fix(billing): route scope by subscription referenceId, sync plan from Stripe, transfer storage on org join

Route every billing decision (usage limits, credits, storage, rate
limit, threshold billing, webhooks, UI permissions) through the
subscription's `referenceId` instead of plan-name heuristics. Fixes
the production state where a `pro_6000` subscription attached to an
organization was treated as personal Pro by display/edit code while
execution correctly enforced the org cap.

Scope
- Add `isOrgScopedSubscription(sub, userId)` (pure) and
  `isSubscriptionOrgScoped(sub)` (async DB-backed) helpers. One is
  used wherever a user perspective is available; the other in webhook
  handlers that only have a subscription row.
- Replace plan-name scope checks in ~20 files: usage/limit readers,
  credits balance + purchase, threshold billing, storage limits +
  tracking, rate limiter, invoice + subscription webhooks, seat
  management, membership join/leave, `switch-plan` admin gate,
  admin credits/billing routes, copilot 402 handler, UI subscription
  settings + permissions + sidebar indicator, React Query types.

Plan sync
- Add `syncSubscriptionPlan(subscriptionId, currentPlan, planFromStripe)`
  called from `onSubscriptionComplete` and `onSubscriptionUpdate` so
  the DB `plan` column heals on every Stripe event. Pro->Team upgrades
  previously updated price, seats, and referenceId but left `plan`
  stale — this is what produced the `pro_6000`-on-org row.

Priority + grace period
- `getHighestPrioritySubscription` now prefers org over personal
  within each tier (Enterprise > Team > Pro, org > personal at each).
  A user with a `cancelAtPeriodEnd` personal Pro who joins a paid org
  routes pooled resources to the org through the grace window.
- `calculateSubscriptionOverage` personal-Pro branch reads user_stats
  directly (bypassing priority) and bills only `proPeriodCostSnapshot`
  when the user joined a paid org mid-cycle, so post-join org usage
  isn't double-charged on the personal Pro's final invoice.
  `resetUsageForSubscription` mirrors this: preserves
  `currentPeriodCost` / `currentPeriodCopilotCost` when
  `proPeriodCostSnapshot > 0` so the org's next cycle-close captures
  post-join usage correctly.

Uniform base-price formula
- `basePrice × (seats ?? 1)` everywhere: `getOrgUsageLimit`,
  `updateOrganizationUsageLimit`, `setUsageLimitForCredits`,
  `calculateSubscriptionOverage`, threshold billing,
  `syncSubscriptionUsageLimits`, `getOrganizationBillingData`.
  Admin dashboard math now agrees with enforcement math.

Storage transfer on join
- Invitation-accept flow moves `user_stats.storageUsedBytes` into
  `organization.storageUsedBytes` inside the same transaction when
  the org is paid.
- `syncSubscriptionUsageLimits` runs a bulk-backfill version so
  members who joined before this fix, or orgs that upgraded from
  free to paid after members joined, get pulled into the org pool
  on the next subscription event. Idempotent.

UX polish
- Copilot 402 handler differentiates personal-scoped ("increase your
  usage limit") from org-scoped ("ask an owner or admin to raise the
  limit") while keeping the `increase_limit` action code the parser
  already understands.
- Duplicate-subscription error on team upgrade names the existing
  plan via `getDisplayPlanName`.
- Invitation-accept invalidates subscription + organization React
  Query caches before redirect so settings doesn't flash the user's
  pre-join personal view.

Dead code removal
- Remove unused `calculateUserOverage`, and the following fields on
  `SubscriptionBillingData` / `getSimplifiedBillingSummary` that no
  consumer in the monorepo read: `basePrice`, `overageAmount`,
  `totalProjected`, `tierCredits`, `basePriceCredits`,
  `currentUsageCredits`, `overageAmountCredits`, `totalProjectedCredits`,
  `usageLimitCredits`, `currentCredits`, `limitCredits`,
  `lastPeriodCostCredits`, `lastPeriodCopilotCostCredits`,
  `copilotCostCredits`, and the `organizationData` subobject. Add
  `metadata: unknown` to match what the server returns.

