fix: harden seed script org settings upsert and P2002 error handling

[romitg2]

What does this PR do?

Fixes flaky org-admin integration tests (isAdmin, retrieveScopedAccessibleUsers, _get, _patch) that fail intermittently when the CI database is cached.

Root cause: The seed script in createOrganizationAndAddMembersAndTeams had two bugs:

1. Stale org settings on re-seed: When an organization already existed (cached DB), the function returned immediately without ensuring organizationSettings.isAdminAPIEnabled was set. This caused isAdminGuard to return false for org admins.

2. P2002 error abandoned entire org creation: If any single org member hit a unique constraint violation, the batch-level catch abandoned the entire function — meaning the org team, memberships, profiles, and settings were never created, even though some member users already existed.

Changes

scripts/seed.ts:

• Upsert organizationSettings when the org already exists, instead of silently returning
• Move P2002 error handling inside each member's callback so one member's duplicate doesn't abandon the entire org
• On P2002, recover the existing user from the DB and return it with membership metadata so downstream org setup (profiles, memberships, teams) still proceeds correctly
• Remove PII (username) from P2002 log message
• Use prisma.user.upsert for usersOutsideOrg instead of prisma.user.create to avoid P2002 there too

Test files (isAdmin.integration-test.ts, retrieveScopedAccessibleUsers.integration-test.ts):

• Remove beforeAll hooks that were workarounds for the seed script bug — the proper fix is in the seed script itself

Updates since last revision

Addressed Cubic AI review feedback (confidence ≥ 9/10):

• Violation When navigating to a calendso user that does not exist, return notFound. #2 (PII logging): Replaced Member ${member.memberData.username} already seeded, skipping with a generic "Organization member already seeded, skipping" message
• Violation Fixed some minor bugs that caused console errors #3 (incomplete org seeding): Instead of return null on P2002 (which dropped the user from org membership/profile creation), the code now fetches the existing user via prisma.user.findUnique and returns it with the membership data so downstream setup proceeds
• Violation The getIntegrations function runs repeatedly due to state polling #1 (confidence 6/10): Skipped — the existingTeam lookup is scoped by slug + parentId: null using org-specific slugs, so a collision with a non-org team is not a realistic concern in seeding

Mandatory Tasks (DO NOT REMOVE)

• I have self-reviewed the code (A decent size PR without self-review might be rejected).
• I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. N/A — seed script and test-only changes.
• I confirm automated tests are in place that prove my fix is effective or that my feature works.

How should this be tested?

The integration test suite should pass consistently on both fresh and cached CI databases:

VITEST_MODE=integration yarn test apps/api/v1/test/lib/utils/isAdmin.integration-test.ts
VITEST_MODE=integration yarn test apps/api/v1/test/lib/utils/retrieveScopedAccessibleUsers.integration-test.ts
VITEST_MODE=integration yarn test apps/api/v1/test/lib/bookings/_get.integration-test.ts
VITEST_MODE=integration yarn test "apps/api/v1/test/lib/bookings/[id]/_patch.integration-test.ts"

To reproduce the flaky state: run the seed twice (simulating a cached DB) and verify the tests still pass on the second run.

Human Review Checklist

• Verify the email_username compound unique constraint exists in the Prisma schema (used in both the usersOutsideOrg upsert and the P2002 recovery findUnique)
• Confirm orgData.organizationSettings shape is compatible with prisma.organizationSettings.upsert for both update and create fields
• Verify the P2002 recovery path: when an existing user is fetched and returned, confirm that downstream code (profile creation, membership creation, team assignment) handles it correctly — particularly that it doesn't attempt to re-create resources that already exist
• Verify removing beforeAll workarounds from test files is safe — integration tests should always run against a seeded DB

Link to Devin session: https://app.devin.ai/sessions/6be6fd80dedc4fc8891cb523d7d4ddbe

---

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR that start with 'DevinAI' or '@devin'.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 4 additional findings.

[cubic-dev-ai]

3 issues found across 3 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="scripts/seed.ts">

<violation number="1" location="scripts/seed.ts:333">
P2: The new org-settings upsert uses `existingTeam.id` without verifying `existingTeam.isOrganization`, so it can update the wrong team type on slug/root collisions.</violation>

<violation number="2" location="scripts/seed.ts:410">
P1: Custom agent: **Avoid Logging Sensitive Information**

Do not log usernames directly; this added log line exposes PII in seed/CI logs.</violation>

<violation number="3" location="scripts/seed.ts:411">
P1: Skipping P2002 members (`return null`) drops existing users from org membership/profile creation, so retries can still produce incomplete organization seeding.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[github-actions]

Devin AI is addressing Cubic AI's review feedback

A Devin session has been created to address the issues identified by Cubic AI.

View Devin Session