improvement(billing): wire up billing, org, teammates tabs + remove deprecated subscription tab (#4887)

* improvement(billing): wire up billing, org, teammates tabs + remove depr subscription tab

* pass exec timeout to tool routes

* reuse helper

* address comments

* address disable comment

Author: icecrasher321

apps/sim/app/api/billing/invoices/route.ts

@@ -0,0 +1,93 @@
+import { db } from '@sim/db'
+import { user } from '@sim/db/schema'
+import { createLogger } from '@sim/logger'
+import { eq } from 'drizzle-orm'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getInvoicesContract } from '@/lib/api/contracts/subscription'
+import { parseRequest } from '@/lib/api/server'
+import { getSession } from '@/lib/auth'
+import { getOrganizationSubscription } from '@/lib/billing/core/billing'
+import { isOrganizationOwnerOrAdmin } from '@/lib/billing/core/organization'
+import { getStripeClient } from '@/lib/billing/stripe-client'
+import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+
+const logger = createLogger('BillingInvoices')
+
+/** Cap the number of invoices returned to the most recent statements. */
+const MAX_INVOICES = 12
+
+/**
+ * Lists finalized Stripe invoices for the caller's billing customer (personal
+ * or organization-scoped). Returns an empty list when there is no Stripe
+ * customer yet or when Stripe is not configured, so the UI can simply hide the
+ * Invoices section instead of surfacing an error.
+ */
+export const GET = withRouteHandler(async (request: NextRequest) => {
+  const session = await getSession()
+  if (!session?.user?.id) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const parsed = await parseRequest(getInvoicesContract, request, {})
+  if (!parsed.success) return parsed.response
+
+  const { context, organizationId } = parsed.data.query
+
+  if (context === 'organization' && !organizationId) {
+    return NextResponse.json(
+      { error: 'organizationId is required when context=organization' },
+      { status: 400 }
+    )
+  }
+
+  let stripeCustomerId: string | null = null
+
+  if (context === 'organization') {
+    const hasPermission = await isOrganizationOwnerOrAdmin(session.user.id, organizationId!)
+    if (!hasPermission) {
+      return NextResponse.json({ error: 'Permission denied' }, { status: 403 })
+    }
+
+    // Resolve the org's customer via the canonical resolver so we deterministically
+    // pick the same subscription (most recent entitled, ordered) the rest of the
+    // billing UI uses — a bare limit(1) here could select a stale row.
+    const orgSubscription = await getOrganizationSubscription(organizationId!)
+    stripeCustomerId = orgSubscription?.stripeCustomerId ?? null
+  } else {
+    const rows = await db
+      .select({ customer: user.stripeCustomerId })
+      .from(user)
+      .where(eq(user.id, session.user.id))
+      .limit(1)
+
+    stripeCustomerId = rows.length > 0 ? rows[0].customer || null : null
+  }
+
+  const stripe = getStripeClient()
+  if (!stripeCustomerId || !stripe) {
+    return NextResponse.json({ success: true, invoices: [], hasMore: false })
+  }
+
+  try {
+    const result = await stripe.invoices.list({ customer: stripeCustomerId, limit: MAX_INVOICES })
+
+    const invoices = result.data
+      .filter((invoice) => invoice.id && invoice.status && invoice.status !== 'draft')
+      .map((invoice) => ({
+        id: invoice.id as string,
+        number: invoice.number ?? null,
+        created: invoice.created,
+        total: invoice.total,
+        amountPaid: invoice.amount_paid,
+        currency: invoice.currency,
+        status: invoice.status ?? null,
+        hostedInvoiceUrl: invoice.hosted_invoice_url ?? null,
+        invoicePdf: invoice.invoice_pdf ?? null,
+      }))
+
+    return NextResponse.json({ success: true, invoices, hasMore: result.has_more })
+  } catch (error) {
+    logger.error('Failed to list invoices', { error, userId: session.user.id, context })
+    return NextResponse.json({ error: 'Failed to list invoices' }, { status: 500 })
+  }
+})

