From 5b9e70e04be8adb289db5ae59eeb7e50cd6b1eef Mon Sep 17 00:00:00 2001
From: nams1570 <amanganapathy@gmail.com>
Date: Wed, 27 May 2026 17:26:45 -0700
Subject: [PATCH 1/6] refactor/fix: checkout urls work w/o onboarding being
 complete

---
 .../purchases/create-purchase-url/route.ts    | 50 ++++++++++--------
 .../purchases/purchase-session/route.tsx      | 13 +++++
 .../payments/purchases/validate-code/route.ts |  8 +--
 .../purchases/verification-code-handler.tsx   |  6 +--
 .../(main)/purchase/[code]/page-client.tsx    | 47 ++++++++++-------
 .../src/components/payments/checkout.tsx      | 51 ++++++++++---------
 .../outdated--create-purchase-url.test.ts     |  5 +-
 .../v1/payments/create-purchase-url.test.ts   | 44 ++++++++++++++--
 docs-mintlify/openapi/admin.json              |  4 +-
 docs-mintlify/openapi/client.json             |  4 +-
 docs-mintlify/openapi/server.json             |  4 +-
 11 files changed, 153 insertions(+), 83 deletions(-)

diff --git a/apps/backend/src/app/api/latest/payments/purchases/create-purchase-url/route.ts b/apps/backend/src/app/api/latest/payments/purchases/create-purchase-url/route.ts
index 7f6f8175f1..9a0fbe53ad 100644
--- a/apps/backend/src/app/api/latest/payments/purchases/create-purchase-url/route.ts
+++ b/apps/backend/src/app/api/latest/payments/purchases/create-purchase-url/route.ts
@@ -83,7 +83,6 @@ export const POST = createSmartRouteHandler({
       });
     }
 
-    const stripe = await getStripeForAccount({ tenancy });
     const productConfig = await ensureProductIdOrInlineProduct(tenancy, req.auth.type, req.body.product_id, req.body.product_inline);
     const customerType = productConfig.customerType;
     if (req.body.customer_type !== customerType) {
@@ -103,26 +102,37 @@ export const POST = createSmartRouteHandler({
       }
     }
 
-    const stripeCustomerSearch = await stripe.customers.search({
-      query: `metadata['customerId']:'${req.body.customer_id}'`,
-    });
-    let stripeCustomer = stripeCustomerSearch.data.length ? stripeCustomerSearch.data[0] : undefined;
-    if (!stripeCustomer) {
-      stripeCustomer = await stripe.customers.create({
-        metadata: {
-          customerId: req.body.customer_id,
-          customerType: customerType === "user" ? CustomerType.USER : CustomerType.TEAM,
-        }
+    const testMode = tenancy.config.payments.testMode === true;
+    let stripeCustomerId: string | undefined;
+    let stripeAccountId: string | undefined;
+    let chargesEnabled: boolean | undefined;
+
+    if (!testMode) {
+      const stripe = await getStripeForAccount({ tenancy });
+      const stripeCustomerSearch = await stripe.customers.search({
+        query: `metadata['customerId']:'${req.body.customer_id}'`,
       });
+      let stripeCustomer = stripeCustomerSearch.data.length ? stripeCustomerSearch.data[0] : undefined;
+      if (!stripeCustomer) {
+        stripeCustomer = await stripe.customers.create({
+          metadata: {
+            customerId: req.body.customer_id,
+            customerType: customerType === "user" ? CustomerType.USER : CustomerType.TEAM,
+          }
+        });
+      }
+
+      const project = await globalPrismaClient.project.findUnique({
+        where: { id: tenancy.project.id },
+        select: { stripeAccountId: true },
+      });
+      stripeAccountId = project?.stripeAccountId ?? throwErr("Stripe account not configured");
+      const stackStripe = getStackStripe();
+      const connectedAccount = await stackStripe.accounts.retrieve(stripeAccountId);
+      stripeCustomerId = stripeCustomer.id;
+      chargesEnabled = connectedAccount.charges_enabled;
     }
 