Notes for the triggering customer
- The `pro_6000`-on-org row self-heals on the next Stripe event via
  `syncSubscriptionPlan`. For the one known customer, a direct
  UPDATE is sufficient:
  `UPDATE subscription SET plan='team_6000' WHERE id='aq2...' AND plan='pro_6000'`.

Made-with: Cursor

Author: icecrasher321

apps/sim/app/api/billing/route.ts

@@ -7,8 +7,6 @@ import { getSession } from '@/lib/auth'
 import { getEffectiveBillingStatus } from '@/lib/billing/core/access'
 import { getSimplifiedBillingSummary } from '@/lib/billing/core/billing'
 import { getOrganizationBillingData } from '@/lib/billing/core/organization'
-import { dollarsToCredits } from '@/lib/billing/credits/conversion'
-import { getPlanTierCredits } from '@/lib/billing/plan-helpers'
 
 const logger = createLogger('UnifiedBillingAPI')
 
@@ -107,7 +105,6 @@ export async function GET(request: NextRequest) {
         )
       }
 
-      // Transform data to match component expectations
       billingData = {
         organizationId: rawBillingData.organizationId,
         organizationName: rawBillingData.organizationName,
@@ -122,17 +119,10 @@ export async function GET(request: NextRequest) {
         averageUsagePerMember: rawBillingData.averageUsagePerMember,
         billingPeriodStart: rawBillingData.billingPeriodStart?.toISOString() || null,
         billingPeriodEnd: rawBillingData.billingPeriodEnd?.toISOString() || null,
-        tierCredits: getPlanTierCredits(rawBillingData.subscriptionPlan),
-        totalCurrentUsageCredits: dollarsToCredits(rawBillingData.totalCurrentUsage),
-        totalUsageLimitCredits: dollarsToCredits(rawBillingData.totalUsageLimit),
-        minimumBillingAmountCredits: dollarsToCredits(rawBillingData.minimumBillingAmount),
-        averageUsagePerMemberCredits: dollarsToCredits(rawBillingData.averageUsagePerMember),
         members: rawBillingData.members.map((m) => ({
           ...m,
           joinedAt: m.joinedAt.toISOString(),
           lastActive: m.lastActive?.toISOString() || null,
-          currentUsageCredits: dollarsToCredits(m.currentUsage),
-          usageLimitCredits: dollarsToCredits(m.usageLimit),
         })),
       }
 

apps/sim/app/api/billing/switch-plan/route.ts

@@ -9,12 +9,13 @@ import { getEffectiveBillingStatus } from '@/lib/billing/core/access'
 import { isOrganizationOwnerOrAdmin } from '@/lib/billing/core/organization'
 import { getHighestPrioritySubscription } from '@/lib/billing/core/plan'
 import { writeBillingInterval } from '@/lib/billing/core/subscription'
-import { getPlanType, isEnterprise, isOrgPlan } from '@/lib/billing/plan-helpers'
+import { getPlanType, isEnterprise } from '@/lib/billing/plan-helpers'
 import { getPlanByName } from '@/lib/billing/plans'
 import { requireStripeClient } from '@/lib/billing/stripe-client'
 import {
   hasUsableSubscriptionAccess,
   hasUsableSubscriptionStatus,
+  isOrgScopedSubscription,
 } from '@/lib/billing/subscriptions/utils'
 import { isBillingEnabled } from '@/lib/core/config/feature-flags'
 import { toError } from '@/lib/core/utils/helpers'
@@ -93,7 +94,10 @@ export async function POST(request: NextRequest) {
       )
     }
 
-    if (isOrgPlan(sub.plan)) {
+    // Any subscription whose referenceId is an organization (team,
+    // enterprise, or `pro_*` attached to an org) requires org admin/owner
+    // to change the plan.
+    if (isOrgScopedSubscription(sub, userId)) {
       const hasPermission = await isOrganizationOwnerOrAdmin(userId, sub.referenceId)
       if (!hasPermission) {
         return NextResponse.json({ error: 'Only team admins can change the plan' }, { status: 403 })