apps/sim/app/api/billing/portal/route.ts

@@ -1,13 +1,13 @@
 import { db } from '@sim/db'
-import { subscription as subscriptionTable, user } from '@sim/db/schema'
+import { user } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, eq, inArray, or } from 'drizzle-orm'
+import { eq } from 'drizzle-orm'
 import { type NextRequest, NextResponse } from 'next/server'
 import { billingPortalBodySchema } from '@/lib/api/contracts/subscription'
 import { getSession } from '@/lib/auth'
+import { getOrganizationSubscription } from '@/lib/billing/core/billing'
 import { isOrganizationOwnerOrAdmin } from '@/lib/billing/core/organization'
 import { requireStripeClient } from '@/lib/billing/stripe-client'
-import { ENTITLED_SUBSCRIPTION_STATUSES } from '@/lib/billing/subscriptions/utils'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
 
@@ -44,21 +44,10 @@ export const POST = withRouteHandler(async (request: NextRequest) => {
         return NextResponse.json({ error: 'Permission denied' }, { status: 403 })
       }
 
-      const rows = await db
-        .select({ customer: subscriptionTable.stripeCustomerId })
-        .from(subscriptionTable)
-        .where(
-          and(
-            eq(subscriptionTable.referenceId, organizationId),
-            or(
-              inArray(subscriptionTable.status, ENTITLED_SUBSCRIPTION_STATUSES),
-              eq(subscriptionTable.cancelAtPeriodEnd, true)
-            )
-          )
-        )
-        .limit(1)
-
-      stripeCustomerId = rows.length > 0 ? rows[0].customer || null : null
+      // Canonical resolver: deterministically selects the most recent entitled
+      // org subscription, matching the rest of the billing UI.
+      const orgSubscription = await getOrganizationSubscription(organizationId)
+      stripeCustomerId = orgSubscription?.stripeCustomerId ?? null
     } else {
       const rows = await db
         .select({ customer: user.stripeCustomerId })

apps/sim/app/api/tools/image/route.ts

@@ -39,7 +39,12 @@ const MAX_IMAGE_BYTES = 25 * 1024 * 1024
 const MAX_IMAGE_JSON_BYTES = Math.ceil((MAX_IMAGE_BYTES * 4) / 3) + 256 * 1024
 
 export const dynamic = 'force-dynamic'
-export const maxDuration = 600
+/**
+ * Mirrors the maximum plan execution timeout (enterprise async, 90 minutes) used by
+ * `getMaxExecutionTimeout()` for the provider polling loop below. Next.js requires a
+ * static literal for `maxDuration`, so this value must be kept in sync with that source.
+ */
+export const maxDuration = 5400
 
 type ImageProvider = (typeof imageProviders)[number]
 

apps/sim/app/api/tools/stt/route.ts

@@ -7,7 +7,7 @@ import { sttToolContract } from '@/lib/api/contracts/tools/media/stt'
 import { getValidationErrorMessage, parseRequest, validationErrorResponse } from '@/lib/api/server'
 import { extractAudioFromVideo, isVideoFile } from '@/lib/audio/extractor'
 import { checkInternalAuth } from '@/lib/auth/hybrid'
-import { DEFAULT_EXECUTION_TIMEOUT_MS } from '@/lib/core/execution-limits'
+import { getMaxExecutionTimeout } from '@/lib/core/execution-limits'
 import {
   secureFetchWithPinnedIP,
   validateUrlWithDNS,
@@ -25,7 +25,12 @@ const logger = createLogger('SttProxyAPI')
 const ELEVENLABS_STT_MODEL = 'scribe_v2'
 
 export const dynamic = 'force-dynamic'
-export const maxDuration = 300 // 5 minutes for large files
+/**
+ * Mirrors the maximum plan execution timeout (enterprise async, 90 minutes) used by
+ * `getMaxExecutionTimeout()` for the transcript polling loop below. Next.js requires a
+ * static literal for `maxDuration`, so this value must be kept in sync with that source.
+ */
+export const maxDuration = 5400
 
 export const POST = withRouteHandler(async (request: NextRequest) => {
   const requestId = generateId()
@@ -629,7 +634,7 @@ async function transcribeWithAssemblyAI(
   let transcript: any
   let attempts = 0
   const pollIntervalMs = 5000
-  const maxAttempts = Math.ceil(DEFAULT_EXECUTION_TIMEOUT_MS / pollIntervalMs)
+  const maxAttempts = Math.ceil(getMaxExecutionTimeout() / pollIntervalMs)
 