-    const project = await globalPrismaClient.project.findUnique({
-      where: { id: tenancy.project.id },
-      select: { stripeAccountId: true },
-    });
-    const stripeAccountId = project?.stripeAccountId ?? throwErr("Stripe account not configured");
-    const stackStripe = getStackStripe();
-    const connectedAccount = await stackStripe.accounts.retrieve(stripeAccountId);
     const { code } = await purchaseUrlVerificationCodeHandler.createCode({
       tenancy,
       expiresInMs: 1000 * 60 * 60 * 24,
@@ -131,9 +141,9 @@ export const POST = createSmartRouteHandler({
         customerId: req.body.customer_id,
         productId: req.body.product_id,
         product: productConfig,
-        stripeCustomerId: stripeCustomer.id,
+        stripeCustomerId,
         stripeAccountId,
-        chargesEnabled: connectedAccount.charges_enabled,
+        chargesEnabled,
       },
       method: {},
       callbackUrl: undefined,
diff --git a/apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx b/apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx
index 478da7b6e0..17f26df9ac 100644
--- a/apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx
+++ b/apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx
@@ -64,6 +64,19 @@ export const POST = createSmartRouteHandler({
     if (tenancy.config.payments.blockNewPurchases) {
       throw new KnownErrors.NewPurchasesBlocked();
     }
+    if (!data.stripeAccountId || !data.stripeCustomerId) {
+      throw new HexclaveAssertionError(
+        "Live purchase-session called with a purchase code that has no Stripe identifiers. " +
+        "Test-mode codes should be routed to /internal/payments/test-mode-purchase-session instead.",
+        {
+          tenancyId: tenancy.id,
+          testMode: tenancy.config.payments.testMode === true,
+          customerId: data.customerId,
+          hasStripeAccountId: !!data.stripeAccountId,
+          hasStripeCustomerId: !!data.stripeCustomerId,
+        },
+      );
+    }
     const stripe = await getStripeForAccount({ accountId: data.stripeAccountId });
     const prisma = await getPrismaClientForTenancy(tenancy);
     const { selectedPrice, conflictingSubscriptions } = await validatePurchaseSession({
diff --git a/apps/backend/src/app/api/latest/payments/purchases/validate-code/route.ts b/apps/backend/src/app/api/latest/payments/purchases/validate-code/route.ts
index 3c8c4825ce..b6c7ed14bc 100644
--- a/apps/backend/src/app/api/latest/payments/purchases/validate-code/route.ts
+++ b/apps/backend/src/app/api/latest/payments/purchases/validate-code/route.ts
@@ -37,7 +37,7 @@ export const POST = createSmartRouteHandler({
     bodyType: yupString().oneOf(["json"]).defined(),
     body: yupObject({
       product: inlineProductSchema,
-      stripe_account_id: yupString().defined(),
+      stripe_account_id: yupString().nullable().defined(),
       project_id: yupString().defined(),
       project_logo_url: yupString().nullable().defined(),
       already_bought_non_stackable: yupBoolean().defined(),
@@ -46,7 +46,7 @@ export const POST = createSmartRouteHandler({
         display_name: yupString().defined(),
       }).defined()).defined(),
       test_mode: yupBoolean().defined(),
-      charges_enabled: yupBoolean().defined(),
+      charges_enabled: yupBoolean().nullable().defined(),
     }).defined(),
   }),
   async handler({ body }) {
@@ -98,13 +98,13 @@ export const POST = createSmartRouteHandler({
       bodyType: "json",
       body: {
         product: productToInlineProduct(product),
-        stripe_account_id: verificationCode.data.stripeAccountId,
+        stripe_account_id: verificationCode.data.stripeAccountId ?? null,
         project_id: tenancy.project.id,
         project_logo_url: tenancy.project.logo_url ?? null,
         already_bought_non_stackable: alreadyBoughtNonStackable,
         conflicting_products: conflictingProductLineProducts,
         test_mode: tenancy.config.payments.testMode === true,
-        charges_enabled: verificationCode.data.chargesEnabled,
+        charges_enabled: verificationCode.data.chargesEnabled ?? null,
       },
     };
   },
diff --git a/apps/backend/src/app/api/latest/payments/purchases/verification-code-handler.tsx b/apps/backend/src/app/api/latest/payments/purchases/verification-code-handler.tsx
index b6094ab563..13e72d0450 100644
--- a/apps/backend/src/app/api/latest/payments/purchases/verification-code-handler.tsx
+++ b/apps/backend/src/app/api/latest/payments/purchases/verification-code-handler.tsx
@@ -10,9 +10,9 @@ export const purchaseUrlVerificationCodeHandler = createVerificationCodeHandler(
     customerId: yupString().defined(),
     productId: yupString(),
     product: productSchema,
-    stripeCustomerId: yupString().defined(),
-    stripeAccountId: yupString().defined(),
-    chargesEnabled: yupBoolean().defined(),
+    stripeCustomerId: yupString().optional(),
+    stripeAccountId: yupString().optional(),
+    chargesEnabled: yupBoolean().optional(),
   }),
   // @ts-ignore TODO: fix this
   async handler(_, __, data) {
diff --git a/apps/dashboard/src/app/(main)/purchase/[code]/page-client.tsx b/apps/dashboard/src/app/(main)/purchase/[code]/page-client.tsx
index e401c9cd35..9938e95aa7 100644
--- a/apps/dashboard/src/app/(main)/purchase/[code]/page-client.tsx
+++ b/apps/dashboard/src/app/(main)/purchase/[code]/page-client.tsx
@@ -1,6 +1,6 @@
 "use client";
 
