From fbbf38f6a622ab1346b60096fae6c87c0e1d27be Mon Sep 17 00:00:00 2001
From: Jacob Maynard <jacobamaynard@proton.me>
Date: Thu, 1 Jan 2026 13:28:50 -0600
Subject: [PATCH 01/10] DO now scoped to project instead of org

---
 packages/workers/src/__tests__/helpers.js     | 32 ++++-----
 .../workers/src/durable-objects/ProjectDoc.js | 65 ++++---------------
 packages/workers/src/index.js                 |  9 ++-
 packages/workers/src/lib/project-doc-id.js    | 25 ++++---
 packages/workers/src/lib/project-sync.js      | 10 ++-
 packages/workers/src/routes/admin/users.js    |  4 +-
 packages/workers/src/routes/avatars.js        |  4 +-
 packages/workers/src/routes/invitations.js    |  2 +-
 .../workers/src/routes/orgs/invitations.js    |  2 +-
 packages/workers/src/routes/orgs/members.js   |  6 +-
 packages/workers/src/routes/orgs/projects.js  |  5 +-
 packages/workers/src/routes/projects.js       |  4 +-
 packages/workers/src/routes/users.js          |  8 +--
 13 files changed, 62 insertions(+), 114 deletions(-)

diff --git a/packages/workers/src/__tests__/helpers.js b/packages/workers/src/__tests__/helpers.js
index 71098988d..96e581a9b 100644
--- a/packages/workers/src/__tests__/helpers.js
+++ b/packages/workers/src/__tests__/helpers.js
@@ -80,33 +80,27 @@ function parseSqlStatements(sqlContent) {
 }
 
 /**
- * Get the org-scoped DO name for a project
- * @param {string} orgId - Organization ID
+ * Get the project-scoped DO name for a project
  * @param {string} projectId - Project ID
- * @returns {string} The DO instance name in format "orgId:projectId"
+ * @returns {string} The DO instance name in format "project:${projectId}"
  */
-export function getProjectDocName(orgId, projectId) {
-  return `${orgId}:${projectId}`;
+export function getProjectDocName(projectId) {
+  return `project:${projectId}`;
 }
 
 /**
- * Clear ProjectDoc Durable Objects for test org/project combinations
+ * Clear ProjectDoc Durable Objects for test projects
  * This prevents DO invalidation errors between tests
- * @param {Array<{orgId: string, projectId: string}>} orgProjects - Array of org/project pairs
+ * @param {Array<string>} projectIds - Array of project IDs
  */
-export async function clearProjectDOs(orgProjects = []) {
-  // Common test org/project combinations that might have DOs
-  const defaultOrgProjects = [
-    { orgId: 'org-1', projectId: 'project-1' },
-    { orgId: 'org-1', projectId: 'project-2' },
-    { orgId: 'org-1', projectId: 'p1' },
-    { orgId: 'org-1', projectId: 'p2' },
-  ];
-  const allOrgProjects = [...defaultOrgProjects, ...orgProjects];
+export async function clearProjectDOs(projectIds = []) {
+  // Common test project IDs that might have DOs
+  const defaultProjectIds = ['project-1', 'project-2', 'p1', 'p2'];
+  const allProjectIds = [...defaultProjectIds, ...projectIds];
 
-  for (const { orgId, projectId } of allOrgProjects) {
+  for (const projectId of allProjectIds) {
     try {
-      const doName = getProjectDocName(orgId, projectId);
+      const doName = getProjectDocName(projectId);
       const doId = env.PROJECT_DOC.idFromName(doName);
       const stub = env.PROJECT_DOC.get(doId);
       await runInDurableObject(stub, async (instance, state) => {
@@ -126,7 +120,7 @@ export async function clearProjectDOs(orgProjects = []) {
         error?.durableObjectReset === true;
       if (!isInvalidationError) {
         // Only log non-invalidation errors for debugging
-        console.warn(`Failed to clear ProjectDoc DO for ${orgId}:${projectId}:`, error.message);
+        console.warn(`Failed to clear ProjectDoc DO for ${projectId}:`, error.message);
       }
     }
   }
diff --git a/packages/workers/src/durable-objects/ProjectDoc.js b/packages/workers/src/durable-objects/ProjectDoc.js
index 2f563b159..6873c86de 100644
--- a/packages/workers/src/durable-objects/ProjectDoc.js
+++ b/packages/workers/src/durable-objects/ProjectDoc.js
@@ -36,22 +36,11 @@ export class ProjectDoc {
     this.sessions = new Map();
     this.doc = null;
     this.awareness = null;
-    // Cache projectId → orgId to reduce D1 pressure on hot path
-    // Populated on first connection and persisted in DO storage
-    this.cachedOrgId = null;
   }
 
   async fetch(request) {
     const url = new URL(request.url);
 
-    // Load cached orgId from storage if not already loaded
-    if (this.cachedOrgId === null) {
-      const stored = await this.state.storage.get('cached-org-id');
-      if (stored) {
-        this.cachedOrgId = stored;
-      }
-    }
-
     // Note: CORS headers are added by the main worker (index.js) when wrapping responses
     // Do NOT add them here to avoid duplicate headers
 
@@ -377,53 +366,23 @@ export class ProjectDoc {
 
     const db = createDb(this.env.DB);
 
-    // Use cached orgId if available, otherwise validate and cache it
-    // This reduces D1 pressure on hot path while keeping membership checks fresh
-    let orgId = this.cachedOrgId;
-
-    if (!orgId) {
-      // First connection for this DO instance - validate project belongs to org from URL
-      const project = await db
-        .select({ orgId: projects.orgId })
-        .from(projects)
-        .where(and(eq(projects.id, projectId), eq(projects.orgId, orgIdFromUrl)))
-        .get();
-
-      if (!project) {
-        return new Response('Project not found in organization', {
-          status: 404,
-          headers: { 'X-Close-Reason': 'project-not-found' },
-        });
-      }
-
-      orgId = project.orgId;
-      this.cachedOrgId = orgId;
-
-      // Persist to DO storage so it survives DO restarts
-      await this.state.storage.put('cached-org-id', orgId);
-    } else if (orgId !== orgIdFromUrl) {
-      // Cached orgId doesn't match URL - this shouldn't happen with org-scoped DO IDs
-      // but check anyway for safety
-      return new Response('Organization mismatch', {
-        status: 403,
-        headers: { 'X-Close-Reason': 'org-mismatch' },
-      });
-    }
-
-    // ALWAYS verify org membership on connect/reconnect (fresh D1 check)
-    const orgMembership = await db
-      .select({ id: member.id, role: member.role })
-      .from(member)
-      .where(and(eq(member.organizationId, orgId), eq(member.userId, user.id)))
+    // ALWAYS validate project belongs to org from URL (fresh D1 check, transfer-safe)
+    // This ensures tenant safety even if project is transferred between orgs
+    const project = await db
+      .select({ orgId: projects.orgId })
+      .from(projects)
+      .where(and(eq(projects.id, projectId), eq(projects.orgId, orgIdFromUrl)))
       .get();
 
-    if (!orgMembership) {
-      return new Response('Not an organization member', {
-        status: 403,
-        headers: { 'X-Close-Reason': 'not-org-member' },
+    if (!project) {
+      return new Response('Project not found in organization', {
+        status: 404,
+        headers: { 'X-Close-Reason': 'project-not-found' },
       });
     }
 
+    const orgId = project.orgId;
+
     // ALWAYS verify project membership on connect/reconnect (fresh D1 check)
     const projectMembership = await db
       .select({ role: projectMembers.role })
diff --git a/packages/workers/src/index.js b/packages/workers/src/index.js
index d3f125051..5eea03333 100644
--- a/packages/workers/src/index.js
+++ b/packages/workers/src/index.js
@@ -310,7 +310,7 @@ app.post('/api/pdf-proxy', requireAuth, async c => {
 });
 
 // Org-scoped Project Document Durable Object routes
-// DO instance is identified by orgId:projectId for org isolation
+// DO instance is project-scoped (project:${projectId}) but URL includes orgId for validation
 const handleOrgProjectDoc = async c => {
   const orgId = c.req.param('orgId');
   const projectId = c.req.param('projectId');
@@ -319,10 +319,9 @@ const handleOrgProjectDoc = async c => {
     return c.json({ error: 'Organization ID and Project ID required' }, 400);
   }
 
-  // Compute org-scoped DO instance name
-  const projectDocName = `${orgId}:${projectId}`;
-  const id = c.env.PROJECT_DOC.idFromName(projectDocName);
-  const projectDoc = c.env.PROJECT_DOC.get(id);
+  // Compute project-scoped DO instance name (orgId is validated inside DO via DB check)
+  const { getProjectDocStub } = await import('./lib/project-doc-id.js');
+  const projectDoc = getProjectDocStub(c.env, projectId);
   const response = await projectDoc.fetch(c.req.raw);
 
   // Don't wrap WebSocket upgrade responses
diff --git a/packages/workers/src/lib/project-doc-id.js b/packages/workers/src/lib/project-doc-id.js
index 1dcaab018..9241facbb 100644
--- a/packages/workers/src/lib/project-doc-id.js
+++ b/packages/workers/src/lib/project-doc-id.js
@@ -1,32 +1,31 @@
 /**
  * Centralized helpers for ProjectDoc Durable Object ID derivation
  *
- * All ProjectDoc DO instances are org-scoped, using the format: `${orgId}:${projectId}`
- * This ensures complete isolation between organizations.
+ * ProjectDoc DO instances are project-scoped, using the format: `project:${projectId}`
+ * This makes project transfers between orgs safe (no DO state migration needed).
+ * Tenant safety is enforced via DB validation of project.orgId against URL orgId.
  */
 
 /**
- * Get the org-scoped name for a ProjectDoc DO instance
- * @param {string} orgId - Organization ID
+ * Get the project-scoped name for a ProjectDoc DO instance
  * @param {string} projectId - Project ID
- * @returns {string} The DO instance name in format "orgId:projectId"
+ * @returns {string} The DO instance name in format "project:${projectId}"
  */
-export function getProjectDocName(orgId, projectId) {
-  if (!orgId || !projectId) {
-    throw new Error('Both orgId and projectId are required for ProjectDoc DO name');
+export function getProjectDocName(projectId) {
+  if (!projectId) {
+    throw new Error('projectId is required for ProjectDoc DO name');
   }
-  return `${orgId}:${projectId}`;
+  return `project:${projectId}`;
 }
 
 /**
- * Get the ProjectDoc DO stub for a given org and project
+ * Get the ProjectDoc DO stub for a given project
  * @param {Object} env - Cloudflare environment with PROJECT_DOC binding
- * @param {string} orgId - Organization ID
  * @param {string} projectId - Project ID
  * @returns {DurableObjectStub} The DO stub
  */
-export function getProjectDocStub(env, orgId, projectId) {
-  const name = getProjectDocName(orgId, projectId);
+export function getProjectDocStub(env, projectId) {
+  const name = getProjectDocName(projectId);
   const id = env.PROJECT_DOC.idFromName(name);
   return env.PROJECT_DOC.get(id);
 }
diff --git a/packages/workers/src/lib/project-sync.js b/packages/workers/src/lib/project-sync.js
index 347d1f674..c4f93d707 100644
--- a/packages/workers/src/lib/project-sync.js
+++ b/packages/workers/src/lib/project-sync.js
@@ -7,14 +7,13 @@ import { getProjectDocStub } from './project-doc-id.js';
 /**
  * Sync a member change to the Durable Object
  * @param {Env} env - Cloudflare environment
- * @param {string} orgId - Organization ID
  * @param {string} projectId - Project ID
  * @param {'add' | 'update' | 'remove'} action - Action to perform
  * @param {object} memberData - Member data (userId, role, etc.)
  * @throws {Error} If sync fails
  */
-export async function syncMemberToDO(env, orgId, projectId, action, memberData) {
-  const projectDoc = getProjectDocStub(env, orgId, projectId);
+export async function syncMemberToDO(env, projectId, action, memberData) {
+  const projectDoc = getProjectDocStub(env, projectId);
 
   await projectDoc.fetch(
     new Request('https://internal/sync-member', {
@@ -31,14 +30,13 @@ export async function syncMemberToDO(env, orgId, projectId, action, memberData)
 /**
  * Sync project metadata and members to the Durable Object
  * @param {Env} env - Cloudflare environment
- * @param {string} orgId - Organization ID
  * @param {string} projectId - Project ID
  * @param {object | null} meta - Project metadata (name, description, updatedAt, etc.)
  * @param {object[] | null} members - Array of member objects
  * @throws {Error} If sync fails
  */
-export async function syncProjectToDO(env, orgId, projectId, meta, members) {
-  const projectDoc = getProjectDocStub(env, orgId, projectId);
+export async function syncProjectToDO(env, projectId, meta, members) {
+  const projectDoc = getProjectDocStub(env, projectId);
 
   await projectDoc.fetch(
     new Request('https://internal/sync', {
diff --git a/packages/workers/src/routes/admin/users.js b/packages/workers/src/routes/admin/users.js
index 9e3578458..3c4f316cf 100644
--- a/packages/workers/src/routes/admin/users.js
+++ b/packages/workers/src/routes/admin/users.js
@@ -491,8 +491,8 @@ userRoutes.delete('/users/:userId', async c => {
 
     // Sync all member removals to DOs atomically (fail fast if any fails)
     await Promise.all(
-      userProjects.map(({ orgId, projectId }) =>
-        syncMemberToDO(c.env, orgId, projectId, 'remove', { userId }),
+      userProjects.map(({ projectId }) =>
+        syncMemberToDO(c.env, projectId, 'remove', { userId }),
       ),
     );
 
diff --git a/packages/workers/src/routes/avatars.js b/packages/workers/src/routes/avatars.js
index 860ff415d..246db1c0d 100644
--- a/packages/workers/src/routes/avatars.js
+++ b/packages/workers/src/routes/avatars.js
@@ -42,9 +42,9 @@ async function syncAvatarToProjects(env, userId, avatarUrl) {
       .where(eq(projectMembers.userId, userId));
 
     // Update each project's Durable Object
-    for (const { orgId, projectId } of memberships) {
+    for (const { projectId } of memberships) {
       try {
-        const projectDoc = getProjectDocStub(env, orgId, projectId);
+        const projectDoc = getProjectDocStub(env, projectId);
 
         await projectDoc.fetch(
           new Request('https://internal/sync-member', {
diff --git a/packages/workers/src/routes/invitations.js b/packages/workers/src/routes/invitations.js
index a39434320..312ec0ecd 100644
--- a/packages/workers/src/routes/invitations.js
+++ b/packages/workers/src/routes/invitations.js
@@ -241,7 +241,7 @@ invitationRoutes.post(
 
       // Sync member to DO
       try {
-        await syncMemberToDO(c.env, invitation.orgId, invitation.projectId, 'add', {
+        await syncMemberToDO(c.env, invitation.projectId, 'add', {
           userId: authUser.id,
           role: invitation.role,
           joinedAt: nowDate.getTime(),
diff --git a/packages/workers/src/routes/orgs/invitations.js b/packages/workers/src/routes/orgs/invitations.js
index 85869ff40..58bef7d26 100644
--- a/packages/workers/src/routes/orgs/invitations.js
+++ b/packages/workers/src/routes/orgs/invitations.js
@@ -551,7 +551,7 @@ orgInvitationRoutes.post('/accept', validateRequest(invitationSchemas.accept), a
 
     // Sync member to DO
     try {
-      await syncMemberToDO(c.env, invitation.orgId, invitation.projectId, 'add', {
+      await syncMemberToDO(c.env, invitation.projectId, 'add', {
         userId: authUser.id,
         role: invitation.role,
         joinedAt: nowDate.getTime(),
diff --git a/packages/workers/src/routes/orgs/members.js b/packages/workers/src/routes/orgs/members.js
index dc6b97a71..320d8aca9 100644
--- a/packages/workers/src/routes/orgs/members.js
+++ b/packages/workers/src/routes/orgs/members.js
@@ -182,7 +182,7 @@ orgProjectMemberRoutes.post(
 
       // Sync member to DO
       try {
-        await syncMemberToDO(c.env, orgId, projectId, 'add', {
+        await syncMemberToDO(c.env, projectId, 'add', {
           userId: userToAdd.id,
           role,
           joinedAt: now.getTime(),
@@ -267,7 +267,7 @@ orgProjectMemberRoutes.put(
 
       // Sync role update to DO
       try {
-        await syncMemberToDO(c.env, orgId, projectId, 'update', {
+        await syncMemberToDO(c.env, projectId, 'update', {
           userId: memberId,
           role,
         });
@@ -355,7 +355,7 @@ orgProjectMemberRoutes.delete(
 
       // Sync member removal to DO
       try {
-        await syncMemberToDO(c.env, orgId, projectId, 'remove', {
+        await syncMemberToDO(c.env, projectId, 'remove', {
           userId: memberId,
         });
       } catch (err) {
diff --git a/packages/workers/src/routes/orgs/projects.js b/packages/workers/src/routes/orgs/projects.js
index 1f34f555c..b26da021a 100644
--- a/packages/workers/src/routes/orgs/projects.js
+++ b/packages/workers/src/routes/orgs/projects.js
@@ -138,7 +138,6 @@ orgProjectRoutes.post(
       try {
         await syncProjectToDO(
           c.env,
-          orgId,
           projectId,
           {
             name: name.trim(),
@@ -258,7 +257,7 @@ orgProjectRoutes.put(
       if (description !== undefined) metaUpdate.description = description;
 
       try {
-        await syncProjectToDO(c.env, orgId, projectId, metaUpdate, null);
+        await syncProjectToDO(c.env, projectId, metaUpdate, null);
       } catch (err) {
         console.error('Failed to sync project update to DO:', err);
       }
@@ -305,7 +304,7 @@ orgProjectRoutes.delete(
 
       // Disconnect all connected users from the ProjectDoc DO
       try {
-        const projectDoc = getProjectDocStub(c.env, orgId, projectId);
+        const projectDoc = getProjectDocStub(c.env, projectId);
         await projectDoc.fetch(
           new Request('https://internal/disconnect-all', {
             method: 'POST',
diff --git a/packages/workers/src/routes/projects.js b/packages/workers/src/routes/projects.js
index b83572252..3a4ddcb1f 100644
--- a/packages/workers/src/routes/projects.js
+++ b/packages/workers/src/routes/projects.js
@@ -14,6 +14,7 @@ import { projectSchemas, validateRequest } from '../config/validation.js';
 import { EDIT_ROLES } from '../config/constants.js';
 import { createDomainError, PROJECT_ERRORS, AUTH_ERRORS, SYSTEM_ERRORS } from '@corates/shared';
 import { syncProjectToDO } from '../lib/project-sync.js';
+import { getProjectDocStub } from '../lib/project-doc-id.js';
 
 const projectRoutes = new Hono();
 
@@ -274,8 +275,7 @@ projectRoutes.delete('/:id', async c => {
 
     // Disconnect all connected users from the ProjectDoc DO
     try {
-      const doId = c.env.PROJECT_DOC.idFromName(projectId);
-      const projectDoc = c.env.PROJECT_DOC.get(doId);
+      const projectDoc = getProjectDocStub(c.env, projectId);
       await projectDoc.fetch(
         new Request('https://internal/disconnect-all', {
           method: 'POST',
diff --git a/packages/workers/src/routes/users.js b/packages/workers/src/routes/users.js
index a582482e0..66f481f91 100644
--- a/packages/workers/src/routes/users.js
+++ b/packages/workers/src/routes/users.js
@@ -197,8 +197,8 @@ userRoutes.delete('/me', async c => {
 
     // Sync all member removals to DOs atomically (fail fast if any fails)
     await Promise.all(
-      userProjects.map(({ orgId, projectId }) =>
-        syncMemberToDO(c.env, orgId, projectId, 'remove', { userId }),
+      userProjects.map(({ projectId }) =>
+        syncMemberToDO(c.env, projectId, 'remove', { userId }),
       ),
     );
 
@@ -268,9 +268,9 @@ userRoutes.post('/sync-profile', async c => {
       .where(eq(projectMembers.userId, currentUser.id));
 
     // Sync to each project's Durable Object
-    const syncPromises = userProjects.map(async ({ orgId, projectId }) => {
+    const syncPromises = userProjects.map(async ({ projectId }) => {
       try {
-        const projectDoc = getProjectDocStub(c.env, orgId, projectId);
+        const projectDoc = getProjectDocStub(c.env, projectId);
 
         await projectDoc.fetch(
           new Request('https://internal/sync-member', {

From 679f132f222fe63a5da6624043538a99ee47bb76 Mon Sep 17 00:00:00 2001
From: Jacob Maynard <jacobamaynard@proton.me>
Date: Thu, 1 Jan 2026 13:32:17 -0600
Subject: [PATCH 02/10] members from different orgs can be added to projects

---
 .../migrations/0003_worried_skreet.sql        |    1 +
 .../migrations/meta/0003_snapshot.json        | 1284 +++++++++++++++++
 .../workers/migrations/meta/_journal.json     |    9 +-
 packages/workers/src/config/validation.js     |    9 +-
 packages/workers/src/db/schema.js             |    8 +-
 .../workers/src/durable-objects/ProjectDoc.js |    1 +
 .../workers/src/routes/orgs/invitations.js    |   53 +-
 7 files changed, 1337 insertions(+), 28 deletions(-)
 create mode 100644 packages/workers/migrations/0003_worried_skreet.sql
 create mode 100644 packages/workers/migrations/meta/0003_snapshot.json

