fix(ci): resolve default org by slug, not display name

[Martin Torp (mtorp)]

Problem

getDefaultOrgSlug() exported the org's display name as SOCKET_ORG_SLUG for the Coana CLI, but Coana resolves the org by its URL-safe slug. The display name can differ from the slug and may be null, producing a wrong or empty org identifier — and a hard failure for tokens that can only ever see a single org.

This surfaced for repository-scoped tokens running socket manifest gradle: the org-list lookup would 403 (fixed backend-side in SocketDev/depscan#21010), and even once that call succeeds the wrong field was being forwarded to Coana.

Fix

Use the slug field instead of name, and drop the unnecessary as any index. Add unit coverage:

• returns the slug (not the display name)
• resolves the slug even when the display name is null
• prefers the defaultOrg config value without calling the API
• fails when the API returns no organizations

Related

• Backend companion (the actual 403): SocketDev/depscan#21010

---

Note

Low Risk
Small, targeted fix to org resolution for CI env export plus tests; no auth or broad behavioral surface beyond correct slug forwarding.

Overview
Fixes wrong org identifier for Coana / CI: getDefaultOrgSlug() now reads the first org’s URL-safe slug instead of its display name when building the value exported as SOCKET_ORG_SLUG. Display names can differ from slugs or be null, which previously yielded incorrect or empty org IDs for the Coana CLI (which resolves orgs by slug). Selection is simplified to organizations[0]?.slug on the array-shaped org list, removing the as any object-key/name path.

Tests: New Vitest coverage for slug vs display name, null display name, defaultOrg config short-circuit, and empty org list failure.

^{Reviewed by Cursor Bugbot for commit 0c0ff74. Configure here.}