-import { CheckoutForm } from "@/components/payments/checkout";
+import { CheckoutForm, TestModeBypassForm } from "@/components/payments/checkout";
 import { StripeElementsProvider } from "@/components/payments/stripe-elements-provider";
 import { Alert, AlertDescription, AlertTitle, Button, Card, CardContent, Input, Skeleton, Typography } from "@/components/ui";
 import { getPublicEnvVar } from "@/lib/env";
@@ -14,13 +14,13 @@ import { useCallback, useEffect, useMemo, useState } from "react";
 import * as yup from "yup";
 type ProductData = {
   product?: Omit<yup.InferType<typeof inlineProductSchema>, "included_items" | "server_only"> & { stackable: boolean },
-  stripe_account_id: string,
+  stripe_account_id: string | null,
   project_id: string,
   project_logo_url: string | null,
   already_bought_non_stackable?: boolean,
   conflicting_products?: { product_id: string, display_name: string }[],
   test_mode: boolean,
-  charges_enabled: boolean,
+  charges_enabled: boolean | null,
 };
 
 const apiUrl = getPublicEnvVar("NEXT_PUBLIC_STACK_API_URL") ?? throwErr("NEXT_PUBLIC_STACK_API_URL is not set");
@@ -393,22 +393,35 @@ export default function PageClient({ code }: { code: string }) {
       <div className="w-full md:w-1/2 flex flex-grow items-center justify-center bg-gradient-to-br from-primary/5 via-primary/3 to-background p-6 md:p-12">
         {data && (
           <div className="w-full max-w-lg">
-            <StripeElementsProvider
-              stripeAccountId={data.stripe_account_id}
-              amount={elementsAmountCents}
-              mode={elementsMode}
-            >
-              <CheckoutForm
-                fullCode={code}
-                stripeAccountId={data.stripe_account_id}
-                setupSubscription={setupSubscription}
-                returnUrl={returnUrl ?? undefined}
+            {data.test_mode ? (
+              <TestModeBypassForm
+                onBypass={handleBypass}
                 disabled={quantityNumber < 1 || isTooLarge || data.already_bought_non_stackable === true}
-                chargesEnabled={data.charges_enabled}
-                onTestModeBypass={data.test_mode ? handleBypass : undefined}
-                isFree={isFreeSelected}
               />
-            </StripeElementsProvider>
+            ) : data.stripe_account_id == null ? (
+              <div className="flex flex-col gap-4 max-w-md w-full p-6 rounded-md bg-background">
+                <Typography type="h3" variant="destructive">Payments not enabled</Typography>
+                <p className="text-sm text-muted-foreground">
+                  This project does not have payments enabled yet. Please contact the app developer to finish setting up payments.
+                </p>
+              </div>
+            ) : (
+              <StripeElementsProvider
+                stripeAccountId={data.stripe_account_id}
+                amount={elementsAmountCents}
+                mode={elementsMode}
+              >
+                <CheckoutForm
+                  fullCode={code}
+                  stripeAccountId={data.stripe_account_id}
+                  setupSubscription={setupSubscription}
+                  returnUrl={returnUrl ?? undefined}
+                  disabled={quantityNumber < 1 || isTooLarge || data.already_bought_non_stackable === true}
+                  chargesEnabled={data.charges_enabled ?? false}
+                  isFree={isFreeSelected}
+                />
+              </StripeElementsProvider>
+            )}
           </div>
         )}
       </div>
diff --git a/apps/dashboard/src/components/payments/checkout.tsx b/apps/dashboard/src/components/payments/checkout.tsx
index 175fae7f82..595c800183 100644
--- a/apps/dashboard/src/components/payments/checkout.tsx
+++ b/apps/dashboard/src/components/payments/checkout.tsx
@@ -23,18 +23,42 @@ type Props = {
   fullCode: string,
   returnUrl?: string,
   disabled?: boolean,
-  onTestModeBypass?: () => Promise<void>,
   chargesEnabled: boolean,
   isFree: boolean,
 };
 
+export function TestModeBypassForm({
+  onBypass,
+  disabled,
+}: {
+  onBypass: () => Promise<void>,
+  disabled?: boolean,
+}) {
+  return (
+    <div className="flex flex-col gap-4 max-w-md w-full p-6 rounded-md bg-background">
+      <div className="space-y-1">
+        <Typography type="h3">Test mode active</Typography>
+        <p className="text-sm text-muted-foreground">
+          This project is in test mode. Use the bypass button to simulate a purchase.
+        </p>
+      </div>
+      <Button
+        disabled={disabled}
+        onClick={onBypass}
+        className="mt-2"
+      >
+        Complete test purchase
+      </Button>
+    </div>
+  );
+}
+
 export function CheckoutForm({
   setupSubscription,
   stripeAccountId,
   fullCode,
   returnUrl,
   disabled,
-  onTestModeBypass,
   chargesEnabled,
   isFree,
 }: Props) {
@@ -88,29 +112,6 @@ export function CheckoutForm({
     }
   };
 