diff --git a/packages/workers/migrations/0003_worried_skreet.sql b/packages/workers/migrations/0003_worried_skreet.sql
new file mode 100644
index 000000000..f29f7b696
--- /dev/null
+++ b/packages/workers/migrations/0003_worried_skreet.sql
@@ -0,0 +1 @@
+ALTER TABLE `project_invitations` ADD `grantOrgMembership` integer DEFAULT false NOT NULL;
\ No newline at end of file
diff --git a/packages/workers/migrations/meta/0003_snapshot.json b/packages/workers/migrations/meta/0003_snapshot.json
new file mode 100644
index 000000000..dba2238d8
--- /dev/null
+++ b/packages/workers/migrations/meta/0003_snapshot.json
@@ -0,0 +1,1284 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "c069d3ad-35db-439b-916d-1c23defe8dd5",
+  "prevId": "88480cf6-6bf1-46fa-b5d0-9230051aa6f3",
+  "tables": {
+    "account": {
+      "name": "account",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "accountId": {
+          "name": "accountId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "providerId": {
+          "name": "providerId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "userId": {
+          "name": "userId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "accessToken": {
+          "name": "accessToken",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "refreshToken": {
+          "name": "refreshToken",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "idToken": {
+          "name": "idToken",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "accessTokenExpiresAt": {
+          "name": "accessTokenExpiresAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "refreshTokenExpiresAt": {
+          "name": "refreshTokenExpiresAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "scope": {
+          "name": "scope",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "password": {
+          "name": "password",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "createdAt": {
+          "name": "createdAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "updatedAt": {
+          "name": "updatedAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "account_userId_user_id_fk": {
+          "name": "account_userId_user_id_fk",
+          "tableFrom": "account",
+          "tableTo": "user",
+          "columnsFrom": [
+            "userId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "invitation": {
+      "name": "invitation",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "inviterId": {
+          "name": "inviterId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "organizationId": {
+          "name": "organizationId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'member'"
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'pending'"
+        },
+        "expiresAt": {
+          "name": "expiresAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "createdAt": {
+          "name": "createdAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "invitation_inviterId_user_id_fk": {
+          "name": "invitation_inviterId_user_id_fk",
+          "tableFrom": "invitation",
+          "tableTo": "user",
+          "columnsFrom": [
+            "inviterId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "invitation_organizationId_organization_id_fk": {
+          "name": "invitation_organizationId_organization_id_fk",
+          "tableFrom": "invitation",
+          "tableTo": "organization",
+          "columnsFrom": [
+            "organizationId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "mediaFiles": {
+      "name": "mediaFiles",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "filename": {
+          "name": "filename",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "originalName": {
+          "name": "originalName",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "fileType": {
+          "name": "fileType",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "fileSize": {
+          "name": "fileSize",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "uploadedBy": {
+          "name": "uploadedBy",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "bucketKey": {
+          "name": "bucketKey",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "createdAt": {
+          "name": "createdAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "mediaFiles_uploadedBy_user_id_fk": {
+          "name": "mediaFiles_uploadedBy_user_id_fk",
+          "tableFrom": "mediaFiles",
+          "tableTo": "user",
+          "columnsFrom": [
+            "uploadedBy"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "member": {
+      "name": "member",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "userId": {
+          "name": "userId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "organizationId": {
+          "name": "organizationId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'member'"
+        },
+        "createdAt": {
+          "name": "createdAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "member_userId_user_id_fk": {
+          "name": "member_userId_user_id_fk",
+          "tableFrom": "member",
+          "tableTo": "user",
+          "columnsFrom": [
+            "userId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "member_organizationId_organization_id_fk": {
+          "name": "member_organizationId_organization_id_fk",
+          "tableFrom": "member",
+          "tableTo": "organization",
+          "columnsFrom": [
+            "organizationId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "organization": {
+      "name": "organization",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "slug": {
+          "name": "slug",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "logo": {
+          "name": "logo",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "metadata": {
+          "name": "metadata",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "createdAt": {
+          "name": "createdAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {
+        "organization_slug_unique": {
+          "name": "organization_slug_unique",
+          "columns": [
+            "slug"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "project_invitations": {
+      "name": "project_invitations",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "orgId": {
+          "name": "orgId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "projectId": {
+          "name": "projectId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'member'"
+        },
+        "orgRole": {
+          "name": "orgRole",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'member'"
+        },
+        "grantOrgMembership": {
+          "name": "grantOrgMembership",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": false
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "invitedBy": {
+          "name": "invitedBy",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "expiresAt": {
+          "name": "expiresAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "acceptedAt": {
+          "name": "acceptedAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "createdAt": {
+          "name": "createdAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {
+        "project_invitations_token_unique": {
+          "name": "project_invitations_token_unique",
+          "columns": [
+            "token"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "project_invitations_orgId_organization_id_fk": {
+          "name": "project_invitations_orgId_organization_id_fk",
+          "tableFrom": "project_invitations",
+          "tableTo": "organization",
+          "columnsFrom": [
+            "orgId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "project_invitations_projectId_projects_id_fk": {
+          "name": "project_invitations_projectId_projects_id_fk",
+          "tableFrom": "project_invitations",
+          "tableTo": "projects",
+          "columnsFrom": [
+            "projectId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "project_invitations_invitedBy_user_id_fk": {
+          "name": "project_invitations_invitedBy_user_id_fk",
+          "tableFrom": "project_invitations",
+          "tableTo": "user",
+          "columnsFrom": [
+            "invitedBy"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "project_members": {
+      "name": "project_members",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "projectId": {
+          "name": "projectId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "userId": {
+          "name": "userId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'member'"
+        },
+        "joinedAt": {
+          "name": "joinedAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "project_members_projectId_projects_id_fk": {
+          "name": "project_members_projectId_projects_id_fk",
+          "tableFrom": "project_members",
+          "tableTo": "projects",
+          "columnsFrom": [
+            "projectId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "project_members_userId_user_id_fk": {
+          "name": "project_members_userId_user_id_fk",
+          "tableFrom": "project_members",
+          "tableTo": "user",
+          "columnsFrom": [
+            "userId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "projects": {
+      "name": "projects",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "orgId": {
+          "name": "orgId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "createdBy": {
+          "name": "createdBy",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "createdAt": {
+          "name": "createdAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "updatedAt": {
+          "name": "updatedAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "projects_orgId_organization_id_fk": {
+          "name": "projects_orgId_organization_id_fk",
+          "tableFrom": "projects",
+          "tableTo": "organization",
+          "columnsFrom": [
+            "orgId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "projects_createdBy_user_id_fk": {
+          "name": "projects_createdBy_user_id_fk",
+          "tableFrom": "projects",
+          "tableTo": "user",
+          "columnsFrom": [
+            "createdBy"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "session": {
+      "name": "session",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "expiresAt": {
+          "name": "expiresAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "createdAt": {
+          "name": "createdAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "updatedAt": {
+          "name": "updatedAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "ipAddress": {
+          "name": "ipAddress",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "userAgent": {
+          "name": "userAgent",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "userId": {
+          "name": "userId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "impersonatedBy": {
+          "name": "impersonatedBy",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "activeOrganizationId": {
+          "name": "activeOrganizationId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "session_token_unique": {
+          "name": "session_token_unique",
+          "columns": [
+            "token"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "session_userId_user_id_fk": {
+          "name": "session_userId_user_id_fk",
+          "tableFrom": "session",
+          "tableTo": "user",
+          "columnsFrom": [
+            "userId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "session_impersonatedBy_user_id_fk": {
+          "name": "session_impersonatedBy_user_id_fk",
+          "tableFrom": "session",
+          "tableTo": "user",
+          "columnsFrom": [
+            "impersonatedBy"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        },
+        "session_activeOrganizationId_organization_id_fk": {
+          "name": "session_activeOrganizationId_organization_id_fk",
+          "tableFrom": "session",
+          "tableTo": "organization",
+          "columnsFrom": [
+            "activeOrganizationId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "set null",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "subscriptions": {
+      "name": "subscriptions",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "userId": {
+          "name": "userId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "stripeCustomerId": {
+          "name": "stripeCustomerId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "stripeSubscriptionId": {
+          "name": "stripeSubscriptionId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "tier": {
+          "name": "tier",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'free'"
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'active'"
+        },
+        "currentPeriodStart": {
+          "name": "currentPeriodStart",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "currentPeriodEnd": {
+          "name": "currentPeriodEnd",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "cancelAtPeriodEnd": {
+          "name": "cancelAtPeriodEnd",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": false
+        },
+        "createdAt": {
+          "name": "createdAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "updatedAt": {
+          "name": "updatedAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {
+        "subscriptions_userId_unique": {
+          "name": "subscriptions_userId_unique",
+          "columns": [
+            "userId"
+          ],
+          "isUnique": true
+        },
+        "subscriptions_stripeCustomerId_unique": {
+          "name": "subscriptions_stripeCustomerId_unique",
+          "columns": [
+            "stripeCustomerId"
+          ],
+          "isUnique": true
+        },
+        "subscriptions_stripeSubscriptionId_unique": {
+          "name": "subscriptions_stripeSubscriptionId_unique",
+          "columns": [
+            "stripeSubscriptionId"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {
+        "subscriptions_userId_user_id_fk": {
+          "name": "subscriptions_userId_user_id_fk",
+          "tableFrom": "subscriptions",
+          "tableTo": "user",
+          "columnsFrom": [
+            "userId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "twoFactor": {
+      "name": "twoFactor",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "userId": {
+          "name": "userId",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "secret": {
+          "name": "secret",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "backupCodes": {
+          "name": "backupCodes",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "createdAt": {
+          "name": "createdAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "updatedAt": {
+          "name": "updatedAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "twoFactor_userId_user_id_fk": {
+          "name": "twoFactor_userId_user_id_fk",
+          "tableFrom": "twoFactor",
+          "tableTo": "user",
+          "columnsFrom": [
+            "userId"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "user": {
+      "name": "user",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "email": {
+          "name": "email",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "emailVerified": {
+          "name": "emailVerified",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": false
+        },
+        "image": {
+          "name": "image",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "createdAt": {
+          "name": "createdAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "updatedAt": {
+          "name": "updatedAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "username": {
+          "name": "username",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "displayName": {
+          "name": "displayName",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "avatarUrl": {
+          "name": "avatarUrl",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "role": {
+          "name": "role",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "persona": {
+          "name": "persona",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "profileCompletedAt": {
+          "name": "profileCompletedAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "twoFactorEnabled": {
+          "name": "twoFactorEnabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": false
+        },
+        "banned": {
+          "name": "banned",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": false
+        },
+        "banReason": {
+          "name": "banReason",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "banExpires": {
+          "name": "banExpires",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "user_email_unique": {
+          "name": "user_email_unique",
+          "columns": [
+            "email"
+          ],
+          "isUnique": true
+        },
+        "user_username_unique": {
+          "name": "user_username_unique",
+          "columns": [
+            "username"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "verification": {
+      "name": "verification",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "identifier": {
+          "name": "identifier",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "value": {
+          "name": "value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "expiresAt": {
+          "name": "expiresAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "createdAt": {
+          "name": "createdAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        },
+        "updatedAt": {
+          "name": "updatedAt",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(unixepoch())"
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}
\ No newline at end of file
diff --git a/packages/workers/migrations/meta/_journal.json b/packages/workers/migrations/meta/_journal.json
index 6498b9fc0..1ec1bb577 100644
--- a/packages/workers/migrations/meta/_journal.json
+++ b/packages/workers/migrations/meta/_journal.json
@@ -22,6 +22,13 @@
       "when": 1767117556513,
       "tag": "0002_equal_iron_man",
       "breakpoints": true
+    },
+    {
+      "idx": 3,
+      "version": "6",
+      "when": 1767295843655,
+      "tag": "0003_worried_skreet",
+      "breakpoints": true
     }
   ]
-}
+}
\ No newline at end of file
diff --git a/packages/workers/src/config/validation.js b/packages/workers/src/config/validation.js
index 4cfc6f52f..75745e52c 100644
--- a/packages/workers/src/config/validation.js
+++ b/packages/workers/src/config/validation.js
@@ -78,10 +78,10 @@ export const memberSchemas = {
 /**
  * Invitation schemas
  *
- * Note: orgRole is intentionally not accepted from request body.
- * Project owners should not be able to grant org-level roles.
- * When accepting an invitation, users are added to the org as 'member' (lowest role).
- * Only org admins/owners can grant higher org roles via org member management endpoints.
+ * Note: grantOrgMembership can only be set to true by org admins/owners.
+ * When accepting an invitation, users always get project membership.
+ * If grantOrgMembership is true, they also get org membership (for governance/billing).
+ * This does not grant project access - projects are always invite-only.
  */
 export const invitationSchemas = {
   create: z.object({
@@ -89,6 +89,7 @@ export const invitationSchemas = {
     role: z.enum(PROJECT_ROLES, {
       error: `Role must be one of: ${PROJECT_ROLES.join(', ')}`,
     }),
+    grantOrgMembership: z.boolean().optional().default(false), // only org admins/owners can set to true
   }),
   accept: z.object({
     token: z.string().min(1, 'Token is required'),
diff --git a/packages/workers/src/db/schema.js b/packages/workers/src/db/schema.js
index 407ac6d69..ded57ad3b 100644
--- a/packages/workers/src/db/schema.js
+++ b/packages/workers/src/db/schema.js
@@ -183,10 +183,11 @@ export const twoFactor = sqliteTable('twoFactor', {
 });
 
 // Project invitations table (for inviting users to projects)
-// Combined invite flow: accepting ensures org membership then project membership
+// Projects are always invite-only: accepting grants project membership only by default.
+// Optional: grantOrgMembership can be set to true by org admins/owners for governance/billing.
 export const projectInvitations = sqliteTable('project_invitations', {
   id: text('id').primaryKey(),
-  // Organization for this project invitation (accepting grants org membership if needed)
+  // Organization for this project invitation
   orgId: text('orgId')
     .notNull()
     .references(() => organization.id, { onDelete: 'cascade' }),
@@ -195,7 +196,8 @@ export const projectInvitations = sqliteTable('project_invitations', {
     .references(() => projects.id, { onDelete: 'cascade' }),
   email: text('email').notNull(),
   role: text('role').default('member'), // project role
-  orgRole: text('orgRole').default('member'), // always 'member' - project owners cannot grant org roles
+  orgRole: text('orgRole').default('member'), // org role if grantOrgMembership is true
+  grantOrgMembership: integer('grantOrgMembership', { mode: 'boolean' }).default(false).notNull(), // if true, accepting invite also grants org membership
   token: text('token').notNull().unique(),
   invitedBy: text('invitedBy')
     .notNull()
diff --git a/packages/workers/src/durable-objects/ProjectDoc.js b/packages/workers/src/durable-objects/ProjectDoc.js
index 6873c86de..559acd87a 100644
--- a/packages/workers/src/durable-objects/ProjectDoc.js
+++ b/packages/workers/src/durable-objects/ProjectDoc.js
@@ -384,6 +384,7 @@ export class ProjectDoc {
     const orgId = project.orgId;
 
     // ALWAYS verify project membership on connect/reconnect (fresh D1 check)
+    // Projects are invite-only: org membership does not grant project access
     const projectMembership = await db
       .select({ role: projectMembers.role })
       .from(projectMembers)
diff --git a/packages/workers/src/routes/orgs/invitations.js b/packages/workers/src/routes/orgs/invitations.js
index 58bef7d26..3c39ba1b1 100644
--- a/packages/workers/src/routes/orgs/invitations.js
+++ b/packages/workers/src/routes/orgs/invitations.js
@@ -113,16 +113,28 @@ orgInvitationRoutes.post(
       let token;
       let invitationId;
 
+      // Check if user is org admin/owner to allow grantOrgMembership
+      const { orgRole } = getOrgContext(c);
+      const canGrantOrgMembership = orgRole === 'admin' || orgRole === 'owner';
+      const { grantOrgMembership = false } = c.get('validatedBody');
+
+      // Only org admins/owners can set grantOrgMembership to true
+      const finalGrantOrgMembership = canGrantOrgMembership ? grantOrgMembership : false;
+
       if (existingInvitation && !existingInvitation.acceptedAt) {
         // Resend existing invitation - update role and extend expiration
-        // Note: orgRole is always 'member' - project owners cannot grant org roles
         invitationId = existingInvitation.id;
         token = existingInvitation.token;
         const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000); // 7 days
 
         await db
           .update(projectInvitations)
-          .set({ role, orgRole: 'member', expiresAt })
+          .set({
+            role,
+            orgRole: 'member', // org role is always 'member' if granted
+            grantOrgMembership: finalGrantOrgMembership,
+            expiresAt,
+          })
           .where(eq(projectInvitations.id, existingInvitation.id));
       } else if (existingInvitation && existingInvitation.acceptedAt) {
         const error = createDomainError(PROJECT_ERRORS.INVITATION_ALREADY_ACCEPTED, {
@@ -131,7 +143,6 @@ orgInvitationRoutes.post(
         return c.json(error, error.statusCode);
       } else {
         // Create new invitation with orgId
-        // Note: orgRole is always 'member' - project owners cannot grant org roles
         invitationId = crypto.randomUUID();
         token = crypto.randomUUID();
         const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
@@ -142,7 +153,8 @@ orgInvitationRoutes.post(
           projectId,
           email: email.toLowerCase(),
           role,
-          orgRole: 'member',
+          orgRole: 'member', // org role is always 'member' if granted
+          grantOrgMembership: finalGrantOrgMembership,
           token,
           invitedBy: authUser.id,
           expiresAt,
@@ -341,7 +353,7 @@ orgInvitationRoutes.delete(
 /**
  * POST /api/orgs/:orgId/projects/:projectId/invitations/accept
  * Accept a project invitation by token
- * Combined flow: ensures org membership first, then adds project membership
+ * Hybrid flow: always adds project membership (invite-only), optionally adds org membership if grantOrgMembership is true
  * Uses db.batch() for atomicity
  */
 orgInvitationRoutes.post('/accept', validateRequest(invitationSchemas.accept), async c => {
@@ -350,7 +362,7 @@ orgInvitationRoutes.post('/accept', validateRequest(invitationSchemas.accept), a
   const { token } = c.get('validatedBody');
 
   try {
-    // Find invitation by token (includes org fields for combined flow)
+    // Find invitation by token (includes org fields for hybrid flow)
     const invitation = await db
       .select({
         id: projectInvitations.id,
@@ -359,6 +371,7 @@ orgInvitationRoutes.post('/accept', validateRequest(invitationSchemas.accept), a
         email: projectInvitations.email,
         role: projectInvitations.role,
         orgRole: projectInvitations.orgRole,
+        grantOrgMembership: projectInvitations.grantOrgMembership,
         expiresAt: projectInvitations.expiresAt,
         acceptedAt: projectInvitations.acceptedAt,
       })
@@ -462,12 +475,23 @@ orgInvitationRoutes.post('/accept', validateRequest(invitationSchemas.accept), a
       });
     }
 
-    // Combined flow: ensure org membership, then add project membership
+    // Hybrid flow: always add project membership, optionally add org membership
     const nowDate = new Date();
     const batchOps = [];
 
-    // Check if user is already an org member
-    if (invitation.orgId) {
+    // Always add user to project (projects are invite-only)
+    batchOps.push(
+      db.insert(projectMembers).values({
+        id: crypto.randomUUID(),
+        projectId: invitation.projectId,
+        userId: authUser.id,
+        role: invitation.role,
+        joinedAt: nowDate,
+      }),
+    );
+
+    // Optionally add user to org if grantOrgMembership is true
+    if (invitation.grantOrgMembership && invitation.orgId) {
       const existingOrgMembership = await db
         .select({ id: member.id })
         .from(member)
@@ -488,17 +512,6 @@ orgInvitationRoutes.post('/accept', validateRequest(invitationSchemas.accept), a
       }
     }
 
-    // Add user to project
-    batchOps.push(
-      db.insert(projectMembers).values({
-        id: crypto.randomUUID(),
-        projectId: invitation.projectId,
-        userId: authUser.id,
-        role: invitation.role,
-        joinedAt: nowDate,
-      }),
-    );
-
     // Mark invitation as accepted
     batchOps.push(
       db

From 5e481564d35c54b418e3dac2b5df72383176236e Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Thu, 1 Jan 2026 19:32:56 +0000
Subject: [PATCH 03/10] Apply Prettier formatting

---
 .../migrations/meta/0003_snapshot.json        | 178 +++++-------------
 .../workers/migrations/meta/_journal.json     |   2 +-
 packages/workers/src/routes/admin/users.js    |   4 +-
 packages/workers/src/routes/users.js          |   4 +-
 4 files changed, 48 insertions(+), 140 deletions(-)

diff --git a/packages/workers/migrations/meta/0003_snapshot.json b/packages/workers/migrations/meta/0003_snapshot.json
index dba2238d8..faf83a5ea 100644
--- a/packages/workers/migrations/meta/0003_snapshot.json
+++ b/packages/workers/migrations/meta/0003_snapshot.json
@@ -107,12 +107,8 @@
           "name": "account_userId_user_id_fk",
           "tableFrom": "account",
           "tableTo": "user",
-          "columnsFrom": [
-            "userId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["userId"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         }
@@ -190,12 +186,8 @@
           "name": "invitation_inviterId_user_id_fk",
           "tableFrom": "invitation",
           "tableTo": "user",
-          "columnsFrom": [
-            "inviterId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["inviterId"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         },
@@ -203,12 +195,8 @@
           "name": "invitation_organizationId_organization_id_fk",
           "tableFrom": "invitation",
           "tableTo": "organization",
-          "columnsFrom": [
-            "organizationId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["organizationId"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         }
@@ -284,12 +272,8 @@
           "name": "mediaFiles_uploadedBy_user_id_fk",
           "tableFrom": "mediaFiles",
           "tableTo": "user",
-          "columnsFrom": [
-            "uploadedBy"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["uploadedBy"],
+          "columnsTo": ["id"],
           "onDelete": "set null",
           "onUpdate": "no action"
         }
@@ -345,12 +329,8 @@
           "name": "member_userId_user_id_fk",
           "tableFrom": "member",
           "tableTo": "user",
-          "columnsFrom": [
-            "userId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["userId"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         },
@@ -358,12 +338,8 @@
           "name": "member_organizationId_organization_id_fk",
           "tableFrom": "member",
           "tableTo": "organization",
-          "columnsFrom": [
-            "organizationId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["organizationId"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         }
@@ -422,9 +398,7 @@
       "indexes": {
         "organization_slug_unique": {
           "name": "organization_slug_unique",
-          "columns": [
-            "slug"
-          ],
+          "columns": ["slug"],
           "isUnique": true
         }
       },
@@ -528,9 +502,7 @@
       "indexes": {
         "project_invitations_token_unique": {
           "name": "project_invitations_token_unique",
-          "columns": [
-            "token"
-          ],
+          "columns": ["token"],
           "isUnique": true
         }
       },
@@ -539,12 +511,8 @@
           "name": "project_invitations_orgId_organization_id_fk",
           "tableFrom": "project_invitations",
           "tableTo": "organization",
-          "columnsFrom": [
-            "orgId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["orgId"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         },
@@ -552,12 +520,8 @@
           "name": "project_invitations_projectId_projects_id_fk",
           "tableFrom": "project_invitations",
           "tableTo": "projects",
-          "columnsFrom": [
-            "projectId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["projectId"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         },
@@ -565,12 +529,8 @@
           "name": "project_invitations_invitedBy_user_id_fk",
           "tableFrom": "project_invitations",
           "tableTo": "user",
-          "columnsFrom": [
-            "invitedBy"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["invitedBy"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         }
@@ -626,12 +586,8 @@
           "name": "project_members_projectId_projects_id_fk",
           "tableFrom": "project_members",
           "tableTo": "projects",
-          "columnsFrom": [
-            "projectId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["projectId"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         },
@@ -639,12 +595,8 @@
           "name": "project_members_userId_user_id_fk",
           "tableFrom": "project_members",
           "tableTo": "user",
-          "columnsFrom": [
-            "userId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["userId"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         }
@@ -714,12 +666,8 @@
           "name": "projects_orgId_organization_id_fk",
           "tableFrom": "projects",
           "tableTo": "organization",
-          "columnsFrom": [
-            "orgId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["orgId"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         },
@@ -727,12 +675,8 @@
           "name": "projects_createdBy_user_id_fk",
           "tableFrom": "projects",
           "tableTo": "user",
-          "columnsFrom": [
-            "createdBy"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["createdBy"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         }
@@ -820,9 +764,7 @@
       "indexes": {
         "session_token_unique": {
           "name": "session_token_unique",
-          "columns": [
-            "token"
-          ],
+          "columns": ["token"],
           "isUnique": true
         }
       },
@@ -831,12 +773,8 @@
           "name": "session_userId_user_id_fk",
           "tableFrom": "session",
           "tableTo": "user",
-          "columnsFrom": [
-            "userId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["userId"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         },
@@ -844,12 +782,8 @@
           "name": "session_impersonatedBy_user_id_fk",
           "tableFrom": "session",
           "tableTo": "user",
-          "columnsFrom": [
-            "impersonatedBy"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["impersonatedBy"],
+          "columnsTo": ["id"],
           "onDelete": "set null",
           "onUpdate": "no action"
         },
@@ -857,12 +791,8 @@
           "name": "session_activeOrganizationId_organization_id_fk",
           "tableFrom": "session",
           "tableTo": "organization",
-          "columnsFrom": [
-            "activeOrganizationId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["activeOrganizationId"],
+          "columnsTo": ["id"],
           "onDelete": "set null",
           "onUpdate": "no action"
         }
@@ -960,23 +890,17 @@
       "indexes": {
         "subscriptions_userId_unique": {
           "name": "subscriptions_userId_unique",
-          "columns": [
-            "userId"
-          ],
+          "columns": ["userId"],
           "isUnique": true
         },
         "subscriptions_stripeCustomerId_unique": {
           "name": "subscriptions_stripeCustomerId_unique",
-          "columns": [
-            "stripeCustomerId"
-          ],
+          "columns": ["stripeCustomerId"],
           "isUnique": true
         },
         "subscriptions_stripeSubscriptionId_unique": {
           "name": "subscriptions_stripeSubscriptionId_unique",
-          "columns": [
-            "stripeSubscriptionId"
-          ],
+          "columns": ["stripeSubscriptionId"],
           "isUnique": true
         }
       },
@@ -985,12 +909,8 @@
           "name": "subscriptions_userId_user_id_fk",
           "tableFrom": "subscriptions",
           "tableTo": "user",
-          "columnsFrom": [
-            "userId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["userId"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         }
@@ -1053,12 +973,8 @@
           "name": "twoFactor_userId_user_id_fk",
           "tableFrom": "twoFactor",
           "tableTo": "user",
-          "columnsFrom": [
-            "userId"
-          ],
-          "columnsTo": [
-            "id"
-          ],
+          "columnsFrom": ["userId"],
+          "columnsTo": ["id"],
           "onDelete": "cascade",
           "onUpdate": "no action"
         }
@@ -1198,16 +1114,12 @@
       "indexes": {
         "user_email_unique": {
           "name": "user_email_unique",
-          "columns": [
-            "email"
-          ],
+          "columns": ["email"],
           "isUnique": true
         },
         "user_username_unique": {
           "name": "user_username_unique",
-          "columns": [
-            "username"
-          ],
+          "columns": ["username"],
           "isUnique": true
         }
       },
@@ -1281,4 +1193,4 @@
   "internal": {
     "indexes": {}
   }
-}
\ No newline at end of file
+}
diff --git a/packages/workers/migrations/meta/_journal.json b/packages/workers/migrations/meta/_journal.json
index 1ec1bb577..cfaa2153c 100644
--- a/packages/workers/migrations/meta/_journal.json
+++ b/packages/workers/migrations/meta/_journal.json
@@ -31,4 +31,4 @@
       "breakpoints": true
     }
   ]
-}
\ No newline at end of file
+}
diff --git a/packages/workers/src/routes/admin/users.js b/packages/workers/src/routes/admin/users.js
index 3c4f316cf..c2b85229b 100644
--- a/packages/workers/src/routes/admin/users.js
+++ b/packages/workers/src/routes/admin/users.js
@@ -491,9 +491,7 @@ userRoutes.delete('/users/:userId', async c => {
 
     // Sync all member removals to DOs atomically (fail fast if any fails)
     await Promise.all(
-      userProjects.map(({ projectId }) =>
-        syncMemberToDO(c.env, projectId, 'remove', { userId }),
-      ),
+      userProjects.map(({ projectId }) => syncMemberToDO(c.env, projectId, 'remove', { userId })),
     );
 
     // Only proceed with database deletions if all DO syncs succeeded
diff --git a/packages/workers/src/routes/users.js b/packages/workers/src/routes/users.js
index 66f481f91..00aa353da 100644
--- a/packages/workers/src/routes/users.js
+++ b/packages/workers/src/routes/users.js
@@ -197,9 +197,7 @@ userRoutes.delete('/me', async c => {
 
     // Sync all member removals to DOs atomically (fail fast if any fails)
     await Promise.all(
-      userProjects.map(({ projectId }) =>
-        syncMemberToDO(c.env, projectId, 'remove', { userId }),
-      ),
+      userProjects.map(({ projectId }) => syncMemberToDO(c.env, projectId, 'remove', { userId })),
     );
 
     // Only proceed with database deletions if all DO syncs succeeded

From eabf63deb817f7e66ae63c9c0156b5a0e0328397 Mon Sep 17 00:00:00 2001
From: Jacob Maynard <jacobamaynard@proton.me>
Date: Thu, 1 Jan 2026 13:57:52 -0600
Subject: [PATCH 04/10] remove workspaces and context switching from the UI.
 tanstack query always refetch in dev

---
 packages/web/src/Routes.jsx                   |  22 +-
 packages/web/src/components/Dashboard.jsx     |  29 +-
 packages/web/src/components/Navbar.jsx        |  80 +-----
 .../checklist/ChecklistYjsWrapper.jsx         |  26 +-
 .../compare/ReconciliationWrapper.jsx         |  24 +-
 .../components/project/CreateProjectForm.jsx  |  47 +++-
 .../src/components/project/MyProjectsPage.jsx | 253 ++++++++++++++++++
 .../src/components/project/ProjectContext.jsx |  24 +-
 .../src/components/project/ProjectView.jsx    |  31 +--
 .../project/completed-tab/CompletedTab.jsx    |   5 +-
 .../completed-tab/PreviousReviewersView.jsx   |   5 +-
 .../project/overview-tab/OverviewTab.jsx      |   5 +-
 .../components/sidebar/ChecklistTreeItem.jsx  |   5 -
 .../components/sidebar/ProjectTreeItem.jsx    |  14 +-
 .../web/src/components/sidebar/Sidebar.jsx    |  65 ++---
 .../src/components/sidebar/StudyTreeItem.jsx  |   2 -
 packages/web/src/lib/queryClient.js           |  15 +-
 packages/web/src/lib/queryKeys.js             |   6 +-
 .../web/src/primitives/useMyProjectsList.js   |  62 +++++
 packages/web/src/primitives/useOrgs.js        |  48 ++++
 .../src/primitives/useProject/connection.js   |  13 +-
 .../web/src/primitives/useProject/index.js    |  13 +-
 packages/web/src/primitives/useProjectData.js |   5 +-
 .../web/src/primitives/useProjectOrgId.js     |  44 +++
 packages/web/src/primitives/useRecentsNav.js  |  53 +++-
 .../workers/src/durable-objects/ProjectDoc.js |  24 +-
 packages/workers/src/index.js                 |  32 ++-
 packages/workers/src/lib/entitlements.js      |   9 +-
 packages/workers/src/routes/users.js          |  36 +++
 29 files changed, 705 insertions(+), 292 deletions(-)
 create mode 100644 packages/web/src/components/project/MyProjectsPage.jsx
 create mode 100644 packages/web/src/primitives/useMyProjectsList.js
 create mode 100644 packages/web/src/primitives/useOrgs.js
 create mode 100644 packages/web/src/primitives/useProjectOrgId.js

diff --git a/packages/web/src/Routes.jsx b/packages/web/src/Routes.jsx
index 0392c72ea..6a1792bfa 100644
--- a/packages/web/src/Routes.jsx
+++ b/packages/web/src/Routes.jsx
@@ -18,7 +18,9 @@ import { AdminDashboard } from '@/components/admin/index.js';
 import StorageManagement from '@/components/admin/StorageManagement.jsx';
 import { BASEPATH } from '@config/api.js';
 import ProtectedGuard from '@/components/auth/ProtectedGuard.jsx';
-import { OrgProjectsPage, ProjectView, CreateOrgPage } from '@/components/org/index.js';
+import MyProjectsPage from '@/components/project/MyProjectsPage.jsx';
+import ProjectView from '@/components/project/ProjectView.jsx';
+import { CreateOrgPage } from '@/components/org/index.js';
 
 export default function AppRoutes() {
   return (
@@ -34,31 +36,33 @@ export default function AppRoutes() {
 
