improvement(seats): auto purchase seats on invitations into workspace (#4857)

* improvement(seats): auto purchase seats on invitations into workspace

* improve sampling for seat drift reconciler

* address comments

Author: icecrasher321

apps/sim/app/api/cron/reconcile-billing-seats/route.test.ts

@@ -0,0 +1,92 @@
+/**
+ * Tests for the billing seat reconciliation cron route.
+ *
+ * @vitest-environment node
+ */
+import { createMockRequest } from '@sim/testing'
+import { beforeEach, describe, expect, it, vi } from 'vitest'
+
+const { mockVerifyCronAuth, mockReconcileTeamSeatDrift, mockFindDeadLetteredEvents } = vi.hoisted(
+  () => ({
+    mockVerifyCronAuth: vi.fn().mockReturnValue(null),
+    mockReconcileTeamSeatDrift: vi.fn(),
+    mockFindDeadLetteredEvents: vi.fn(),
+  })
+)
+
+vi.mock('@/lib/auth/internal', () => ({ verifyCronAuth: mockVerifyCronAuth }))
+vi.mock('@/lib/billing/organizations/seat-drift', () => ({
+  reconcileTeamSeatDrift: mockReconcileTeamSeatDrift,
+}))
+vi.mock('@/lib/core/outbox/service', () => ({ findDeadLetteredEvents: mockFindDeadLetteredEvents }))
+vi.mock('@/lib/billing/webhooks/outbox-handlers', () => ({
+  OUTBOX_EVENT_TYPES: {
+    STRIPE_SYNC_SUBSCRIPTION_SEATS: 'stripe.sync-subscription-seats',
+    STRIPE_SYNC_CANCEL_AT_PERIOD_END: 'stripe.sync-cancel-at-period-end',
+  },
+}))
+
+import { GET } from './route'
+
+function createRequest() {
+  return createMockRequest(
+    'GET',
+    undefined,
+    {},
+    'http://localhost:3000/api/cron/reconcile-billing-seats'
+  )
+}
+
+describe('reconcile-billing-seats cron route', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+    mockVerifyCronAuth.mockReturnValue(null)
+    mockReconcileTeamSeatDrift.mockResolvedValue({ drifted: 0, reconciled: 0 })
+    mockFindDeadLetteredEvents.mockResolvedValue([])
+  })
+
+  it('returns the auth error when cron auth fails', async () => {
+    mockVerifyCronAuth.mockReturnValueOnce(new Response(null, { status: 401 }) as never)
+
+    const response = await GET(createRequest())
+
+    expect(response.status).toBe(401)
+    expect(mockReconcileTeamSeatDrift).not.toHaveBeenCalled()
+  })
+
+  it('runs the drift sweep and reports dead-lettered billing syncs', async () => {
+    mockReconcileTeamSeatDrift.mockResolvedValue({ drifted: 2, reconciled: 1 })
+    mockFindDeadLetteredEvents.mockResolvedValue([
+      {
+        id: 'evt-1',
+        eventType: 'stripe.sync-subscription-seats',
+        payload: { subscriptionId: 'sub-1' },
+        lastError: 'card declined',
+      },
+    ])
+
+    const response = await GET(createRequest())
+
+    expect(response.status).toBe(200)
+    const data = await response.json()
+    expect(data).toMatchObject({
+      success: true,
+      drift: { drifted: 2, reconciled: 1 },
+      deadLetteredBillingSyncs: 1,
+    })
+    expect(mockFindDeadLetteredEvents).toHaveBeenCalledWith([
+      'stripe.sync-subscription-seats',
+      'stripe.sync-cancel-at-period-end',
+    ])
+  })
+
+  it('returns 500 when the sweep throws', async () => {
+    mockReconcileTeamSeatDrift.mockRejectedValueOnce(new Error('boom'))
+
+    const response = await GET(createRequest())
+
+    expect(response.status).toBe(500)
+    const data = await response.json()
+    expect(data.success).toBe(false)
+  })
+})