   while (attempts < maxAttempts) {
     const statusResponse = await fetch(`https://api.assemblyai.com/v2/transcript/${id}`, {

apps/sim/app/api/tools/textract/parse/route.ts

@@ -6,7 +6,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { textractParseContract } from '@/lib/api/contracts/tools/media/document-parse'
 import { getValidationErrorMessage, parseRequest } from '@/lib/api/server'
 import { checkInternalAuth } from '@/lib/auth/hybrid'
-import { DEFAULT_EXECUTION_TIMEOUT_MS } from '@/lib/core/execution-limits'
+import { getMaxExecutionTimeout } from '@/lib/core/execution-limits'
 import { validateS3BucketName } from '@/lib/core/security/input-validation'
 import {
   secureFetchWithPinnedIP,
@@ -22,7 +22,12 @@ import {
 import { assertToolFileAccess } from '@/app/api/files/authorization'
 
 export const dynamic = 'force-dynamic'
-export const maxDuration = 300 // 5 minutes for large multi-page PDF processing
+/**
+ * Mirrors the maximum plan execution timeout (enterprise async, 90 minutes) used by
+ * `getMaxExecutionTimeout()` for the job polling loop below. Next.js requires a static
+ * literal for `maxDuration`, so this value must be kept in sync with that source.
+ */
+export const maxDuration = 5400
 
 const logger = createLogger('TextractParseAPI')
 
@@ -184,7 +189,7 @@ async function pollForJobCompletion(
   requestId: string
 ): Promise<Record<string, unknown>> {
   const pollIntervalMs = 5000
-  const maxPollTimeMs = DEFAULT_EXECUTION_TIMEOUT_MS
+  const maxPollTimeMs = getMaxExecutionTimeout()
   const maxAttempts = Math.ceil(maxPollTimeMs / pollIntervalMs)
 
   const getTarget = useAnalyzeDocument

apps/sim/app/api/tools/video/route.ts

@@ -28,7 +28,12 @@ const MAX_VIDEO_REFERENCE_IMAGE_BYTES = 25 * 1024 * 1024
 const MAX_VIDEO_JSON_BYTES = 2 * 1024 * 1024
 
 export const dynamic = 'force-dynamic'
-export const maxDuration = 600 // 10 minutes for video generation
+/**
+ * Mirrors the maximum plan execution timeout (enterprise async, 90 minutes) used by
+ * `getMaxExecutionTimeout()` for the provider polling loops below. Next.js requires a
+ * static literal for `maxDuration`, so this value must be kept in sync with that source.
+ */
+export const maxDuration = 5400
 
 async function readVideoResponseBuffer(response: Response, label: string): Promise<Buffer> {
   return readResponseToBufferWithLimit(response, {

apps/sim/app/workspace/[workspaceId]/home/components/message-content/components/special-tags/special-tags.tsx

@@ -637,7 +637,7 @@ function MothershipErrorDisplay({ data }: { data: MothershipErrorTagData }) {
 
 function UsageUpgradeDisplay({ data }: { data: UsageUpgradeTagData }) {
   const { workspaceId } = useParams<{ workspaceId: string }>()
-  const settingsPath = `/workspace/${workspaceId}/settings/subscription`
+  const settingsPath = `/workspace/${workspaceId}/settings/billing`
   const buttonLabel = data.action === 'upgrade_plan' ? 'Upgrade Plan' : 'Increase Limit'
 
   return (

apps/sim/app/workspace/[workspaceId]/home/components/mothership-view/components/resource-content/resource-content.tsx