       {/* Main app routes */}
       <Route path='/' component={Layout}>
-        {/* Dashboard redirects to org context */}
+        {/* Dashboard redirects to projects */}
         <Route path='/' component={Dashboard} />
         <Route path='/dashboard' component={Dashboard} />
 
         {/* Protected routes - requires login */}
         <Route path='/' component={ProtectedGuard}>
-          {/* Global user routes (outside org context) */}
+          {/* Global user routes */}
           <Route path='/profile' component={ProfilePage} />
           <Route path='/settings' component={SettingsPage} />
           <Route path='/admin' component={AdminDashboard} />
           <Route path='/admin/storage' component={StorageManagement} />
           <Route path='/settings/billing' component={BillingPage} />
 
-          {/* Organization routes */}
+          {/* Organization creation (still needed) */}
           <Route path='/orgs/new' component={CreateOrgPage} />
-          <Route path='/orgs/:orgSlug' component={OrgProjectsPage} />
-          <Route path='/orgs/:orgSlug/projects/:projectId' component={ProjectView} />
 
-          {/* Org-scoped checklist routes */}
+          {/* Project-scoped routes */}
+          <Route path='/projects' component={MyProjectsPage} />
+          <Route path='/projects/:projectId' component={ProjectView} />
+
+          {/* Project-scoped checklist routes */}
           <Route
-            path='/orgs/:orgSlug/projects/:projectId/studies/:studyId/checklists/:checklistId'
+            path='/projects/:projectId/studies/:studyId/checklists/:checklistId'
             component={ChecklistYjsWrapper}
           />
           <Route
-            path='/orgs/:orgSlug/projects/:projectId/studies/:studyId/reconcile/:checklist1Id/:checklist2Id'
+            path='/projects/:projectId/studies/:studyId/reconcile/:checklist1Id/:checklist2Id'
             component={ReconciliationWrapper}
           />
         </Route>
diff --git a/packages/web/src/components/Dashboard.jsx b/packages/web/src/components/Dashboard.jsx
index c47ded62c..3bcc279b7 100644
--- a/packages/web/src/components/Dashboard.jsx
+++ b/packages/web/src/components/Dashboard.jsx
@@ -1,17 +1,34 @@
-import { Show } from 'solid-js';
+import { createEffect, Show } from 'solid-js';
+import { useNavigate } from '@solidjs/router';
 import ChecklistsDashboard from '@/components/checklist/ChecklistsDashboard.jsx';
-import { OrgRedirect } from '@/components/org/index.js';
 import { useBetterAuth } from '@api/better-auth-store.js';
 
 export default function Dashboard() {
-  const { isLoggedIn } = useBetterAuth();
+  const { isLoggedIn, authLoading } = useBetterAuth();
+  const navigate = useNavigate();
+
+  // Redirect logged-in users to projects page
+  createEffect(() => {
+    if (isLoggedIn() && !authLoading()) {
+      navigate('/projects', { replace: true });
+    }
+  });
 
   return (
     <div class='p-6'>
       <div class='mx-auto max-w-7xl space-y-8'>
-        {/* Logged-in users are redirected to their org context */}
-        <Show when={isLoggedIn()}>
-          <OrgRedirect />
+        {/* Show sign-in prompt for guests */}
+        <Show when={!isLoggedIn() && !authLoading()}>
+          <div class='text-center'>
+            <h2 class='mb-2 text-xl font-semibold text-gray-900'>Welcome to CoRATES</h2>
+            <p class='mb-4 text-gray-600'>Sign in to access your projects</p>
+            <a
+              href='/signin'
+              class='inline-flex items-center gap-2 rounded-lg bg-blue-600 px-4 py-2 font-medium text-white hover:bg-blue-700'
+            >
+              Sign In
+            </a>
+          </div>
         </Show>
 
         {/* Local checklists work offline and don't need org context */}
diff --git a/packages/web/src/components/Navbar.jsx b/packages/web/src/components/Navbar.jsx
index 7d3a0b54b..46b38794a 100644
--- a/packages/web/src/components/Navbar.jsx
+++ b/packages/web/src/components/Navbar.jsx
@@ -1,9 +1,7 @@
 import { Show, For, createEffect, createSignal, onMount, onCleanup } from 'solid-js';
 import { A, useNavigate } from '@solidjs/router';
 import { useBetterAuth } from '@api/better-auth-store.js';
-import { useOrgContext } from '@primitives/useOrgContext.js';
-import { FiMenu, FiWifiOff, FiChevronDown, FiPlus, FiX } from 'solid-icons/fi';
-import { BiRegularBuildings } from 'solid-icons/bi';
+import { FiMenu, FiWifiOff, FiChevronDown, FiX } from 'solid-icons/fi';
 import { LANDING_URL } from '@config/api.js';
 import useOnlineStatus from '@primitives/useOnlineStatus.js';
 import { Avatar } from '@corates/ui';
@@ -13,13 +11,8 @@ export default function Navbar(props) {
   const navigate = useNavigate();
   const isOnline = useOnlineStatus();
 
-  // Org context for workspace switcher
-  const { orgs, currentOrg, orgSlug, isLoading: orgsLoading } = useOrgContext();
-
   const [showUserMenu, setShowUserMenu] = createSignal(false);
-  const [showOrgMenu, setShowOrgMenu] = createSignal(false);
   let userMenuRef;
-  let orgMenuRef;
 
   // Read from localStorage on render to avoid layout shift on refresh
   const storedName = localStorage.getItem('userName');
@@ -40,9 +33,6 @@ export default function Navbar(props) {
       if (userMenuRef && !userMenuRef.contains(event.target)) {
         setShowUserMenu(false);
       }
-      if (orgMenuRef && !orgMenuRef.contains(event.target)) {
-        setShowOrgMenu(false);
-      }
     };
 
     document.addEventListener('mousedown', handleClickOutside);
@@ -61,10 +51,6 @@ export default function Navbar(props) {
     }
   };
 
-  const handleOrgSwitch = orgSlugValue => {
-    setShowOrgMenu(false);
-    navigate(`/orgs/${orgSlugValue}`);
-  };
 
   return (
     <nav class='sticky top-0 z-50 flex items-center justify-between bg-linear-to-r from-blue-700 to-blue-500 px-4 py-2 text-white shadow-lg'>
@@ -96,66 +82,6 @@ export default function Navbar(props) {
           </div>
           CoRATES
         </a>
-        {/* Workspace switcher - only show when logged in */}
-        <Show when={isLoggedIn() && !authLoading()}>
-          <div class='relative' ref={orgMenuRef}>
-            <button
-              onClick={() => setShowOrgMenu(!showOrgMenu())}
-              class='flex h-8 items-center gap-2 rounded-lg bg-white/10 px-3 text-sm font-medium transition hover:bg-white/20'
-            >
-              <BiRegularBuildings class='h-4 w-4' />
-              <span class='max-w-32 truncate'>{currentOrg()?.name || 'Select workspace'}</span>
-              <FiChevronDown
-                class={`h-3 w-3 transition-transform ${showOrgMenu() ? 'rotate-180' : ''}`}
-              />
-            </button>
-
-            <Show when={showOrgMenu()}>
-              <div class='absolute left-0 z-50 mt-2 w-56 rounded-md border border-gray-200 bg-white py-1 text-gray-700 shadow-lg'>
-                <div class='border-b border-gray-200 px-3 py-2'>
-                  <p class='text-xs font-medium text-gray-500 uppercase'>Workspaces</p>
-                </div>
-
-                <Show when={orgsLoading()}>
-                  <div class='px-3 py-2 text-sm text-gray-400'>Loading...</div>
-                </Show>
-
-                <Show when={!orgsLoading() && orgs().length === 0}>
-                  <div class='px-3 py-2 text-sm text-gray-500'>No workspaces</div>
-                </Show>
-
-                <For each={orgs()}>
-                  {org => (
-                    <button
-                      onClick={() => handleOrgSwitch(org.slug)}
-                      class={`flex w-full items-center gap-2 px-3 py-2 text-sm hover:bg-gray-100 ${
-                        orgSlug() === org.slug ? 'bg-blue-50 text-blue-700' : ''
-                      }`}
-                    >
-                      <BiRegularBuildings class='h-4 w-4 text-gray-400' />
-                      <span class='truncate'>{org.name}</span>
-                      <Show when={orgSlug() === org.slug}>
-                        <span class='ml-auto text-xs text-blue-600'>Current</span>
-                      </Show>
-                    </button>
-                  )}
-                </For>
-
-                <div class='mt-1 border-t border-gray-200 pt-1'>
-                  <A
-                    href='/orgs/new'
-                    class='flex w-full items-center gap-2 px-3 py-2 text-sm text-blue-600 hover:bg-gray-100'
-                    onClick={() => setShowOrgMenu(false)}
-                  >
-                    <FiPlus class='h-4 w-4' />
-                    Create workspace
-                  </A>
-                </div>
-              </div>
-            </Show>
-          </div>
-        </Show>
-
         {/* Offline indicator */}
         <Show when={!isOnline()}>
           <div class='flex items-center gap-1 rounded-full bg-amber-500/90 px-2 py-1 text-xs text-white'>
@@ -167,10 +93,10 @@ export default function Navbar(props) {
 
       <div class='text-2xs flex items-center space-x-4 sm:text-xs'>
         <A
-          href='/dashboard'
+          href='/projects'
           class='flex h-9 items-center rounded px-2 font-medium transition hover:bg-blue-600'
         >
-          Dashboard
+          Projects
         </A>
         <Show
           when={user() || (authLoading() && isLikelyLoggedIn)}
diff --git a/packages/web/src/components/checklist/ChecklistYjsWrapper.jsx b/packages/web/src/components/checklist/ChecklistYjsWrapper.jsx
index 00578cde9..00b16eb0e 100644
--- a/packages/web/src/components/checklist/ChecklistYjsWrapper.jsx
+++ b/packages/web/src/components/checklist/ChecklistYjsWrapper.jsx
@@ -2,7 +2,7 @@ import { createSignal, createEffect, createMemo, Show } from 'solid-js';
 import { useParams, useNavigate, useLocation } from '@solidjs/router';
 import ChecklistWithPdf from '@/components/checklist/ChecklistWithPdf.jsx';
 import useProject from '@/primitives/useProject/index.js';
-import { useOrgContext } from '@primitives/useOrgContext.js';
+import { useProjectOrgId } from '@primitives/useProjectOrgId.js';
 import projectStore from '@/stores/projectStore.js';
 import projectActionsStore from '@/stores/projectActionsStore';
 import { ACCESS_DENIED_ERRORS } from '@/constants/errors.js';
@@ -24,8 +24,8 @@ export default function ChecklistYjsWrapper() {
   const { user } = useBetterAuth();
   const confirmDialog = useConfirmDialog();
 
-  // Get org context for navigation and API calls
-  const { orgSlug, orgId } = useOrgContext();
+  // Get orgId from project data (for API calls)
+  const orgId = useProjectOrgId(params.projectId);
 
   const [pdfData, setPdfData] = createSignal(null);
   const [pdfFileName, setPdfFileName] = createSignal(null);
@@ -33,7 +33,6 @@ export default function ChecklistYjsWrapper() {
   const [selectedPdfId, setSelectedPdfId] = createSignal(null);
 
   // Use full hook for write operations
-  // orgId() is required for remote projects' WebSocket connection
   const {
     connect,
     updateChecklistAnswer,
@@ -41,14 +40,16 @@ export default function ChecklistYjsWrapper() {
     getChecklistData,
     addPdfToStudy,
     getQuestionNote,
-  } = useProject(orgId(), params.projectId);
+  } = useProject(params.projectId);
 
   // Set active project for action store
   createEffect(() => {
     const pid = params.projectId;
     const oid = orgId();
-    if (pid && oid) {
-      projectActionsStore._setActiveProject(pid, oid);
+    if (pid) {
+      if (oid) {
+        projectActionsStore._setActiveProject(pid, oid);
+      }
       connect();
     }
   });
@@ -56,13 +57,12 @@ export default function ChecklistYjsWrapper() {
   // Read data directly from store for faster reactivity
   const connectionState = () => projectStore.getConnectionState(params.projectId);
 
-  // Watch for access-denied errors and redirect to org projects
+  // Watch for access-denied errors and redirect to projects
   createEffect(() => {
     const state = connectionState();
     if (state.error && ACCESS_DENIED_ERRORS.includes(state.error)) {
       showToast.error('Access Denied', state.error);
-      const slug = orgSlug();
-      navigate(slug ? `/orgs/${slug}` : '/dashboard', { replace: true });
+      navigate('/projects', { replace: true });
     }
   });
 
@@ -363,13 +363,9 @@ export default function ChecklistYjsWrapper() {
     return tabFromUrl || 'overview';
   };
 
-  // Build back path with org context
+  // Build back path
   const getBackPath = () => {
-    const slug = orgSlug();
     const tab = getBackTab();
-    if (slug) {
-      return `/orgs/${slug}/projects/${params.projectId}?tab=${tab}`;
-    }
     return `/projects/${params.projectId}?tab=${tab}`;
   };
 
diff --git a/packages/web/src/components/checklist/compare/ReconciliationWrapper.jsx b/packages/web/src/components/checklist/compare/ReconciliationWrapper.jsx
index 3cd6c7320..d28cb205c 100644
--- a/packages/web/src/components/checklist/compare/ReconciliationWrapper.jsx
+++ b/packages/web/src/components/checklist/compare/ReconciliationWrapper.jsx
@@ -6,7 +6,7 @@
 import { createSignal, createMemo, createEffect, Show } from 'solid-js';
 import { useParams, useNavigate } from '@solidjs/router';
 import useProject from '@/primitives/useProject/index.js';
-import { useOrgContext } from '@primitives/useOrgContext.js';
+import { useProjectOrgId } from '@primitives/useProjectOrgId.js';
 import projectStore from '@/stores/projectStore.js';
 import projectActionsStore from '@/stores/projectActionsStore';
 import { ACCESS_DENIED_ERRORS } from '@/constants/errors.js';
@@ -24,15 +24,14 @@ export default function ReconciliationWrapper() {
   const params = useParams();
   const navigate = useNavigate();
 
-  // Get org context for navigation and API calls
-  const { orgSlug, orgId } = useOrgContext();
+  // Get orgId from project data (for API calls)
+  const orgId = useProjectOrgId(params.projectId);
 
   // params.projectId, params.studyId, params.checklist1Id, params.checklist2Id
 
   const [error, setError] = createSignal(null);
 
   // Use project hook for Y.js operations
-  // orgId() is required for remote projects' WebSocket connection
   const {
     createChecklist: createProjectChecklist,
     updateChecklistAnswer,
@@ -41,27 +40,28 @@ export default function ReconciliationWrapper() {
     getReconciliationProgress,
     getQuestionNote,
     saveReconciliationProgress,
-  } = useProject(orgId(), params.projectId);
+  } = useProject(params.projectId);
 
   // Set active project for action store
   createEffect(() => {
     const pid = params.projectId;
     const oid = orgId();
-    if (pid && oid) {
-      projectActionsStore._setActiveProject(pid, oid);
+    if (pid) {
+      if (oid) {
+        projectActionsStore._setActiveProject(pid, oid);
+      }
     }
   });
 
   // Read data from store
   const connectionState = () => projectStore.getConnectionState(params.projectId);
 
-  // Watch for access-denied errors and redirect to org projects
+  // Watch for access-denied errors and redirect to projects
   createEffect(() => {
     const state = connectionState();
     if (state.error && ACCESS_DENIED_ERRORS.includes(state.error)) {
       showToast.error('Access Denied', state.error);
-      const slug = orgSlug();
-      navigate(slug ? `/orgs/${slug}` : '/dashboard', { replace: true });
+      navigate('/projects', { replace: true });
     }
   });
 
@@ -371,9 +371,9 @@ export default function ReconciliationWrapper() {
     return member?.displayName || member?.name || member?.email || 'Unknown';
   }
 
-  // Build org-scoped project path
+  // Build project path
   const getProjectPath = () => {
-    return `/orgs/${orgSlug()}/projects/${params.projectId}`;
+    return `/projects/${params.projectId}`;
   };
 
   // Handle saving the reconciled checklist
diff --git a/packages/web/src/components/project/CreateProjectForm.jsx b/packages/web/src/components/project/CreateProjectForm.jsx
index 15a98e9c6..312846f7a 100644
--- a/packages/web/src/components/project/CreateProjectForm.jsx
+++ b/packages/web/src/components/project/CreateProjectForm.jsx
@@ -1,6 +1,6 @@
-import { createSignal, Show, onMount } from 'solid-js';
+import { createSignal, Show, onMount, createMemo, createEffect } from 'solid-js';
 import AddStudiesForm from './add-studies/AddStudiesForm.jsx';
-import { showToast } from '@corates/ui';
+import { showToast, Select } from '@corates/ui';
 import { AUTH_ERRORS } from '@corates/shared';
 import { isUnlimitedQuota } from '@corates/shared/plans';
 import {
@@ -11,6 +11,7 @@ import {
   clearRestoreParamsFromUrl,
 } from '@lib/formStatePersistence.js';
 import { isErrorCode, handleFetchError, handleError } from '@/lib/error-utils.js';
+import { useOrgs } from '@primitives/useOrgs.js';
 
 /**
  * Form for creating a new project with optional study imports
@@ -18,7 +19,6 @@ import { isErrorCode, handleFetchError, handleError } from '@/lib/error-utils.js
  *
  * @param {Object} props
  * @param {string} props.apiBase - API base URL
- * @param {string} props.orgId - Organization ID (for org-scoped project creation)
  * @param {Function} props.onProjectCreated - Called with (project, pendingPdfs, allRefs)
  * @param {Function} props.onCancel - Called when form is cancelled
  */
@@ -27,6 +27,27 @@ export default function CreateProjectForm(props) {
   const [projectDescription, setProjectDescription] = createSignal('');
   const [isCreating, setIsCreating] = createSignal(false);
   const [restoredState, setRestoredState] = createSignal(null);
+  const [selectedOrgId, setSelectedOrgId] = createSignal(null);
+
+  // Get orgs list
+  const { orgs, isLoading: orgsLoading } = useOrgs();
+
+  // Default to first org when orgs are loaded (if multiple orgs and none selected)
+  createEffect(() => {
+    const orgsList = orgs();
+    if (orgsList.length > 1 && !selectedOrgId()) {
+      setSelectedOrgId(orgsList[0].id);
+    }
+  });
+
+  // Auto-select org if user has only one, otherwise use selected
+  const resolvedOrgId = createMemo(() => {
+    const orgsList = orgs();
+    if (orgsList.length === 1) {
+      return orgsList[0].id;
+    }
+    return selectedOrgId();
+  });
 
   // Collected studies from AddStudiesForm (via collect mode)
   const [collectedStudies, setCollectedStudies] = createSignal({
@@ -95,15 +116,16 @@ export default function CreateProjectForm(props) {
     if (!projectName().trim()) return;
 
     // Require orgId for project creation
-    if (!props.orgId) {
-      showToast.error('Error', 'No organization context. Please select a workspace.');
+    const orgId = resolvedOrgId();
+    if (!orgId) {
+      showToast.error('Error', 'Please select an organization.');
       return;
     }
 
     setIsCreating(true);
     try {
       const response = await handleFetchError(
-        fetch(`${props.apiBase}/api/orgs/${props.orgId}/projects`, {
+        fetch(`${props.apiBase}/api/orgs/${orgId}/projects`, {
           method: 'POST',
           credentials: 'include',
           headers: {
@@ -181,6 +203,19 @@ export default function CreateProjectForm(props) {
           />
         </div>
 
+        {/* Organization selection - only show if user has multiple orgs */}
+        <Show when={!orgsLoading() && orgs().length > 1}>
+          <div>
+            <label class='mb-2 block text-sm font-semibold text-gray-700'>Organization</label>
+            <Select
+              items={orgs().map(org => ({ value: org.id, label: org.name }))}
+              value={selectedOrgId()}
+              onChange={value => setSelectedOrgId(value)}
+              placeholder='Select an organization'
+            />
+          </div>
+        </Show>
+
         <div>
           <label class='mb-2 block text-sm font-semibold text-gray-700'>
             Description (Optional)
diff --git a/packages/web/src/components/project/MyProjectsPage.jsx b/packages/web/src/components/project/MyProjectsPage.jsx
new file mode 100644
index 000000000..278da6dd4
--- /dev/null
+++ b/packages/web/src/components/project/MyProjectsPage.jsx
@@ -0,0 +1,253 @@
+/**
+ * MyProjectsPage - Shows all projects the user is a member of
+ *
+ * Displays projects grid and create project functionality.
+ */
+
+import { createSignal, Show, For } from 'solid-js';
+import { useNavigate } from '@solidjs/router';
+import { useMyProjectsList } from '@primitives/useMyProjectsList.js';
+import { useBetterAuth } from '@api/better-auth-store.js';
+import { useSubscription } from '@primitives/useSubscription.js';
+import { useQueryClient } from '@tanstack/solid-query';
+import { useConfirmDialog, showToast } from '@corates/ui';
+import { API_BASE } from '@config/api.js';
+import { queryKeys } from '@lib/queryKeys.js';
+import { isUnlimitedQuota } from '@corates/shared/plans';
+import ProjectCard from '@/components/project/ProjectCard.jsx';
+import CreateProjectForm from '@/components/project/CreateProjectForm.jsx';
+import ContactPrompt from '@/components/project/ContactPrompt.jsx';
+import LocalAppraisalsPanel from '@/components/checklist/LocalAppraisalsPanel.jsx';
+import projectStore from '@/stores/projectStore.js';
+
+export default function MyProjectsPage() {
+  const navigate = useNavigate();
+  const queryClient = useQueryClient();
+  const confirmDialog = useConfirmDialog();
+  const { isOnline } = useBetterAuth();
+
+  // Projects for current user
+  const projectListQuery = useMyProjectsList();
+  const projects = () => projectListQuery.projects();
+  const projectCount = () => projects()?.length || 0;
+
+  // Subscription/quota checks
+  const {
+    hasEntitlement,
+    hasQuota,
+    quotas,
+    loading: subscriptionLoading,
+    subscriptionFetchFailed,
+    refetch: refetchSubscription,
+  } = useSubscription();
+
+  const [showCreateForm, setShowCreateForm] = createSignal(false);
+
+  // Check both entitlement and quota
+  const canCreateProject = () => {
+    if (subscriptionLoading()) return null;
+    return (
+      hasEntitlement('project.create') &&
+      hasQuota('projects.max', { used: projectCount(), requested: 1 })
+    );
+  };
+
+  const restrictionType = () => {
+    if (subscriptionLoading()) return null;
+    return !hasEntitlement('project.create') ? 'entitlement' : 'quota';
+  };
+
+  const quotaLimit = () => {
+    const limit = quotas()['projects.max'];
+    return isUnlimitedQuota(limit) ? -1 : limit;
+  };
+
+  // Handle project creation
+  const handleProjectCreated = (
+    newProject,
+    pendingPdfs = [],
+    pendingRefs = [],
+    driveFiles = [],
+  ) => {
+    // Invalidate project list
+    queryClient.invalidateQueries({ queryKey: queryKeys.projects.all });
+
+    // Store pending data for the project view
+    if (pendingPdfs.length > 0 || pendingRefs.length > 0 || driveFiles.length > 0) {
+      projectStore.setPendingProjectData(newProject.id, { pendingPdfs, pendingRefs, driveFiles });
+    }
+
+    setShowCreateForm(false);
+    navigate(`/projects/${newProject.id}`);
+  };
+
+  // Open a project
+  const openProject = projectId => {
+    navigate(`/projects/${projectId}`);
+  };
+
+  // Delete a project
+  const handleDeleteProject = async targetProjectId => {
+    const confirmed = await confirmDialog.open({
+      title: 'Delete Project',
+      description:
+        'Are you sure you want to delete this entire project? This action cannot be undone.',
+      confirmText: 'Delete Project',
+      variant: 'danger',
+    });
+    if (!confirmed) return;
+
+    // Find the project to get its orgId
+    const project = projects()?.find(p => p.id === targetProjectId);
+    if (!project?.orgId) {
+      showToast.error('Error', 'Unable to find project organization');
+      return;
+    }
+
+    try {
+      const response = await fetch(`${API_BASE}/api/orgs/${project.orgId}/projects/${targetProjectId}`, {
+        method: 'DELETE',
+        credentials: 'include',
+      });
+      if (!response.ok) {
+        const data = await response.json().catch(() => ({}));
+        throw new Error(data.error || 'Failed to delete project');
+      }
+
+      queryClient.invalidateQueries({ queryKey: queryKeys.projects.all });
+      showToast.success('Project Deleted', 'The project has been deleted successfully');
+    } catch (err) {
+      const { handleError } = await import('@/lib/error-utils.js');
+      await handleError(err, { toastTitle: 'Delete Failed' });
+    }
+  };
+
+  // Loading state
+  const isLoading = () => projectListQuery.isLoading();
+
+  return (
+    <div class='p-6'>
+      <div class='mx-auto max-w-7xl space-y-6'>
+        {/* Header */}
+        <div class='flex flex-wrap items-center justify-between gap-4'>
+          <div>
+            <h1 class='text-2xl font-bold text-gray-900'>Projects</h1>
+            <p class='mt-1 text-gray-500'>Manage your research projects</p>
+          </div>
+
+          {/* Create button or quota prompt */}
+          <Show
+            when={canCreateProject() !== null}
+            fallback={<div class='h-10 w-32 animate-pulse rounded-lg bg-gray-200' />}
+          >
+            <Show
+              when={canCreateProject()}
+              fallback={
+                <div class='max-w-sm'>
+                  <ContactPrompt
+                    restrictionType={restrictionType()}
+                    projectCount={projectCount()}
+                    quotaLimit={quotaLimit()}
+                  />
+                </div>
+              }
+            >
+              <button
+                class='inline-flex transform items-center gap-2 rounded-lg bg-blue-600 px-4 py-2 font-medium text-white shadow-md transition-all duration-200 hover:scale-[1.02] hover:bg-blue-700 hover:shadow-lg focus:ring-2 focus:ring-blue-500 focus:outline-none disabled:cursor-not-allowed disabled:opacity-50 disabled:hover:scale-100'
+                onClick={() => setShowCreateForm(!showCreateForm())}
+                disabled={!isOnline()}
+                title={!isOnline() ? 'Cannot create projects while offline' : ''}
+              >
+                <span class='text-lg'>+</span>
+                New Project
+              </button>
+            </Show>
+          </Show>
+        </div>
+
+        {/* Subscription fetch error banner */}
+        <Show when={subscriptionFetchFailed()}>
+          <div class='flex items-center justify-between rounded-lg border border-amber-200 bg-amber-50 p-4 text-amber-800'>
+            <div>
+              <span class='font-medium'>Unable to verify subscription.</span>{' '}
+              <span class='text-amber-700'>Some features may be restricted.</span>
+            </div>
+            <button
+              onClick={() => refetchSubscription()}
+              class='rounded bg-amber-600 px-3 py-1.5 text-sm font-medium text-white hover:bg-amber-700'
+            >
+              Retry
+            </button>
+          </div>
+        </Show>
+
+        {/* Project list error display */}
+        <Show when={projectListQuery.isError()}>
+          <div class='rounded-lg border border-red-200 bg-red-50 p-4 text-red-700'>
+            {projectListQuery.error()?.message || 'An error occurred'}
+            <button onClick={() => projectListQuery.refetch()} class='ml-2 underline'>
+              Retry
+            </button>
+          </div>
+        </Show>
+
+        {/* Create Project Form */}
+        <Show when={showCreateForm()}>
+          <CreateProjectForm
+            apiBase={API_BASE}
+            onProjectCreated={handleProjectCreated}
+            onCancel={() => setShowCreateForm(false)}
+          />
+        </Show>
+
+        {/* Projects Grid */}
+        <div class='grid gap-4 md:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4'>
+          <Show
+            when={projects()?.length > 0}
+            fallback={
+              <Show when={!isLoading()}>
+                <div class='col-span-full rounded-lg border-2 border-dashed border-gray-300 bg-white px-6 py-12'>
+                  <div class='text-center text-gray-500'>No projects yet</div>
+                  <Show when={canCreateProject()}>
+                    <div class='flex justify-center'>
+                      <button
+                        onClick={() => setShowCreateForm(true)}
+                        class='mt-4 font-medium text-blue-600 hover:text-blue-700'
+                      >
+                        Create your first project
+                      </button>
+                    </div>
+                  </Show>
+                </div>
+              </Show>
+            }
+          >
+            <For each={projects()}>
+              {project => (
+                <ProjectCard
+                  project={project}
+                  onOpen={openProject}
+                  onDelete={handleDeleteProject}
+                />
+              )}
+            </For>
+          </Show>
+
+          {/* Loading state */}
+          <Show when={isLoading()}>
+            <div class='col-span-full py-12 text-center'>
+              <div class='text-gray-400'>Loading projects...</div>
+            </div>
+          </Show>
+        </div>
+
+        {/* Local Appraisals Section */}
+        <div class='mt-10 border-t border-gray-200 pt-8'>
+          <LocalAppraisalsPanel showHeader={true} showSignInPrompt={false} />
+        </div>
+      </div>
+
+      <confirmDialog.ConfirmDialogComponent />
+    </div>
+  );
+}
diff --git a/packages/web/src/components/project/ProjectContext.jsx b/packages/web/src/components/project/ProjectContext.jsx
index 93d4ace46..4bb106903 100644
--- a/packages/web/src/components/project/ProjectContext.jsx
+++ b/packages/web/src/components/project/ProjectContext.jsx
@@ -1,14 +1,14 @@
 /**
  * ProjectContext - Provides project identity and user role to child components
  *
- * This context is simplified to only provide:
+ * This context provides:
  * - projectId: The current project ID
- * - orgSlug: The current organization slug (for path building)
+ * - orgId: The organization ID (from project data)
  * - userRole: The current user's role in the project
  * - isOwner: Whether the current user is the project owner
  * - getAssigneeName: Helper to get a member's display name
- * - getChecklistPath: Helper to build org-scoped checklist path
- * - getReconcilePath: Helper to build org-scoped reconciliation path
+ * - getChecklistPath: Helper to build project-scoped checklist path
+ * - getReconcilePath: Helper to build project-scoped reconciliation path
  *
  * For actions (mutations), import projectActionsStore directly:
  *   import projectActionsStore from '@/stores/projectActionsStore.js';
@@ -17,13 +17,13 @@
 import { createContext, useContext, createMemo } from 'solid-js';
 import projectStore from '@/stores/projectStore.js';
 import { useBetterAuth } from '@api/better-auth-store.js';
-import { useOrgContext } from '@primitives/useOrgContext.js';
+import { useProjectOrgId } from '@primitives/useProjectOrgId.js';
 
 const ProjectContext = createContext();
 
 export function ProjectProvider(props) {
   const { user } = useBetterAuth();
-  const { orgSlug, orgId } = useOrgContext();
+  const orgId = useProjectOrgId(props.projectId);
 