apps/sim/app/api/cron/reconcile-billing-seats/route.ts

@@ -0,0 +1,79 @@
+import { createLogger } from '@sim/logger'
+import { toError } from '@sim/utils/errors'
+import { type NextRequest, NextResponse } from 'next/server'
+import { verifyCronAuth } from '@/lib/auth/internal'
+import { reconcileTeamSeatDrift } from '@/lib/billing/organizations/seat-drift'
+import { OUTBOX_EVENT_TYPES } from '@/lib/billing/webhooks/outbox-handlers'
+import { findDeadLetteredEvents } from '@/lib/core/outbox/service'
+import { generateRequestId } from '@/lib/core/utils/request'
+import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+
+const logger = createLogger('BillingSeatReconcileCron')
+
+export const dynamic = 'force-dynamic'
+
+const BILLING_SYNC_EVENT_TYPES = [
+  OUTBOX_EVENT_TYPES.STRIPE_SYNC_SUBSCRIPTION_SEATS,
+  OUTBOX_EVENT_TYPES.STRIPE_SYNC_CANCEL_AT_PERIOD_END,
+]
+
+/**
+ * Periodic billing-seat reconciliation. Self-heals Team organizations whose
+ * stored seat count drifted from their member count, and reports any
+ * dead-lettered Stripe seat/cancel sync events so a member who has access but
+ * whose seat charge never synced is surfaced for manual remediation rather than
+ * silently under-billed.
+ *
+ * Scheduled in helm/sim/values.yaml under cronjobs.jobs.reconcileBillingSeats.
+ */
+export const GET = withRouteHandler(async (request: NextRequest) => {
+  const requestId = generateRequestId()
+
+  const authError = verifyCronAuth(request, 'Billing seat reconciliation')
+  if (authError) {
+    return authError
+  }
+
+  try {
+    const drift = await reconcileTeamSeatDrift()
+
+    const deadLettered = await findDeadLetteredEvents(BILLING_SYNC_EVENT_TYPES)
+    if (deadLettered.length > 0) {
+      logger.error(
+        'Dead-lettered billing sync events require manual remediation — a billing state change (seat charge or cancellation) never reached Stripe',
+        {
+          requestId,
+          count: deadLettered.length,
+          events: deadLettered.map((event) => ({
+            id: event.id,
+            eventType: event.eventType,
+            subscriptionId: (event.payload as { subscriptionId?: string } | null)?.subscriptionId,
+            lastError: event.lastError,
+          })),
+        }
+      )
+    }
+
+    logger.info('Billing seat reconciliation completed', {
+      requestId,
+      ...drift,
+      deadLetteredBillingSyncs: deadLettered.length,
+    })
+
+    return NextResponse.json({
+      success: true,
+      requestId,
+      drift,
+      deadLetteredBillingSyncs: deadLettered.length,
+    })
+  } catch (error) {
+    logger.error('Billing seat reconciliation failed', {
+      requestId,
+      error: toError(error).message,
+    })
+    return NextResponse.json(
+      { success: false, requestId, error: toError(error).message },
+      { status: 500 }
+    )
+  }
+})

apps/sim/app/api/invitations/[id]/accept/route.ts

@@ -38,6 +38,7 @@ export const POST = withRouteHandler(
         'email-mismatch': 403,
         'already-in-organization': 409,
         'no-seats-available': 400,
+        'upgrade-required': 402,
         'server-error': 500,
       }
       const status = statusMap[result.kind] ?? 500

apps/sim/app/api/organizations/[id]/invitations/route.ts

@@ -10,6 +10,8 @@ import {
 } from '@/lib/api/contracts/organization'
 import { getValidationErrorMessage, parseRequest } from '@/lib/api/server'
 import { getSession } from '@/lib/auth'
+import { getOrganizationSubscription } from '@/lib/billing/core/billing'
+import { isEnterprise } from '@/lib/billing/plan-helpers'
 import {
   validateBulkInvitations,
   validateSeatAvailability,
@@ -287,8 +289,12 @@ export const POST = withRouteHandler(
         )
       }
 
