fix: reject duplicate company names owned by other users on insert

When insert hits a name unique violation, only reuse the existing row
if owner_id matches the authenticated user; otherwise return the same
error as the edit path.

Author: cursoragent

apps/cursor/src/actions/upsert-company.ts

@@ -121,16 +121,16 @@ export const upsertCompanyAction = authActionClient
         if (error.code === UNIQUE_VIOLATION) {
           const { data: existing } = await supabase
             .from("companies")
-            .select("id, slug")
+            .select("id, slug, owner_id")
             .eq("name_key", nameKey)
             .maybeSingle();
 
-          if (existing) {
+          if (existing && existing.owner_id === userId) {
             if (shouldRedirect) {
               redirect(`/c/${existing.slug}`);
             }
 
-            return existing;
+            return { id: existing.id, slug: existing.slug };
           }
 
           throw new ActionError("A company with this name already exists.");