   // Derive commonly used values
   const members = () => projectStore.getMembers(props.projectId);
@@ -43,21 +43,12 @@ export function ProjectProvider(props) {
     return member?.displayName || member?.name || member?.email || 'Unknown';
   };
 
-  // Path builders for org-scoped routes
+  // Path builders for project-scoped routes
   const getChecklistPath = (studyId, checklistId, tab = 'overview') => {
-    const slug = orgSlug();
-    if (slug) {
-      return `/orgs/${slug}/projects/${props.projectId}/studies/${studyId}/checklists/${checklistId}?tab=${tab}`;
-    }
-    // Fallback for legacy routes (should not happen in org-scoped app)
     return `/projects/${props.projectId}/studies/${studyId}/checklists/${checklistId}?tab=${tab}`;
   };
 
   const getReconcilePath = (studyId, checklist1Id, checklist2Id) => {
-    const slug = orgSlug();
-    if (slug) {
-      return `/orgs/${slug}/projects/${props.projectId}/studies/${studyId}/reconcile/${checklist1Id}/${checklist2Id}`;
-    }
     return `/projects/${props.projectId}/studies/${studyId}/reconcile/${checklist1Id}/${checklist2Id}`;
   };
 
@@ -65,7 +56,6 @@ export function ProjectProvider(props) {
     get projectId() {
       return props.projectId;
     },
-    orgSlug,
     orgId,
     userRole,
     isOwner,
diff --git a/packages/web/src/components/project/ProjectView.jsx b/packages/web/src/components/project/ProjectView.jsx
index 305772018..1c691e4b4 100644
--- a/packages/web/src/components/project/ProjectView.jsx
+++ b/packages/web/src/components/project/ProjectView.jsx
@@ -8,7 +8,7 @@
 import { createSignal, createEffect, Show, onCleanup, batch } from 'solid-js';
 import { useParams, useNavigate, useLocation } from '@solidjs/router';
 import useProject from '@/primitives/useProject/index.js';
-import { useOrgContext } from '@primitives/useOrgContext.js';
+import { useProjectOrgId } from '@primitives/useProjectOrgId.js';
 import projectStore from '@/stores/projectStore.js';
 import { ACCESS_DENIED_ERRORS } from '@/constants/errors.js';
 import projectActionsStore from '@/stores/projectActionsStore';
@@ -39,12 +39,12 @@ export default function ProjectView() {
   const location = useLocation();
   const { user } = useBetterAuth();
 
-  // Get org context for navigation and API calls
-  const { orgSlug, orgId } = useOrgContext();
+  // Get orgId from project data (for API calls)
+  const { orgId } = useProjectOrgId(params.projectId);
 
   // Y.js hook - connection is also registered with projectActionsStore
-  // orgId() is required for remote projects' WebSocket connection
-  const projectConnection = useProject(orgId(), params.projectId);
+  // No longer requires orgId for WebSocket connection (project-scoped)
+  const projectConnection = useProject(params.projectId);
   const { connect, disconnect } = projectConnection;
 
   // Read data from store (only what's needed at this level)
@@ -56,8 +56,10 @@ export default function ProjectView() {
   createEffect(() => {
     const pid = params.projectId;
     const oid = orgId();
-    if (pid && oid) {
-      projectActionsStore._setActiveProject(pid, oid);
+    if (pid) {
+      if (oid) {
+        projectActionsStore._setActiveProject(pid, oid);
+      }
       connect();
     }
   });
@@ -68,18 +70,12 @@ export default function ProjectView() {
     disconnect();
   });
 
-  // Watch for access-denied errors and redirect to org projects page
+  // Watch for access-denied errors and redirect to projects page
   createEffect(() => {
     const state = connectionState();
     if (state.error && ACCESS_DENIED_ERRORS.includes(state.error)) {
       showToast.error('Access Denied', state.error);
-      // Navigate back to org projects page
-      const slug = orgSlug();
-      if (slug) {
-        navigate(`/orgs/${slug}`, { replace: true });
-      } else {
-        navigate('/dashboard', { replace: true });
-      }
+      navigate('/projects', { replace: true });
     }
   });
 
@@ -274,10 +270,7 @@ export default function ProjectView() {
   };
 
   // Build back navigation path
-  const backPath = () => {
-    const slug = orgSlug();
-    return slug ? `/orgs/${slug}` : '/dashboard';
-  };
+  const backPath = () => '/projects';
 
   return (
     <div class='mx-auto max-w-7xl p-6 pt-4'>
diff --git a/packages/web/src/components/project/completed-tab/CompletedTab.jsx b/packages/web/src/components/project/completed-tab/CompletedTab.jsx
index a9bc42978..07dbf7890 100644
--- a/packages/web/src/components/project/completed-tab/CompletedTab.jsx
+++ b/packages/web/src/components/project/completed-tab/CompletedTab.jsx
@@ -13,10 +13,9 @@ import CompletedStudyRow from './CompletedStudyRow.jsx';
  * Uses projectActionsStore directly for mutations.
  */
 export default function CompletedTab() {
-  const { projectId, orgId, getAssigneeName, getChecklistPath } = useProjectContext();
+  const { projectId, getAssigneeName, getChecklistPath } = useProjectContext();
   const navigate = useNavigate();
-  // orgId is required for remote projects' WebSocket connection
-  const { getReconciliationProgress } = useProject(orgId(), projectId);
+  const { getReconciliationProgress } = useProject(projectId);
 
   const studies = () => projectStore.getStudies(projectId);
 
diff --git a/packages/web/src/components/project/completed-tab/PreviousReviewersView.jsx b/packages/web/src/components/project/completed-tab/PreviousReviewersView.jsx
index 02661d764..43e1f4c9b 100644
--- a/packages/web/src/components/project/completed-tab/PreviousReviewersView.jsx
+++ b/packages/web/src/components/project/completed-tab/PreviousReviewersView.jsx
@@ -19,9 +19,8 @@ export default function PreviousReviewersView(props) {
   // props.getAssigneeName: (userId) => string
   // props.onClose: () => void
 
-  const { projectId, orgId } = useProjectContext();
-  // orgId is required for remote projects' WebSocket connection
-  const { getChecklistData, getQuestionNote } = useProject(orgId(), projectId);
+  const { projectId } = useProjectContext();
+  const { getChecklistData, getQuestionNote } = useProject(projectId);
 
   const [checklist1Data, setChecklist1Data] = createSignal(null);
   const [checklist2Data, setChecklist2Data] = createSignal(null);
diff --git a/packages/web/src/components/project/overview-tab/OverviewTab.jsx b/packages/web/src/components/project/overview-tab/OverviewTab.jsx
index f323b2207..896a19422 100644
--- a/packages/web/src/components/project/overview-tab/OverviewTab.jsx
+++ b/packages/web/src/components/project/overview-tab/OverviewTab.jsx
@@ -32,7 +32,7 @@ export default function OverviewTab() {
   const [tablesExpanded, setTablesExpanded] = createSignal(false);
 
   const { user } = useBetterAuth();
-  const { projectId, orgSlug, orgId, isOwner } = useProjectContext();
+  const { projectId, orgId, isOwner } = useProjectContext();
   const confirmDialog = useConfirmDialog();
   const navigate = useNavigate();
 
@@ -139,8 +139,7 @@ export default function OverviewTab() {
     try {
       const result = await projectActionsStore.member.remove(memberId);
       if (result.isSelf) {
-        const slug = orgSlug();
-        navigate(slug ? `/orgs/${slug}` : '/dashboard', { replace: true });
+        navigate('/projects', { replace: true });
         showToast.success('Left Project', 'You have left the project');
       } else {
         showToast.success('Member Removed', `${memberName} has been removed from the project`);
diff --git a/packages/web/src/components/sidebar/ChecklistTreeItem.jsx b/packages/web/src/components/sidebar/ChecklistTreeItem.jsx
index 698842161..d9b707ea9 100644
--- a/packages/web/src/components/sidebar/ChecklistTreeItem.jsx
+++ b/packages/web/src/components/sidebar/ChecklistTreeItem.jsx
@@ -11,11 +11,6 @@ export default function ChecklistTreeItem(props) {
   const navigate = useNavigate();
 
   const checklistPath = () => {
-    const slug = props.orgSlug;
-    if (slug) {
-      return `/orgs/${slug}/projects/${props.projectId}/studies/${props.studyId}/checklists/${props.checklist.id}`;
-    }
-    // Fallback for legacy routes
     return `/projects/${props.projectId}/studies/${props.studyId}/checklists/${props.checklist.id}`;
   };
 
diff --git a/packages/web/src/components/sidebar/ProjectTreeItem.jsx b/packages/web/src/components/sidebar/ProjectTreeItem.jsx
index 40156a1d3..aa1104566 100644
--- a/packages/web/src/components/sidebar/ProjectTreeItem.jsx
+++ b/packages/web/src/components/sidebar/ProjectTreeItem.jsx
@@ -17,20 +17,13 @@ export default function ProjectTreeItem(props) {
       {project => {
         const projectId = project().id;
 
-        // Build org-scoped project path
-        const projectPath = () => {
-          const slug = props.orgSlug;
-          if (slug) {
-            return `/orgs/${slug}/projects/${projectId}`;
-          }
-          return `/projects/${projectId}`;
-        };
+        // Build project-scoped path
+        const projectPath = () => `/projects/${projectId}`;
 
         const isSelected = () => props.currentPath === projectPath();
 
         // Use lightweight hook to read project data from store
-        // orgId is required for remote projects' WebSocket connection
-        const projectData = useProjectData(props.orgId, projectId);
+        const projectData = useProjectData(projectId);
 
         return (
           <Collapsible
@@ -85,7 +78,6 @@ export default function ProjectTreeItem(props) {
                     <StudyTreeItem
                       study={study}
                       projectId={projectId}
-                      orgSlug={props.orgSlug}
                       userId={props.userId}
                       currentPath={props.currentPath}
                       isExpanded={props.isStudyExpanded?.(study.id)}
diff --git a/packages/web/src/components/sidebar/Sidebar.jsx b/packages/web/src/components/sidebar/Sidebar.jsx
index 33a98c387..0b90224ca 100644
--- a/packages/web/src/components/sidebar/Sidebar.jsx
+++ b/packages/web/src/components/sidebar/Sidebar.jsx
@@ -3,8 +3,7 @@ import { useNavigate, useLocation } from '@solidjs/router';
 import { Portal } from 'solid-js/web';
 import { useBetterAuth } from '@api/better-auth-store.js';
 import { useLocalChecklists } from '@primitives/useLocalChecklists.js';
-import { useOrgContext } from '@primitives/useOrgContext.js';
-import { useOrgProjectList } from '@primitives/useOrgProjectList.js';
+import { useMyProjectsList } from '@primitives/useMyProjectsList.js';
 import useRecentsNav from '@primitives/useRecentsNav.js';
 import { useConfirmDialog, Tooltip } from '@corates/ui';
 import { AiOutlineFolder, AiOutlineCloud, AiOutlineHome } from 'solid-icons/ai';
@@ -32,9 +31,6 @@ export default function Sidebar(props) {
   const { user, isLoggedIn } = useBetterAuth();
   const { checklists, deleteChecklist } = useLocalChecklists();
 
-  // Get org context for org-scoped paths
-  const { orgId, orgSlug, orgName } = useOrgContext();
-
   const currentUserId = () => user()?.id;
 
   // Track expanded projects and studies
@@ -48,9 +44,9 @@ export default function Sidebar(props) {
   const [mobileMounted, setMobileMounted] = createSignal(false);
   const [mobileVisible, setMobileVisible] = createSignal(false);
 
-  // Use TanStack Query for org-scoped project list
-  const projectListQuery = useOrgProjectList(orgId, {
-    enabled: () => isLoggedIn() && !!orgId(),
+  // Use TanStack Query for user's project list
+  const projectListQuery = useMyProjectsList({
+    enabled: () => isLoggedIn(),
   });
   const cloudProjects = () => projectListQuery.projects();
   const isProjectsLoading = () => projectListQuery.isLoading();
@@ -112,11 +108,8 @@ export default function Sidebar(props) {
 
   const isCurrentPath = path => location.pathname === path;
 
-  // Build dashboard/workspace path based on org context
-  const getWorkspacePath = () => {
-    const slug = orgSlug();
-    return slug ? `/orgs/${slug}` : '/dashboard';
-  };
+  // Build projects path
+  const getProjectsPath = () => '/projects';
 
   // Get a label for a recent item based on its type and available data
   const getRecentItemLabel = item => {
@@ -214,10 +207,10 @@ export default function Sidebar(props) {
               </Tooltip>
             </Show>
 
-            {/* Expanded or mobile: workspace name */}
+            {/* Expanded or mobile: title */}
             <Show when={showExpandedContent()}>
               <span class='flex-1 truncate px-2 text-sm font-semibold text-gray-700'>
-                {orgName() || 'CoRATES'}
+                CoRATES
               </span>
             </Show>
 
@@ -247,18 +240,18 @@ export default function Sidebar(props) {
           {/* Expanded content (always show on mobile when open) */}
           <Show when={showExpandedContent()}>
             <div class='sidebar-scrollbar flex-1 overflow-x-hidden overflow-y-auto'>
-              {/* Dashboard/Workspace Link */}
+              {/* Projects Link */}
               <div class='p-2 pt-3'>
                 <button
-                  onClick={() => navigate(getWorkspacePath())}
+                  onClick={() => navigate(getProjectsPath())}
                   class={`flex w-full items-center gap-2 rounded-lg px-3 py-2 text-sm font-medium transition-colors ${
-                    isCurrentPath(getWorkspacePath()) || isCurrentPath('/dashboard') ?
+                    isCurrentPath(getProjectsPath()) || isCurrentPath('/dashboard') ?
                       'bg-blue-100 text-blue-700'
                     : 'text-gray-700 hover:bg-gray-100'
                   }`}
                 >
                   <AiOutlineHome class='h-4 w-4 shrink-0' />
-                  <span class='truncate'>{orgName() || 'Workspace'}</span>
+                  <span class='truncate'>Projects</span>
                 </button>
               </div>
 
@@ -304,7 +297,7 @@ export default function Sidebar(props) {
               </Show>
 
               {/* Cloud Projects Section */}
-              <Show when={isLoggedIn() && orgSlug()}>
+              <Show when={isLoggedIn()}>
                 <div class='px-3 pt-4 pb-2'>
                   <h3 class='flex items-center gap-1.5 text-xs font-semibold tracking-wider text-gray-500 uppercase'>
                     <AiOutlineCloud class='h-3 w-3' />
@@ -322,7 +315,7 @@ export default function Sidebar(props) {
                           </div>
                           <p class='text-xs font-medium text-gray-500'>No projects yet</p>
                           <button
-                            onClick={() => navigate(getWorkspacePath())}
+                            onClick={() => navigate(getProjectsPath())}
                             class='mt-1 text-xs text-blue-600 hover:text-blue-700'
                           >
                             Create a project
@@ -335,8 +328,6 @@ export default function Sidebar(props) {
                       {project => (
                         <ProjectTreeItem
                           project={project}
-                          orgId={orgId()}
-                          orgSlug={orgSlug()}
                           isExpanded={expandedProjects()[project.id]}
                           onToggle={() => toggleProject(project.id)}
                           userId={currentUserId()}
@@ -395,23 +386,23 @@ export default function Sidebar(props) {
           {/* Collapsed rail content (desktop only) */}
           <Show when={!isExpanded()}>
             <div class='hidden flex-1 flex-col items-center gap-1 overflow-y-auto py-2 md:flex'>
-              {/* Home/Workspace icon */}
-              <Tooltip content={orgName() || 'Workspace'} positioning={{ placement: 'right' }}>
+              {/* Home/Projects icon */}
+              <Tooltip content='Projects' positioning={{ placement: 'right' }}>
                 <button
-                  onClick={() => navigate(getWorkspacePath())}
+                  onClick={() => navigate(getProjectsPath())}
                   class={`flex h-8 w-8 items-center justify-center rounded-md transition-colors ${
-                    isCurrentPath(getWorkspacePath()) || isCurrentPath('/dashboard') ?
+                    isCurrentPath(getProjectsPath()) || isCurrentPath('/dashboard') ?
                       'bg-blue-100 text-blue-700'
                     : 'text-gray-500 hover:bg-gray-100 hover:text-gray-700'
                   }`}
-                  aria-label={orgName() || 'Workspace'}
+                  aria-label='Projects'
                 >
                   <AiOutlineHome class='h-4 w-4' />
                 </button>
               </Tooltip>
 
               {/* Projects icon */}
-              <Show when={isLoggedIn() && orgSlug()}>
+              <Show when={isLoggedIn()}>
                 <Tooltip content='Projects' positioning={{ placement: 'right' }}>
                   <button
                     onClick={() => {
@@ -481,7 +472,7 @@ export default function Sidebar(props) {
               {/* Sidebar Header with toggle */}
               <div class='flex shrink-0 items-center border-b border-gray-100 bg-white p-2'>
                 <span class='flex-1 truncate px-2 text-sm font-semibold text-gray-700'>
-                  {orgName() || 'CoRATES'}
+                  CoRATES
                 </span>
                 <button
                   onClick={() => props.onCloseMobile?.()}
@@ -494,18 +485,18 @@ export default function Sidebar(props) {
 
               {/* Body */}
               <div class='sidebar-scrollbar flex-1 overflow-x-hidden overflow-y-auto'>
-                {/* Dashboard/Workspace Link */}
+                {/* Projects Link */}
                 <div class='p-2 pt-3'>
                   <button
-                    onClick={() => navigate(getWorkspacePath())}
+                    onClick={() => navigate(getProjectsPath())}
                     class={`flex w-full items-center gap-2 rounded-lg px-3 py-2 text-sm font-medium transition-colors ${
-                      isCurrentPath(getWorkspacePath()) || isCurrentPath('/dashboard') ?
+                      isCurrentPath(getProjectsPath()) || isCurrentPath('/dashboard') ?
                         'bg-blue-100 text-blue-700'
                       : 'text-gray-700 hover:bg-gray-100'
                     }`}
                   >
                     <AiOutlineHome class='h-4 w-4 shrink-0' />
-                    <span class='truncate'>{orgName() || 'Workspace'}</span>
+                    <span class='truncate'>Projects</span>
                   </button>
                 </div>
 
@@ -551,7 +542,7 @@ export default function Sidebar(props) {
                 </Show>
 
                 {/* Cloud Projects Section */}
-                <Show when={isLoggedIn() && orgSlug()}>
+                <Show when={isLoggedIn()}>
                   <div class='px-3 pt-4 pb-2'>
                     <h3 class='flex items-center gap-1.5 text-xs font-semibold tracking-wider text-gray-500 uppercase'>
                       <AiOutlineCloud class='h-3 w-3' />
@@ -569,7 +560,7 @@ export default function Sidebar(props) {
                             </div>
                             <p class='text-xs font-medium text-gray-500'>No projects yet</p>
                             <button
-                              onClick={() => navigate(getWorkspacePath())}
+                              onClick={() => navigate(getProjectsPath())}
                               class='mt-1 text-xs text-blue-600 hover:text-blue-700'
                             >
                               Create a project
@@ -582,8 +573,6 @@ export default function Sidebar(props) {
                         {project => (
                           <ProjectTreeItem
                             project={project}
-                            orgId={orgId()}
-                            orgSlug={orgSlug()}
                             isExpanded={expandedProjects()[project.id]}
                             onToggle={() => toggleProject(project.id)}
                             userId={currentUserId()}
diff --git a/packages/web/src/components/sidebar/StudyTreeItem.jsx b/packages/web/src/components/sidebar/StudyTreeItem.jsx
index fed20ca4b..21ba0b95f 100644
--- a/packages/web/src/components/sidebar/StudyTreeItem.jsx
+++ b/packages/web/src/components/sidebar/StudyTreeItem.jsx
@@ -9,7 +9,6 @@ import ChecklistTreeItem from './ChecklistTreeItem.jsx';
  * @param {Object} props
  * @param {Object} props.study - The study data
  * @param {string} props.projectId - The project ID
- * @param {string} props.orgSlug - The organization slug (for org-scoped paths)
  * @param {string} props.userId - Current user ID for filtering
  * @param {string} props.currentPath - Current route path
  * @param {boolean} props.isExpanded - Whether the study is expanded (controlled)
@@ -62,7 +61,6 @@ export default function StudyTreeItem(props) {
                 checklist={checklist}
                 projectId={props.projectId}
                 studyId={props.study.id}
-                orgSlug={props.orgSlug}
                 currentPath={props.currentPath}
               />
             )}
diff --git a/packages/web/src/lib/queryClient.js b/packages/web/src/lib/queryClient.js
index 369e66daf..29c3e1ff4 100644
--- a/packages/web/src/lib/queryClient.js
+++ b/packages/web/src/lib/queryClient.js
@@ -193,15 +193,20 @@ export function getQueryClient() {
     return queryClientInstance;
   }
 
+  // Disable caching in development
+  const isDevelopment = import.meta.env.DEV || import.meta.env.MODE === 'development';
+
   queryClientInstance = new QueryClient({
     defaultOptions: {
       queries: {
         // Offline-first: try cache first, then network
         networkMode: 'offlineFirst',
-        // Stale time: data is considered fresh for 5 minutes
-        staleTime: 1000 * 60 * 5,
-        // Cache time: unused data is kept in cache for 10 minutes
-        gcTime: 1000 * 60 * 10,
+        // In development: no caching (always fetch fresh data)
+        // In production: data is considered fresh for 5 minutes
+        staleTime: isDevelopment ? 0 : 1000 * 60 * 5,
+        // In development: immediately garbage collect unused data
+        // In production: unused data is kept in cache for 10 minutes
+        gcTime: isDevelopment ? 0 : 1000 * 60 * 10,
         // Retry failed requests up to 3 times
         retry: 3,
         // Retry delay with exponential backoff
@@ -210,7 +215,7 @@ export function getQueryClient() {
         refetchOnWindowFocus: true,
         // Refetch on reconnect (important for offline support)
         refetchOnReconnect: true,
-        // Refetch on mount if data is stale
+        // Refetch on mount if data is stale (always true in dev with staleTime: 0)
         refetchOnMount: true,
       },
       mutations: {
diff --git a/packages/web/src/lib/queryKeys.js b/packages/web/src/lib/queryKeys.js
index a8256024f..eeaa94da0 100644
--- a/packages/web/src/lib/queryKeys.js
+++ b/packages/web/src/lib/queryKeys.js
@@ -14,11 +14,11 @@ export const queryKeys = {
 
