different-ai · benjaminshafii · May 29, 2026 · May 29, 2026 · May 29, 2026 · May 29, 2026
diff --git a/ee/apps/den-api/src/env.ts b/ee/apps/den-api/src/env.ts
@@ -97,8 +97,13 @@ const EnvSchema = z.object({
   STRIPE_SECRET_KEY: z.string().optional(),
   STRIPE_WEBHOOK_SECRET: z.string().optional(),
   STRIPE_INFERENCE_PRICE_ID: z.string().optional(),
+  STRIPE_ORG_SEATS_PRICE_ID: z.string().optional(),
   STRIPE_BILLING_SUCCESS_URL: z.string().optional(),
   STRIPE_BILLING_CANCEL_URL: z.string().optional(),
+  OPENWORK_BILLING_PROVIDER: z.enum(["disabled", "simulated", "stripe"]).optional(),
+  FEATURE_BILLING_ORG_SEATS: z.string().optional(),
+  FEATURE_BILLING_INFERENCE: z.string().optional(),
+  FEATURE_BILLING_ENFORCEMENT: z.string().optional(),
 }).superRefine((value, ctx) => {
   const inferredMode = value.DB_MODE ?? (value.DATABASE_URL ? "mysql" : "planetscale")
 
@@ -152,6 +157,12 @@ const betterAuthTrustedOrigins = splitCsv(parsed.DEN_BETTER_AUTH_TRUSTED_ORIGINS
 const polarFeatureGateEnabled =
   (parsed.POLAR_FEATURE_GATE_ENABLED ?? "false").toLowerCase() === "true"
 
+function envFlag(value: string | undefined, defaultValue: boolean) {
+  const normalized = value?.trim().toLowerCase()
+  if (!normalized) return defaultValue
+  return normalized === "1" || normalized === "true" || normalized === "yes" || normalized === "on"
+}
+
 const devMode = (parsed.OPENWORK_DEV_MODE ?? "0").trim() === "1"
 const port = Number(parsed.PORT ?? "8790")
 
@@ -224,9 +235,14 @@ export const env = {
   openRouterManagementApiKey: optionalString(parsed.OPENROUTER_MANAGEMENT_API_KEY),
   openRouterWorkspaceId: optionalString(parsed.OPENROUTER_WORKSPACE_ID),
   stripe: {
+    billingProvider: parsed.OPENWORK_BILLING_PROVIDER ?? "stripe",
+    orgSeatsEnabled: envFlag(parsed.FEATURE_BILLING_ORG_SEATS, false),
+    inferenceEnabled: envFlag(parsed.FEATURE_BILLING_INFERENCE, true),
+    enforcementEnabled: envFlag(parsed.FEATURE_BILLING_ENFORCEMENT, false),
     secretKey: optionalString(parsed.STRIPE_SECRET_KEY),
     webhookSecret: optionalString(parsed.STRIPE_WEBHOOK_SECRET),
     inferencePriceId: optionalString(parsed.STRIPE_INFERENCE_PRICE_ID),
+    orgSeatsPriceId: optionalString(parsed.STRIPE_ORG_SEATS_PRICE_ID),
     billingSuccessUrl: optionalString(parsed.STRIPE_BILLING_SUCCESS_URL),
     billingCancelUrl: optionalString(parsed.STRIPE_BILLING_CANCEL_URL),
   },

diff --git a/ee/apps/den-api/src/orgs.ts b/ee/apps/den-api/src/orgs.ts
@@ -12,6 +12,7 @@ import {
 import { createDenTypeId, normalizeDenTypeId } from "@openwork-ee/utils/typeid"
 import { db } from "./db.js"
 import { runPostOrganizationMemberChangeHooks } from "./organization-member-hooks.js"
+import { getOrgSeatEntitlement } from "./stripe-billing.js"
 import { DEFAULT_ORGANIZATION_LIMITS, normalizeOrganizationMetadata, serializeOrganizationMetadata } from "./organization-limits.js"
 import { denDefaultDynamicOrganizationRoles, denOrganizationStaticRoles } from "./organization-access.js"
 import { ensureDefaultDesktopPolicyForOrganization } from "./desktop-policies.js"
@@ -432,6 +433,13 @@ async function acceptInvitation(invitation: InvitationRow, userId: UserId) {
   const existingMember = existingMemberRows[0] ?? null
   let member = existingMember
 
