improvement(admin-routes): cleanup code that could accidentally desync stripe and DB

[icecrasher321]

Summary

Current billing system is event based and designed entirely around stripe webhook events triggering db updates. When done directly via an Admin route -- this can be complicated since edge case logic for thigns like seat updates, plan upgrades/downgrades involve multiple steps of bookkeeping on our side and on stripe. It's also not good practice to autocharge customers without notifying them.

This PR makes sure correctness and simplifies to only have delete subscription ops. Complex ops should otherwise be executed using Stripe CLI.

Type of Change

• Bug fix

Testing

Tested manually.

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
docs	Skipped		Dec 13, 2025 11:04pm

[greptile-apps]

Greptile Overview

Greptile Summary

This PR improves billing system correctness by removing admin routes that could desync Stripe and the database. The key changes:

• Removed seat modification endpoint: The PATCH /organizations/:id/seats route was removed because directly updating seat counts without going through Stripe's billing flow could create inconsistencies between the DB and Stripe's subscription state.

• Simplified subscription management: The PATCH /subscriptions/:id endpoint was replaced with a DELETE endpoint that properly triggers Stripe cancellation. This delegates all cleanup (status updates, overage billing, usage resets, Pro restoration, org deletion) to webhook handlers, ensuring consistency with the platform's standard cancellation flow.

• Added Stripe sync for member additions: When adding members via admin API, the Pro subscription cancellation is now synced with Stripe (previously only updated in DB).

• Consolidated Pro restoration logic: Extracted restoreUserProSubscription as a reusable function used by both member removal and team subscription cancellation scenarios.

• Enhanced webhook handlers: handleSubscriptionDeleted now handles all cleanup including restoring Pro subscriptions for all org members and syncing usage limits.

Confidence Score: 5/5

• This PR is safe to merge - it removes potentially dangerous admin operations and improves billing consistency.
• The changes are defensive in nature, removing code paths that could cause Stripe/DB desync. The refactored code follows established patterns in the codebase (webhook-driven updates) and consolidates duplicate logic into reusable functions.
• No files require special attention.

Important Files Changed

File Analysis

Filename	Score	Overview
apps/sim/app/api/v1/admin/index.ts	5/5	Documentation updates to reflect API changes: removed PATCH /seats endpoint, changed PATCH /subscriptions to DELETE for cancellation.
apps/sim/app/api/v1/admin/organizations/[id]/members/route.ts	5/5	Added Stripe sync for Pro subscription cancellation when adding members to orgs, ensuring consistency with invitation flow.
apps/sim/app/api/v1/admin/organizations/[id]/seats/route.ts	5/5	Removed PATCH endpoint that could desync Stripe and DB by directly modifying seat counts; now read-only.
apps/sim/app/api/v1/admin/subscriptions/[id]/route.ts	5/5	Replaced complex PATCH endpoint with DELETE that properly triggers Stripe cancellation, delegating cleanup to webhooks.
apps/sim/lib/auth/auth.ts	5/5	Removed redundant syncSubscriptionUsageLimits call from onSubscriptionDeleted since handleSubscriptionDeleted now handles this.
apps/sim/lib/billing/organizations/membership.ts	5/5	Extracted restoreUserProSubscription into a reusable function for both member removal and team subscription cancellation scenarios.
apps/sim/lib/billing/webhooks/subscription.ts	5/5	Added comprehensive cleanup for subscription deletion: Pro restoration for all members, usage limit sync, and organization deletion.

Sequence Diagram

sequenceDiagram
    participant Admin as Admin API
    participant DB as Database
    participant Stripe as Stripe API
    participant Webhook as Stripe Webhook

    Note over Admin,Webhook: Before: Direct DB updates could desync
    Admin->>DB: PATCH seats/subscription (old)
    Note right of DB: ⚠️ Stripe not updated

    Note over Admin,Webhook: After: Stripe-first approach
    Admin->>Stripe: DELETE subscription (cancel)
    Stripe-->>Webhook: subscription.deleted event
    Webhook->>DB: Update status
    Webhook->>DB: Reset usage
    Webhook->>Stripe: Restore Pro subscriptions
    Webhook->>DB: Delete organization
    Webhook->>DB: Sync usage limits

Loading

[greptile-apps]

_{7 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}