   // Project queries
   projects: {
-    /** All projects (for removal operations) */
+    /** All projects for current user */
     all: ['projects'],
-    /** Projects for a specific user (legacy, use byOrg instead) */
+    /** Projects for a specific user (legacy) */
     list: userId => ['projects', userId],
-    /** Projects within an organization */
+    /** Projects within an organization (legacy, kept for backward compatibility) */
     byOrg: orgId => ['projects', 'org', orgId],
   },
 
diff --git a/packages/web/src/primitives/useMyProjectsList.js b/packages/web/src/primitives/useMyProjectsList.js
new file mode 100644
index 000000000..420079b4b
--- /dev/null
+++ b/packages/web/src/primitives/useMyProjectsList.js
@@ -0,0 +1,62 @@
+/**
+ * useMyProjectsList - Fetches all projects the current user is a member of
+ *
+ * Uses the user-scoped API endpoint: GET /api/users/me/projects
+ */
+
+import { useQuery } from '@tanstack/solid-query';
+import { API_BASE } from '@config/api.js';
+import { queryKeys } from '@lib/queryKeys.js';
+import { handleFetchError } from '@/lib/error-utils.js';
+import { useBetterAuth } from '@api/better-auth-store.js';
+
+/**
+ * Fetch all projects for the current authenticated user
+ * @returns {Promise<Array>} Array of projects with orgId
+ */
+async function fetchMyProjects() {
+  const response = await handleFetchError(
+    fetch(`${API_BASE}/api/users/me/projects`, {
+      credentials: 'include',
+      headers: { 'Content-Type': 'application/json' },
+    }),
+    { showToast: false },
+  );
+
+  return response.json();
+}
+
+/**
+ * Hook to fetch and manage project list for the current user
+ *
+ * @param {Object} options - Query options
+ * @param {boolean | (() => boolean)} options.enabled - Whether the query should be enabled
+ * @returns {Object} Query state and helpers
+ */
+export function useMyProjectsList(options = {}) {
+  const { isLoggedIn, authLoading } = useBetterAuth();
+
+  const query = useQuery(() => {
+    const enabledOption =
+      typeof options.enabled === 'function' ? options.enabled() : options.enabled;
+
+    return {
+      queryKey: queryKeys.projects.all,
+      queryFn: fetchMyProjects,
+      enabled: enabledOption !== false && isLoggedIn() && !authLoading(),
+      staleTime: 1000 * 60 * 5, // 5 minutes
+      gcTime: 1000 * 60 * 10, // 10 minutes
+    };
+  });
+
+  return {
+    projects: () => query.data || [],
+    isLoading: () => query.isLoading || query.isFetching,
+    isError: () => query.isError,
+    error: () => query.error,
+    refetch: () => query.refetch(),
+    query,
+  };
+}
+
+export default useMyProjectsList;
diff --git a/packages/web/src/primitives/useOrgs.js b/packages/web/src/primitives/useOrgs.js
new file mode 100644
index 000000000..12027cee7
--- /dev/null
+++ b/packages/web/src/primitives/useOrgs.js
@@ -0,0 +1,48 @@
+/**
+ * useOrgs - Fetches organizations for the current user (without URL dependency)
+ *
+ * Similar to useOrgContext but doesn't require orgSlug in URL params.
+ */
+
+import { useQuery } from '@tanstack/solid-query';
+import { authClient } from '@api/auth-client.js';
+import { useBetterAuth } from '@api/better-auth-store.js';
+import { queryKeys } from '@lib/queryKeys.js';
+
+/**
+ * Fetch organizations for the current user
+ */
+async function fetchOrgs() {
+  const { data, error } = await authClient.organization.list();
+  if (error) {
+    throw new Error(error.message || 'Failed to fetch organizations');
+  }
+  return data || [];
+}
+
+/**
+ * Hook to fetch organizations list (no URL dependency)
+ *
+ * @returns {Object} Query state and orgs list
+ */
+export function useOrgs() {
+  const { isLoggedIn, authLoading } = useBetterAuth();
+
+  const orgsQuery = useQuery(() => ({
+    queryKey: queryKeys.orgs.list,
+    queryFn: fetchOrgs,
+    enabled: isLoggedIn() && !authLoading(),
+    staleTime: 1000 * 60 * 5, // 5 minutes
+    gcTime: 1000 * 60 * 10, // 10 minutes
+  }));
+
+  return {
+    orgs: () => orgsQuery.data || [],
+    isLoading: () => authLoading() || orgsQuery.isLoading,
+    isError: () => orgsQuery.isError,
+    error: () => orgsQuery.error,
+    refetch: () => orgsQuery.refetch(),
+  };
+}
+
+export default useOrgs;
diff --git a/packages/web/src/primitives/useProject/connection.js b/packages/web/src/primitives/useProject/connection.js
index fbd1b4f9a..7d3023e82 100644
--- a/packages/web/src/primitives/useProject/connection.js
+++ b/packages/web/src/primitives/useProject/connection.js
@@ -19,7 +19,6 @@ export const CLOSE_REASONS = {
 
 /**
  * Creates a connection manager for WebSocket sync
- * @param {string} orgId - The organization ID
  * @param {string} projectId - The project ID
  * @param {Y.Doc} ydoc - The Y.js document
  * @param {Object} options - Configuration options
@@ -28,7 +27,7 @@ export const CLOSE_REASONS = {
  * @param {Function} options.onAccessDenied - Called when access is denied (removed, deleted, not a member)
  * @returns {Object} Connection manager API
  */
-export function createConnectionManager(orgId, projectId, ydoc, options) {
+export function createConnectionManager(projectId, ydoc, options) {
   const { onSync, isLocalProject, onAccessDenied } = options;
 
   let provider = null;
@@ -70,16 +69,10 @@ export function createConnectionManager(orgId, projectId, ydoc, options) {
       return;
     }
 
-    // orgId is required for remote projects
-    if (!orgId) {
-      console.error('orgId is required for remote project WebSocket connection');
-      return;
-    }
-
     shouldBeConnected = true;
 
-    // Org-scoped WebSocket URL: y-websocket appends room (projectId) as last segment
-    const wsUrl = `${getWsBaseUrl()}/api/orgs/${orgId}/project-doc`;
+    // Project-scoped WebSocket URL: y-websocket appends room (projectId) as last segment
+    const wsUrl = `${getWsBaseUrl()}/api/project-doc`;
 
     provider = new WebsocketProvider(wsUrl, projectId, ydoc, {
       connect: false, // Don't connect until listeners are attached
diff --git a/packages/web/src/primitives/useProject/index.js b/packages/web/src/primitives/useProject/index.js
index 40c5bd52e..e97b70dfd 100644
--- a/packages/web/src/primitives/useProject/index.js
+++ b/packages/web/src/primitives/useProject/index.js
@@ -143,11 +143,10 @@ export async function cleanupProjectLocalData(projectId) {
 /**
  * Hook to connect to a project's Y.Doc and manage studies/checklists
  * Note: Y.js map key remains 'reviews' for backward compatibility with existing data
- * @param {string} orgId - The organization ID (required for remote projects)
  * @param {string} projectId - The project ID to connect to
  * @returns {Object} Project state and operations
  */
-export function useProject(orgId, projectId) {
+export function useProject(projectId) {
   // Check if this is a local-only project
   const isLocalProject = () => projectId && projectId.startsWith('local-');
 
@@ -262,18 +261,10 @@ export function useProject(orgId, projectId) {
       return;
     }
 
-    // orgId is required for remote projects
-    if (!orgId) {
-      console.warn(
-        'useProject: orgId is required for remote projects, skipping WebSocket connection',
-      );
-      return;
-    }
-
     // Create and connect WebSocket manager
     // onSync is called when WebSocket has synced with server
     // onAccessDenied is called when connection is rejected due to access issues
-    connectionEntry.connectionManager = createConnectionManager(orgId, projectId, ydoc, {
+    connectionEntry.connectionManager = createConnectionManager(projectId, ydoc, {
       onSync: () => {
         // Mark as synced only after WebSocket has synced with server
         projectStore.setConnectionState(projectId, { synced: true });
diff --git a/packages/web/src/primitives/useProjectData.js b/packages/web/src/primitives/useProjectData.js
index 727a03395..1ebc3bc44 100644
--- a/packages/web/src/primitives/useProjectData.js
+++ b/packages/web/src/primitives/useProjectData.js
@@ -14,13 +14,12 @@ import { useProject } from './useProject/index.js';
  * Get reactive project data from the store
  * Ensures a Y.js connection exists
  *
- * @param {string} orgId - The organization ID (required for remote projects)
  * @param {string} projectId - The project ID
  * @param {Object} options - Options
  * @param {boolean} options.autoConnect - Whether to auto-connect if no connection exists (default: true)
  * @returns {Object} Reactive project data
  */
-export function useProjectData(orgId, projectId, options = {}) {
+export function useProjectData(projectId, options = {}) {
   const { autoConnect = true } = options;
 
   // If autoConnect is enabled and we don't have a connection, establish one
@@ -32,7 +31,7 @@ export function useProjectData(orgId, projectId, options = {}) {
     const needsConnection = () => !connectionState().connected && !connectionState().connecting;
 
     if (needsConnection()) {
-      projectHook = useProject(orgId, projectId);
+      projectHook = useProject(projectId);
     }
   }
 
diff --git a/packages/web/src/primitives/useProjectOrgId.js b/packages/web/src/primitives/useProjectOrgId.js
new file mode 100644
index 000000000..0b5e9fe2b
--- /dev/null
+++ b/packages/web/src/primitives/useProjectOrgId.js
@@ -0,0 +1,44 @@
+/**
+ * useProjectOrgId - Get orgId for a project
+ *
+ * Tries to get orgId from:
+ * 1. Project meta (if synced from Y.js)
+ * 2. Project list query cache (if available)
+ */
+
+import { createMemo } from 'solid-js';
+import { useQueryClient } from '@tanstack/solid-query';
+import projectStore from '@/stores/projectStore.js';
+import { queryKeys } from '@lib/queryKeys.js';
+
+/**
+ * Hook to get orgId for a project
+ * @param {string} projectId - Project ID
+ * @returns {() => string | null} Reactive orgId
+ */
+export function useProjectOrgId(projectId) {
+  const queryClient = useQueryClient();
+
+  return createMemo(() => {
+    if (!projectId) return null;
+
+    // Try to get from project meta (Y.js synced data)
+    const project = projectStore.getProject(projectId);
+    if (project?.meta?.orgId) {
+      return project.meta.orgId;
+    }
+
+    // Try to get from project list query cache
+    const projectsList = queryClient.getQueryData(queryKeys.projects.all);
+    if (Array.isArray(projectsList)) {
+      const found = projectsList.find(p => p.id === projectId);
+      if (found?.orgId) {
+        return found.orgId;
+      }
+    }
+
+    return null;
+  });
+}
+
+export default useProjectOrgId;
diff --git a/packages/web/src/primitives/useRecentsNav.js b/packages/web/src/primitives/useRecentsNav.js
index 7478fe47b..671970a52 100644
--- a/packages/web/src/primitives/useRecentsNav.js
+++ b/packages/web/src/primitives/useRecentsNav.js
@@ -56,10 +56,45 @@ export default function useRecentsNav() {
  * Returns null for generic pages that shouldn't be tracked.
  */
 function parsePathToRecentItem(path) {
-  // Match project pages: /orgs/:slug/projects/:projectId
-  const projectMatch = path.match(/^\/orgs\/([^/]+)\/projects\/([^/]+)/);
+  // Match project pages: /projects/:projectId
+  const projectMatch = path.match(/^\/projects\/([^/]+)/);
   if (projectMatch) {
-    const [, orgSlug, projectId] = projectMatch;
+    const [, projectId] = projectMatch;
+    // Check if it's a study page: /projects/:projectId/studies/:studyId
+    const studyMatch = path.match(/^\/projects\/([^/]+)\/studies\/([^/]+)/);
+    if (studyMatch) {
+      const [, , studyId] = studyMatch;
+      // Check if it's a checklist page
+      const checklistMatch = path.match(
+        /^\/projects\/([^/]+)\/studies\/([^/]+)\/checklists\/([^/]+)/,
+      );
+      if (checklistMatch) {
+        return {
+          type: 'checklist',
+          path,
+          projectId,
+          studyId,
+          checklistId: checklistMatch[3],
+        };
+      }
+      return {
+        type: 'study',
+        path,
+        projectId,
+        studyId,
+      };
+    }
+    return {
+      type: 'project',
+      path,
+      projectId,
+    };
+  }
+
+  // Legacy: Match old org-scoped paths for backward compatibility
+  const legacyProjectMatch = path.match(/^\/orgs\/([^/]+)\/projects\/([^/]+)/);
+  if (legacyProjectMatch) {
+    const [, orgSlug, projectId] = legacyProjectMatch;
     // Check if it's a study page: /orgs/:slug/projects/:projectId/studies/:studyId
     const studyMatch = path.match(/^\/orgs\/([^/]+)\/projects\/([^/]+)\/studies\/([^/]+)/);
     if (studyMatch) {
@@ -69,27 +104,27 @@ function parsePathToRecentItem(path) {
         /^\/orgs\/([^/]+)\/projects\/([^/]+)\/studies\/([^/]+)\/checklists\/([^/]+)/,
       );
       if (checklistMatch) {
+        // Convert to new project-scoped path
         return {
           type: 'checklist',
-          path,
-          orgSlug,
+          path: `/projects/${projectId}/studies/${studyId}/checklists/${checklistMatch[4]}`,
           projectId,
           studyId,
           checklistId: checklistMatch[4],
         };
       }
+      // Convert to new project-scoped path
       return {
         type: 'study',
-        path,
-        orgSlug,
+        path: `/projects/${projectId}/studies/${studyId}`,
         projectId,
         studyId,
       };
     }
+    // Convert to new project-scoped path
     return {
       type: 'project',
-      path,
-      orgSlug,
+      path: `/projects/${projectId}`,
       projectId,
     };
   }
diff --git a/packages/workers/src/durable-objects/ProjectDoc.js b/packages/workers/src/durable-objects/ProjectDoc.js
index 559acd87a..5a7623a74 100644
--- a/packages/workers/src/durable-objects/ProjectDoc.js
+++ b/packages/workers/src/durable-objects/ProjectDoc.js
@@ -342,22 +342,21 @@ export class ProjectDoc {
       return new Response('Authentication required', { status: 401 });
     }
 
-    // Extract orgId and projectId from URL: /api/orgs/:orgId/project-doc/:projectId
+    // Extract projectId from URL: /api/project-doc/:projectId
     // y-websocket appends the room name as the last path segment
     const url = new URL(request.url);
     const pathParts = url.pathname.split('/');
-    // pathParts: ["", "api", "orgs", orgId, "project-doc", projectId]
-    const orgIdFromUrl = pathParts[3];
-    const projectId = pathParts[5];
+    // pathParts: ["", "api", "project-doc", projectId] or ["", "api", "project-doc", projectId, ...]
+    const projectId = pathParts[3];
 
-    if (!orgIdFromUrl || !projectId) {
-      return new Response('Invalid URL: orgId and projectId required', {
+    if (!projectId) {
+      return new Response('Invalid URL: projectId required', {
         status: 400,
         headers: { 'X-Close-Reason': 'invalid-url' },
       });
     }
 
-    // ALWAYS verify org membership + project membership against D1
+    // ALWAYS verify project membership against D1
     // Do NOT trust Yjs members map for authorization (it can be stale)
     if (!this.env.DB) {
       console.error('No DB binding available for WebSocket auth check');
@@ -366,23 +365,20 @@ export class ProjectDoc {
 
     const db = createDb(this.env.DB);
 
-    // ALWAYS validate project belongs to org from URL (fresh D1 check, transfer-safe)
-    // This ensures tenant safety even if project is transferred between orgs
+    // Verify project exists
     const project = await db
-      .select({ orgId: projects.orgId })
+      .select({ id: projects.id })
       .from(projects)
-      .where(and(eq(projects.id, projectId), eq(projects.orgId, orgIdFromUrl)))
+      .where(eq(projects.id, projectId))
       .get();
 
     if (!project) {
-      return new Response('Project not found in organization', {
+      return new Response('Project not found', {
         status: 404,
         headers: { 'X-Close-Reason': 'project-not-found' },
       });
     }
 
-    const orgId = project.orgId;
-
     // ALWAYS verify project membership on connect/reconnect (fresh D1 check)
     // Projects are invite-only: org membership does not grant project access
     const projectMembership = await db
diff --git a/packages/workers/src/index.js b/packages/workers/src/index.js
index 5eea03333..e721d7a1e 100644
--- a/packages/workers/src/index.js
+++ b/packages/workers/src/index.js
@@ -309,17 +309,16 @@ app.post('/api/pdf-proxy', requireAuth, async c => {
   }
 });
 
-// Org-scoped Project Document Durable Object routes
-// DO instance is project-scoped (project:${projectId}) but URL includes orgId for validation
-const handleOrgProjectDoc = async c => {
-  const orgId = c.req.param('orgId');
+// Project-scoped Project Document Durable Object routes
+// DO instance is project-scoped (project:${projectId})
+const handleProjectDoc = async c => {
   const projectId = c.req.param('projectId');
 
-  if (!orgId || !projectId) {
-    return c.json({ error: 'Organization ID and Project ID required' }, 400);
+  if (!projectId) {
+    return c.json({ error: 'Project ID required' }, 400);
   }
 
-  // Compute project-scoped DO instance name (orgId is validated inside DO via DB check)
+  // Compute project-scoped DO instance name
   const { getProjectDocStub } = await import('./lib/project-doc-id.js');
   const projectDoc = getProjectDocStub(c.env, projectId);
   const response = await projectDoc.fetch(c.req.raw);
@@ -332,9 +331,22 @@ const handleOrgProjectDoc = async c => {
   return response;
 };
 
-// Org-scoped routes for WebSocket connections (y-websocket appends room as final segment)
-app.all('/api/orgs/:orgId/project-doc/:projectId', handleOrgProjectDoc);
-app.all('/api/orgs/:orgId/project-doc/:projectId/*', handleOrgProjectDoc);
+// Project-scoped routes for WebSocket connections (y-websocket appends room as final segment)
+app.all('/api/project-doc/:projectId', handleProjectDoc);
+app.all('/api/project-doc/:projectId/*', handleProjectDoc);
+
+// Legacy org-scoped routes - return 410 Gone
+const legacyOrgProjectDocHandler = c =>
+  c.json(
+    {
+      error: 'ENDPOINT_MOVED',
+      message: 'This endpoint has been moved. Use /api/project-doc/:projectId instead.',
+      statusCode: 410,
+    },
+    410,
+  );
+app.all('/api/orgs/:orgId/project-doc/:projectId', legacyOrgProjectDocHandler);
+app.all('/api/orgs/:orgId/project-doc/:projectId/*', legacyOrgProjectDocHandler);
 
 // Legacy project WebSocket endpoint - return 410 Gone
 const legacyProjectDocHandler = c =>
diff --git a/packages/workers/src/lib/entitlements.js b/packages/workers/src/lib/entitlements.js
index 63f986fd4..1c32a208a 100644
--- a/packages/workers/src/lib/entitlements.js
+++ b/packages/workers/src/lib/entitlements.js
@@ -14,8 +14,15 @@ export function isSubscriptionActive(subscription) {
   if (!subscription) return false;
   if (subscription.status !== 'active') return false;
   if (!subscription.currentPeriodEnd) return true; // No expiration
+
+  // Handle both Date objects (from Drizzle) and Unix timestamps (seconds)
   const now = Math.floor(Date.now() / 1000);
-  return subscription.currentPeriodEnd > now;
+  const periodEnd =
+    subscription.currentPeriodEnd instanceof Date ?
+      Math.floor(subscription.currentPeriodEnd.getTime() / 1000)
+    : subscription.currentPeriodEnd;
+
+  return periodEnd > now;
 }
 
 /**
diff --git a/packages/workers/src/routes/users.js b/packages/workers/src/routes/users.js
index 66f481f91..f7966ae87 100644
--- a/packages/workers/src/routes/users.js
+++ b/packages/workers/src/routes/users.js
@@ -131,6 +131,41 @@ userRoutes.get('/search', searchRateLimit, async c => {
   }
 });
 
+/**
+ * GET /api/users/me/projects
+ * Get all projects for the current authenticated user (convenience endpoint)
+ */
+userRoutes.get('/me/projects', async c => {
+  const { user: authUser } = getAuth(c);
+  const db = createDb(c.env.DB);
+
+  try {
+    const results = await db
+      .select({
+        id: projects.id,
+        name: projects.name,
+        description: projects.description,
+        orgId: projects.orgId,
+        role: projectMembers.role,
+        createdAt: projects.createdAt,
+        updatedAt: projects.updatedAt,
+      })
+      .from(projects)
+      .innerJoin(projectMembers, eq(projects.id, projectMembers.projectId))
+      .where(eq(projectMembers.userId, authUser.id))
+      .orderBy(desc(projects.updatedAt));
+
+    return c.json(results);
+  } catch (error) {
+    console.error('Error fetching user projects:', error);
+    const dbError = createDomainError(SYSTEM_ERRORS.DB_ERROR, {
+      operation: 'fetch_user_projects',
+      originalError: error.message,
+    });
+    return c.json(dbError, dbError.statusCode);
+  }
+});
+
 /**
  * GET /api/users/:userId/projects
  * Get all projects for a user
@@ -155,6 +190,7 @@ userRoutes.get('/:userId/projects', async c => {
         id: projects.id,
         name: projects.name,
         description: projects.description,
+        orgId: projects.orgId,
         role: projectMembers.role,
         createdAt: projects.createdAt,
         updatedAt: projects.updatedAt,

From bde7b9a70fe6bb70f669ea48c7c7fa022a498101 Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Thu, 1 Jan 2026 19:58:26 +0000
Subject: [PATCH 05/10] Apply Prettier formatting

---
 packages/web/src/components/Navbar.jsx                |  1 -
 .../web/src/components/project/MyProjectsPage.jsx     | 11 +++++++----
 packages/web/src/components/sidebar/Sidebar.jsx       |  4 +---
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/packages/web/src/components/Navbar.jsx b/packages/web/src/components/Navbar.jsx
index 46b38794a..91af8c9c0 100644
--- a/packages/web/src/components/Navbar.jsx
+++ b/packages/web/src/components/Navbar.jsx
@@ -51,7 +51,6 @@ export default function Navbar(props) {
     }
   };
 
-
   return (
     <nav class='sticky top-0 z-50 flex items-center justify-between bg-linear-to-r from-blue-700 to-blue-500 px-4 py-2 text-white shadow-lg'>
       <div class='flex items-center space-x-3'>
diff --git a/packages/web/src/components/project/MyProjectsPage.jsx b/packages/web/src/components/project/MyProjectsPage.jsx
index 278da6dd4..5b48f048c 100644
--- a/packages/web/src/components/project/MyProjectsPage.jsx
+++ b/packages/web/src/components/project/MyProjectsPage.jsx
@@ -105,10 +105,13 @@ export default function MyProjectsPage() {
     }
 
     try {
-      const response = await fetch(`${API_BASE}/api/orgs/${project.orgId}/projects/${targetProjectId}`, {
-        method: 'DELETE',
-        credentials: 'include',
-      });
+      const response = await fetch(
+        `${API_BASE}/api/orgs/${project.orgId}/projects/${targetProjectId}`,
+        {
+          method: 'DELETE',
+          credentials: 'include',
+        },
+      );
       if (!response.ok) {
         const data = await response.json().catch(() => ({}));
         throw new Error(data.error || 'Failed to delete project');
diff --git a/packages/web/src/components/sidebar/Sidebar.jsx b/packages/web/src/components/sidebar/Sidebar.jsx
index 0b90224ca..544928af0 100644
--- a/packages/web/src/components/sidebar/Sidebar.jsx
+++ b/packages/web/src/components/sidebar/Sidebar.jsx
@@ -209,9 +209,7 @@ export default function Sidebar(props) {
 
             {/* Expanded or mobile: title */}
             <Show when={showExpandedContent()}>
-              <span class='flex-1 truncate px-2 text-sm font-semibold text-gray-700'>
-                CoRATES
-              </span>
+              <span class='flex-1 truncate px-2 text-sm font-semibold text-gray-700'>CoRATES</span>
             </Show>
 
             {/* Desktop expanded: collapse button */}

From dfe5197b164c9970fcd767ef5affa0ecb287f1a2 Mon Sep 17 00:00:00 2001
From: Jacob Maynard <jacobamaynard@proton.me>
Date: Thu, 1 Jan 2026 14:47:01 -0600
Subject: [PATCH 06/10] realtime project additions and notifications, remvoe
 unused session code

---
 packages/web/src/Layout.jsx                   |   2 +
 packages/web/src/api/better-auth-store.js     |   6 +-
 .../src/components/RealtimeMembershipSync.jsx |  75 +++++
 .../src/components/project/ProjectView.jsx    |   2 +-
 packages/web/src/lib/bfcache-handler.js       |   8 +-
 .../web/src/primitives/useMyProjectsList.js   |   1 +
 packages/web/src/primitives/useProjectList.js |   1 +
 .../src/durable-objects/UserSession.js        | 204 +-----------
 .../__tests__/UserSession.test.js             | 311 +-----------------
 packages/workers/src/routes/orgs/members.js   |  29 +-
 10 files changed, 137 insertions(+), 502 deletions(-)
 create mode 100644 packages/web/src/components/RealtimeMembershipSync.jsx

diff --git a/packages/web/src/Layout.jsx b/packages/web/src/Layout.jsx
index 1fac419d3..a1fb5c960 100644
--- a/packages/web/src/Layout.jsx
+++ b/packages/web/src/Layout.jsx
@@ -4,6 +4,7 @@ import Sidebar from './components/sidebar/Sidebar.jsx';
 import { Toaster } from '@corates/ui';
 import { ImpersonationBanner } from '@/components/admin/index.js';
 import { isImpersonating } from '@/stores/adminStore.js';
+import RealtimeMembershipSync from './components/RealtimeMembershipSync.jsx';
 
 const SIDEBAR_MODE_KEY = 'corates-sidebar-mode';
 const SIDEBAR_WIDTH_KEY = 'corates-sidebar-width';
@@ -70,6 +71,7 @@ export default function MainLayout(props) {
         <main class='flex-1 overflow-auto text-gray-900'>{props.children}</main>
       </div>
       <Toaster />
+      <RealtimeMembershipSync />
     </div>
   );
 }
diff --git a/packages/web/src/api/better-auth-store.js b/packages/web/src/api/better-auth-store.js
index c03b81574..9dc563932 100644
--- a/packages/web/src/api/better-auth-store.js
+++ b/packages/web/src/api/better-auth-store.js
@@ -208,8 +208,12 @@ function createBetterAuthStore() {
           // Invalidate project list query if user is authenticated
           const currentUser = user();
           if (currentUser?.id) {
-            // Invalidate and refetch project list query to ensure it's current
+            // Invalidate and refetch project list queries to ensure they're current
             try {
+              await queryClient.invalidateQueries({
+                queryKey: queryKeys.projects.all,
+              });
+              // Also invalidate legacy query key for backward compatibility
               await queryClient.invalidateQueries({
                 queryKey: queryKeys.projects.list(currentUser.id),
               });
diff --git a/packages/web/src/components/RealtimeMembershipSync.jsx b/packages/web/src/components/RealtimeMembershipSync.jsx
new file mode 100644
index 000000000..ee2d0e0a3
--- /dev/null
+++ b/packages/web/src/components/RealtimeMembershipSync.jsx
@@ -0,0 +1,75 @@
+/**
+ * RealtimeMembershipSync - Handles real-time project membership updates via WebSocket
+ * Invalidates TanStack Query cache when membership changes occur
+ */
+
+import { createEffect, onCleanup, Show } from 'solid-js';
+import { useBetterAuth } from '@api/better-auth-store.js';
+import { useNotifications } from '@/primitives/useNotifications.js';
+import { queryClient } from '@lib/queryClient.js';
+import { queryKeys } from '@lib/queryKeys.js';
+
+/**
+ * Internal component that handles notifications for a specific userId
+ * This is recreated when userId changes, ensuring the hook uses the correct userId
+ */
+function MembershipSyncForUser(props) {
+  // Create notification handler that invalidates queries
+  const handleNotification = notification => {
+    const notificationType = notification.type;
+
+    // Handle project membership change events
+    if (
+      notificationType === 'project-membership-added' ||
+      notificationType === 'project-membership-removed' ||
+      notificationType === 'project-membership-updated'
+    ) {
+      // Invalidate all project list queries
+      queryClient.invalidateQueries({ queryKey: queryKeys.projects.all });
+
+      // Also invalidate legacy query keys for backward compatibility
+      if (props.userId) {
+        queryClient.invalidateQueries({
+          queryKey: queryKeys.projects.list(props.userId),
+        });
+      }
+
+      // If orgId is provided, also invalidate org-scoped project list
+      if (notification.orgId) {
+        queryClient.invalidateQueries({
+          queryKey: queryKeys.projects.byOrg(notification.orgId),
+        });
+      }
+    }
+  };
+
+  const notifications = useNotifications(props.userId, {
+    onNotification: handleNotification,
+  });
+
+  // Connect when component mounts
+  createEffect(() => {
+    if (props.userId) {
+      notifications.connect();
+    }
+  });
+
+  // Cleanup on unmount
+  onCleanup(() => {
+    notifications.disconnect();
+  });
+
+  return null;
+}
+
+export default function RealtimeMembershipSync() {
+  const { user, isLoggedIn } = useBetterAuth();
+
+  // This component recreates MembershipSyncForUser when userId changes
+  // This ensures useNotifications is called with the correct userId
+  return (
+    <Show when={isLoggedIn() && user()?.id}>
+      {userId => <MembershipSyncForUser userId={userId()} key={userId()} />}
+    </Show>
+  );
+}
diff --git a/packages/web/src/components/project/ProjectView.jsx b/packages/web/src/components/project/ProjectView.jsx
index 1c691e4b4..d8776aac0 100644
--- a/packages/web/src/components/project/ProjectView.jsx
+++ b/packages/web/src/components/project/ProjectView.jsx
@@ -40,7 +40,7 @@ export default function ProjectView() {
   const { user } = useBetterAuth();
 
