fix: org switch issue on consumer when dev org exists

[MaheshtheDev]

No description provided.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	supermemory-app	a88525f	Nov 11 2025, 07:20 PM

[MaheshtheDev]

• fix: org switch issue on consumer when dev org exists #577 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add the label Main to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[claude]

Code Review - PR #577: Fix org switch issue on consumer when dev org exists

Summary

This PR re-enables the previously commented-out logic for handling consumer organization switching. The change ensures that when a user's active organization is a non-consumer org (e.g., a dev org), the system automatically switches them to their consumer organization if one exists.

Code Quality & Best Practices

Positive Aspects

✅ Clear Intent: The logic is straightforward - it prioritizes consumer organizations for users who have one
✅ Safe Navigation: Uses optional chaining (?.) to safely access metadata properties
✅ Error Handling: Proper .catch() block maintains error handling from the original code

Issues to Address

1. Debug Console Statements (Critical)

console.log("Consumer organization:", org)
console.log("ALl orgs:", orgs)  // Note: typo "ALl"

• ❌ Remove before merging - Debug logs should not be committed to production code
• These logs could expose sensitive organization data in production
• Consider using a proper logging service if these logs are needed for debugging

2. Indentation Issue (Line 46)

   setOrg(org)  // Mixed spaces/tabs

• ❌ Inconsistent indentation - should align with surrounding code
• Run bun run format-lint to fix this automatically per CLAUDE.md

3. Missing setOrg() call in else branch

} else {
    const consumerOrg = orgs?.find((o) => o.metadata?.isConsumer === true)
    if (consumerOrg) {
        setActiveOrg(consumerOrg.slug)
    }
    // Missing: what if no consumerOrg is found?
}

• ⚠️ Logic Gap: If the active org is NOT a consumer org and no consumer org exists, org state is never set
• This could leave the UI in an inconsistent state
• Recommendation: Add else { setOrg(org) } after the if (consumerOrg) block

Potential Bugs

Bug #1: Race Condition with orgs dependency

useEffect(() => {
    // ...
}, [session?.session.activeOrganizationId, orgs])

• ⚠️ The orgs list from useListOrganizations() may not be loaded yet when this effect runs
• If orgs is undefined or [], the consumer org lookup will fail silently
• Recommendation: Add a guard condition:

if (!orgs || orgs.length === 0) {
    setOrg(org)  // Fallback to active org
    return
}

Bug #2: Infinite Loop Potential

• ⚠️ Calling setActiveOrg(consumerOrg.slug) triggers an organization change
• This updates session.activeOrganizationId, which triggers this effect again
• While this should stabilize after one iteration, it could cause unnecessary re-renders
• The biome-ignore comment suggests the dependency array is already problematic

Performance Considerations

1. Unnecessary Effect Triggers

• The effect depends on orgs array, which may have reference equality issues
• Every time useListOrganizations() re-fetches, this effect runs even if the org list hasn't changed
• Impact: Minimal for most users, but could cause flickering UI on slow connections

2. Async State Update Pattern

setActiveOrg(consumerOrg.slug)  // This is async but not awaited

• Not awaiting this call means the component continues rendering with stale org state
• Consider: await setActiveOrg(consumerOrg.slug) or rely on the subsequent effect trigger

Security Concerns

1. Organization Data Exposure

• ⚠️ Console logs could expose organization metadata in browser DevTools
• In production builds, this data could be visible to users or through monitoring tools
• Severity: Low-Medium depending on what's in org.metadata

2. No Permission Check

• The code assumes the user can switch to the consumer org
• setActiveOrg() likely handles this, but there's no explicit verification
• Recommendation: Verify this is handled by Better Auth

Test Coverage

• ❓ Missing Tests: No test files included in this PR
• Suggested Test Scenarios:
  1. User with only consumer org → should set that org
  2. User with dev org + consumer org → should switch to consumer org
  3. User with dev org only → should set the dev org
  4. User with multiple consumer orgs → should pick the first one
  5. orgs list not loaded yet → should handle gracefully
  6. Organization fetch failure → error handler should work

Recommendations Summary

Must Fix Before Merge:

1. ❌ Remove all console.log() statements
2. ❌ Fix indentation (run bun run format-lint)
3. ❌ Add setOrg(org) fallback when no consumer org found

Should Fix:
4. ⚠️ Add guard for orgs not being loaded
5. ⚠️ Add unit tests for the organization switching logic
6. ⚠️ Consider adding a comment explaining why consumer orgs are prioritized