apps/sim/app/api/organizations/[id]/invitations/[invitationId]/route.ts

@@ -14,15 +14,15 @@ import {
   workspaceInvitation,
 } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, eq, inArray } from 'drizzle-orm'
+import { and, eq, inArray, sql } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { z } from 'zod'
 import { getEmailSubject, renderInvitationEmail } from '@/components/emails'
 import { AuditAction, AuditResourceType, recordAudit } from '@/lib/audit/log'
 import { getSession } from '@/lib/auth'
 import { hasAccessControlAccess } from '@/lib/billing'
 import { syncUsageLimitsFromSubscription } from '@/lib/billing/core/usage'
-import { isOrgPlan, sqlIsPro } from '@/lib/billing/plan-helpers'
+import { isPaid, sqlIsPro } from '@/lib/billing/plan-helpers'
 import { requireStripeClient } from '@/lib/billing/stripe-client'
 import { ENTITLED_SUBSCRIPTION_STATUSES } from '@/lib/billing/subscriptions/utils'
 import { getBaseUrl } from '@/lib/core/utils/urls'
@@ -356,7 +356,10 @@ export async function PUT(
             .limit(1)
 
           const orgSub = orgSubs[0]
-          const orgIsPaid = orgSub && isOrgPlan(orgSub.plan)
+          // Any paid subscription attached to the org triggers the
+          // "snapshot my personal Pro usage and cancel it" flow — includes
+          // `pro_*` plans transferred to the org, not just team/enterprise.
+          const orgIsPaid = orgSub && isPaid(orgSub.plan)
 
           if (orgIsPaid) {
             const userId = session.user.id
@@ -410,6 +413,41 @@ export async function PUT(
                 personalProToCancel = personalPro
               }
             }
+
+            // Transfer the joining user's accumulated personal storage
+            // bytes into the organization's pool. After this point
+            // `isOrgScopedSubscription` returns true for the user, so
+            // `getUserStorageUsage`/`incrementStorageUsage`/`decrementStorageUsage`
+            // all route through `organization.storageUsedBytes`. Without
+            // this transfer, pre-join bytes would be orphaned on the
+            // user's row and subsequent decrements (deleting a pre-join
+            // file after joining) would wrongly reduce the org pool.
+            const storageRows = await tx
+              .select({ storageUsedBytes: userStats.storageUsedBytes })
+              .from(userStats)
+              .where(eq(userStats.userId, userId))
+              .limit(1)
+
+            const bytesToTransfer = storageRows[0]?.storageUsedBytes ?? 0
+            if (bytesToTransfer > 0) {
+              await tx
+                .update(organization)
+                .set({
+                  storageUsedBytes: sql`${organization.storageUsedBytes} + ${bytesToTransfer}`,
+                })
+                .where(eq(organization.id, organizationId))
+
+              await tx
+                .update(userStats)
+                .set({ storageUsedBytes: 0 })
+                .where(eq(userStats.userId, userId))
+
+              logger.info('Transferred personal storage bytes to org pool on join', {
+                userId,
+                organizationId,
+                bytes: bytesToTransfer,
+              })
+            }
           }
         } catch (error) {
           logger.error('Failed to handle Pro user joining team', {

apps/sim/app/api/v1/admin/credits/route.ts

@@ -30,10 +30,11 @@ import { and, eq, inArray } from 'drizzle-orm'
 import { getHighestPrioritySubscription } from '@/lib/billing/core/subscription'
 import { addCredits } from '@/lib/billing/credits/balance'
 import { setUsageLimitForCredits } from '@/lib/billing/credits/purchase'
-import { isOrgPlan, isPaid } from '@/lib/billing/plan-helpers'
+import { isPaid } from '@/lib/billing/plan-helpers'
 import {
   ENTITLED_SUBSCRIPTION_STATUSES,
   getEffectiveSeats,
+  isOrgScopedSubscription,
 } from '@/lib/billing/subscriptions/utils'
 import { generateShortId } from '@/lib/core/utils/uuid'
 import { withAdminAuth } from '@/app/api/v1/admin/middleware'
@@ -110,7 +111,10 @@ export const POST = withAdminAuth(async (request) => {
     const plan = userSubscription.plan
     let seats: number | null = null
 