-      const seatValidation = await validateSeatAvailability(organizationId, emailsToInvite.length)
-      if (!seatValidation.canInvite) {
+      const orgSubscription = await getOrganizationSubscription(organizationId)
+      const enforceFixedSeats = !!orgSubscription && isEnterprise(orgSubscription.plan)
+      const seatValidation = enforceFixedSeats
+        ? await validateSeatAvailability(organizationId, emailsToInvite.length)
+        : null
+      if (seatValidation && !seatValidation.canInvite) {
         return NextResponse.json(
           {
             error: seatValidation.reason,
@@ -394,11 +400,15 @@ export const POST = withRouteHandler(
           (email) => !quickValidateEmail(email.trim().toLowerCase()).isValid
         ),
         workspaceGrantsPerInvite: validGrants.length,
-        seatInfo: {
-          seatsUsed: seatValidation.currentSeats + sentInvitations.length,
-          maxSeats: seatValidation.maxSeats,
-          availableSeats: seatValidation.availableSeats - sentInvitations.length,
-        },
+        ...(seatValidation
+          ? {
+              seatInfo: {
+                seatsUsed: seatValidation.currentSeats + sentInvitations.length,
+                maxSeats: seatValidation.maxSeats,
+                availableSeats: seatValidation.availableSeats - sentInvitations.length,
+              },
+            }
+          : {}),
       }
 
       if (failedInvitations.length > 0 && sentInvitations.length === 0) {

apps/sim/app/api/organizations/[id]/members/[memberId]/route.ts

@@ -4,10 +4,7 @@ import { member, user, userStats } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
 import { and, eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
-import {
-  removeOrganizationMemberQuerySchema,
-  updateOrganizationMemberRoleContract,
-} from '@/lib/api/contracts/organization'
+import { updateOrganizationMemberRoleContract } from '@/lib/api/contracts/organization'
 import { parseRequest } from '@/lib/api/server'
 import { getSession } from '@/lib/auth'
 import { setActiveOrganizationForCurrentSession } from '@/lib/auth/active-organization'
@@ -17,7 +14,7 @@ import {
   removeExternalUserFromOrganizationWorkspaces,
   removeUserFromOrganization,
 } from '@/lib/billing/organizations/membership'
-import { reduceOrganizationSeatsByOne } from '@/lib/billing/organizations/seats'
+import { reconcileOrganizationSeats } from '@/lib/billing/organizations/seats'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 
 const logger = createLogger('OrganizationMemberAPI')
@@ -292,12 +289,6 @@ export const DELETE = withRouteHandler(
       }
 
       const { id: organizationId, memberId: targetUserId } = await params
-      const queryResult = removeOrganizationMemberQuerySchema.safeParse(
-        Object.fromEntries(request.nextUrl.searchParams.entries())
-      )
-      const shouldReduceSeats = queryResult.success
-        ? queryResult.data.shouldReduceSeats === true
-        : false
 
       const userMember = await db
         .select()
@@ -418,25 +409,22 @@ export const DELETE = withRouteHandler(
         return NextResponse.json({ error: result.error }, { status: 500 })
       }
 
-      let seatReduction: Awaited<ReturnType<typeof reduceOrganizationSeatsByOne>> | null = null
-      if (shouldReduceSeats && session.user.id !== targetUserId) {
-        try {
-          seatReduction = await reduceOrganizationSeatsByOne({
-            organizationId,
-            actorUserId: session.user.id,
-            removedUserId: targetUserId,
-          })
-        } catch (seatError) {
-          logger.error('Failed to reduce seats after member removal', {
-            organizationId,
-            removedMemberId: targetUserId,
-            removedBy: session.user.id,
-            error: seatError,
-          })
-          seatReduction = {
-            reduced: false,
-            reason: 'Failed to reduce seats after member removal',
-          }
+      let seatReduction: Awaited<ReturnType<typeof reconcileOrganizationSeats>> | null = null
+      try {
+        seatReduction = await reconcileOrganizationSeats({
+          organizationId,
+          reason: 'member-removed',
+        })
+      } catch (seatError) {
+        logger.error('Failed to reduce seats after member removal', {
+          organizationId,
+          removedMemberId: targetUserId,
+          removedBy: session.user.id,
+          error: seatError,
+        })
+        seatReduction = {
+          changed: false,
+          reason: 'Failed to reduce seats after member removal',
         }
       }
 

apps/sim/app/api/organizations/[id]/route.ts

@@ -119,7 +119,6 @@ export const GET = withRouteHandler(
 /**
  * PUT /api/organizations/[id]
  * Update organization settings (name, slug, logo)
- * Note: For seat updates, use PUT /api/organizations/[id]/seats instead
  */
 export const PUT = withRouteHandler(
   async (request: NextRequest, context: { params: Promise<{ id: string }> }) => {