Nice to Have:
7. 💡 Consider a more explicit state machine for org switching
8. 💡 Add telemetry/analytics to track org switching behavior
9. 💡 Add a loading state while switching organizations

Suggested Code Fix

useEffect(() => {
    if (session?.session.activeOrganizationId) {
        authClient.organization
            .getFullOrganization()
            .then((org) => {
                if (org.metadata?.isConsumer === true) {
                    // Already on consumer org - all good
                    setOrg(org)
                } else {
                    // On a non-consumer org (e.g., dev org)
                    // Try to switch to consumer org if available
                    if (!orgs || orgs.length === 0) {
                        // Org list not loaded yet, use current org
                        setOrg(org)
                        return
                    }
                    
                    const consumerOrg = orgs.find((o) => o.metadata?.isConsumer === true)
                    if (consumerOrg) {
                        // Switch to consumer org
                        setActiveOrg(consumerOrg.slug)
                    } else {
                        // No consumer org exists, stick with current
                        setOrg(org)
                    }
                }
            })
            .catch((error) => {
                // Silently handle organization fetch failures to prevent unhandled rejections
                console.error("Failed to fetch organization:", error)
            })
    }
}, [session?.session.activeOrganizationId, orgs])

---

Overall Assessment: The logic change itself is sound and addresses a real UX issue. However, the code needs cleanup (remove debug logs, fix formatting) and additional safeguards (handle missing orgs, add fallback setOrg call) before merging.

Would you like me to push these fixes or would you prefer to make the changes yourself?

[claude]

Pull Request Review: Fix org switch issue on consumer when dev org exists

Summary

This PR addresses an organization switching issue by re-enabling previously commented-out logic that handles consumer organizations. The changes also include a dependency upgrade for @opennextjs/cloudflare and a whitespace fix.

---

Code Quality & Best Practices

✅ Positives

• Clear intent: The fix re-enables logic to properly handle consumer organization switching
• Error handling: The existing .catch() block properly handles failures
• Dependency update: Upgrading @opennextjs/cloudflare from 1.6.1 to 1.12.0 is good for security and features

⚠️ Issues Found

1. Debug Console Logs Left in Production Code (packages/lib/auth-context.tsx:45,48)

console.log("Consumer organization:", org)
// ...
console.log("ALl orgs:", orgs)  // Also has typo: "ALl" → "All"

Impact: These debug logs will clutter production console output and may expose sensitive organization data to browser DevTools.

Recommendation: Remove these logs or wrap them in a development check:

if (process.env.NODE_ENV === 'development') {
  console.log("Consumer organization:", org)
}

2. Inconsistent Indentation (packages/lib/auth-context.tsx:46)

The line setOrg(org) has inconsistent spacing (3 spaces instead of tabs/proper indentation).

Recommendation: Run bun run format-lint to fix formatting issues per repository standards.

3. Whitespace-Only Change (apps/web/package.json:62)

The change from tab to spaces on the idb-keyval line is good for consistency but is unrelated to the PR's stated purpose.

---

Potential Bugs & Logic Issues

🔴 Critical: Missing Else Branch

Location: packages/lib/auth-context.tsx:44-53

Issue: When the active organization is not a consumer org AND no consumer org is found in the list, setOrg() is never called, leaving org state as null. This could break components that depend on org being set.

Current Logic:

if (org.metadata?.isConsumer === true) {
   setOrg(org)
} else {
   const consumerOrg = orgs?.find((o) => o.metadata?.isConsumer === true)
   if (consumerOrg) {
      setActiveOrg(consumerOrg.slug)  // This eventually calls setOrg
   }
   // ❌ If consumerOrg is undefined, org remains null
}

Recommendation: Add fallback to set the current organization:

if (org.metadata?.isConsumer === true) {
   setOrg(org)
} else {
   const consumerOrg = orgs?.find((o) => o.metadata?.isConsumer === true)
   if (consumerOrg) {
      setActiveOrg(consumerOrg.slug)
   } else {
      // Fallback: keep the current active organization
      setOrg(org)
   }
}

🟡 Moderate: Race Condition Potential

Location: packages/lib/auth-context.tsx:60

Issue: The useEffect dependency array includes both session?.session.activeOrganizationId and orgs. If orgs updates while activeOrganizationId hasn't changed, the effect re-runs and may switch organizations unexpectedly.