-    if (isOrgPlan(plan)) {
+    // Route admin credits to the subscription's actual entity. Any sub whose
+    // `referenceId` is an org gets credited to the org pool — including
+    // `pro_*` plans transferred to an org.
+    if (isOrgScopedSubscription(userSubscription, resolvedUserId)) {
       entityType = 'organization'
       entityId = userSubscription.referenceId
 

apps/sim/app/api/v1/admin/users/[id]/billing/route.ts

@@ -23,7 +23,7 @@ import { member, organization, subscription, user, userStats } from '@sim/db/sch
 import { createLogger } from '@sim/logger'
 import { eq, or } from 'drizzle-orm'
 import { getHighestPrioritySubscription } from '@/lib/billing/core/subscription'
-import { isOrgPlan } from '@/lib/billing/plan-helpers'
+import { isOrgScopedSubscription } from '@/lib/billing/subscriptions/utils'
 import { generateShortId } from '@/lib/core/utils/uuid'
 import { withAdminAuthParams } from '@/app/api/v1/admin/middleware'
 import {
@@ -155,7 +155,10 @@ export const PATCH = withAdminAuthParams<RouteParams>(async (request, context) =
       .limit(1)
 
     const userSubscription = await getHighestPrioritySubscription(userId)
-    const isTeamOrEnterpriseMember = userSubscription && isOrgPlan(userSubscription.plan)
+    // True for any user whose effective subscription is attached to an org
+    // (team, enterprise, or `pro_*` transferred to an org). They have no
+    // individual usage limit — the org cap governs.
+    const isOrgScopedMember = isOrgScopedSubscription(userSubscription, userId)
 
     const [orgMembership] = await db
       .select({ organizationId: member.organizationId })
@@ -168,9 +171,9 @@ export const PATCH = withAdminAuthParams<RouteParams>(async (request, context) =
     const warnings: string[] = []
 
     if (body.currentUsageLimit !== undefined) {
-      if (isTeamOrEnterpriseMember && orgMembership) {
+      if (isOrgScopedMember && orgMembership) {
         warnings.push(
-          'User is a team/enterprise member. Individual limits may be ignored in favor of organization limits.'
+          'User is on an org-scoped subscription. Individual limits are ignored in favor of organization limits.'
         )
       }
 

apps/sim/app/invite/[id]/invite.tsx

@@ -2,9 +2,12 @@
 
 import { useEffect, useState } from 'react'
 import { createLogger } from '@sim/logger'
+import { useQueryClient } from '@tanstack/react-query'
 import { useParams, useRouter, useSearchParams } from 'next/navigation'
 import { client, useSession } from '@/lib/auth/auth-client'
 import { InviteLayout, InviteStatusCard } from '@/app/invite/components'
+import { organizationKeys } from '@/hooks/queries/organization'
+import { subscriptionKeys } from '@/hooks/queries/subscription'
 
 const logger = createLogger('InviteById')
 
@@ -166,6 +169,7 @@ export default function Invite() {
   const inviteId = params.id as string
   const searchParams = useSearchParams()
   const { data: session, isPending } = useSession()
+  const queryClient = useQueryClient()
   const [invitationDetails, setInvitationDetails] = useState<any>(null)
   const [isLoading, setIsLoading] = useState(true)
   const [error, setError] = useState<InviteError | null>(null)
@@ -345,6 +349,16 @@ export default function Invite() {
           organizationId: orgId,
         })
 
+        // Invalidate billing / org caches so `/workspace` doesn't flash the
+        // user's pre-join personal subscription while the new team-scoped
+        // data is being refetched. Accept-flow side effects (snapshot,
+        // storage transfer, plan sync, member insert) have already
+        // committed by the time we reach here.
+        await Promise.all([
+          queryClient.invalidateQueries({ queryKey: subscriptionKeys.all }),
+          queryClient.invalidateQueries({ queryKey: organizationKeys.all }),
+        ])
+
         setAccepted(true)
 
         setTimeout(() => {

apps/sim/app/workspace/[workspaceId]/settings/components/subscription/subscription-permissions.ts

