Fix critical auth, billing, and data safety regressions

[cursor]

Bug and impact

• Project milestone PATCH/DELETE authenticated users but mutated milestones by ID alone, allowing cross-project milestone modification/deletion.
• Code completion fallback snippets queried all analyzed repository summaries without auth or tenant scope, leaking cross-user code summaries.
• Scaffold, legacy analysis, Build This App, App Idea Chat, and Pattern Analyzer could mischarge, skip charges, fail to refund failed paid work, or report success after incomplete generated output.
• Analysis reruns deleted saved blueprints before replacement output was safely persisted, risking data loss on AI truncation or insert failure.
• Credit helpers used read-modify-write balance updates, allowing concurrent deductions/grants to corrupt balances; Stripe webhook retries could duplicate grants.
• Fresh schema bootstrap defined subscriptions.plan twice, breaking initialization.

Root cause

Recent feature work added high-blast-radius project, AI, billing, and streaming paths without consistently carrying authenticated user scope through SQL mutations, without atomic credit accounting, and without fail-closed handling for partial AI/provider failures.

Fix

• Scope milestone updates/deletes through projects.user_id and route project ID.
• Require auth and user-scoped snippet fallback for code completion.
• Charge authenticated users before paid AI work, refund failed charged work, and reject false-success build/analysis output.
• Make GitHub build repos private, dedupe generated paths, and throw on push/generation failures.
• Replace blueprints atomically in one SQL statement only after complete non-truncated AI output.
• Make credit mutations conditional/atomic and add metadata idempotency for Stripe grants.
• Remove duplicate subscriptions.plan schema definition.

Validation

• pnpm exec tsc --noEmit passed.
• Targeted ESLint passed for changed runtime files; only the pre-existing lib/queries.ts unused allowed warning remains.
• Local dev-server unauthenticated checks returned 401 for code completion, legacy analysis, pattern analyzer, milestone PATCH, and an SSE error for Build This App.
• Focused Node invariant harness passed for milestone owner SQL, code-completion tenant scope, authenticated billing/refunds, Build This App private/error behavior, atomic blueprint replacement, atomic credit deduction, Stripe idempotency keys, and schema plan definition.

  

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
repo-app-architect	Ready	Preview, Comment	Jun 28, 2026 11:11am
repofuse	Ready	Preview, Comment, Open in v0	Jun 28, 2026 11:11am
v0-repo-app-architect	Ready	Preview, Comment, Open in v0	Jun 28, 2026 11:11am