Scenario:

1. User has active non-consumer org
2. orgs data arrives/updates
3. Effect runs, finds consumer org, auto-switches

Recommendation: Consider if orgs should trigger this effect, or add guards:

useEffect(() => {
   if (session?.session.activeOrganizationId && orgs && orgs.length > 0) {
      // existing logic
   }
}, [session?.session.activeOrganizationId, orgs])

---

Performance Considerations

🟢 Generally Good

1. No unnecessary re-renders: The logic only runs when activeOrganizationId or orgs changes
2. Async handling: Proper use of promises with .then()/.catch()

🟡 Minor Concern

The orgs?.find() on line 49 runs on every effect trigger. For large organization lists, consider memoization:

import { useMemo } from "react"

const consumerOrg = useMemo(
   () => orgs?.find((o) => o.metadata?.isConsumer === true),
   [orgs]
)

---

Security Concerns

⚠️ Information Disclosure

Issue: Console logs (lines 45, 48) may leak:

• Organization IDs
• Organization metadata
• User's organization list

Impact: Low severity (requires DevTools access), but violates data minimization principles.

Recommendation: Remove or protect with environment checks.

---

Test Coverage

❌ No Tests Included

This PR modifies critical authentication/authorization logic but includes no tests.

Recommended Test Cases:

1. Consumer org handling:

   • User with only consumer org → should set that org
   • User with consumer + dev orgs → should set consumer org

2. Edge cases:

   • User with no consumer org → should handle gracefully
   • orgs is undefined/empty → should not crash
   • Fetch failures → error handling works

3. Organization switching:

   • setActiveOrg correctly updates state
   • Race conditions don't cause multiple switches

Suggested Test File: packages/lib/__tests__/auth-context.test.tsx

---

Dependency Update Analysis

@opennextjs/cloudflare: 1.6.1 → 1.12.0

Major version jump (6 minor versions). Changes include:

• Added @opennextjs/aws update (3.8.0 → 3.8.5)
• New dependencies: rclone.js, @types/rclone.js

Recommendations:

1. ✅ Review changelog for breaking changes
2. ✅ Test deployment to ensure Cloudflare Workers compatibility
3. ✅ Verify build process still works: bun run build

---

Action Items

Before Merge:

1. 🔴 Fix missing else branch for non-consumer orgs without fallback
2. 🟡 Remove debug console.log statements or wrap in dev checks
3. 🟡 Run code formatter: bun run format-lint
4. 🟡 Add tests for organization switching logic
5. 🟡 Test the dependency upgrade thoroughly

Nice to Have:

• Consider memoizing consumerOrg lookup
• Review if orgs should be in the effect dependency array
• Add JSDoc comments explaining the consumer org logic

---

Overall Assessment

Status: ⚠️ Changes Requested

The PR addresses a real bug (consumer org switching) but introduces:

• A new bug (missing fallback for non-consumer orgs)
• Production debug logs
• No test coverage for critical auth logic

With the recommended fixes, this will be a solid improvement.

Estimated effort to address: ~30 minutes

---

Great work identifying and fixing the organization switching issue! Let me know if you need help implementing any of these suggestions.

[claude]

Pull Request Review: Fix org switch issue on consumer when dev org exists

Summary

This PR re-enables organization switching logic that was previously commented out, adds dependency upgrades, and renames a file from proxy.ts to middleware.ts.

---

Code Quality & Best Practices

✅ Positives

• Dependency Update: Upgrading @opennextjs/cloudflare from ^1.6.1 to ^1.12.0 is good - this spans several minor versions and likely includes bug fixes and improvements
• Indentation Fix: Fixed the tab/space inconsistency for idb-keyval in package.json:62
• File Rename: Renaming proxy.ts to middleware.ts better aligns with Next.js conventions if this is middleware

⚠️ Concerns

1. Debug Console Logs Left in Production Code (auth-context.tsx:45, 48)

console.log("Consumer organization:", org)
console.log("ALl orgs:", orgs)  // Also has a typo: "ALl" → "All"

• Issue: Debug console logs should not be committed to production code
• Recommendation: Remove these or replace with proper logging (using your Sentry integration or a logging utility)
• Impact: Pollutes browser console and could leak organization data

2. Indentation Inconsistency (auth-context.tsx:46)

if (org.metadata?.isConsumer === true) {
    console.log("Consumer organization:", org)
   setOrg(org)  // ← Mixed indentation (3 spaces instead of tab)

