The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
stack-backend	Ready	Preview, Comment	Jan 9, 2026 6:57pm
stack-dashboard	Ready	Preview, Comment	Jan 9, 2026 6:57pm
stack-demo	Ready	Preview, Comment	Jan 9, 2026 6:57pm
stack-docs	Ready	Preview, Comment	Jan 9, 2026 6:57pm
test-sandbox	Building	Preview, Comment	Jan 9, 2026 6:57pm
test-sandbox-1767979426011-N9GJ	Canceled		Jan 9, 2026 6:57pm

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Greptile Overview

Greptile Summary

Adds subscription cancellation functionality with a new DELETE endpoint that allows users to cancel their own subscriptions and team admins to cancel team subscriptions.

Key Changes:

• New DELETE handler in route.ts with proper client/server authentication and permission checks
• Client-side cancelSubscription() method with cache invalidation
• Comprehensive test coverage for various cancellation scenarios including permission validation and one-time purchase rejection

Potential Issue:

• The endpoint updates the database immediately after calling Stripe's cancel API, which may race with Stripe's webhook that also updates subscription status via syncStripeSubscriptions()

Confidence Score: 4/5

• Safe to merge with one potential race condition that should be verified in testing
• The implementation is solid with proper permission checks, validation logic, and comprehensive tests. However, there's a potential race condition between the manual database update and Stripe webhook sync that differs from existing patterns in the codebase. This should be tested to ensure it doesn't cause issues.
• Pay attention to apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/route.ts - verify the database update pattern after Stripe cancellation works correctly with webhooks

Important Files Changed

File Analysis

Sequence Diagram

sequenceDiagram
    participant Client as Client App
    participant API as DELETE /payments/products
    participant Auth as Permission Check
    participant DB as Database
    participant Stripe as Stripe API
    participant Webhook as Stripe Webhook

    Client->>API: DELETE request with product_id
    API->>Auth: Verify client permissions
    alt User subscription
        Auth->>Auth: Check user owns subscription
    else Team subscription
        Auth->>DB: Check user has team_admin permission
    end
    
    API->>DB: Get owned products
    API->>API: Validate product type (not one_time)
    API->>DB: Find active/trialing subscription
    
    alt Stripe subscription exists
        API->>Stripe: stripe.subscriptions.cancel()
        Stripe-->>API: Cancellation confirmed
        Note over Stripe,Webhook: Stripe triggers webhook event
        Webhook->>DB: syncStripeSubscriptions() updates status
    end
    
    API->>DB: Update subscription status to canceled
    Note over API,DB: Potential race condition with webhook
    
    API-->>Client: Return success response
    Client->>Client: Invalidate product cache

Preview Screenshots

Open Workspace (1 hr expiry) · Open Dev Browser (1 hr expiry) · Open Diff Heatmap

Screenshot capture was skipped.

No UI changes detected - screenshots skipped

Generated by cmux preview system