[comp] Production Deploy#2754
Open
github-actions[bot] wants to merge 9 commits intoreleasefrom
Open
Conversation
…oggle [dev] [Marfuen] mariano/fix-trust-framework-toggle
|
The latest updates on your projects. Learn more about Vercel for GitHub.
1 Skipped Deployment
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
The backend already falls back from Stripe subscription to the BillingCreditBalance wallet when an active subscription is missing or exhausted, but `/v1/billing/status` only returned subscription data. Both the pentest page and the background-check wizard computed their "available scans" balance from subscription remainder alone, so admin- granted credits were invisible: the New Scan button rerouted to billing even though the create endpoint would have happily consumed a wallet credit. Now `getStatus` aggregates wallet balances per product and the two UIs add them to the displayed allowance, mirroring the backend's consumption decision. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…gating fix(billing): surface wallet credits to pentest + bg-check UIs
The /upgrade page was instantiating its own Stripe client and writing
hasAccess directly to the DB from a Next.js server component. That meant
STRIPE_SECRET_KEY had to live on Vercel in addition to the API, the
hasAccess flip skipped the API's audit log + RBAC, and we had two
Stripe clients drifting apart over time.
Move both the Stripe lookup and the hasAccess write into a new API
endpoint:
POST /v1/organization-access/auto-approve
guarded by HybridAuthGuard + PermissionGuard with
@RequirePermission('organization', 'update'). The endpoint reuses the
existing global StripeService — no second Stripe client. Decision
matrix preserved exactly: self-hosted, @trycomp.ai email, or
domain-matched active Stripe customer.
App side: upgrade page now calls serverApi instead of importing
@/lib/stripe and writing to db; lib/stripe.ts and the
STRIPE_SECRET_KEY env declaration are removed from the Next.js app.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
NEXT_PUBLIC_SELF_HOSTED is a Next.js build-time env that the OSS Docker deployment sets on the app container only — there is no propagation to the API container (the root docker-compose.yml ships only app + portal services). Moving the entire auto-approval flow into the API would have broken self-hosted/OSS deployments, since neither SELF_HOSTED nor NEXT_PUBLIC_SELF_HOSTED is available there. Restore the inline self-hosted branch on the upgrade page (preserves original behavior bit-for-bit) and route only the Stripe-customer + @trycomp.ai paths through the API. The single remaining DB write on the page is gated on a build-time deploy flag, not user input — so the "all mutations through the API" rule is preserved in spirit for every user-facing decision. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…to-api refactor(stripe): move upgrade-page auto-approval into API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.
Summary by cubic
Expose per-product wallet credit balances in billing status and update pentest/background-check allowance logic to include them, preventing false paywalls when admin-granted credits exist. Add an organization access auto-approval API and move Stripe domain checks server-side; the upgrade page now uses it and keeps the self-hosted shortcut.
New Features
/v1/billing/statusnow returns aggregatedcreditBalancesper product;BillingServiceuses an optional credits service and includes tests for aggregation and empty states.emptyBillingStatusincludescreditBalances./v1/organization-access/auto-approveto grant org access based on self-hosted flag,@trycomp.aiemail, or domain-matched active Stripe customer (viaStripeService); includes domain utils and tests. App upgrade page now calls this endpoint, removeslib/stripe.tsand the app’sSTRIPE_SECRET_KEY, and retains the self-hosted inline grant to avoid OSS regression.Bug Fixes
Written for commit 8247ed3. Summary will update on new commits.