+  if (!member && !invitedMember) {
+    const seatEntitlement = await getOrgSeatEntitlement(invitation.organizationId)
+    if (!seatEntitlement.allowed) {
+      throw new Error("org_seat_limit_reached")
+    }
+  }
+
   if (!member && invitedMember) {
     await db
       .update(MemberTable)

diff --git a/ee/apps/den-api/src/routes/org/billing.ts b/ee/apps/den-api/src/routes/org/billing.ts
@@ -2,8 +2,8 @@ import type { Hono } from "hono"
 import { describeRoute } from "hono-openapi"
 import { z } from "zod"
 import { getCloudWorkerBillingStatus } from "../../billing/polar.js"
-import { createInferenceCheckoutSession, createInferencePortalSession, getOrgBillingSummary } from "../../stripe-billing.js"
-import { requireUserMiddleware, resolveOrganizationContextMiddleware } from "../../middleware/index.js"
+import { createInferenceCheckoutSession, createInferencePortalSession, createOrgSeatsCheckoutSession, createOrgSeatsPortalSession, getActiveMemberCountForBilling, getOrgBillingSummary, upsertSimulatedSubscription } from "../../stripe-billing.js"
+import { jsonValidator, requireUserMiddleware, resolveOrganizationContextMiddleware } from "../../middleware/index.js"
 import { forbiddenSchema, jsonResponse, unauthorizedSchema } from "../../openapi.js"
 import { getRequiredUserEmail } from "../../user.js"
 import { env } from "../../env.js"
@@ -13,6 +13,12 @@ import { ensureOwner } from "./shared.js"
 const stripeBillingResponseSchema = z.object({}).passthrough().meta({ ref: "OrgStripeBillingResponse" })
 const stripeCheckoutResponseSchema = z.object({ url: z.string() }).meta({ ref: "OrgStripeCheckoutResponse" })
 const stripePortalResponseSchema = z.object({ url: z.string() }).meta({ ref: "OrgStripePortalResponse" })
+const orgSeatsCheckoutSchema = z.object({ quantity: z.number().int().min(1).max(500) })
+const simulatedBillingUpdateSchema = z.object({
+  product: z.enum(["org_seats", "inference"]),
+  quantity: z.number().int().min(1).max(500).optional(),
+  status: z.enum(["active", "trialing", "past_due", "canceled", "unpaid"]).default("active"),
+})
 
 function getRequestOrigin(c: { req: { raw: Request } }) {
   const url = new URL(c.req.raw.url)
@@ -111,6 +117,69 @@ export function registerOrgBillingRoutes<T extends { Variables: OrgRouteVariable
     },
   )
 