-  if (onTestModeBypass) {
-    return (
-      <div className="flex flex-col gap-4 max-w-md w-full p-6 rounded-md bg-background">
-        <div className="space-y-1">
-          <Typography type="h3">Test mode active</Typography>
-          <p className="text-sm text-muted-foreground">
-            This project is in test mode. Use the bypass button to simulate a purchase.
-          </p>
-        </div>
-        <Button
-          disabled={disabled}
-          onClick={onTestModeBypass}
-          className="mt-2"
-        >
-          Complete test purchase
-        </Button>
-        {message && (
-          <div className="text-destructive text-sm">{message}</div>
-        )}
-      </div>
-    );
-  }
-
   if (!chargesEnabled) {
     return (
       <div className="flex flex-col gap-4 max-w-md w-full p-6 rounded-md bg-background">
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts
index 56b75970f9..9322548f00 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--create-purchase-url.test.ts
@@ -129,10 +129,11 @@ it("should error for invalid customer_id", async ({ expect }) => {
   `);
 });
 
-it("should error for no connected stripe account", async ({ expect }) => {
+it("should error for no connected stripe account in live mode", async ({ expect }) => {
   await Project.createAndSwitch({ config: { magic_link_enabled: true } });
   await Project.updateConfig({
     payments: {
+      testMode: false,
       products: {
         "test-offer": {
           displayName: "Test Offer",
@@ -158,7 +159,7 @@ it("should error for no connected stripe account", async ({ expect }) => {
     body: {
       customer_type: "user",
       customer_id: userId,
-      product_id: "test-product",
+      product_id: "test-offer",
     },
   });
   expect(response).toMatchInlineSnapshot(`
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts
index 177cc6505b..3efff90a1d 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/payments/create-purchase-url.test.ts
@@ -129,10 +129,11 @@ it("should error for invalid customer_id", async ({ expect }) => {
   `);
 });
 
-it("should error for no connected stripe account", async ({ expect }) => {
+it("should error for no connected stripe account in live mode", async ({ expect }) => {
   await Project.createAndSwitch({ config: { magic_link_enabled: true } });
   await Project.updateConfig({
     payments: {
+      testMode: false,
       products: {
         "test-product": {
           displayName: "Test Product",
@@ -170,6 +171,43 @@ it("should error for no connected stripe account", async ({ expect }) => {
     `);
 });
 
+it("should create purchase URL in test mode without Stripe onboarding", async ({ expect }) => {
+  await Project.createAndSwitch({ config: { magic_link_enabled: true } });
+  await Project.updateConfig({
+    payments: {
+      products: {
+        "test-product": {
+          displayName: "Test Product",
+          customerType: "user",
+          serverOnly: false,
+          stackable: false,
+          prices: {
+            "monthly": {
+              USD: "1000",
+              interval: [1, "month"],
+            },
+          },
+          includedItems: {},
+        },
+      },
+    },
+  });
+
+  const { userId } = await Auth.fastSignUp();
+  const response = await niceBackendFetch("/api/latest/payments/purchases/create-purchase-url", {
+    method: "POST",
+    accessType: "client",
+    body: {
+      customer_type: "user",
+      customer_id: userId,
+      product_id: "test-product",
+    },
+  });
+  expect(response.status).toBe(200);
+  const body = response.body as { url: string };
+  expect(body.url).toMatch(new RegExp(`^https?:\/\/localhost:${withPortPrefix("01")}\/purchase\/[a-z0-9-_]+$`));
+});
+
 
 it("should not allow product_inline when calling from client", async ({ expect }) => {
   await Project.createAndSwitch({ config: { magic_link_enabled: true } });
@@ -327,7 +365,7 @@ it("should return inline product metadata when validating purchase code", async
       "status": 200,
       "body": {
         "already_bought_non_stackable": false,
-        "charges_enabled": false,
+        "charges_enabled": null,
         "conflicting_products": [],
         "product": {
           "client_metadata": null,
@@ -356,7 +394,7 @@ it("should return inline product metadata when validating purchase code", async
         },
         "project_id": "<stripped UUID>",
         "project_logo_url": null,
-        "stripe_account_id": <stripped field 'stripe_account_id'>,
+        "stripe_account_id": null,
         "test_mode": true,
       },
       "headers": Headers { <some fields may have been hidden> },
diff --git a/docs-mintlify/openapi/admin.json b/docs-mintlify/openapi/admin.json
index a685c34788..c431508b3f 100644
--- a/docs-mintlify/openapi/admin.json
+++ b/docs-mintlify/openapi/admin.json
@@ -6834,12 +6834,10 @@
                     }
                   },
                   "required": [
-                    "stripe_account_id",
                     "project_id",
                     "already_bought_non_stackable",
                     "conflicting_products",
-                    "test_mode",
-                    "charges_enabled"
+                    "test_mode"
                   ]
                 }
               }
diff --git a/docs-mintlify/openapi/client.json b/docs-mintlify/openapi/client.json
index c01ed8fe81..b8cde9c16e 100644
--- a/docs-mintlify/openapi/client.json
+++ b/docs-mintlify/openapi/client.json
@@ -6349,12 +6349,10 @@
                     }
                   },
                   "required": [
-                    "stripe_account_id",
                     "project_id",
                     "already_bought_non_stackable",
                     "conflicting_products",
-                    "test_mode",
-                    "charges_enabled"
+                    "test_mode"
                   ]
                 }
               }
diff --git a/docs-mintlify/openapi/server.json b/docs-mintlify/openapi/server.json
index 0e5c0d02a1..aca39c6914 100644
--- a/docs-mintlify/openapi/server.json
+++ b/docs-mintlify/openapi/server.json
@@ -6742,12 +6742,10 @@
                     }
                   },
                   "required": [
-                    "stripe_account_id",
                     "project_id",
                     "already_bought_non_stackable",
                     "conflicting_products",
-                    "test_mode",
-                    "charges_enabled"
+                    "test_mode"
                   ]
                 }
               }