   // Get orgId from project data (for API calls)
-  const { orgId } = useProjectOrgId(params.projectId);
+  const orgId = useProjectOrgId(params.projectId);
 
   // Y.js hook - connection is also registered with projectActionsStore
   // No longer requires orgId for WebSocket connection (project-scoped)
diff --git a/packages/web/src/lib/bfcache-handler.js b/packages/web/src/lib/bfcache-handler.js
index fa148006c..1b9204ec9 100644
--- a/packages/web/src/lib/bfcache-handler.js
+++ b/packages/web/src/lib/bfcache-handler.js
@@ -62,9 +62,13 @@ export function initBfcacheHandler() {
     // Invalidate project list query if user is authenticated
     const currentUser = auth.user();
     if (currentUser?.id) {
-      // Invalidate and refetch project list query to ensure it's current
+      // Invalidate and refetch project list queries to ensure they're current
       try {
-        await queryClient.invalidateQueries({ queryKey: queryKeys.projects.list(currentUser.id) });
+        await queryClient.invalidateQueries({ queryKey: queryKeys.projects.all });
+        // Also invalidate legacy query key for backward compatibility
+        await queryClient.invalidateQueries({
+          queryKey: queryKeys.projects.list(currentUser.id),
+        });
       } catch (err) {
         console.warn('[bfcache] Failed to refresh project list:', err);
       }
diff --git a/packages/web/src/primitives/useMyProjectsList.js b/packages/web/src/primitives/useMyProjectsList.js
index 420079b4b..9884b9080 100644
--- a/packages/web/src/primitives/useMyProjectsList.js
+++ b/packages/web/src/primitives/useMyProjectsList.js
@@ -46,6 +46,7 @@ export function useMyProjectsList(options = {}) {
       enabled: enabledOption !== false && isLoggedIn() && !authLoading(),
       staleTime: 1000 * 60 * 5, // 5 minutes
       gcTime: 1000 * 60 * 10, // 10 minutes
+      refetchOnMount: 'always', // Always refetch on mount to catch membership changes that occurred while app was closed
     };
   });
 
diff --git a/packages/web/src/primitives/useProjectList.js b/packages/web/src/primitives/useProjectList.js
index 4ea1d22ef..76b5345bb 100644
--- a/packages/web/src/primitives/useProjectList.js
+++ b/packages/web/src/primitives/useProjectList.js
@@ -104,6 +104,7 @@ export function useProjectList(userId, options = {}) {
       enabled: enabledOption !== false && !!currentUserId,
       staleTime: 1000 * 60 * 5, // 5 minutes
       gcTime: 1000 * 60 * 10, // 10 minutes
+      refetchOnMount: 'always', // Always refetch on mount to catch membership changes that occurred while app was closed
     };
   });
 
diff --git a/packages/workers/src/durable-objects/UserSession.js b/packages/workers/src/durable-objects/UserSession.js
index 728c4e6db..e87cace53 100644
--- a/packages/workers/src/durable-objects/UserSession.js
+++ b/packages/workers/src/durable-objects/UserSession.js
@@ -1,6 +1,5 @@
 import { verifyAuth } from '../auth/config.js';
 import { getAccessControlOrigin } from '../config/origins.js';
-import { SESSION_CONFIG } from '../config/constants.js';
 
 export class UserSession {
   constructor(state, env) {
@@ -36,166 +35,11 @@ export class UserSession {
       return await this.handleWebSocket(request);
     }
 
-    try {
-      // Verify authentication for all requests
-      const { user } = await verifyAuth(request, this.env);
-      if (!user) {
-        return new Response(JSON.stringify({ error: 'Authentication required' }), {
-          status: 401,
-          headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-        });
-      }
-
-      // Extract the userId from the URL path
-      // URL pattern: /api/sessions/:sessionId/*
-      const sessionUserId = this.extractUserIdFromPath(path);
-
-      // Ensure user can only access their own session
-      if (!sessionUserId || sessionUserId !== user.id) {
-        return new Response(JSON.stringify({ error: 'Access denied' }), {
-          status: 403,
-          headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-        });
-      }
-
-      request.user = user;
-
-      // Get session data
-      if (request.method === 'GET') {
-        return await this.getSession(corsHeaders);
-      }
-
-      // Update session data
-      if (request.method === 'PUT') {
-        return await this.updateSession(request, corsHeaders);
-      }
-
-      // Create new session
-      if (request.method === 'POST') {
-        return await this.createSession(request, corsHeaders);
-      }
-
-      // Delete session
-      if (request.method === 'DELETE') {
-        return await this.deleteSession(corsHeaders);
-      }
-
-      return new Response(JSON.stringify({ error: 'Method not allowed' }), {
-        status: 405,
-        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-      });
-    } catch (error) {
-      console.error('UserSession error:', error);
-      return new Response(JSON.stringify({ error: 'Internal Server Error' }), {
-        status: 500,
-        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-      });
-    }
-  }
-
-  async getSession(corsHeaders) {
-    try {
-      const sessionData = (await this.state.storage.get('session')) || {
-        id: await this.state.id.toString(),
-        createdAt: new Date().toISOString(),
-        lastActive: new Date().toISOString(),
-        data: {},
-      };
-
-      // Update last active
-      sessionData.lastActive = new Date().toISOString();
-      await this.state.storage.put('session', sessionData);
-
-      // Schedule cleanup alarm if not already set
-      await this.scheduleCleanupAlarm();
-
-      return new Response(JSON.stringify(sessionData), {
-        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-      });
-    } catch (error) {
-      console.error('Get session error:', error);
-      return new Response(JSON.stringify({ error: 'Failed to retrieve session' }), {
-        status: 500,
-        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-      });
-    }
-  }
-
-  async createSession(request, corsHeaders) {
-    try {
-      const body = await request.json();
-
-      const sessionData = {
-        id: await this.state.id.toString(),
-        createdAt: new Date().toISOString(),
-        lastActive: new Date().toISOString(),
-        data: body.data || {},
-      };
-
-      await this.state.storage.put('session', sessionData);
-
-      // Schedule cleanup alarm
-      await this.scheduleCleanupAlarm();
-
-      return new Response(JSON.stringify(sessionData), {
-        status: 201,
-        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-      });
-    } catch (error) {
-      console.error('Create session error:', error);
-      return new Response(JSON.stringify({ error: 'Failed to create session' }), {
-        status: 500,
-        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-      });
-    }
-  }
-
-  async updateSession(request, corsHeaders) {
-    try {
-      const body = await request.json();
-      const sessionData = await this.state.storage.get('session');
-
-      if (!sessionData) {
-        return new Response(JSON.stringify({ error: 'Session not found' }), {
-          status: 404,
-          headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-        });
-      }
-
-      const updatedSession = {
-        ...sessionData,
-        lastActive: new Date().toISOString(),
-        data: { ...sessionData.data, ...body.data },
-      };
-
-      await this.state.storage.put('session', updatedSession);
-
-      return new Response(JSON.stringify(updatedSession), {
-        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-      });
-    } catch (error) {
-      console.error('Update session error:', error);
-      return new Response(JSON.stringify({ error: 'Failed to update session' }), {
-        status: 500,
-        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-      });
-    }
-  }
-
-  async deleteSession(corsHeaders) {
-    try {
-      await this.state.storage.deleteAll();
-
-      return new Response(JSON.stringify({ success: true }), {
-        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-      });
-    } catch (error) {
-      console.error('Delete session error:', error);
-      return new Response(JSON.stringify({ error: 'Failed to delete session' }), {
-        status: 500,
-        headers: { ...corsHeaders, 'Content-Type': 'application/json' },
-      });
-    }
+    // All other requests are not supported (only WebSocket and /notify are used)
+    return new Response(JSON.stringify({ error: 'Method not allowed' }), {
+      status: 405,
+      headers: { ...corsHeaders, 'Content-Type': 'application/json' },
+    });
   }
 
   /**
@@ -216,6 +60,14 @@ export class UserSession {
       return new Response('Authentication required', { status: 401 });
     }
 
+    // Extract userId from URL path and verify it matches authenticated user
+    const url = new URL(request.url);
+    const sessionUserId = this.extractUserIdFromPath(url.pathname);
+
+    if (!sessionUserId || sessionUserId !== user.id) {
+      return new Response('Access denied', { status: 403 });
+    }
+
     const webSocketPair = new WebSocketPair();
     const [client, server] = Object.values(webSocketPair);
 
@@ -300,36 +152,6 @@ export class UserSession {
     }
   }
 
-  // Auto-cleanup expired sessions
-  async alarm() {
-    const sessionData = await this.state.storage.get('session');
-
-    if (sessionData) {
-      const lastActive = new Date(sessionData.lastActive);
-      const now = new Date();
-      const hoursSinceActive = (now - lastActive) / (1000 * 60 * 60);
-
-      // Delete session if inactive for configured hours
-      if (hoursSinceActive > SESSION_CONFIG.CLEANUP_HOURS) {
-        await this.state.storage.deleteAll();
-        console.log('UserSession: cleaned up inactive session');
-      } else {
-        // Schedule next cleanup check
-        await this.state.storage.setAlarm(now.getTime() + SESSION_CONFIG.ALARM_INTERVAL_MS);
-      }
-    }
-  }
-
-  /**
-   * Schedule cleanup alarm if not already set
-   */
-  async scheduleCleanupAlarm() {
-    const currentAlarm = await this.state.storage.getAlarm();
-    if (!currentAlarm) {
-      await this.state.storage.setAlarm(Date.now() + SESSION_CONFIG.ALARM_INTERVAL_MS);
-    }
-  }
-
   /**
    * Extract user ID from the URL path
    * Expected pattern: /api/sessions/:userId/...
diff --git a/packages/workers/src/durable-objects/__tests__/UserSession.test.js b/packages/workers/src/durable-objects/__tests__/UserSession.test.js
index e60110c12..b31ea79b6 100644
--- a/packages/workers/src/durable-objects/__tests__/UserSession.test.js
+++ b/packages/workers/src/durable-objects/__tests__/UserSession.test.js
@@ -1,10 +1,10 @@
 /**
  * Tests for UserSession Durable Object
- * Tests session management, WebSocket handling, notifications, and cleanup
+ * Tests WebSocket handling and notifications
  */
 
 import { describe, it, expect, beforeEach, vi } from 'vitest';
-import { env, runInDurableObject, runDurableObjectAlarm } from 'cloudflare:test';
+import { env, runInDurableObject } from 'cloudflare:test';
 import { __mockVerifyAuth as mockVerifyAuth } from '../../auth/config.js';
 
 // Mock auth
@@ -52,51 +52,8 @@ describe('UserSession Durable Object', () => {
     });
   }
 
-  describe('Session CRUD Operations', () => {
-    it('should create a new session', async () => {
-      mockVerifyAuth.mockResolvedValueOnce({
-        user: { id: 'test-user-1', email: 'test@example.com' },
-      });
-
-      const stub = await getUserSessionStub('test-user-1');
-      const req = createAuthRequest('test-user-1', 'POST', {
-        data: { theme: 'dark', preferences: {} },
-      });
-
-      const res = await stub.fetch(req);
-      expect(res.status).toBe(201);
-
-      const body = await res.json();
-      expect(body.id).toBeDefined();
-      expect(body.data.theme).toBe('dark');
-      expect(body.createdAt).toBeDefined();
-      expect(body.lastActive).toBeDefined();
-    });
-
-    it('should get existing session', async () => {
-      mockVerifyAuth.mockResolvedValue({
-        user: { id: 'test-user-1', email: 'test@example.com' },
-      });
-
-      const stub = await getUserSessionStub('test-user-1');
-
-      // Create session first
-      const createReq = createAuthRequest('test-user-1', 'POST', {
-        data: { theme: 'light' },
-      });
-      await stub.fetch(createReq);
-
-      // Get session
-      const getReq = createAuthRequest('test-user-1', 'GET');
-      const res = await stub.fetch(getReq);
-      expect(res.status).toBe(200);
-
-      const body = await res.json();
-      expect(body.data.theme).toBe('light');
-      expect(body.lastActive).toBeDefined();
-    });
-
-    it('should return default session if none exists', async () => {
+  describe('HTTP Method Handling', () => {
+    it('should return 405 for non-WebSocket, non-notify requests', async () => {
       mockVerifyAuth.mockResolvedValueOnce({
         user: { id: 'test-user-1', email: 'test@example.com' },
       });
@@ -105,141 +62,10 @@ describe('UserSession Durable Object', () => {
       const req = createAuthRequest('test-user-1', 'GET');
 
       const res = await stub.fetch(req);
-      expect(res.status).toBe(200);
+      expect(res.status).toBe(405);
 
       const body = await res.json();
-      expect(body.id).toBeDefined();
-      expect(body.data).toEqual({});
-      expect(body.createdAt).toBeDefined();
-    });
-
-    it('should update session data', async () => {
-      mockVerifyAuth.mockResolvedValue({
-        user: { id: 'test-user-1', email: 'test@example.com' },
-      });
-
-      const stub = await getUserSessionStub('test-user-1');
-
-      // Create session
-      const createReq = createAuthRequest('test-user-1', 'POST', {
-        data: { theme: 'light' },
-      });
-      await stub.fetch(createReq);
-
-      // Update session
-      const updateReq = createAuthRequest('test-user-1', 'PUT', {
-        data: { theme: 'dark', language: 'en' },
-      });
-      const res = await stub.fetch(updateReq);
-      expect(res.status).toBe(200);
-
-      const body = await res.json();
-      expect(body.data.theme).toBe('dark');
-      expect(body.data.language).toBe('en');
-      expect(body.lastActive).toBeDefined();
-    });
-
-    it('should return 404 when updating non-existent session', async () => {
-      mockVerifyAuth.mockResolvedValueOnce({
-        user: { id: 'test-user-1', email: 'test@example.com' },
-      });
-
-      const stub = await getUserSessionStub('test-user-1');
-      const req = createAuthRequest('test-user-1', 'PUT', {
-        data: { theme: 'dark' },
-      });
-
-      const res = await stub.fetch(req);
-      expect(res.status).toBe(404);
-
-      const body = await res.json();
-      expect(body.error).toMatch(/Session not found/i);
-    });
-
-    it('should delete session', async () => {
-      mockVerifyAuth.mockResolvedValue({
-        user: { id: 'test-user-1', email: 'test@example.com' },
-      });
-
-      const stub = await getUserSessionStub('test-user-1');
-
-      // Create session
-      const createReq = createAuthRequest('test-user-1', 'POST', {
-        data: { theme: 'light' },
-      });
-      await stub.fetch(createReq);
-
-      // Delete session
-      const deleteReq = createAuthRequest('test-user-1', 'DELETE');
-      const res = await stub.fetch(deleteReq);
-      expect(res.status).toBe(200);
-
-      const body = await res.json();
-      expect(body.success).toBe(true);
-
-      // Verify session is deleted
-      const getReq = createAuthRequest('test-user-1', 'GET');
-      const getRes = await stub.fetch(getReq);
-      const getBody = await getRes.json();
-      // Should return default session (empty data)
-      expect(getBody.data).toEqual({});
-    });
-  });
-
-  describe('Access Control', () => {
-    it('should require authentication', async () => {
-      mockVerifyAuth.mockResolvedValueOnce({ user: null });
-
-      const stub = await getUserSessionStub('test-user-1');
-      const req = createAuthRequest('test-user-1', 'GET');
-
-      const res = await stub.fetch(req);
-      expect(res.status).toBe(401);
-
-      const body = await res.json();
-      expect(body.error).toMatch(/Authentication required/i);
-    });
-
-    it('should deny access to other users sessions', async () => {
-      mockVerifyAuth.mockResolvedValueOnce({
-        user: { id: 'test-user-1', email: 'test1@example.com' },
-      });
-
-      const stub = await getUserSessionStub('test-user-2');
-      const req = createAuthRequest('test-user-2', 'GET');
-
-      const res = await stub.fetch(req);
-      expect(res.status).toBe(403);
-
-      const body = await res.json();
-      expect(body.error).toMatch(/Access denied/i);
-    });
-
-    it('should allow user to access their own session', async () => {
-      mockVerifyAuth.mockResolvedValueOnce({
-        user: { id: 'test-user-1', email: 'test@example.com' },
-      });
-
-      const stub = await getUserSessionStub('test-user-1');
-      const req = createAuthRequest('test-user-1', 'GET');
-
-      const res = await stub.fetch(req);
-      expect(res.status).toBe(200);
-    });
-  });
-
-  describe('CORS Headers', () => {
-    it('should include CORS headers in responses', async () => {
-      mockVerifyAuth.mockResolvedValueOnce({
-        user: { id: 'test-user-1', email: 'test@example.com' },
-      });
-
-      const stub = await getUserSessionStub('test-user-1');
-      const req = createAuthRequest('test-user-1', 'GET');
-
-      const res = await stub.fetch(req);
-      expect(res.headers.get('Access-Control-Allow-Origin')).toBe('http://localhost:5173');
-      expect(res.headers.get('Access-Control-Allow-Credentials')).toBe('true');
+      expect(body.error).toMatch(/Method not allowed/i);
     });
 
     it('should handle OPTIONS preflight requests', async () => {
@@ -248,8 +74,7 @@ describe('UserSession Durable Object', () => {
 
       const res = await stub.fetch(req);
       expect(res.status).toBe(200);
-      expect(res.headers.get('Access-Control-Allow-Methods')).toContain('GET');
-      expect(res.headers.get('Access-Control-Allow-Methods')).toContain('POST');
+      expect(res.headers.get('Access-Control-Allow-Methods')).toBeDefined();
     });
   });
 
@@ -327,128 +152,6 @@ describe('UserSession Durable Object', () => {
     });
   });
 
-  describe('Cleanup Alarm', () => {
-    it('should schedule cleanup alarm when session is created', async () => {
-      mockVerifyAuth.mockResolvedValueOnce({
-        user: { id: 'test-user-1', email: 'test@example.com' },
-      });
-
-      const stub = await getUserSessionStub('test-user-1');
-      const req = createAuthRequest('test-user-1', 'POST', {
-        data: { theme: 'light' },
-      });
-
-      await stub.fetch(req);
-
-      await runInDurableObject(stub, async (instance, state) => {
-        const alarm = await state.storage.getAlarm();
-        expect(alarm).toBeDefined();
-        if (alarm !== null) {
-          expect(typeof alarm).toBe('number');
-          expect(alarm).toBeGreaterThan(Date.now());
-        }
-      });
-    });
-
-    it('should not schedule duplicate alarms', async () => {
-      mockVerifyAuth.mockResolvedValue({
-        user: { id: 'test-user-1', email: 'test@example.com' },
-      });
-
-      const stub = await getUserSessionStub('test-user-1');
-
-      // Create session
-      const createReq = createAuthRequest('test-user-1', 'POST', {
-        data: { theme: 'light' },
-      });
-      await stub.fetch(createReq);
-
-      let firstAlarm;
-      await runInDurableObject(stub, async (instance, state) => {
-        firstAlarm = await state.storage.getAlarm();
-      });
-
-      // Get session (should trigger scheduleCleanupAlarm)
-      const getReq = createAuthRequest('test-user-1', 'GET');
-      await stub.fetch(getReq);
-
-      await runInDurableObject(stub, async (instance, state) => {
-        const secondAlarm = await state.storage.getAlarm();
-        expect(secondAlarm).toBe(firstAlarm);
-      });
-    });
-
-    it('should cleanup inactive sessions', async () => {
-      mockVerifyAuth.mockResolvedValueOnce({
-        user: { id: 'test-user-1', email: 'test@example.com' },
-      });
-
-      const stub = await getUserSessionStub('test-user-1');
-
-      // Create session with old lastActive (more than 24 hours ago)
-      await runInDurableObject(stub, async (instance, state) => {
-        const oldDate = new Date();
-        oldDate.setTime(oldDate.getTime() - 25 * 60 * 60 * 1000); // 25 hours ago in milliseconds
-
-        await state.storage.put('session', {
-          id: 'test-session',
-          createdAt: oldDate.toISOString(),
-          lastActive: oldDate.toISOString(),
-          data: { theme: 'light' },
-        });
-      });
-
-      // Manually trigger the alarm handler
-      await runInDurableObject(stub, async (instance, _state) => {
-        await instance.alarm();
-      });
-
-      // Verify session was deleted
-      await runInDurableObject(stub, async (instance, state) => {
-        const session = await state.storage.get('session');
-        // Session should be deleted if inactive for more than 24 hours
-        expect(session).toBeUndefined();
-      });
-    });
-
-    it('should reschedule alarm for active sessions', async () => {
-      mockVerifyAuth.mockResolvedValueOnce({
-        user: { id: 'test-user-1', email: 'test@example.com' },
-      });
-
-      const stub = await getUserSessionStub('test-user-1');
-
-      // Create session with recent lastActive
-      await runInDurableObject(stub, async (instance, state) => {
-        const recentDate = new Date();
-        recentDate.setHours(recentDate.getHours() - 1); // 1 hour ago
-
-        await state.storage.put('session', {
-          id: 'test-session',
-          createdAt: recentDate.toISOString(),
-          lastActive: recentDate.toISOString(),
-          data: { theme: 'light' },
-        });
-      });
-
-      // Trigger alarm
-      await runDurableObjectAlarm(stub);
-
-      // Verify session still exists and alarm was rescheduled
-      await runInDurableObject(stub, async (instance, state) => {
-        const session = await state.storage.get('session');
-        expect(session).toBeDefined();
-
-        const alarm = await state.storage.getAlarm();
-        expect(alarm).toBeDefined();
-        if (alarm !== null) {
-          expect(typeof alarm).toBe('number');
-          expect(alarm).toBeGreaterThan(Date.now());
-        }
-      });
-    });
-  });
-
   describe('Path Extraction', () => {
     it('should extract userId from path correctly', async () => {
       const stub = await getUserSessionStub('test-user-1');
diff --git a/packages/workers/src/routes/orgs/members.js b/packages/workers/src/routes/orgs/members.js
index 320d8aca9..5f204675f 100644
--- a/packages/workers/src/routes/orgs/members.js
+++ b/packages/workers/src/routes/orgs/members.js
@@ -168,7 +168,8 @@ orgProjectMemberRoutes.post(
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
             body: JSON.stringify({
-              type: 'project-invite',
+              type: 'project-membership-added',
+              orgId,
               projectId,
               projectName: project?.name || 'Unknown Project',
               role,
@@ -177,7 +178,7 @@ orgProjectMemberRoutes.post(
           }),
         );
       } catch (err) {
-        console.error('Failed to send project invite notification:', err);
+        console.error('Failed to send project membership notification:', err);
       }
 
       // Sync member to DO
@@ -275,6 +276,27 @@ orgProjectMemberRoutes.put(
         console.error('Failed to sync member update to DO:', err);
       }
 
+      // Send notification to the user whose role was updated
+      try {
+        const userSessionId = c.env.USER_SESSION.idFromName(memberId);
+        const userSession = c.env.USER_SESSION.get(userSessionId);
+        await userSession.fetch(
+          new Request('https://internal/notify', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+              type: 'project-membership-updated',
+              orgId,
+              projectId,
+              role,
+              timestamp: Date.now(),
+            }),
+          }),
+        );
+      } catch (err) {
+        console.error('Failed to send role update notification:', err);
+      }
+
       return c.json({ success: true, userId: memberId, role });
     } catch (error) {
       console.error('Error updating project member role:', error);
@@ -378,7 +400,8 @@ orgProjectMemberRoutes.delete(
               method: 'POST',
               headers: { 'Content-Type': 'application/json' },
               body: JSON.stringify({
-                type: 'removed-from-project',
+                type: 'project-membership-removed',
+                orgId,
                 projectId,
                 projectName: project?.name || 'Unknown Project',
                 removedBy: authUser.name || authUser.email,

From b4daade094397785762c323b2cd441b9cc61d0e5 Mon Sep 17 00:00:00 2001
From: Jacob Maynard <jacobamaynard@proton.me>
Date: Thu, 1 Jan 2026 15:09:47 -0600
Subject: [PATCH 07/10] remove old stuff

---
 packages/web/src/Routes.jsx                   |   2 +-
 .../src/components/org/OrgProjectsPage.jsx    | 279 ------------------
 .../web/src/components/org/OrgRedirect.jsx    |  70 -----
 packages/web/src/components/org/index.js      |   3 -
 packages/web/src/lib/queryClient.js           |   2 -
 5 files changed, 1 insertion(+), 355 deletions(-)
 delete mode 100644 packages/web/src/components/org/OrgProjectsPage.jsx
 delete mode 100644 packages/web/src/components/org/OrgRedirect.jsx

diff --git a/packages/web/src/Routes.jsx b/packages/web/src/Routes.jsx
index 6a1792bfa..5783b6cc2 100644
--- a/packages/web/src/Routes.jsx
+++ b/packages/web/src/Routes.jsx
@@ -49,7 +49,7 @@ export default function AppRoutes() {
           <Route path='/admin/storage' component={StorageManagement} />
           <Route path='/settings/billing' component={BillingPage} />
 