+  app.post(
+    "/v1/billing/inference/checkout",
+    requireUserMiddleware,
+    resolveOrganizationContextMiddleware,
+    async (c) => {
+      const permission = ensureOwner(c)
+      if (!permission.ok) return c.json(permission.response, 403)
+      const user = c.get("user")
+      const email = getRequiredUserEmail(user)
+      if (!email) return c.json({ error: "user_email_required" }, 400)
+      const payload = c.get("organizationContext")
+      if (!env.stripe.inferenceEnabled) return c.json({ error: "billing_product_disabled" }, 404)
+      if (env.stripe.billingProvider === "simulated") {
+        await upsertSimulatedSubscription({ organizationId: payload.organization.id, orgMemberId: payload.currentMember.id, product: "inference", quantity: 1, status: "active" })
+        return c.json({ url: billingReturnUrl(c) })
+      }
+      const session = await createInferenceCheckoutSession({
+        organizationId: payload.organization.id,
+        orgMemberId: payload.currentMember.id,
+        email,
+        name: user.name ?? email,
+        successUrl: checkoutSuccessUrl(c),
+        cancelUrl: checkoutCancelUrl(c),
+      })
+      return c.json({ url: session.url })
+    },
+  )
+
+  app.post(
+    "/v1/billing/org-seats/checkout",
+    requireUserMiddleware,
+    resolveOrganizationContextMiddleware,
+    jsonValidator(orgSeatsCheckoutSchema),
+    async (c) => {
+      const permission = ensureOwner(c)
+      if (!permission.ok) return c.json(permission.response, 403)
+      const user = c.get("user")
+      const email = getRequiredUserEmail(user)
+      if (!email) return c.json({ error: "user_email_required" }, 400)
+      const payload = c.get("organizationContext")
+      if (!env.stripe.orgSeatsEnabled) return c.json({ error: "billing_product_disabled" }, 404)
+      const input = c.req.valid("json")
+      const activeMembers = await getActiveMemberCountForBilling(payload.organization.id)
+      if (input.quantity < activeMembers) {
+        return c.json({ error: "quantity_below_active_members", activeMembers, message: `Choose at least ${activeMembers} seats for the active members in this organization.` }, 400)
+      }
+      if (env.stripe.billingProvider === "simulated") {
+        await upsertSimulatedSubscription({ organizationId: payload.organization.id, orgMemberId: payload.currentMember.id, product: "org_seats", quantity: input.quantity, status: "active" })
+        return c.json({ url: billingReturnUrl(c) })
+      }
+      const session = await createOrgSeatsCheckoutSession({
+        organizationId: payload.organization.id,
+        orgMemberId: payload.currentMember.id,
+        email,
+        name: user.name ?? email,
+        quantity: input.quantity,
+        successUrl: checkoutSuccessUrl(c),
+        cancelUrl: checkoutCancelUrl(c),
+      })
+      return c.json({ url: session.url })
+    },
+  )
+
   app.post(
     "/v1/billing/stripe/portal",
     describeRoute({
@@ -138,4 +207,53 @@ export function registerOrgBillingRoutes<T extends { Variables: OrgRouteVariable
       return c.json({ url: session.url })
     },
   )
+
+  app.post(
+    "/v1/billing/inference/portal",
+    requireUserMiddleware,
+    resolveOrganizationContextMiddleware,
+    async (c) => {
+      const permission = ensureOwner(c)
+      if (!permission.ok) return c.json(permission.response, 403)
+      const payload = c.get("organizationContext")
+      if (env.stripe.billingProvider === "simulated") return c.json({ url: billingReturnUrl(c) })
+      const session = await createInferencePortalSession({ organizationId: payload.organization.id, returnUrl: billingReturnUrl(c) })
+      return c.json({ url: session.url })
+    },
+  )
+
+  app.post(
+    "/v1/billing/org-seats/portal",
+    requireUserMiddleware,
+    resolveOrganizationContextMiddleware,
+    async (c) => {
+      const permission = ensureOwner(c)
+      if (!permission.ok) return c.json(permission.response, 403)
+      const payload = c.get("organizationContext")
+      if (env.stripe.billingProvider === "simulated") return c.json({ url: billingReturnUrl(c) })
+      const session = await createOrgSeatsPortalSession({ organizationId: payload.organization.id, returnUrl: billingReturnUrl(c) })
+      return c.json({ url: session.url })
+    },
+  )
+
+  app.post(
+    "/v1/billing/simulated/subscription",
+    requireUserMiddleware,
+    resolveOrganizationContextMiddleware,
+    jsonValidator(simulatedBillingUpdateSchema),
+    async (c) => {
+      if (env.stripe.billingProvider !== "simulated") return c.json({ error: "billing_simulator_disabled" }, 404)
+      const permission = ensureOwner(c)
+      if (!permission.ok) return c.json(permission.response, 403)
+      const payload = c.get("organizationContext")
+      const input = c.req.valid("json")
+      const activeMembers = await getActiveMemberCountForBilling(payload.organization.id)
+      const quantity = input.product === "org_seats" ? input.quantity ?? activeMembers : 1
+      if (input.product === "org_seats" && quantity < activeMembers) {
+        return c.json({ error: "quantity_below_active_members", activeMembers }, 400)
+      }
+      await upsertSimulatedSubscription({ organizationId: payload.organization.id, orgMemberId: payload.currentMember.id, product: input.product, quantity, status: input.status })
+      return c.json(await getOrgBillingSummary({ organizationId: payload.organization.id, includePortalUrl: true, returnUrl: billingReturnUrl(c) }))
+    },
+  )
 }
diff --git a/ee/apps/den-api/src/routes/org/core.ts b/ee/apps/den-api/src/routes/org/core.ts
@@ -252,6 +252,12 @@ export function registerOrgCoreRoutes<T extends { Variables: OrgRouteVariables }
           allowedEmailDomains: error.allowedEmailDomains,
         }, 409)
       }
+      if (error instanceof Error && error.message === "org_seat_limit_reached") {
+        return c.json({
+          error: "org_seat_limit_reached",
+          message: "This organization has used all purchased team seats.",
+        }, 409)
+      }
       throw error
     }
 

diff --git a/ee/apps/den-api/src/routes/org/invitations.ts b/ee/apps/den-api/src/routes/org/invitations.ts
@@ -10,6 +10,7 @@ import { denTypeIdSchema, forbiddenSchema, invalidRequestSchema, jsonResponse, n
 import { getOrganizationLimitStatus } from "../../organization-limits.js"
 import { runPostOrganizationMemberChangeHooks } from "../../organization-member-hooks.js"
 import { isEmailAllowedForOrganization, listAssignableRoles, removeOrganizationMember } from "../../orgs.js"
+import { getOrgSeatEntitlement } from "../../stripe-billing.js"
 import { DenEmailSendError, sendEmail } from "../../utils/email/send-email.js"
 import type { OrgRouteVariables } from "./shared.js"
 import { buildInvitationLink, createInvitationId, createInvitationToken, ensureInviteManager, idParamSchema, normalizeRoleName } from "./shared.js"
@@ -134,6 +135,19 @@ export function registerOrgInvitationRoutes<T extends { Variables: OrgRouteVaria
           message: `This workspace currently supports up to ${memberLimit.limit} members. Contact support to increase the limit.`,
         }, 409)
       }
+
+      const seatEntitlement = await getOrgSeatEntitlement(payload.organization.id)
+      if (!seatEntitlement.allowed) {
+        return c.json({
+          error: "org_seat_limit_reached",
+          reason: seatEntitlement.reason,
+          purchasedSeats: seatEntitlement.purchasedSeats,
+          usedSeats: seatEntitlement.usedSeats,
+          message: seatEntitlement.reason === "subscription_inactive"
+            ? "Buy team seats before inviting more members."
+            : "This organization has used all purchased team seats.",
+        }, 409)
+      }
     }
 
     const expiresAt = new Date(Date.now() + 1000 * 60 * 60 * 24 * 7)