From 5b5bf07d05dc6bc8acd735b91df0935befce7f6f Mon Sep 17 00:00:00 2001
From: nams1570 <amanganapathy@gmail.com>
Date: Thu, 28 May 2026 18:18:40 -0700
Subject: [PATCH 2/6] fix/refactor: switch route can now switch test-test
 subscriptions

This can happen now even when payments onboarding is incomplete/ they are using remote emulator.
Note that switching a stripe backed sub to a test sub or vice versa is still not possible rn. This is intentional, it will require some rethinking.
---
 .../[customer_id]/switch/route.ts             |  25 ++-
 .../api/v1/payments/switch-plans.test.ts      | 162 +++++++++++++++++-
 2 files changed, 181 insertions(+), 6 deletions(-)

diff --git a/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/switch/route.ts b/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/switch/route.ts
index b104c05ecf..9ed0019975 100644
--- a/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/switch/route.ts
+++ b/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/switch/route.ts
@@ -1,4 +1,4 @@
-import { ensureClientCanAccessCustomer, ensureCustomerExists, getDefaultCardPaymentMethodSummary, getStripeCustomerForCustomerOrNull, isActiveSubscription, isAddOnProduct } from "@/lib/payments";
+import { ensureClientCanAccessCustomer, ensureCustomerExists, getDefaultCardPaymentMethodSummary, getStripeCustomerForCustomerOrNull, grantProductToCustomer, isActiveSubscription, isAddOnProduct } from "@/lib/payments";
 import { bulldozerWriteSubscription } from "@/lib/payments/bulldozer-dual-write";
 import { getOwnedProductsForCustomer, getSubscriptionMapForCustomer } from "@/lib/payments/customer-data";
 import { getApplicationFeePercentOrUndefined } from "@/lib/payments/platform-fees";
@@ -147,9 +147,11 @@ export const POST = createSmartRouteHandler({
     if (!existingSub && !fromIsFreePlan) {
       throw new StatusError(400, "This subscription cannot be switched.");
     }
-    // Server-granted subscriptions (no stripeSubscriptionId) are immutable via this endpoint;
-    // they must be cancelled through admin tooling before the customer switches plans.
-    if (existingSub && !existingSub.stripeSubscriptionId) {
+    const testMode = auth.tenancy.config.payments.testMode === true;
+    // Server-granted subscriptions (no stripeSubscriptionId) are immutable via this endpoint
+    // in live mode; they must be cancelled through admin tooling before the customer switches plans.
+    // In test mode they're swapped via the DB-only short-circuit below.
+    if (existingSub && !existingSub.stripeSubscriptionId && !testMode) {
       throw new StatusError(400, "This subscription cannot be switched.");
     }
     // Free-plan fallthrough: if the customer claims to be switching "from" a free product
@@ -192,6 +194,21 @@ export const POST = createSmartRouteHandler({
       throw new StatusError(400, "This product is not stackable; quantity must be 1");
     }
 
+    if (testMode && (!existingSub || !existingSub.stripeSubscriptionId)) {
+      await grantProductToCustomer({
+        prisma,
+        tenancy: auth.tenancy,
+        customerType: params.customer_type,
+        customerId: params.customer_id,
+        product: toProduct,
+        productId: body.to_product_id,
+        priceId: selectedPriceId,
+        quantity,
+        creationSource: "TEST_MODE",
+      });
+      return { statusCode: 200, bodyType: "json", body: { success: true } };
+    }
+
     const stripe = await getStripeForAccount({ tenancy: auth.tenancy });
     const stripeCustomer = await getStripeCustomerForCustomerOrNull({
       stripe,
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/payments/switch-plans.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/payments/switch-plans.test.ts
index e48b2879a6..aeea5d1df6 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/payments/switch-plans.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/payments/switch-plans.test.ts
@@ -188,7 +188,7 @@ it("successfully switches a Stripe-backed subscription to another product", asyn
   expect(switchResponse.body).toEqual({ success: true });
 }, { timeout: 60_000 });
 
-it("does not block subscription switch with OTP guard (non-Stripe sub)", async ({ expect }) => {
+it("does not block subscription switch with OTP guard (non-Stripe sub, live mode)", async ({ expect }) => {
   await setupProducts({
     basic: {
       displayName: "Basic",
@@ -211,6 +211,7 @@ it("does not block subscription switch with OTP guard (non-Stripe sub)", async (
   }, {
     plans: { displayName: "Plans" },
   });
+  await Project.updateConfig({ "payments.testMode": false });
 
   const { userId } = await Auth.fastSignUp();
 
