Context
PR #3743 (fix(billing): resolve plan via priceId map, not price.metadata.planId) was merged to devkit master with 5 unfixed Copilot review findings. A controller-side fix commit (11b00505) was prepared locally but never pushed to origin/feat/resolveplan-priceid-map — the push silently appeared to succeed (RTK wrapper reported "ok") while git ls-remote shows the SHA never reached origin. The 5 review threads were then resolved on GitHub against the wrong commit, and the squash-merge captured only the original agent content.
Net: 5 known bugs are live in devkit master.
Severity
P1 — the underlying P0 from #1250 IS fixed (priceId map resolution works). These are hardening + observability gaps around it. The most operationally critical miss is the silent-free-fallback in resolvePlan — the exact failure mode #1250 was meant to prevent can silently recur if config.stripe.prices ever has a stale or missing entry.
Findings to re-apply
- JSDoc accuracy (
buildPriceIdToPlanMap): comment described old behavior, missing @returns tag — replaced with accurate description of why the reverse-map exists and what it returns
- Silent free-fallback warn log (
resolvePlan): return validatePlan(rawMeta) || 'free' had no warn when priceId was present but unmapped — added logger.warn so misconfigured config.stripe.prices is immediately visible in logs instead of silently downgrading paid orgs to free
cancel_at typeof check: if (subscription.cancel_at) truthy check skips cancel_at = 0 (epoch) — changed to typeof === 'number'previousPlan validatePlan(): raw value from priceIdToPlan[previousPriceId] || metadata.planId was used without validation — stale/invalid metadata values would emit plan.changed and trigger forceRotateForPlanChange with junk plan names- Test comment correction: comment above
billing.failedBackfill.repository.js mock claimed "Suppress retryWithBackoff delays" which is incorrect — the mock makes the repo a no-op, it does not suppress setTimeout delays in retryWithBackoff
References
Context
PR #3743 (
fix(billing): resolve plan via priceId map, not price.metadata.planId) was merged to devkit master with 5 unfixed Copilot review findings. A controller-side fix commit (11b00505) was prepared locally but never pushed toorigin/feat/resolveplan-priceid-map— the push silently appeared to succeed (RTK wrapper reported "ok") whilegit ls-remoteshows the SHA never reached origin. The 5 review threads were then resolved on GitHub against the wrong commit, and the squash-merge captured only the original agent content.Net: 5 known bugs are live in devkit master.
Severity
P1 — the underlying P0 from #1250 IS fixed (priceId map resolution works). These are hardening + observability gaps around it. The most operationally critical miss is the silent-free-fallback in
resolvePlan— the exact failure mode #1250 was meant to prevent can silently recur ifconfig.stripe.pricesever has a stale or missing entry.Findings to re-apply
buildPriceIdToPlanMap): comment described old behavior, missing@returnstag — replaced with accurate description of why the reverse-map exists and what it returnsresolvePlan):return validatePlan(rawMeta) || 'free'had no warn when priceId was present but unmapped — addedlogger.warnso misconfiguredconfig.stripe.pricesis immediately visible in logs instead of silently downgrading paid orgs to freecancel_attypeof check:if (subscription.cancel_at)truthy check skipscancel_at = 0(epoch) — changed totypeof === 'number'previousPlanvalidatePlan(): raw value frompriceIdToPlan[previousPriceId] || metadata.planIdwas used without validation — stale/invalid metadata values would emitplan.changedand triggerforceRotateForPlanChangewith junk plan namesbilling.failedBackfill.repository.jsmock claimed "Suppress retryWithBackoff delays" which is incorrect — the mock makes the repo a no-op, it does not suppresssetTimeoutdelays inretryWithBackoffReferences
2026-05-30-trawl-devkit-perfect-alignment.md