-          {/* Organization creation (still needed) */}
+          {/* Organization creation */}
           <Route path='/orgs/new' component={CreateOrgPage} />
 
           {/* Project-scoped routes */}
diff --git a/packages/web/src/components/org/OrgProjectsPage.jsx b/packages/web/src/components/org/OrgProjectsPage.jsx
deleted file mode 100644
index dc1dbbeeb..000000000
--- a/packages/web/src/components/org/OrgProjectsPage.jsx
+++ /dev/null
@@ -1,279 +0,0 @@
-/**
- * OrgProjectsPage - Shows projects list for an organization
- *
- * Displays org header, projects grid, and create project functionality.
- */
-
-import { createSignal, Show, For } from 'solid-js';
-import { useNavigate } from '@solidjs/router';
-import { useOrgContext } from '@primitives/useOrgContext.js';
-import { useOrgProjectList } from '@primitives/useOrgProjectList.js';
-import { useBetterAuth } from '@api/better-auth-store.js';
-import { useSubscription } from '@primitives/useSubscription.js';
-import { useQueryClient } from '@tanstack/solid-query';
-import { useConfirmDialog, showToast } from '@corates/ui';
-import { API_BASE } from '@config/api.js';
-import { queryKeys } from '@lib/queryKeys.js';
-import { isUnlimitedQuota } from '@corates/shared/plans';
-import ProjectCard from '@/components/project/ProjectCard.jsx';
-import CreateProjectForm from '@/components/project/CreateProjectForm.jsx';
-import ContactPrompt from '@/components/project/ContactPrompt.jsx';
-import LocalAppraisalsPanel from '@/components/checklist/LocalAppraisalsPanel.jsx';
-import projectStore from '@/stores/projectStore.js';
-
-export default function OrgProjectsPage() {
-  const navigate = useNavigate();
-  const queryClient = useQueryClient();
-  const confirmDialog = useConfirmDialog();
-  const { isOnline } = useBetterAuth();
-
-  // Org context from URL
-  const {
-    orgId,
-    orgSlug,
-    orgName,
-    currentOrg,
-    isLoading: orgLoading,
-    orgNotFound,
-  } = useOrgContext();
-
-  // Projects for this org
-  const projectListQuery = useOrgProjectList(orgId);
-  const projects = () => projectListQuery.projects();
-  const projectCount = () => projects()?.length || 0;
-
-  // Subscription/quota checks
-  const {
-    hasEntitlement,
-    hasQuota,
-    quotas,
-    loading: subscriptionLoading,
-    subscriptionFetchFailed,
-    refetch: refetchSubscription,
-  } = useSubscription();
-
-  const [showCreateForm, setShowCreateForm] = createSignal(false);
-
-  // Check both entitlement and quota
-  const canCreateProject = () => {
-    if (subscriptionLoading()) return null;
-    return (
-      hasEntitlement('project.create') &&
-      hasQuota('projects.max', { used: projectCount(), requested: 1 })
-    );
-  };
-
-  const restrictionType = () => {
-    if (subscriptionLoading()) return null;
-    return !hasEntitlement('project.create') ? 'entitlement' : 'quota';
-  };
-
-  const quotaLimit = () => {
-    const limit = quotas()['projects.max'];
-    return isUnlimitedQuota(limit) ? -1 : limit;
-  };
-
-  // Handle project creation
-  const handleProjectCreated = (
-    newProject,
-    pendingPdfs = [],
-    pendingRefs = [],
-    driveFiles = [],
-  ) => {
-    // Invalidate project list for this org
-    queryClient.invalidateQueries({ queryKey: queryKeys.projects.byOrg(orgId()) });
-
-    // Store pending data for the project view
-    if (pendingPdfs.length > 0 || pendingRefs.length > 0 || driveFiles.length > 0) {
-      projectStore.setPendingProjectData(newProject.id, { pendingPdfs, pendingRefs, driveFiles });
-    }
-
-    setShowCreateForm(false);
-    navigate(`/orgs/${orgSlug()}/projects/${newProject.id}`);
-  };
-
-  // Open a project
-  const openProject = projectId => {
-    navigate(`/orgs/${orgSlug()}/projects/${projectId}`);
-  };
-
-  // Delete a project
-  const handleDeleteProject = async targetProjectId => {
-    const confirmed = await confirmDialog.open({
-      title: 'Delete Project',
-      description:
-        'Are you sure you want to delete this entire project? This action cannot be undone.',
-      confirmText: 'Delete Project',
-      variant: 'danger',
-    });
-    if (!confirmed) return;
-
-    try {
-      const response = await fetch(`${API_BASE}/api/orgs/${orgId()}/projects/${targetProjectId}`, {
-        method: 'DELETE',
-        credentials: 'include',
-      });
-      if (!response.ok) {
-        const data = await response.json().catch(() => ({}));
-        throw new Error(data.error || 'Failed to delete project');
-      }
-
-      queryClient.invalidateQueries({ queryKey: queryKeys.projects.byOrg(orgId()) });
-      showToast.success('Project Deleted', 'The project has been deleted successfully');
-    } catch (err) {
-      const { handleError } = await import('@/lib/error-utils.js');
-      await handleError(err, { toastTitle: 'Delete Failed' });
-    }
-  };
-
-  // Loading state
-  const isLoading = () => orgLoading() || projectListQuery.isLoading();
-
-  return (
-    <div class='p-6'>
-      <div class='mx-auto max-w-7xl space-y-6'>
-        {/* Org not found */}
-        <Show when={orgNotFound() && !orgLoading()}>
-          <div class='rounded-lg border border-amber-200 bg-amber-50 p-6 text-center'>
-            <h2 class='text-lg font-semibold text-amber-800'>Organization Not Found</h2>
-            <p class='mt-2 text-amber-700'>
-              The organization you're looking for doesn't exist or you don't have access.
-            </p>
-            <button
-              onClick={() => navigate('/dashboard')}
-              class='mt-4 rounded-lg bg-amber-600 px-4 py-2 font-medium text-white hover:bg-amber-700'
-            >
-              Go to Dashboard
-            </button>
-          </div>
-        </Show>
-
-        {/* Main content */}
-        <Show when={!orgNotFound()}>
-          {/* Header */}
-          <div class='flex flex-wrap items-center justify-between gap-4'>
-            <div>
-              <h1 class='text-2xl font-bold text-gray-900'>{orgName() || 'Projects'}</h1>
-              <p class='mt-1 text-gray-500'>
-                {currentOrg()?.slug ? `@${currentOrg().slug}` : 'Manage your research projects'}
-              </p>
-            </div>
-
-            {/* Create button or quota prompt */}
-            <Show
-              when={canCreateProject() !== null}
-              fallback={<div class='h-10 w-32 animate-pulse rounded-lg bg-gray-200' />}
-            >
-              <Show
-                when={canCreateProject()}
-                fallback={
-                  <div class='max-w-sm'>
-                    <ContactPrompt
-                      restrictionType={restrictionType()}
-                      projectCount={projectCount()}
-                      quotaLimit={quotaLimit()}
-                    />
-                  </div>
-                }
-              >
-                <button
-                  class='inline-flex transform items-center gap-2 rounded-lg bg-blue-600 px-4 py-2 font-medium text-white shadow-md transition-all duration-200 hover:scale-[1.02] hover:bg-blue-700 hover:shadow-lg focus:ring-2 focus:ring-blue-500 focus:outline-none disabled:cursor-not-allowed disabled:opacity-50 disabled:hover:scale-100'
-                  onClick={() => setShowCreateForm(!showCreateForm())}
-                  disabled={!isOnline()}
-                  title={!isOnline() ? 'Cannot create projects while offline' : ''}
-                >
-                  <span class='text-lg'>+</span>
-                  New Project
-                </button>
-              </Show>
-            </Show>
-          </div>
-
-          {/* Subscription fetch error banner */}
-          <Show when={subscriptionFetchFailed()}>
-            <div class='flex items-center justify-between rounded-lg border border-amber-200 bg-amber-50 p-4 text-amber-800'>
-              <div>
-                <span class='font-medium'>Unable to verify subscription.</span>{' '}
-                <span class='text-amber-700'>Some features may be restricted.</span>
-              </div>
-              <button
-                onClick={() => refetchSubscription()}
-                class='rounded bg-amber-600 px-3 py-1.5 text-sm font-medium text-white hover:bg-amber-700'
-              >
-                Retry
-              </button>
-            </div>
-          </Show>
-
-          {/* Project list error display */}
-          <Show when={projectListQuery.isError()}>
-            <div class='rounded-lg border border-red-200 bg-red-50 p-4 text-red-700'>
-              {projectListQuery.error()?.message || 'An error occurred'}
-              <button onClick={() => projectListQuery.refetch()} class='ml-2 underline'>
-                Retry
-              </button>
-            </div>
-          </Show>
-
-          {/* Create Project Form */}
-          <Show when={showCreateForm()}>
-            <CreateProjectForm
-              apiBase={API_BASE}
-              orgId={orgId()}
-              onProjectCreated={handleProjectCreated}
-              onCancel={() => setShowCreateForm(false)}
-            />
-          </Show>
-
-          {/* Projects Grid */}
-          <div class='grid gap-4 md:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4'>
-            <Show
-              when={projects()?.length > 0}
-              fallback={
-                <Show when={!isLoading()}>
-                  <div class='col-span-full rounded-lg border-2 border-dashed border-gray-300 bg-white px-6 py-12'>
-                    <div class='text-center text-gray-500'>No projects yet</div>
-                    <Show when={canCreateProject()}>
-                      <div class='flex justify-center'>
-                        <button
-                          onClick={() => setShowCreateForm(true)}
-                          class='mt-4 font-medium text-blue-600 hover:text-blue-700'
-                        >
-                          Create your first project
-                        </button>
-                      </div>
-                    </Show>
-                  </div>
-                </Show>
-              }
-            >
-              <For each={projects()}>
-                {project => (
-                  <ProjectCard
-                    project={project}
-                    onOpen={openProject}
-                    onDelete={handleDeleteProject}
-                  />
-                )}
-              </For>
-            </Show>
-
-            {/* Loading state */}
-            <Show when={isLoading()}>
-              <div class='col-span-full py-12 text-center'>
-                <div class='text-gray-400'>Loading projects...</div>
-              </div>
-            </Show>
-          </div>
-
-          {/* Local Appraisals Section */}
-          <div class='mt-10 border-t border-gray-200 pt-8'>
-            <LocalAppraisalsPanel showHeader={true} showSignInPrompt={false} />
-          </div>
-        </Show>
-
-        <confirmDialog.ConfirmDialogComponent />
-      </div>
-    </div>
-  );
-}
diff --git a/packages/web/src/components/org/OrgRedirect.jsx b/packages/web/src/components/org/OrgRedirect.jsx
deleted file mode 100644
index 92d29af7c..000000000
--- a/packages/web/src/components/org/OrgRedirect.jsx
+++ /dev/null
@@ -1,70 +0,0 @@
-/**
- * OrgRedirect - Redirects to the appropriate org context
- *
- * On /dashboard (or /):
- * - If logged in with orgs → navigate to last/first org
- * - If logged in with no orgs → navigate to /orgs/new
- * - If not logged in → show sign-in prompt
- */
-
-import { createEffect, Show } from 'solid-js';
-import { useNavigate } from '@solidjs/router';
-import { useBetterAuth } from '@api/better-auth-store.js';
-import { useOrgContext, getLastOrgSlug } from '@primitives/useOrgContext.js';
-
-export default function OrgRedirect() {
-  const navigate = useNavigate();
-  const { isLoggedIn, authLoading } = useBetterAuth();
-  const { orgs, isLoading, hasNoOrgs } = useOrgContext();
-
-  createEffect(() => {
-    // Wait for auth and orgs to load
-    if (authLoading() || isLoading()) return;
-
-    // Not logged in - let the layout/guard handle this
-    if (!isLoggedIn()) return;
-
-    // User has no orgs - redirect to create org page
-    if (hasNoOrgs()) {
-      navigate('/orgs/new', { replace: true });
-      return;
-    }
-
-    // User has orgs - redirect to last used or first org
-    const orgsList = orgs();
-    if (orgsList && orgsList.length > 0) {
-      const lastSlug = getLastOrgSlug();
-      const targetOrg =
-        lastSlug ? orgsList.find(o => o.slug === lastSlug) || orgsList[0] : orgsList[0];
-
-      navigate(`/orgs/${targetOrg.slug}`, { replace: true });
-    }
-  });
-
-  return (
-    <div class='flex min-h-[60vh] items-center justify-center'>
-      <Show
-        when={!authLoading() && !isLoading()}
-        fallback={
-          <div class='text-center'>
-            <div class='mx-auto mb-4 h-8 w-8 animate-spin rounded-full border-2 border-blue-600 border-t-transparent' />
-            <p class='text-gray-500'>Loading...</p>
-          </div>
-        }
-      >
-        <Show when={!isLoggedIn()}>
-          <div class='text-center'>
-            <h2 class='mb-2 text-xl font-semibold text-gray-900'>Welcome to CoRATES</h2>
-            <p class='mb-4 text-gray-600'>Sign in to access your workspaces</p>
-            <a
-              href='/signin'
-              class='inline-flex items-center gap-2 rounded-lg bg-blue-600 px-4 py-2 font-medium text-white hover:bg-blue-700'
-            >
-              Sign In
-            </a>
-          </div>
-        </Show>
-      </Show>
-    </div>
-  );
-}
diff --git a/packages/web/src/components/org/index.js b/packages/web/src/components/org/index.js
index 0bb1ba642..7c7e51be9 100644
--- a/packages/web/src/components/org/index.js
+++ b/packages/web/src/components/org/index.js
@@ -1,9 +1,6 @@
 /**
  * Organization-scoped components barrel export
  */
-
-export { default as OrgRedirect } from './OrgRedirect.jsx';
-export { default as OrgProjectsPage } from './OrgProjectsPage.jsx';
 export { default as CreateOrgPage } from './CreateOrgPage.jsx';
 
 // Re-export ProjectView from project components (org-aware version)
diff --git a/packages/web/src/lib/queryClient.js b/packages/web/src/lib/queryClient.js
index 29c3e1ff4..92fb6c455 100644
--- a/packages/web/src/lib/queryClient.js
+++ b/packages/web/src/lib/queryClient.js
@@ -211,8 +211,6 @@ export function getQueryClient() {
         retry: 3,
         // Retry delay with exponential backoff
         retryDelay: attemptIndex => Math.min(1000 * 2 ** attemptIndex, 30000),
-        // Refetch on window focus (helps keep data fresh)
-        refetchOnWindowFocus: true,
         // Refetch on reconnect (important for offline support)
         refetchOnReconnect: true,
         // Refetch on mount if data is stale (always true in dev with staleTime: 0)

From 92d6170b6ffc8e0e9a17464ffcec94b330f0a848 Mon Sep 17 00:00:00 2001
From: Jacob Maynard <jacobamaynard@proton.me>
Date: Thu, 1 Jan 2026 15:18:24 -0600
Subject: [PATCH 08/10] fix routing and layout shift for dashboard

---
 packages/web/src/Routes.jsx                   |   4 +-
 packages/web/src/api/better-auth-store.js     |   6 +
 packages/web/src/components/Dashboard.jsx     |  33 +--
 packages/web/src/components/Navbar.jsx        |  12 +-
 .../checklist/ChecklistYjsWrapper.jsx         |   2 +-
 .../compare/ReconciliationWrapper.jsx         |   2 +-
 .../src/components/project/MyProjectsPage.jsx | 256 ------------------
 .../src/components/project/ProjectView.jsx    |   4 +-
 .../src/components/project/ProjectsPanel.jsx  | 250 +++++++++++++++++
 .../project/overview-tab/OverviewTab.jsx      |   2 +-
 .../web/src/components/sidebar/Sidebar.jsx    |   2 +-
 .../web/src/primitives/useMyProjectsList.js   |   1 +
 .../web/src/primitives/useOrgProjectList.js   |   1 +
 packages/web/src/primitives/useRecentsNav.js  |   2 +-
 14 files changed, 280 insertions(+), 297 deletions(-)
 delete mode 100644 packages/web/src/components/project/MyProjectsPage.jsx
 create mode 100644 packages/web/src/components/project/ProjectsPanel.jsx

diff --git a/packages/web/src/Routes.jsx b/packages/web/src/Routes.jsx
index 5783b6cc2..b20f78bb7 100644
--- a/packages/web/src/Routes.jsx
+++ b/packages/web/src/Routes.jsx
@@ -18,7 +18,6 @@ import { AdminDashboard } from '@/components/admin/index.js';
 import StorageManagement from '@/components/admin/StorageManagement.jsx';
 import { BASEPATH } from '@config/api.js';
 import ProtectedGuard from '@/components/auth/ProtectedGuard.jsx';
-import MyProjectsPage from '@/components/project/MyProjectsPage.jsx';
 import ProjectView from '@/components/project/ProjectView.jsx';
 import { CreateOrgPage } from '@/components/org/index.js';
 
@@ -36,7 +35,7 @@ export default function AppRoutes() {
 
       {/* Main app routes */}
       <Route path='/' component={Layout}>
-        {/* Dashboard redirects to projects */}
+        {/* Dashboard - public home for all users */}
         <Route path='/' component={Dashboard} />
         <Route path='/dashboard' component={Dashboard} />
 
@@ -53,7 +52,6 @@ export default function AppRoutes() {
           <Route path='/orgs/new' component={CreateOrgPage} />
 
           {/* Project-scoped routes */}
-          <Route path='/projects' component={MyProjectsPage} />
           <Route path='/projects/:projectId' component={ProjectView} />
 
           {/* Project-scoped checklist routes */}
diff --git a/packages/web/src/api/better-auth-store.js b/packages/web/src/api/better-auth-store.js
index 9dc563932..b560beaa5 100644
--- a/packages/web/src/api/better-auth-store.js
+++ b/packages/web/src/api/better-auth-store.js
@@ -131,6 +131,12 @@ function createBetterAuthStore() {
   // Combined signals that use cached data when offline
   const isLoggedIn = () => {
     if (isOnline()) {
+      // During auth loading (e.g., visibilitychange refetch), keep previous state stable
+      // to prevent UI thrash. Use cached user if available during loading.
+      if (authLoading()) {
+        const cached = cachedUser();
+        if (cached) return true;
+      }
       return sessionIsLoggedIn();
     }
     // When offline, use cached data
diff --git a/packages/web/src/components/Dashboard.jsx b/packages/web/src/components/Dashboard.jsx
index 3bcc279b7..a00061ac7 100644
--- a/packages/web/src/components/Dashboard.jsx
+++ b/packages/web/src/components/Dashboard.jsx
@@ -1,38 +1,21 @@
-import { createEffect, Show } from 'solid-js';
-import { useNavigate } from '@solidjs/router';
-import ChecklistsDashboard from '@/components/checklist/ChecklistsDashboard.jsx';
+import { Show } from 'solid-js';
+import ProjectsPanel from '@/components/project/ProjectsPanel.jsx';
+import LocalAppraisalsPanel from '@/components/checklist/LocalAppraisalsPanel.jsx';
 import { useBetterAuth } from '@api/better-auth-store.js';
 
 export default function Dashboard() {
   const { isLoggedIn, authLoading } = useBetterAuth();
-  const navigate = useNavigate();
-
-  // Redirect logged-in users to projects page
-  createEffect(() => {
-    if (isLoggedIn() && !authLoading()) {
-      navigate('/projects', { replace: true });
-    }
-  });
 
   return (
     <div class='p-6'>
       <div class='mx-auto max-w-7xl space-y-8'>
-        {/* Show sign-in prompt for guests */}
-        <Show when={!isLoggedIn() && !authLoading()}>
-          <div class='text-center'>
-            <h2 class='mb-2 text-xl font-semibold text-gray-900'>Welcome to CoRATES</h2>
-            <p class='mb-4 text-gray-600'>Sign in to access your projects</p>
-            <a
-              href='/signin'
-              class='inline-flex items-center gap-2 rounded-lg bg-blue-600 px-4 py-2 font-medium text-white hover:bg-blue-700'
-            >
-              Sign In
-            </a>
-          </div>
+        {/* Projects section - only shown when logged in */}
+        <Show when={isLoggedIn() && !authLoading()}>
+          <ProjectsPanel />
         </Show>
 
-        {/* Local checklists work offline and don't need org context */}
-        <ChecklistsDashboard isLoggedIn={isLoggedIn()} />
+        {/* Local Appraisals Section - always shown */}
+        <LocalAppraisalsPanel showHeader={true} showSignInPrompt={!isLoggedIn()} />
       </div>
     </div>
   );
diff --git a/packages/web/src/components/Navbar.jsx b/packages/web/src/components/Navbar.jsx
index 91af8c9c0..3fa2afdd8 100644
--- a/packages/web/src/components/Navbar.jsx
+++ b/packages/web/src/components/Navbar.jsx
@@ -1,4 +1,4 @@
-import { Show, For, createEffect, createSignal, onMount, onCleanup } from 'solid-js';
+import { Show, createEffect, createSignal, onMount, onCleanup } from 'solid-js';
 import { A, useNavigate } from '@solidjs/router';
 import { useBetterAuth } from '@api/better-auth-store.js';
 import { FiMenu, FiWifiOff, FiChevronDown, FiX } from 'solid-icons/fi';
@@ -7,7 +7,7 @@ import useOnlineStatus from '@primitives/useOnlineStatus.js';
 import { Avatar } from '@corates/ui';
 
 export default function Navbar(props) {
-  const { user, signout, authLoading, isLoggedIn } = useBetterAuth();
+  const { user, signout, authLoading } = useBetterAuth();
   const navigate = useNavigate();
   const isOnline = useOnlineStatus();
 
@@ -44,8 +44,8 @@ export default function Navbar(props) {
   const handleSignOut = async () => {
     try {
       await signout();
-      // Use replace: true to avoid back button issues
-      navigate('/signin', { replace: true });
+      // Navigate to dashboard (public home) after sign out
+      navigate('/dashboard', { replace: true });
     } catch (error) {
       console.error('Sign out failed:', error);
     }
@@ -92,10 +92,10 @@ export default function Navbar(props) {
 
       <div class='text-2xs flex items-center space-x-4 sm:text-xs'>
         <A
-          href='/projects'
+          href='/dashboard'
           class='flex h-9 items-center rounded px-2 font-medium transition hover:bg-blue-600'
         >
-          Projects
+          Dashboard
         </A>
         <Show
           when={user() || (authLoading() && isLikelyLoggedIn)}
diff --git a/packages/web/src/components/checklist/ChecklistYjsWrapper.jsx b/packages/web/src/components/checklist/ChecklistYjsWrapper.jsx
index 00b16eb0e..a62d024e9 100644
--- a/packages/web/src/components/checklist/ChecklistYjsWrapper.jsx
+++ b/packages/web/src/components/checklist/ChecklistYjsWrapper.jsx
@@ -62,7 +62,7 @@ export default function ChecklistYjsWrapper() {
     const state = connectionState();
     if (state.error && ACCESS_DENIED_ERRORS.includes(state.error)) {
       showToast.error('Access Denied', state.error);
-      navigate('/projects', { replace: true });
+      navigate('/dashboard', { replace: true });
     }
   });
 
diff --git a/packages/web/src/components/checklist/compare/ReconciliationWrapper.jsx b/packages/web/src/components/checklist/compare/ReconciliationWrapper.jsx
index d28cb205c..f37020032 100644
--- a/packages/web/src/components/checklist/compare/ReconciliationWrapper.jsx
+++ b/packages/web/src/components/checklist/compare/ReconciliationWrapper.jsx
@@ -61,7 +61,7 @@ export default function ReconciliationWrapper() {
     const state = connectionState();
     if (state.error && ACCESS_DENIED_ERRORS.includes(state.error)) {
       showToast.error('Access Denied', state.error);
-      navigate('/projects', { replace: true });
+      navigate('/dashboard', { replace: true });
     }
   });
 