@@ -222,7 +223,7 @@ it("does not block subscription switch with OTP guard (non-Stripe sub)", async (
   });
   expect(grantResponse.status).toBe(200);
 
-  // Switch fails because no stripeSubscriptionId — but crucially, it does NOT
+  // Switch fails because no stripeSubscriptionId in live mode — but crucially, it does NOT
   // fail with "one-time purchase in this product line" (the OTP guard regression).
   const switchResponse = await niceBackendFetch(`/api/latest/payments/products/user/${userId}/switch`, {
     method: "POST",
@@ -285,3 +286,160 @@ it("blocks switch when customer has a one-time purchase in the product line", as
   });
   expect(switchResponse.status).toBe(400);
 }, { timeout: 30_000 });
+
+it("switches in test mode from a free plan without Stripe onboarding", async ({ expect }) => {
+  await Project.createAndSwitch();
+  await Project.updateConfig({
+    payments: {
+      productLines: { plans: { displayName: "Plans" } },
+      products: {
+        free: {
+          displayName: "Free",
+          customerType: "user",
+          serverOnly: false,
+          stackable: false,
+          productLineId: "plans",
+          prices: {},
+          includedItems: {},
+        },
+        pro: {
+          displayName: "Pro",
+          customerType: "user",
+          serverOnly: false,
+          stackable: false,
+          productLineId: "plans",
+          prices: { monthly: { USD: "1000", interval: [1, "month"] } },
+          includedItems: {},
+        },
+      },
+    },
+  });
+
+  const { userId } = await Auth.fastSignUp();
+
+  const switchResponse = await niceBackendFetch(`/api/latest/payments/products/user/${userId}/switch`, {
+    method: "POST",
+    accessType: "client",
+    body: {
+      from_product_id: "free",
+      to_product_id: "pro",
+    },
+  });
+  expect(switchResponse.status).toBe(200);
+  expect(switchResponse.body).toEqual({ success: true });
+}, { timeout: 30_000 });
+
+it("switches in test mode from an existing test-mode grant", async ({ expect }) => {
+  await Project.createAndSwitch();
+  await Project.updateConfig({
+    payments: {
+      productLines: { plans: { displayName: "Plans" } },
+      products: {
+        basic: {
+          displayName: "Basic",
+          customerType: "user",
+          serverOnly: false,
+          stackable: false,
+          productLineId: "plans",
+          prices: { monthly: { USD: "1000", interval: [1, "month"] } },
+          includedItems: {},
+        },
+        pro: {
+          displayName: "Pro",
+          customerType: "user",
+          serverOnly: false,
+          stackable: false,
+          productLineId: "plans",
+          prices: { monthly: { USD: "2000", interval: [1, "month"] } },
+          includedItems: {},
+        },
+      },
+    },
+  });
+
+  const { userId } = await Auth.fastSignUp();
+
+  // Mint a test-mode grant for "basic" via the create-purchase-url + test-mode-purchase-session flow
+  const createUrl = await niceBackendFetch("/api/latest/payments/purchases/create-purchase-url", {
+    method: "POST",
+    accessType: "client",
+    body: { customer_type: "user", customer_id: userId, product_id: "basic" },
+  });
+  expect(createUrl.status).toBe(200);
+  const fullCode = (createUrl.body as { url: string }).url.match(/\/purchase\/([a-z0-9-_]+)/)?.[1];
+  expect(fullCode).toBeDefined();
+  if (!fullCode) {
+    throw new Error("Expected full purchase code");
+  }
+
+  const purchaseResponse = await niceBackendFetch("/api/latest/internal/payments/test-mode-purchase-session", {
+    method: "POST",
+    accessType: "admin",
+    body: {
+      full_code: fullCode,
+      price_id: "monthly",
+      quantity: 1,
+    },
+  });
+  expect(purchaseResponse.status).toBe(200);
+
+  // Now switch from basic → pro. Should succeed via the test-mode short-circuit.
+  const switchResponse = await niceBackendFetch(`/api/latest/payments/products/user/${userId}/switch`, {
+    method: "POST",
+    accessType: "client",
+    body: {
+      from_product_id: "basic",
+      to_product_id: "pro",
+    },
+  });
+  expect(switchResponse.status).toBe(200);
+  expect(switchResponse.body).toEqual({ success: true });
+}, { timeout: 30_000 });
+
+it("rejects switch in live mode without Stripe onboarding", async ({ expect }) => {
+  await Project.createAndSwitch();
+  await Project.updateConfig({
+    payments: {
+      testMode: false,
+      productLines: { plans: { displayName: "Plans" } },
+      products: {
+        free: {
+          displayName: "Free",
+          customerType: "user",
+          serverOnly: false,
+          stackable: false,
+          productLineId: "plans",
+          prices: {},
+          includedItems: {},
+        },
+        pro: {
+          displayName: "Pro",
+          customerType: "user",
+          serverOnly: false,
+          stackable: false,
+          productLineId: "plans",
+          prices: { monthly: { USD: "1000", interval: [1, "month"] } },
+          includedItems: {},
+        },
+      },
+    },
+  });
+
+  const { userId } = await Auth.fastSignUp();
+
+  const switchResponse = await niceBackendFetch(`/api/latest/payments/products/user/${userId}/switch`, {
+    method: "POST",
+    accessType: "client",
+    body: {
+      from_product_id: "free",
+      to_product_id: "pro",
+    },
+  });
+  expect(switchResponse).toMatchInlineSnapshot(`
+    NiceResponse {
+      "status": 400,
+      "body": "Payments are not set up in this Stack Auth project. Please go to the Stack Auth dashboard and complete the Payments onboarding.",
+      "headers": Headers { <some fields may have been hidden> },
+    }
+  `);
+}, { timeout: 30_000 });

