Feature Requests

Allow the sharing of assets like contexts, orbs and self-hosted runners across multiple organisations, perhaps under a parent organisation to reduce overhead of maintaining multiples of these for each organisation

Currently when a user toggles between organizations, and one of the organizations is a SAML-protected org they may loose their permissions. This feature request is to implement a mechanism to ensure that users who regularly interact with multiple organizations are prompted to authorize SAML-protected organizations during the re-authentication steps—thus minimizing the need for repeated authentication when switching between organizations or devices.

We'd like the ability to lock-down (whitelist) what API permissions an API token has. For example, we want to have an API token solely for the purpose of creating environment variables in a project. We don't need it to do anything else and would like to be able to only grant this ability (to add environment variables) and nothing more. This way the security would be much improved instead of having a token that has full access. The API action in our case we'd like to have an explicit permission for is https://circleci.com/docs/api/v2/index.html#tag/Project/operation/createEnvVar I'm sure there'll be many other use-cases where it makes sense to only allow limited operations for improved security. Thanks!

Currently, CircleCI uses Open Policy Agent v0.54 when evaluating config policies. v0.59 introduces the rego.v1 import, which is useful for migration to Rego v1.

Once a project has been set up, allow the pipelines to continue to run even if the project has no followers or if the projects followers do not have access to the repo.