diff --git a/packages/web/src/components/project/MyProjectsPage.jsx b/packages/web/src/components/project/MyProjectsPage.jsx
deleted file mode 100644
index 5b48f048c..000000000
--- a/packages/web/src/components/project/MyProjectsPage.jsx
+++ /dev/null
@@ -1,256 +0,0 @@
-/**
- * MyProjectsPage - Shows all projects the user is a member of
- *
- * Displays projects grid and create project functionality.
- */
-
-import { createSignal, Show, For } from 'solid-js';
-import { useNavigate } from '@solidjs/router';
-import { useMyProjectsList } from '@primitives/useMyProjectsList.js';
-import { useBetterAuth } from '@api/better-auth-store.js';
-import { useSubscription } from '@primitives/useSubscription.js';
-import { useQueryClient } from '@tanstack/solid-query';
-import { useConfirmDialog, showToast } from '@corates/ui';
-import { API_BASE } from '@config/api.js';
-import { queryKeys } from '@lib/queryKeys.js';
-import { isUnlimitedQuota } from '@corates/shared/plans';
-import ProjectCard from '@/components/project/ProjectCard.jsx';
-import CreateProjectForm from '@/components/project/CreateProjectForm.jsx';
-import ContactPrompt from '@/components/project/ContactPrompt.jsx';
-import LocalAppraisalsPanel from '@/components/checklist/LocalAppraisalsPanel.jsx';
-import projectStore from '@/stores/projectStore.js';
-
-export default function MyProjectsPage() {
-  const navigate = useNavigate();
-  const queryClient = useQueryClient();
-  const confirmDialog = useConfirmDialog();
-  const { isOnline } = useBetterAuth();
-
-  // Projects for current user
-  const projectListQuery = useMyProjectsList();
-  const projects = () => projectListQuery.projects();
-  const projectCount = () => projects()?.length || 0;
-
-  // Subscription/quota checks
-  const {
-    hasEntitlement,
-    hasQuota,
-    quotas,
-    loading: subscriptionLoading,
-    subscriptionFetchFailed,
-    refetch: refetchSubscription,
-  } = useSubscription();
-
-  const [showCreateForm, setShowCreateForm] = createSignal(false);
-
-  // Check both entitlement and quota
-  const canCreateProject = () => {
-    if (subscriptionLoading()) return null;
-    return (
-      hasEntitlement('project.create') &&
-      hasQuota('projects.max', { used: projectCount(), requested: 1 })
-    );
-  };
-
-  const restrictionType = () => {
-    if (subscriptionLoading()) return null;
-    return !hasEntitlement('project.create') ? 'entitlement' : 'quota';
-  };
-
-  const quotaLimit = () => {
-    const limit = quotas()['projects.max'];
-    return isUnlimitedQuota(limit) ? -1 : limit;
-  };
-
-  // Handle project creation
-  const handleProjectCreated = (
-    newProject,
-    pendingPdfs = [],
-    pendingRefs = [],
-    driveFiles = [],
-  ) => {
-    // Invalidate project list
-    queryClient.invalidateQueries({ queryKey: queryKeys.projects.all });
-
-    // Store pending data for the project view
-    if (pendingPdfs.length > 0 || pendingRefs.length > 0 || driveFiles.length > 0) {
-      projectStore.setPendingProjectData(newProject.id, { pendingPdfs, pendingRefs, driveFiles });
-    }
-
-    setShowCreateForm(false);
-    navigate(`/projects/${newProject.id}`);
-  };
-
-  // Open a project
-  const openProject = projectId => {
-    navigate(`/projects/${projectId}`);
-  };
-
-  // Delete a project
-  const handleDeleteProject = async targetProjectId => {
-    const confirmed = await confirmDialog.open({
-      title: 'Delete Project',
-      description:
-        'Are you sure you want to delete this entire project? This action cannot be undone.',
-      confirmText: 'Delete Project',
-      variant: 'danger',
-    });
-    if (!confirmed) return;
-
-    // Find the project to get its orgId
-    const project = projects()?.find(p => p.id === targetProjectId);
-    if (!project?.orgId) {
-      showToast.error('Error', 'Unable to find project organization');
-      return;
-    }
-
-    try {
-      const response = await fetch(
-        `${API_BASE}/api/orgs/${project.orgId}/projects/${targetProjectId}`,
-        {
-          method: 'DELETE',
-          credentials: 'include',
-        },
-      );
-      if (!response.ok) {
-        const data = await response.json().catch(() => ({}));
-        throw new Error(data.error || 'Failed to delete project');
-      }
-
-      queryClient.invalidateQueries({ queryKey: queryKeys.projects.all });
-      showToast.success('Project Deleted', 'The project has been deleted successfully');
-    } catch (err) {
-      const { handleError } = await import('@/lib/error-utils.js');
-      await handleError(err, { toastTitle: 'Delete Failed' });
-    }
-  };
-
-  // Loading state
-  const isLoading = () => projectListQuery.isLoading();
-
-  return (
-    <div class='p-6'>
-      <div class='mx-auto max-w-7xl space-y-6'>
-        {/* Header */}
-        <div class='flex flex-wrap items-center justify-between gap-4'>
-          <div>
-            <h1 class='text-2xl font-bold text-gray-900'>Projects</h1>
-            <p class='mt-1 text-gray-500'>Manage your research projects</p>
-          </div>
-
-          {/* Create button or quota prompt */}
-          <Show
-            when={canCreateProject() !== null}
-            fallback={<div class='h-10 w-32 animate-pulse rounded-lg bg-gray-200' />}
-          >
-            <Show
-              when={canCreateProject()}
-              fallback={
-                <div class='max-w-sm'>
-                  <ContactPrompt
-                    restrictionType={restrictionType()}
-                    projectCount={projectCount()}
-                    quotaLimit={quotaLimit()}
-                  />
-                </div>
-              }
-            >
-              <button
-                class='inline-flex transform items-center gap-2 rounded-lg bg-blue-600 px-4 py-2 font-medium text-white shadow-md transition-all duration-200 hover:scale-[1.02] hover:bg-blue-700 hover:shadow-lg focus:ring-2 focus:ring-blue-500 focus:outline-none disabled:cursor-not-allowed disabled:opacity-50 disabled:hover:scale-100'
-                onClick={() => setShowCreateForm(!showCreateForm())}
-                disabled={!isOnline()}
-                title={!isOnline() ? 'Cannot create projects while offline' : ''}
-              >
-                <span class='text-lg'>+</span>
-                New Project
-              </button>
-            </Show>
-          </Show>
-        </div>
-
-        {/* Subscription fetch error banner */}
-        <Show when={subscriptionFetchFailed()}>
-          <div class='flex items-center justify-between rounded-lg border border-amber-200 bg-amber-50 p-4 text-amber-800'>
-            <div>
-              <span class='font-medium'>Unable to verify subscription.</span>{' '}
-              <span class='text-amber-700'>Some features may be restricted.</span>
-            </div>
-            <button
-              onClick={() => refetchSubscription()}
-              class='rounded bg-amber-600 px-3 py-1.5 text-sm font-medium text-white hover:bg-amber-700'
-            >
-              Retry
-            </button>
-          </div>
-        </Show>
-
-        {/* Project list error display */}
-        <Show when={projectListQuery.isError()}>
-          <div class='rounded-lg border border-red-200 bg-red-50 p-4 text-red-700'>
-            {projectListQuery.error()?.message || 'An error occurred'}
-            <button onClick={() => projectListQuery.refetch()} class='ml-2 underline'>
-              Retry
-            </button>
-          </div>
-        </Show>
-
-        {/* Create Project Form */}
-        <Show when={showCreateForm()}>
-          <CreateProjectForm
-            apiBase={API_BASE}
-            onProjectCreated={handleProjectCreated}
-            onCancel={() => setShowCreateForm(false)}
-          />
-        </Show>
-
-        {/* Projects Grid */}
-        <div class='grid gap-4 md:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4'>
-          <Show
-            when={projects()?.length > 0}
-            fallback={
-              <Show when={!isLoading()}>
-                <div class='col-span-full rounded-lg border-2 border-dashed border-gray-300 bg-white px-6 py-12'>
-                  <div class='text-center text-gray-500'>No projects yet</div>
-                  <Show when={canCreateProject()}>
-                    <div class='flex justify-center'>
-                      <button
-                        onClick={() => setShowCreateForm(true)}
-                        class='mt-4 font-medium text-blue-600 hover:text-blue-700'
-                      >
-                        Create your first project
-                      </button>
-                    </div>
-                  </Show>
-                </div>
-              </Show>
-            }
-          >
-            <For each={projects()}>
-              {project => (
-                <ProjectCard
-                  project={project}
-                  onOpen={openProject}
-                  onDelete={handleDeleteProject}
-                />
-              )}
-            </For>
-          </Show>
-
-          {/* Loading state */}
-          <Show when={isLoading()}>
-            <div class='col-span-full py-12 text-center'>
-              <div class='text-gray-400'>Loading projects...</div>
-            </div>
-          </Show>
-        </div>
-
-        {/* Local Appraisals Section */}
-        <div class='mt-10 border-t border-gray-200 pt-8'>
-          <LocalAppraisalsPanel showHeader={true} showSignInPrompt={false} />
-        </div>
-      </div>
-
-      <confirmDialog.ConfirmDialogComponent />
-    </div>
-  );
-}
diff --git a/packages/web/src/components/project/ProjectView.jsx b/packages/web/src/components/project/ProjectView.jsx
index d8776aac0..9255cea49 100644
--- a/packages/web/src/components/project/ProjectView.jsx
+++ b/packages/web/src/components/project/ProjectView.jsx
@@ -75,7 +75,7 @@ export default function ProjectView() {
     const state = connectionState();
     if (state.error && ACCESS_DENIED_ERRORS.includes(state.error)) {
       showToast.error('Access Denied', state.error);
-      navigate('/projects', { replace: true });
+      navigate('/dashboard', { replace: true });
     }
   });
 
@@ -270,7 +270,7 @@ export default function ProjectView() {
   };
 
   // Build back navigation path
-  const backPath = () => '/projects';
+  const backPath = () => '/dashboard';
 
   return (
     <div class='mx-auto max-w-7xl p-6 pt-4'>
diff --git a/packages/web/src/components/project/ProjectsPanel.jsx b/packages/web/src/components/project/ProjectsPanel.jsx
new file mode 100644
index 000000000..4039d7775
--- /dev/null
+++ b/packages/web/src/components/project/ProjectsPanel.jsx
@@ -0,0 +1,250 @@
+/**
+ * ProjectsPanel - Reusable projects list UI component
+ *
+ * Can be embedded in dashboard or used standalone.
+ * Shows projects grid, create project functionality, and subscription/quota handling.
+ */
+
+import { createSignal, Show, For } from 'solid-js';
+import { useNavigate } from '@solidjs/router';
+import { useMyProjectsList } from '@primitives/useMyProjectsList.js';
+import { useBetterAuth } from '@api/better-auth-store.js';
+import { useSubscription } from '@primitives/useSubscription.js';
+import { useQueryClient } from '@tanstack/solid-query';
+import { useConfirmDialog, showToast } from '@corates/ui';
+import { API_BASE } from '@config/api.js';
+import { queryKeys } from '@lib/queryKeys.js';
+import { isUnlimitedQuota } from '@corates/shared/plans';
+import ProjectCard from '@/components/project/ProjectCard.jsx';
+import CreateProjectForm from '@/components/project/CreateProjectForm.jsx';
+import ContactPrompt from '@/components/project/ContactPrompt.jsx';
+import projectStore from '@/stores/projectStore.js';
+
+export default function ProjectsPanel() {
+  const navigate = useNavigate();
+  const queryClient = useQueryClient();
+  const confirmDialog = useConfirmDialog();
+  const { isOnline } = useBetterAuth();
+
+  // Projects for current user
+  const projectListQuery = useMyProjectsList();
+  const projects = () => projectListQuery.projects();
+  const projectCount = () => projects()?.length || 0;
+
+  // Subscription/quota checks
+  const {
+    hasEntitlement,
+    hasQuota,
+    quotas,
+    loading: subscriptionLoading,
+    subscriptionFetchFailed,
+    refetch: refetchSubscription,
+  } = useSubscription();
+
+  const [showCreateForm, setShowCreateForm] = createSignal(false);
+
+  // Check both entitlement and quota
+  const canCreateProject = () => {
+    if (subscriptionLoading()) return null;
+    return (
+      hasEntitlement('project.create') &&
+      hasQuota('projects.max', { used: projectCount(), requested: 1 })
+    );
+  };
+
+  const restrictionType = () => {
+    if (subscriptionLoading()) return null;
+    return !hasEntitlement('project.create') ? 'entitlement' : 'quota';
+  };
+
+  const quotaLimit = () => {
+    const limit = quotas()['projects.max'];
+    return isUnlimitedQuota(limit) ? -1 : limit;
+  };
+
+  // Handle project creation
+  const handleProjectCreated = (
+    newProject,
+    pendingPdfs = [],
+    pendingRefs = [],
+    driveFiles = [],
+  ) => {
+    // Invalidate project list
+    queryClient.invalidateQueries({ queryKey: queryKeys.projects.all });
+
+    // Store pending data for the project view
+    if (pendingPdfs.length > 0 || pendingRefs.length > 0 || driveFiles.length > 0) {
+      projectStore.setPendingProjectData(newProject.id, { pendingPdfs, pendingRefs, driveFiles });
+    }
+
+    setShowCreateForm(false);
+    navigate(`/projects/${newProject.id}`);
+  };
+
+  // Open a project
+  const openProject = projectId => {
+    navigate(`/projects/${projectId}`);
+  };
+
+  // Delete a project
+  const handleDeleteProject = async targetProjectId => {
+    const confirmed = await confirmDialog.open({
+      title: 'Delete Project',
+      description:
+        'Are you sure you want to delete this entire project? This action cannot be undone.',
+      confirmText: 'Delete Project',
+      variant: 'danger',
+    });
+    if (!confirmed) return;
+
+    // Find the project to get its orgId
+    const project = projects()?.find(p => p.id === targetProjectId);
+    if (!project?.orgId) {
+      showToast.error('Error', 'Unable to find project organization');
+      return;
+    }
+
+    try {
+      const response = await fetch(
+        `${API_BASE}/api/orgs/${project.orgId}/projects/${targetProjectId}`,
+        {
+          method: 'DELETE',
+          credentials: 'include',
+        },
+      );
+      if (!response.ok) {
+        const data = await response.json().catch(() => ({}));
+        throw new Error(data.error || 'Failed to delete project');
+      }
+
+      queryClient.invalidateQueries({ queryKey: queryKeys.projects.all });
+      showToast.success('Project Deleted', 'The project has been deleted successfully');
+    } catch (err) {
+      const { handleError } = await import('@/lib/error-utils.js');
+      await handleError(err, { toastTitle: 'Delete Failed' });
+    }
+  };
+
+  // Loading state - only true when there's no data yet (initial load)
+  const isLoading = () => projectListQuery.isInitialLoading();
+  const hasData = () => projects()?.length > 0;
+
+  return (
+    <div class='space-y-6'>
+      {/* Header */}
+      <div class='flex flex-wrap items-center justify-between gap-4'>
+        <div>
+          <h1 class='text-2xl font-bold text-gray-900'>Projects</h1>
+          <p class='mt-1 text-gray-500'>Manage your research projects</p>
+        </div>
+
+        {/* Create button or quota prompt */}
+        <Show
+          when={canCreateProject() !== null}
+          fallback={<div class='h-10 w-32 animate-pulse rounded-lg bg-gray-200' />}
+        >
+          <Show
+            when={canCreateProject()}
+            fallback={
+              <div class='max-w-sm'>
+                <ContactPrompt
+                  restrictionType={restrictionType()}
+                  projectCount={projectCount()}
+                  quotaLimit={quotaLimit()}
+                />
+              </div>
+            }
+          >
+            <button
+              class='inline-flex transform items-center gap-2 rounded-lg bg-blue-600 px-4 py-2 font-medium text-white shadow-md transition-all duration-200 hover:scale-[1.02] hover:bg-blue-700 hover:shadow-lg focus:ring-2 focus:ring-blue-500 focus:outline-none disabled:cursor-not-allowed disabled:opacity-50 disabled:hover:scale-100'
+              onClick={() => setShowCreateForm(!showCreateForm())}
+              disabled={!isOnline()}
+              title={!isOnline() ? 'Cannot create projects while offline' : ''}
+            >
+              <span class='text-lg'>+</span>
+              New Project
+            </button>
+          </Show>
+        </Show>
+      </div>
+
+      {/* Subscription fetch error banner */}
+      <Show when={subscriptionFetchFailed()}>
+        <div class='flex items-center justify-between rounded-lg border border-amber-200 bg-amber-50 p-4 text-amber-800'>
+          <div>
+            <span class='font-medium'>Unable to verify subscription.</span>{' '}
+            <span class='text-amber-700'>Some features may be restricted.</span>
+          </div>
+          <button
+            onClick={() => refetchSubscription()}
+            class='rounded bg-amber-600 px-3 py-1.5 text-sm font-medium text-white hover:bg-amber-700'
+          >
+            Retry
+          </button>
+        </div>
+      </Show>
+
+      {/* Project list error display */}
+      <Show when={projectListQuery.isError()}>
+        <div class='rounded-lg border border-red-200 bg-red-50 p-4 text-red-700'>
+          {projectListQuery.error()?.message || 'An error occurred'}
+          <button onClick={() => projectListQuery.refetch()} class='ml-2 underline'>
+            Retry
+          </button>
+        </div>
+      </Show>
+
+      {/* Create Project Form */}
+      <Show when={showCreateForm()}>
+        <CreateProjectForm
+          apiBase={API_BASE}
+          onProjectCreated={handleProjectCreated}
+          onCancel={() => setShowCreateForm(false)}
+        />
+      </Show>
+
+      {/* Projects Grid */}
+      <div class='grid gap-4 md:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4'>
+        <Show
+          when={hasData()}
+          fallback={
+            <Show when={!isLoading()}>
+              <div class='col-span-full rounded-lg border-2 border-dashed border-gray-300 bg-white px-6 py-12'>
+                <div class='text-center text-gray-500'>No projects yet</div>
+                <Show when={canCreateProject()}>
+                  <div class='flex justify-center'>
+                    <button
+                      onClick={() => setShowCreateForm(true)}
+                      class='mt-4 font-medium text-blue-600 hover:text-blue-700'
+                    >
+                      Create your first project
+                    </button>
+                  </div>
+                </Show>
+              </div>
+            </Show>
+          }
+        >
+          <For each={projects()}>
+            {project => (
+              <ProjectCard
+                project={project}
+                onOpen={openProject}
+                onDelete={handleDeleteProject}
+              />
+            )}
+          </For>
+        </Show>
+
+        {/* Loading state - only show when there's no existing data */}
+        <Show when={isLoading() && !hasData()}>
+          <div class='col-span-full py-12 text-center'>
+            <div class='text-gray-400'>Loading projects...</div>
+          </div>
+        </Show>
+      </div>
+
+      <confirmDialog.ConfirmDialogComponent />
+    </div>
+  );
+}
diff --git a/packages/web/src/components/project/overview-tab/OverviewTab.jsx b/packages/web/src/components/project/overview-tab/OverviewTab.jsx
index 896a19422..cbe1e571b 100644
--- a/packages/web/src/components/project/overview-tab/OverviewTab.jsx
+++ b/packages/web/src/components/project/overview-tab/OverviewTab.jsx
@@ -139,7 +139,7 @@ export default function OverviewTab() {
     try {
       const result = await projectActionsStore.member.remove(memberId);
       if (result.isSelf) {
-        navigate('/projects', { replace: true });
+        navigate('/dashboard', { replace: true });
         showToast.success('Left Project', 'You have left the project');
       } else {
         showToast.success('Member Removed', `${memberName} has been removed from the project`);
diff --git a/packages/web/src/components/sidebar/Sidebar.jsx b/packages/web/src/components/sidebar/Sidebar.jsx
index 544928af0..b5dfca89e 100644
--- a/packages/web/src/components/sidebar/Sidebar.jsx
+++ b/packages/web/src/components/sidebar/Sidebar.jsx
@@ -109,7 +109,7 @@ export default function Sidebar(props) {
   const isCurrentPath = path => location.pathname === path;
 
   // Build projects path
-  const getProjectsPath = () => '/projects';
+  const getProjectsPath = () => '/dashboard';
 
   // Get a label for a recent item based on its type and available data
   const getRecentItemLabel = item => {
diff --git a/packages/web/src/primitives/useMyProjectsList.js b/packages/web/src/primitives/useMyProjectsList.js
index 9884b9080..47644fff9 100644
--- a/packages/web/src/primitives/useMyProjectsList.js
+++ b/packages/web/src/primitives/useMyProjectsList.js
@@ -53,6 +53,7 @@ export function useMyProjectsList(options = {}) {
   return {
     projects: () => query.data || [],
     isLoading: () => query.isLoading || query.isFetching,
+    isInitialLoading: () => query.isLoading && !query.data,
     isError: () => query.isError,
     error: () => query.error,
     refetch: () => query.refetch(),
diff --git a/packages/web/src/primitives/useOrgProjectList.js b/packages/web/src/primitives/useOrgProjectList.js
index 65ecae6a0..efa5439a1 100644
--- a/packages/web/src/primitives/useOrgProjectList.js
+++ b/packages/web/src/primitives/useOrgProjectList.js
@@ -56,6 +56,7 @@ export function useOrgProjectList(orgId, options = {}) {
   return {
     projects: () => query.data || [],
     isLoading: () => query.isLoading || query.isFetching,
+    isInitialLoading: () => query.isLoading && !query.data,
     isError: () => query.isError,
     error: () => query.error,
     refetch: () => query.refetch(),
diff --git a/packages/web/src/primitives/useRecentsNav.js b/packages/web/src/primitives/useRecentsNav.js
index 671970a52..78fb7331a 100644
--- a/packages/web/src/primitives/useRecentsNav.js
+++ b/packages/web/src/primitives/useRecentsNav.js
@@ -94,7 +94,7 @@ function parsePathToRecentItem(path) {
   // Legacy: Match old org-scoped paths for backward compatibility
   const legacyProjectMatch = path.match(/^\/orgs\/([^/]+)\/projects\/([^/]+)/);
   if (legacyProjectMatch) {
-    const [, orgSlug, projectId] = legacyProjectMatch;
+    const [, _orgSlug, projectId] = legacyProjectMatch;
     // Check if it's a study page: /orgs/:slug/projects/:projectId/studies/:studyId
     const studyMatch = path.match(/^\/orgs\/([^/]+)\/projects\/([^/]+)\/studies\/([^/]+)/);
     if (studyMatch) {

From 3e42c23535074799abb3df7f367999f673d8278e Mon Sep 17 00:00:00 2001
From: GitHub Actions <actions@github.com>
Date: Thu, 1 Jan 2026 21:18:59 +0000
Subject: [PATCH 09/10] Apply Prettier formatting

---
 packages/web/src/components/project/ProjectsPanel.jsx | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/packages/web/src/components/project/ProjectsPanel.jsx b/packages/web/src/components/project/ProjectsPanel.jsx
index 4039d7775..394d00562 100644
--- a/packages/web/src/components/project/ProjectsPanel.jsx
+++ b/packages/web/src/components/project/ProjectsPanel.jsx
@@ -227,11 +227,7 @@ export default function ProjectsPanel() {
         >
           <For each={projects()}>
             {project => (
-              <ProjectCard
-                project={project}
-                onOpen={openProject}
-                onDelete={handleDeleteProject}
-              />
+              <ProjectCard project={project} onOpen={openProject} onDelete={handleDeleteProject} />
             )}
           </For>
         </Show>

From 7d0d3af3e5115bd0b330fd32f18ea010837ceda5 Mon Sep 17 00:00:00 2001
From: Jacob Maynard <jacobamaynard@proton.me>
Date: Thu, 1 Jan 2026 17:17:15 -0600
Subject: [PATCH 10/10] improve project membership notifications

---
 packages/web/src/Layout.jsx                   |  6 ++-
 .../useMembershipSync.js}                     | 42 ++++++++-----------
 .../web/src/primitives/useNotifications.js    |  6 +--
 3 files changed, 24 insertions(+), 30 deletions(-)
 rename packages/web/src/{components/RealtimeMembershipSync.jsx => primitives/useMembershipSync.js} (58%)

diff --git a/packages/web/src/Layout.jsx b/packages/web/src/Layout.jsx
index a1fb5c960..091cd19a4 100644
--- a/packages/web/src/Layout.jsx
+++ b/packages/web/src/Layout.jsx
@@ -4,7 +4,7 @@ import Sidebar from './components/sidebar/Sidebar.jsx';
 import { Toaster } from '@corates/ui';
 import { ImpersonationBanner } from '@/components/admin/index.js';
 import { isImpersonating } from '@/stores/adminStore.js';
-import RealtimeMembershipSync from './components/RealtimeMembershipSync.jsx';
+import { useMembershipSync } from '@/primitives/useMembershipSync.js';
 
 const SIDEBAR_MODE_KEY = 'corates-sidebar-mode';
 const SIDEBAR_WIDTH_KEY = 'corates-sidebar-width';
@@ -14,6 +14,9 @@ const MIN_SIDEBAR_WIDTH = 200;
 const MAX_SIDEBAR_WIDTH = 480;
 
 export default function MainLayout(props) {
+  // Set up real-time membership sync
+  useMembershipSync();
+
   // Desktop sidebar mode: 'expanded' or 'collapsed' (rail)
   const [desktopSidebarMode, setDesktopSidebarMode] = createSignal('collapsed');
   // Mobile sidebar open state (overlay behavior)
@@ -71,7 +74,6 @@ export default function MainLayout(props) {
         <main class='flex-1 overflow-auto text-gray-900'>{props.children}</main>
       </div>
       <Toaster />
-      <RealtimeMembershipSync />
     </div>
   );
 }
diff --git a/packages/web/src/components/RealtimeMembershipSync.jsx b/packages/web/src/primitives/useMembershipSync.js
similarity index 58%
rename from packages/web/src/components/RealtimeMembershipSync.jsx
rename to packages/web/src/primitives/useMembershipSync.js
index ee2d0e0a3..4c5798666 100644
--- a/packages/web/src/components/RealtimeMembershipSync.jsx
+++ b/packages/web/src/primitives/useMembershipSync.js
@@ -1,22 +1,25 @@
 /**
- * RealtimeMembershipSync - Handles real-time project membership updates via WebSocket
+ * useMembershipSync primitive - Handles real-time project membership updates via WebSocket
  * Invalidates TanStack Query cache when membership changes occur
  */
 
-import { createEffect, onCleanup, Show } from 'solid-js';
+import { createEffect, onCleanup } from 'solid-js';
 import { useBetterAuth } from '@api/better-auth-store.js';
-import { useNotifications } from '@/primitives/useNotifications.js';
+import { useNotifications } from './useNotifications.js';
 import { queryClient } from '@lib/queryClient.js';
 import { queryKeys } from '@lib/queryKeys.js';
 
 /**
- * Internal component that handles notifications for a specific userId
- * This is recreated when userId changes, ensuring the hook uses the correct userId
+ * Sets up real-time membership sync for the current user
+ * Invalidates project queries when membership changes occur
  */
-function MembershipSyncForUser(props) {
+export function useMembershipSync() {
+  const { user, isLoggedIn } = useBetterAuth();
+
   // Create notification handler that invalidates queries
   const handleNotification = notification => {
     const notificationType = notification.type;
+    const userId = user()?.id;
 
     // Handle project membership change events
     if (
@@ -28,9 +31,9 @@ function MembershipSyncForUser(props) {
       queryClient.invalidateQueries({ queryKey: queryKeys.projects.all });
 
       // Also invalidate legacy query keys for backward compatibility
-      if (props.userId) {
+      if (userId) {
         queryClient.invalidateQueries({
-          queryKey: queryKeys.projects.list(props.userId),
+          queryKey: queryKeys.projects.list(userId),
         });
       }
 
@@ -43,14 +46,17 @@ function MembershipSyncForUser(props) {
     }
   };
 
-  const notifications = useNotifications(props.userId, {
+  const notifications = useNotifications(() => user()?.id, {
     onNotification: handleNotification,
   });
 
-  // Connect when component mounts
+  // Handle connection lifecycle reactively when user ID changes
   createEffect(() => {
-    if (props.userId) {
+    const userId = user()?.id;
+    if (isLoggedIn() && userId) {
       notifications.connect();
+    } else {
+      notifications.disconnect();
     }
   });
 
@@ -58,18 +64,4 @@ function MembershipSyncForUser(props) {
   onCleanup(() => {
     notifications.disconnect();
   });
-
-  return null;
-}
-
-export default function RealtimeMembershipSync() {
-  const { user, isLoggedIn } = useBetterAuth();
-
-  // This component recreates MembershipSyncForUser when userId changes
-  // This ensures useNotifications is called with the correct userId
-  return (
-    <Show when={isLoggedIn() && user()?.id}>
-      {userId => <MembershipSyncForUser userId={userId()} key={userId()} />}
-    </Show>
-  );
 }
diff --git a/packages/web/src/primitives/useNotifications.js b/packages/web/src/primitives/useNotifications.js
index 6af44b067..cbab28612 100644
--- a/packages/web/src/primitives/useNotifications.js
+++ b/packages/web/src/primitives/useNotifications.js
@@ -7,7 +7,7 @@ import { API_BASE } from '@config/api.js';
 
 /**
  * Hook to connect to the user's notification WebSocket
- * @param {string} userId - The user ID to connect notifications for
+ * @param {Function} userId - The user ID to connect notifications for
  * @param {Object} options - Configuration options
  * @param {Function} options.onNotification - Callback when a notification is received
  * @returns {Object} Connection state and notifications
@@ -26,7 +26,7 @@ export function useNotifications(userId, options = {}) {
   let shouldConnect = false;
 
   function connect() {
-    if (ws || !userId) return;
+    if (ws || !userId()) return;
 
     // Don't attempt connection when offline
     if (!navigator.onLine) {
@@ -38,7 +38,7 @@ export function useNotifications(userId, options = {}) {
     // Build WebSocket URL
     const wsProtocol = API_BASE.startsWith('https') ? 'wss' : 'ws';
     const wsHost = API_BASE.replace(/^https?:\/\//, '');
-    const wsUrl = `${wsProtocol}://${wsHost}/api/sessions/${userId}`;
+    const wsUrl = `${wsProtocol}://${wsHost}/api/sessions/${userId()}`;
 
     ws = new WebSocket(wsUrl);