From 6af3692e0c40fb89fe6a04c99ba5dcf78199cf4b Mon Sep 17 00:00:00 2001
From: nams1570 <amanganapathy@gmail.com>
Date: Fri, 29 May 2026 10:50:50 -0700
Subject: [PATCH 3/6] chore: style assertions

---
 .../latest/payments/purchases/purchase-session/route.tsx    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx b/apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx
index 17f26df9ac..a07e2554ec 100644
--- a/apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx
+++ b/apps/backend/src/app/api/latest/payments/purchases/purchase-session/route.tsx
@@ -64,7 +64,7 @@ export const POST = createSmartRouteHandler({
     if (tenancy.config.payments.blockNewPurchases) {
       throw new KnownErrors.NewPurchasesBlocked();
     }
-    if (!data.stripeAccountId || !data.stripeCustomerId) {
+    if (data.stripeAccountId == null || data.stripeCustomerId == null) {
       throw new HexclaveAssertionError(
         "Live purchase-session called with a purchase code that has no Stripe identifiers. " +
         "Test-mode codes should be routed to /internal/payments/test-mode-purchase-session instead.",
@@ -72,8 +72,8 @@ export const POST = createSmartRouteHandler({
           tenancyId: tenancy.id,
           testMode: tenancy.config.payments.testMode === true,
           customerId: data.customerId,
-          hasStripeAccountId: !!data.stripeAccountId,
-          hasStripeCustomerId: !!data.stripeCustomerId,
+          hasStripeAccountId: data.stripeAccountId != null,
+          hasStripeCustomerId: data.stripeCustomerId != null,
         },
       );
     }

From 89361f3264e33ce2eb3485d57adb2619f28e25d3 Mon Sep 17 00:00:00 2001
From: nams1570 <amanganapathy@gmail.com>
Date: Fri, 29 May 2026 10:52:11 -0700
Subject: [PATCH 4/6] feat: explicitly prevent stripe to test mode sub changes

---
 .../[customer_type]/[customer_id]/switch/route.ts        | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/switch/route.ts b/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/switch/route.ts
index 9ed0019975..739e814d30 100644
--- a/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/switch/route.ts
+++ b/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/switch/route.ts
@@ -209,6 +209,15 @@ export const POST = createSmartRouteHandler({
       return { statusCode: 200, bodyType: "json", body: { success: true } };
     }
 
+    // For now, we don't allow switching out of a Stripe-backed subscription while the project is in test mode.
+    if (testMode && existingSub && existingSub.stripeSubscriptionId) {
+      throw new StatusError(
+        400,
+        "Cannot switch a live subscription while the project is in test mode. " +
+        "Cancel the live subscription first, or disable test mode before switching.",
+      );
+    }
+
     const stripe = await getStripeForAccount({ tenancy: auth.tenancy });
     const stripeCustomer = await getStripeCustomerForCustomerOrNull({
       stripe,

From cf7731827ea47c716529a5c5044d88fa54901552 Mon Sep 17 00:00:00 2001
From: nams1570 <amanganapathy@gmail.com>
Date: Fri, 29 May 2026 13:40:17 -0700
Subject: [PATCH 5/6] chore: update tests

These routes are now accessible in test mode so tests need to be updated to be more explicit.
---
 .../outdated--purchase-session.test.ts        |  6 +++---
 .../outdated--purchase-session.test.ts        | 15 ++++++++++---
 .../outdated--validate-code.test.ts           |  4 ++--
 .../api/v1/payments/purchase-session.test.ts  | 21 +++++++++++++------
 .../api/v1/payments/switch-plans.test.ts      |  1 +
 .../api/v1/payments/validate-code.test.ts     |  7 ++++---
 6 files changed, 37 insertions(+), 17 deletions(-)

diff --git a/apps/e2e/tests/backend/endpoints/api/v1/payments/before-catalog-to-product-line-rename/outdated--purchase-session.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/payments/before-catalog-to-product-line-rename/outdated--purchase-session.test.ts
index 107b17f092..67c5ccbd36 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/payments/before-catalog-to-product-line-rename/outdated--purchase-session.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/payments/before-catalog-to-product-line-rename/outdated--purchase-session.test.ts
@@ -120,9 +120,9 @@ it("should block one-time purchase in same group using old catalogs config", asy
   const codeB = (urlB.body as { url: string }).url.match(/\/purchase\/([a-z0-9-_]+)/)?.[1];
   expect(codeB).toBeDefined();
 
