The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		Jun 10, 2026 9:46pm

PR Summary

Medium Risk
Touches the internal billing ledger path and changes validation/attribution behavior, but billing still keys on the user and the change mainly reduces failure modes rather than altering charge logic.

Overview
/api/billing/update-cost no longer requires workspaceId and treats workspace attribution as best-effort instead of failing validation or ledger writes.

Before stamping usage_log, the route resolves the ID against this deployment’s workspace table via resolveAttributableWorkspaceId. Missing IDs (headless clients) and foreign IDs (self-hosted) are recorded unattributed (workspaceId: undefined), avoiding FK violations that previously failed the flush and stranded cost in the caller’s dead-letter queue. Known workspaces still get attribution unchanged.

On failure, error logs now include Postgres SQLSTATE and constraint (pgCode, pgConstraint) for easier diagnosis. Tests were updated/added for omitted and unknown workspace cases, with @sim/db mocked for the lookup.

^{Reviewed by Cursor Bugbot for commit 673f036. Configure here.}

Greptile Summary

This PR makes workspace attribution on POST /api/billing/update-cost best-effort, fixing FK violations that caused self-hosted and headless billing flushes to fail and strand cost in the Go dead-letter queue. The route now resolves the request-supplied workspaceId against the local workspace table before writing to usage_log, silently falling back to unattributed when the workspace is absent or belongs to a foreign deployment.

• workspaceId in the Zod contract is changed from required to optional, with an updated comment explaining the design rationale.
• A new resolveAttributableWorkspaceId helper performs a PK lookup; unknown or missing workspace IDs yield undefined with a warning log rather than a 500 from the FK constraint.
• Error logging now surfaces the PostgreSQL SQLSTATE code and constraint name, making similar incidents diagnosable from logs without a Drizzle query trace.
• Tests are updated to cover the two new unattributed paths (omitted workspaceId and a foreign workspace ID that doesn't exist locally).

Confidence Score: 4/5

Safe to merge; the change narrows the blast radius of a known production failure and billing correctness (keyed on userId) is unaffected by workspace attribution.

The core billing path is well-tested and the fallback to unattributed is safe by design. Two minor observations remain: every hosted billing flush now incurs an extra DB round-trip for workspace validation, and the silent attribution downgrade leaves no signal in the trace span, which could make future regressions hard to detect. Neither blocks merging.

apps/sim/app/api/billing/update-cost/route.ts — the new workspace lookup is on the hot billing path and lacks a span attribute to track attribution outcomes.

Important Files Changed

Sequence Diagram

sequenceDiagram
    participant Go as Go Mothership / Self-hosted Client
    participant Route as POST /api/billing/update-cost
    participant WS as workspace table (DB)
    participant UL as usage_log (DB)

    Go->>Route: "POST { userId, cost, workspaceId? }"
    Route->>Route: checkInternalApiKey()
    Route->>Route: parseRequest (Zod — workspaceId now optional)

    alt workspaceId provided
        Route->>WS: "SELECT id WHERE id = workspaceId LIMIT 1"
        alt workspace exists in this deployment
            WS-->>Route: "[{ id: workspaceId }]"
            Note over Route: attributedWorkspaceId = workspaceId
        else workspace NOT found (self-hosted / foreign)
            WS-->>Route: []
            Note over Route: WARN + attributedWorkspaceId = undefined
        end
    else workspaceId omitted (headless)
        Note over Route: attributedWorkspaceId = undefined (no DB query)
    end

    alt idempotencyKey present
        Route->>UL: "recordCumulativeUsage({ ..., workspaceId: attributedWorkspaceId })"
    else no idempotencyKey
        Route->>UL: "recordUsage({ ..., workspaceId: attributedWorkspaceId })"
    end
    UL-->>Route: success (no FK violation possible)
    Route->>Route: checkAndBillOverageThreshold(userId)
    Route-->>Go: 200 OK

_{Reviews (1): Last reviewed commit: "fix(attribution): workspace id attr shou..." | Re-trigger Greptile}