@@ -276,7 +276,7 @@ export function EmbeddedWorkflowActions({ workspaceId, workflowId }: EmbeddedWor
     }
 
     if (usageExceeded) {
-      navigateToSettings({ section: 'subscription' })
+      navigateToSettings({ section: 'billing' })
       return
     }
 

apps/sim/app/workspace/[workspaceId]/home/components/user-input/user-input.tsx

@@ -393,7 +393,7 @@ export const UserInput = forwardRef<UserInputHandle, UserInputProps>(function Us
   }
 
   function handleUsageLimitExceeded() {
-    navigateToSettings({ section: 'subscription' })
+    navigateToSettings({ section: 'billing' })
   }
 
   const {

apps/sim/app/workspace/[workspaceId]/settings/[section]/settings.tsx

@@ -5,15 +5,13 @@ import dynamic from 'next/dynamic'
 import { useSearchParams } from 'next/navigation'
 import { usePostHog } from 'posthog-js/react'
 import { useSession } from '@/lib/auth/auth-client'
-import { isEnterprise } from '@/lib/billing/plan-helpers'
 import { captureEvent } from '@/lib/posthog/client'
 import { General } from '@/app/workspace/[workspaceId]/settings/components/general/general'
 import type { SettingsSection } from '@/app/workspace/[workspaceId]/settings/navigation'
 import {
   isBillingEnabled,
   isCredentialSetsEnabled,
 } from '@/app/workspace/[workspaceId]/settings/navigation'
-import { useSubscriptionData } from '@/hooks/queries/subscription'
 
 const Admin = dynamic(() =>
   import('@/app/workspace/[workspaceId]/settings/components/admin/admin').then((m) => m.Admin)
@@ -58,11 +56,6 @@ const RecentlyDeleted = dynamic(() =>
     '@/app/workspace/[workspaceId]/settings/components/recently-deleted/recently-deleted'
   ).then((m) => m.RecentlyDeleted)
 )
-const Subscription = dynamic(() =>
-  import('@/app/workspace/[workspaceId]/settings/components/subscription/subscription').then(
-    (m) => m.Subscription
-  )
-)
 const Billing = dynamic(() =>
   import('@/app/workspace/[workspaceId]/settings/components/billing/billing').then((m) => m.Billing)
 )
@@ -114,26 +107,20 @@ export function SettingsPage({ section }: SettingsPageProps) {
   const { data: session, isPending: sessionLoading } = useSession()
   const posthog = usePostHog()
 
-  const { data: subscriptionData } = useSubscriptionData({
-    enabled: isBillingEnabled,
-    staleTime: 5 * 60 * 1000,
-  })
-  const isEnterprisePlan = isEnterprise(subscriptionData?.data?.plan)
-
   const isAdminRole = session?.user?.role === 'admin'
+  // The Subscription tab was replaced by Billing; redirect legacy links there.
+  const normalizedSection: SettingsSection =
+    (section as string) === 'subscription' ? 'billing' : section
   const effectiveSection =
-    !isBillingEnabled &&
-    (section === 'subscription' || section === 'billing' || section === 'organization')
+    !isBillingEnabled && (normalizedSection === 'billing' || normalizedSection === 'organization')
       ? 'general'
-      : section === 'billing' && isEnterprisePlan
+      : normalizedSection === 'credential-sets' && !isCredentialSetsEnabled
         ? 'general'
-        : section === 'credential-sets' && !isCredentialSetsEnabled
+        : normalizedSection === 'admin' && !sessionLoading && !isAdminRole
           ? 'general'
-          : section === 'admin' && !sessionLoading && !isAdminRole
+          : normalizedSection === 'mothership' && !sessionLoading && !isAdminRole
             ? 'general'
-            : section === 'mothership' && !sessionLoading && !isAdminRole
-              ? 'general'
-              : section
+            : normalizedSection
 
   useEffect(() => {
     if (sessionLoading) return
@@ -148,7 +135,6 @@ export function SettingsPage({ section }: SettingsPageProps) {
       {effectiveSection === 'access-control' && <AccessControl />}
       {effectiveSection === 'audit-logs' && <AuditLogs />}
       {effectiveSection === 'apikeys' && <ApiKeys />}
-      {isBillingEnabled && effectiveSection === 'subscription' && <Subscription />}
       {isBillingEnabled && effectiveSection === 'billing' && <Billing />}
       {effectiveSection === 'teammates' && <Teammates />}
       {isBillingEnabled && effectiveSection === 'organization' && <TeamManagement />}