• Issue: Line 46 has inconsistent indentation (3 spaces) compared to surrounding code (tabs)
• Recommendation: Run bun run format-lint as specified in CLAUDE.md to fix this automatically
• Impact: Code style violation that may fail linting

---

Potential Bugs & Logic Issues

1. Race Condition Risk (auth-context.tsx:40-60)

useEffect(() => {
    if (session?.session.activeOrganizationId) {
        authClient.organization
            .getFullOrganization()
            .then((org) => {
                if (org.metadata?.isConsumer === true) {
                    setOrg(org)
                } else {
                    const consumerOrg = orgs?.find((o) => o.metadata?.isConsumer === true)
                    if (consumerOrg) {
                        setActiveOrg(consumerOrg.slug)
                    }
                }
            })
    }
}, [session?.session.activeOrganizationId, orgs])

Issues:

• The orgs dependency may not be populated when the effect first runs, causing the logic to fail silently
• When a non-consumer org is active, the code attempts to switch to a consumer org, but orgs might be undefined/empty
• setActiveOrg calls setOrg internally, which could trigger additional re-renders

Recommendation:

// Add a check for orgs availability
if (!orgs || orgs.length === 0) {
    setOrg(org) // Fallback to current org if orgs list not ready
    return
}

2. Missing Else Branch for Non-Consumer Case

• If the user is in a non-consumer org AND there's no consumer org available, setOrg is never called
• This could leave org as null indefinitely

Recommendation:

} else {
    const consumerOrg = orgs?.find((o) => o.metadata?.isConsumer === true)
    if (consumerOrg) {
        setActiveOrg(consumerOrg.slug)
    } else {
        setOrg(org) // Fallback: use current org if no consumer org exists
    }
}

3. Incomplete Comment Removal (middleware.ts:36)

//     });
// ← Missing closing brace removed but not the entire block

• Issue: Incomplete comment cleanup leaves orphaned code
• Recommendation: Either complete the cleanup or restore proper formatting

---

Performance Considerations

Potential Issue: Automatic organization switching could cause unnecessary API calls

When a user is in a non-consumer org, the code automatically calls setActiveOrg(consumerOrg.slug), which:

1. Calls authClient.organization.setActive()
2. Updates the server-side active organization
3. This triggers the effect again due to activeOrganizationId changing

Recommendation: Add a guard to prevent infinite loops:

const [isSwitching, setIsSwitching] = useState(false)

// In useEffect:
if (!isSwitching && consumerOrg) {
    setIsSwitching(true)
    setActiveOrg(consumerOrg.slug).finally(() => setIsSwitching(false))
}

---

Security Concerns

Medium Risk: Organization data exposure in console logs

• Console logs containing full organization objects could expose sensitive metadata
• This is especially concerning if error tracking tools capture console output

Recommendation: Remove console.log statements before merging

---

Test Coverage

Missing:

• No tests included for this organization switching logic
• This is complex conditional logic that would benefit from unit tests

Suggested Test Cases:

1. User with active consumer org → should stay in consumer org
2. User with active non-consumer org + available consumer org → should switch to consumer org
3. User with active non-consumer org + no consumer org available → should stay in current org
4. Race condition: org list not yet loaded when effect runs

---

File Rename Impact

The proxy.ts → middleware.ts rename is not documented in the PR description.

Questions:

• Is this file actually Next.js middleware now? If so, does it follow Next.js middleware conventions?
• Are there any imports in other files that reference proxy.ts that need updating?
• Should the export be updated to use Next.js middleware signature?

Recommendation: Add clarity in PR description about why this rename was needed

---

Summary of Recommendations

🔴 Must Fix (Blocking)

1. Remove debug console.log statements at lines 45 and 48 (fix typo "ALl")
2. Fix indentation on line 46 (run bun run format-lint)
3. Add fallback logic when no consumer org is found

🟡 Should Fix (Important)

4. Add guard against race condition with orgs being undefined
5. Add guard against infinite switching loops
6. Clean up incomplete commented code in middleware.ts

🟢 Nice to Have

7. Add unit tests for organization switching logic
8. Document the proxy.ts → middleware.ts rename in PR description
9. Consider using a proper logging utility instead of console.log

---

Let me know if you'd like help implementing any of these fixes! The core logic change looks correct for the intended behavior, but the implementation needs some refinement before merging.

[graphite-app]

Merge activity

• Nov 11, 7:09 PM UTC: Dhravya added this pull request to the Graphite merge queue.
• Nov 11, 7:11 PM UTC: Merged by the Graphite merge queue.

[graphite-app]