,21 @@ export const invitationRouter = router({
         });
       }
     }),
-  list: advocateProcedure.query(() => listPendingInvitations()),
+  list: advocateProcedure
+    .input(z.object({ senderOrganisationId: z.string().uuid() }))
+    .query(async ({ input, ctx }) => {
+      const org = await findOrganisationForUser(
+        input.senderOrganisationId,
+        ctx.user.id,
+      );
+      if (!org) {
+        throw new TRPCError({
+          code: "FORBIDDEN",
+          message: "You do not belong to this organisation",
+        });
+      }
+      return listPendingInvitations(org.id);
+    }),
   listForUser: protectedProcedure.query(async ({ ctx }) => {
     return findPendingInvitationsByEmail(ctx.user.email);
   }),

diff --git a/src/server/trpc/routers/organisation.ts b/src/server/trpc/routers/organisation.ts
@@ -106,6 +106,7 @@ export const organisationRouter = router({
           email,
           name: input.name,
           organisationId: ctx.organisation.id,
+          senderOrganisationId: ctx.organisation.id,
         });
 
         if (existingUser) {