fix(webapp): don't cache getEntitlement fail-open fallback

ericallam · ericallam · commit 312c91be520a · 2026-04-15T16:51:36.000+01:00
Devin caught a correctness bug in the previous commit. Returning
{ hasAccess: true } from inside the SWR loader on error caused that
fail-open value to be cached for 60-120s, which could overwrite a
legitimate hasAccess: false during a transient billing outage and
grant a blocked org access for up to 120s.

Fix: catch errors inside the loader (so we don't trigger the @unkey/cache
unhandled-rejection issue during background revalidation) and return
undefined. Apply the fail-open default *outside* the SWR call so it
never becomes a cached access decision.

Trade-off: returning undefined from the loader still overwrites the
previous cached entry with an undefined value, but @unkey/cache's
swr() treats an undefined cached value as a miss and re-fetches on the
next request — so on billing recovery, the cache picks up the real
result immediately rather than serving a stale fail-open for up to
120s.
diff --git a/apps/webapp/app/services/platform.v3.server.ts b/apps/webapp/app/services/platform.v3.server.ts
@@ -536,24 +536,33 @@ export async function getEntitlement(
 ): Promise<ReportUsageResult | undefined> {
   if (!client) return undefined;
 
+  // Errors must be caught inside the loader — @unkey/cache passes the loader
+  // promise to waitUntil() with no .catch(), so an unhandled rejection during
+  // background SWR revalidation would crash the process. Returning undefined
+  // on error tells SWR not to commit a fail-open value to the cache, which
+  // prevents transient billing errors from overwriting a legitimate
+  // hasAccess: false entry. The fail-open default is applied *outside* the
+  // SWR call so it never becomes a cached access decision.
   const result = await platformCache.entitlement.swr(organizationId, async () => {
     try {
       const response = await client.getEntitlement(organizationId);
       if (!response.success) {
         logger.error("Error getting entitlement - no success", { error: response.error });
-        return {
-          hasAccess: true as const,
-        };
+        return undefined;
       }
       return response;
     } catch (e) {
       logger.error("Error getting entitlement - caught error", { error: e });
-      return {
-        hasAccess: true as const,
-      };
+      return undefined;
     }
   });
 
+  if (result.err || result.val === undefined) {
+    return {
+      hasAccess: true as const,
+    };
+  }
+
   return result.val;
 }
 
