reconcille duplicate tables

[shomix]

No description provided.

[netlify]

✅ Deploy Preview for agent-native-meeting-notes ready!

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-meeting-notes/deploys/6a02f6442a0fff000868c51a
😎 Deploy Preview	https://deploy-preview-654--agent-native-meeting-notes.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for agent-native-design ready!

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-design/deploys/6a02f6432e7de6000817e76f
😎 Deploy Preview	https://deploy-preview-654--agent-native-design.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for agent-native-images canceled.

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-images/deploys/6a02f6437ed9b90008205031

[netlify]

✅ Deploy Preview for agent-native-scheduling ready!

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-scheduling/deploys/6a02f643d5be14000860c1ff
😎 Deploy Preview	https://deploy-preview-654--agent-native-scheduling.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for agent-native-voice ready!

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-voice/deploys/6a02f64364239e0008d1ddc6
😎 Deploy Preview	https://deploy-preview-654--agent-native-voice.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for nutritrack-daily-calories canceled.

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/nutritrack-daily-calories/deploys/6a02f643f455df00089f9bb5

[netlify]

✅ Deploy Preview for agent-native-starter canceled.

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-starter/deploys/6a02f6432c016400083fabb0

[netlify]

✅ Deploy Preview for agent-native-dispatch canceled.

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-dispatch/deploys/6a02f643281fc000084ac8aa

[netlify]

✅ Deploy Preview for agent-native-mail canceled.

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-mail/deploys/6a02f6435a2b28000898c1aa

[netlify]

✅ Deploy Preview for agent-native-forms canceled.

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-forms/deploys/6a02f6439997d30008747082

[netlify]

✅ Deploy Preview for agent-native-content canceled.

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-content/deploys/6a02f643f79c6400086a3884

[netlify]

✅ Deploy Preview for agent-native-calendar canceled.

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-calendar/deploys/6a02f6433a56bd0008a5edb7

[netlify]

✅ Deploy Preview for agent-native-slides canceled.

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-slides/deploys/6a02f6432c016400083fabac

[netlify]

✅ Deploy Preview for agent-native-recruiting canceled.

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-recruiting/deploys/6a02f643af639500085e61db

[netlify]

✅ Deploy Preview for agent-native-macros canceled.

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-macros/deploys/6a02f643c172cf00087b90b6

[netlify]

✅ Deploy Preview for agent-native-videos canceled.

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-videos/deploys/6a02f643888d1a00085fcf05

[netlify]

✅ Deploy Preview for agent-native-issues canceled.

Name	Link
🔨 Latest commit	b8ae08d
🔍 Latest deploy log	https://app.netlify.com/projects/agent-native-issues/deploys/6a02f643cc3e060008c4b92b

[builder-io-integration]

Builder reviewed your changes — looks good ✅

Review Details

Code Review Summary

This PR consolidates duplicate org table schemas, migrating from better-auth's parallel organization/member/invitation tables to the framework's organizations/org_members/org_invitations tables. The refactoring is architecturally sound and reduces complexity, but critical bugs in role mapping and data migration will cause complete org system failure on deploy.

Critical Blocking Issues

🔴 Role hierarchy completely broken — Both the org creator path (create-organization.ts) and the migration backfill (server/plugins/db.ts lines 269 & 758) assign "admin" role instead of "owner". This means no organizations will have any "owner" role users. The framework handlers explicitly check role === "owner" for critical operations (remove-member, update-member-role), which will never succeed. Workspace owners and new org creators will be indistinguishable from admins, violating the entire hierarchy. Found by all 3 code-review agents.

🔴 Existing org memberships disappear on deploy — The PR removes the fallback to better-auth's member table in recordings.ts (lines 73-79) without any migration that copies existing organization/member/invitation data into the framework tables. After deploy, getOrganizationRoleForEmail() will return null, causing org-gated actions to fail with access denied for all existing users.

🔴 Admin invites silently downgraded to member — The migration in db.ts (lines 1020-1049) copies old invites rows but doesn't preserve the role field. When invitations are accepted, the code checks if (inv.role === "admin") which is always false (role is null), silently downgrading all admin invites to member on acceptance.

Data Integrity Issues

🟡 Email case mismatch in invite-member.ts (line 107) — Email is lowercased for queries (line 80) but inserted with original case (line 107). UNIQUE(org_id, email) constraint is case-sensitive, allowing duplicate invitations for the same email with different case variations.

🟡 Email case mismatch in accept-invite.ts — Email is lowercased for existence check but inserted with original case. Can create duplicate org_members rows for the same email with different case variations.

🟡 Email case mismatch in context.ts createOrganization — Function stores email parameter as-is without normalizing to lowercase, but all queries use LOWER(). Can bypass UNIQUE constraints and create duplicate rows.

🟡 Session org context broken after auth plugin removal (better-auth-instance.ts line 821) — Dropping Better Auth's organization() plugin leaves session.orgId unset, but poll events and custom routes still depend on it. Org-scoped updates will silently lose their organization context.

🟡 Role hierarchy weakened in update-member-role.ts — The new action only protects "owner" rows, letting any admin promote members to admin or demote peer admins. This bypasses the framework's owner/admin distinction.

---

Risk Assessment: Standard (org/auth refactoring) | Browser Testing: Deferred until code issues are fixed and re-tested.

[steve8708]

thanks @shomix !