refactor(env): add internal API token to environment configuration

Author: Marfuen

apps/app/src/actions/safe-action.ts

@@ -126,10 +126,10 @@ export const authActionClient = actionClientWithMeta
     }
 
     if (metadata.track) {
-      track(ctx.user.id, metadata.track.event, {
+      track(ctx.user!.id, metadata.track.event, {
         channel: metadata.track.channel,
-        email: ctx.user.email,
-        name: ctx.user.name,
+        email: ctx.user!.email,
+        name: ctx.user!.name,
         organizationId: ctx.session.activeOrganizationId,
       });
     }
@@ -160,9 +160,9 @@ export const authActionClient = actionClientWithMeta
     const { fileData: _, ...inputForAuditLog } = (clientInput || {}) as any;
 
     const data = {
-      userId: ctx.user.id,
-      email: ctx.user.email,
-      name: ctx.user.name,
+      userId: ctx.user!.id,
+      email: ctx.user!.email,
+      name: ctx.user!.name,
       organizationId: ctx.session.activeOrganizationId,
       action: metadata.name,
       input: inputForAuditLog,
@@ -209,7 +209,7 @@ export const authActionClient = actionClientWithMeta
         data: {
           data: JSON.stringify(data),
           memberId: member.id,
-          userId: ctx.user.id,
+          userId: ctx.user!.id,
           description: metadata.track?.description || null,
           organizationId: ctx.session.activeOrganizationId,
           entityId,

apps/app/src/app/(app)/[orgId]/components/AppShellWrapper.tsx

@@ -120,7 +120,6 @@ function AppShellWrapperContent({
     isQuestionnaireEnabled,
     isTrustNdaEnabled,
     isAdvancedModeEnabled: organization.advancedModeEnabled,
-    permissions,
   });
 
   return (

apps/app/src/app/(app)/[orgId]/documents/components/CompanyFormPageClient.tsx

@@ -98,7 +98,7 @@ export function CompanyFormPageClient({
   const { data, isLoading } = useSWR<EvidenceFormResponse>(
     swrKey,
     async ([endpoint, orgId]: readonly [string, string]) => {
-      const response = await api.get<EvidenceFormResponse>(endpoint, orgId);
+      const response = await api.get<EvidenceFormResponse>(endpoint);
       if (response.error || !response.data) {
         throw new Error(response.error ?? 'Failed to load evidence form submissions');
       }

apps/app/src/app/(app)/[orgId]/documents/components/CompanyOverviewCards.tsx

@@ -32,7 +32,7 @@ export function CompanyOverviewCards({ organizationId }: { organizationId: strin
   const { data: statuses } = useSWR<FormStatuses>(
     swrKey,
     async ([endpoint, orgId]: readonly [string, string]) => {
-      const response = await api.get<FormStatuses>(endpoint, orgId);
+      const response = await api.get<FormStatuses>(endpoint);
       if (response.error || !response.data) {
         throw new Error(response.error ?? 'Failed to load form statuses');
       }

apps/app/src/app/(app)/[orgId]/documents/components/CompanySubmissionDetailPageClient.tsx

@@ -87,7 +87,7 @@ export function CompanySubmissionDetailPageClient({
   const { data, isLoading, error, mutate } = useSWR<EvidenceSubmissionResponse>(
     swrKey,
     async ([path, orgId]: readonly [string, string]) => {
-      const response = await api.get<EvidenceSubmissionResponse>(path, orgId);
+      const response = await api.get<EvidenceSubmissionResponse>(path);
       if (response.error || !response.data) {
         throw new Error(response.error ?? 'Failed to load submission');
       }
@@ -113,7 +113,6 @@ export function CompanySubmissionDetailPageClient({
       const response = await api.patch(
         `/v1/evidence-forms/${formType}/submissions/${submissionId}/review`,
         { action, reason: reviewReason.trim() || undefined },
-        organizationId,
       );
 
       if (response.error) {

apps/app/src/app/(app)/[orgId]/documents/components/CompanySubmissionWizard.tsx

@@ -130,7 +130,6 @@ export function CompanySubmissionWizard({
           fileType: file.type || 'application/octet-stream',
           fileData,
         },
-        organizationId,
       );
 
       if (response.error || !response.data) {
@@ -222,7 +221,6 @@ export function CompanySubmissionWizard({
     const response = await api.post(
       `/v1/evidence-forms/${formType}/submissions`,
       payload,
-      organizationId,
     );
 
     if (response.error) {

apps/app/src/app/(app)/[orgId]/people/[employeeId]/actions/update-employee.ts

@@ -44,7 +44,7 @@ export const updateEmployee = authActionClient
     const currentUserMember = await db.member.findFirst({
       where: {
         organizationId: organizationId,
-        userId: ctx.user.id,
+        userId: ctx.user!.id,
       },
     });
 

apps/app/src/app/(app)/[orgId]/people/all/actions/addEmployeeWithoutInvite.ts

@@ -110,10 +110,11 @@ export const addEmployeeWithoutInvite = async ({
     } else {
       // No existing member, create a new one
       member = await auth.api.addMember({
+        headers: await headers(),
         body: {
           userId: finalUserId,
           organizationId,
-          role: roles, // Auth API expects role or role array
+          role: roles.join(','),
         },
       });
     }

apps/app/src/app/(app)/[orgId]/people/all/actions/reactivateMember.ts

@@ -34,7 +34,7 @@ export const reactivateMember = authActionClient
       const currentUserMember = await db.member.findFirst({
         where: {
           organizationId: ctx.session.activeOrganizationId,
-          userId: ctx.user.id,
+          userId: ctx.user!.id,
           deactivated: false,
         },
       });

apps/app/src/app/(app)/[orgId]/people/all/actions/removeMember.ts

@@ -42,7 +42,7 @@ export const removeMember = authActionClient
       const currentUserMember = await db.member.findFirst({
         where: {
           organizationId: ctx.session.activeOrganizationId,
-          userId: ctx.user.id,
+          userId: ctx.user!.id,
           deactivated: false,
         },
       });
@@ -84,7 +84,7 @@ export const removeMember = authActionClient
       }
 
       // Prevent self-removal
-      if (targetMember.userId === ctx.user.id) {
+      if (targetMember.userId === ctx.user!.id) {
         return {
           success: false,
           error: 'You cannot remove yourself from the organization',
@@ -296,7 +296,7 @@ export const removeMember = authActionClient
       }
 
       revalidatePath(`/${ctx.session.activeOrganizationId}/settings/users`);
-      revalidateTag(`user_${ctx.user.id}`, 'max');
+      revalidateTag(`user_${ctx.user!.id}`, 'max');
 
       return {
         success: true,