@@ -17,6 +17,12 @@ export interface SubscriptionState {
   isTeam: boolean
   isEnterprise: boolean
   isPaid: boolean
+  /**
+   * True when the subscription's `referenceId` is an organization. Source
+   * of truth for scope-based decisions — `pro_*` plans that have been
+   * transferred to an org are org-scoped even though `isTeam` is false.
+   */
+  isOrgScoped: boolean
   plan: string
   status: string
 }
@@ -30,21 +36,30 @@ export function getSubscriptionPermissions(
   subscription: SubscriptionState,
   userRole: UserRole
 ): SubscriptionPermissions {
-  const { isFree, isPro, isTeam, isEnterprise, isPaid } = subscription
+  const { isFree, isPro, isTeam, isEnterprise, isPaid, isOrgScoped } = subscription
   const { isTeamAdmin } = userRole
 
+  // "Org-scoped non-admin" collapses all the "team member" behaviors
+  // (hidden edit, hidden cancel, no upgrade plans, pooled view, etc.).
+  // This includes members of `pro_*` orgs that aren't admins/owners.
+  const orgMemberOnly = isOrgScoped && !isTeamAdmin
+  const orgAdminOrSolo = !isOrgScoped || isTeamAdmin
+
   const isEnterpriseMember = isEnterprise && !isTeamAdmin
   const canViewUsageInfo = !isEnterpriseMember
 
   return {
     canUpgradeToPro: isFree,
-    canUpgradeToTeam: isFree || (isPro && !isTeam),
-    canViewEnterprise: !isEnterprise && !(isTeam && !isTeamAdmin), // Don't show to enterprise users or team members
-    canManageTeam: isTeam && isTeamAdmin,
-    canEditUsageLimit: (isFree || (isPro && !isTeam) || (isTeam && isTeamAdmin)) && !isEnterprise, // Free users see upgrade badge, Pro (non-team) users and team admins see pencil
-    canCancelSubscription: isPaid && !isEnterprise && !(isTeam && !isTeamAdmin), // Team members can't cancel
-    showTeamMemberView: isTeam && !isTeamAdmin,
-    showUpgradePlans: isFree || (isPro && !isTeam) || (isTeam && isTeamAdmin), // Free users, Pro users, Team owners see plans
+    canUpgradeToTeam: isFree || (isPro && !isOrgScoped),
+    canViewEnterprise: !isEnterprise && !orgMemberOnly,
+    canManageTeam: isOrgScoped && isTeamAdmin && !isEnterprise,
+    // Edit the limit when: paid plan (not free, not enterprise) AND either
+    // personally-scoped or acting as an org admin/owner.
+    canEditUsageLimit: (isFree || (isPaid && !isEnterprise)) && orgAdminOrSolo,
+    canCancelSubscription: isPaid && !isEnterprise && orgAdminOrSolo,
+    showTeamMemberView: orgMemberOnly,
+    showUpgradePlans:
+      (isFree || (isPro && !isOrgScoped) || (isTeam && isTeamAdmin)) && !isEnterprise,
     isEnterpriseMember,
     canViewUsageInfo,
   }
@@ -55,22 +70,24 @@ export function getVisiblePlans(
   userRole: UserRole
 ): ('pro' | 'team' | 'enterprise')[] {
   const plans: ('pro' | 'team' | 'enterprise')[] = []
-  const { isFree, isPro, isTeam } = subscription
+  const { isFree, isPro, isTeam, isOrgScoped } = subscription
   const { isTeamAdmin } = userRole
 
   // Free users see all plans
   if (isFree) {
     plans.push('pro', 'team', 'enterprise')
   }
-  // Pro users see team and enterprise
-  else if (isPro && !isTeam) {
+  // Personally-scoped Pro: can upgrade to team or enterprise
+  else if (isPro && !isOrgScoped) {
     plans.push('team', 'enterprise')
   }
-  // Team owners see only enterprise (no team plan since they already have it)
-  else if (isTeam && isTeamAdmin) {
+  // Team/org owners/admins: only enterprise (already on a team-level plan)
+  else if (isOrgScoped && isTeamAdmin && !isTeam) {
+    plans.push('enterprise')
+  } else if (isTeam && isTeamAdmin) {
     plans.push('enterprise')
   }
-  // Team members, Enterprise users see no plans
+  // Team/org members, Enterprise users see no plans
 
   return plans
 }