-  const resB = await niceBackendFetch("/api/v1/payments/purchases/purchase-session", {
+  const resB = await niceBackendFetch("/api/v1/internal/payments/test-mode-purchase-session", {
     method: "POST",
-    accessType: "client",
+    accessType: "admin",
     body: { full_code: codeB, price_id: "one", quantity: 1 },
   });
   expect(resB.status).toBe(400);
@@ -134,7 +134,7 @@ it("should work with subscription switching using old catalogs config", async ({
   await Payments.setup();
   await Project.updateConfig({
     payments: {
-      testMode: true,
+      testMode: false,
       // Using the OLD property name "catalogs"
       catalogs: {
         grp: { displayName: "Test Group" },
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts
index c1c9e7d013..f8313f2efd 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--purchase-session.test.ts
@@ -138,6 +138,7 @@ it("should return client secret for one-time price (no interval)", async ({ expe
   await Payments.setup();
   await Project.updateConfig({
     payments: {
+      testMode: false,
       products: {
         "ot-offer": {
           displayName: "One Time Offer",
@@ -186,6 +187,7 @@ it("should error on one-time price quantity > 1 when offer is not stackable", as
   await Payments.setup();
   await Project.updateConfig({
     payments: {
+      testMode: false,
       products: {
         "ot-non-stack": {
           displayName: "One Time Non-Stackable",
@@ -283,6 +285,9 @@ it("should return client secret for one-time price even if a conflicting group s
   });
   expect(testModeRes.status).toBe(200);
 
+  // Flip to live mode for the next purchase. Path notation preserves products/productLines.
+  await Project.updateConfig({ "payments.testMode": false });
+
   // Now purchase one-time offer in same group; should succeed and return client secret
   const createUrlRespB = await niceBackendFetch("/api/v1/payments/purchases/create-purchase-url", {
     method: "POST",
@@ -375,6 +380,7 @@ it("should create purchase URL, validate code, and create purchase session", asy
 it("should create purchase URL with inline offer, validate code, and create purchase session", async ({ expect }) => {
   await Project.createAndSwitch({ config: { magic_link_enabled: true } });
   await Payments.setup();
+  await Project.updateConfig({ "payments.testMode": false });
 
   const { userId } = await Auth.fastSignUp();
   const response = await niceBackendFetch("/api/v1/payments/purchases/create-purchase-url", {
@@ -626,7 +632,7 @@ it("should update existing stripe subscription when switching offers within a gr
   await Payments.setup();
   await Project.updateConfig({
     payments: {
-      testMode: true,
+      testMode: false,
       catalogs: {
         grp: { displayName: "Test Group" },
       },
@@ -797,6 +803,9 @@ it("should cancel DB-only subscription then create Stripe subscription when swit
   });
   expect(testModeRes.status).toBe(200);
 
+  // Flip to live mode so the next purchase exercises the Stripe path.
+  await Project.updateConfig({ "payments.testMode": false });
+
   // Now purchase offerB in non test-mode; should cancel DB-only sub and create Stripe subscription
   const resUrlB = await niceBackendFetch("/api/v1/payments/purchases/create-purchase-url", {
     method: "POST",
@@ -949,9 +958,9 @@ it("should block one-time purchase in same group after prior one-time purchase i
   const codeB = (urlB.body as { url: string }).url.match(/\/purchase\/([a-z0-9-_]+)/)?.[1];
   expect(codeB).toBeDefined();
 
-  const resB = await niceBackendFetch("/api/v1/payments/purchases/purchase-session", {
+  const resB = await niceBackendFetch("/api/v1/internal/payments/test-mode-purchase-session", {
     method: "POST",
-    accessType: "client",
+    accessType: "admin",
     body: { full_code: codeB, price_id: "one", quantity: 1 },
   });
   expect(resB.status).toBe(400);
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--validate-code.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--validate-code.test.ts
index 7fa52f7868..89dd40978b 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--validate-code.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/payments/before-offer-to-product-rename/outdated--validate-code.test.ts
@@ -217,7 +217,7 @@ it("should include conflicting_group_offers when switching within the same group
       "status": 200,
       "body": {
         "already_bought_non_stackable": false,
-        "charges_enabled": false,
+        "charges_enabled": null,
         "conflicting_products": [
           {
             "display_name": "Offer A",
@@ -245,7 +245,7 @@ it("should include conflicting_group_offers when switching within the same group
         },
         "project_id": "<stripped UUID>",
         "project_logo_url": null,
-        "stripe_account_id": <stripped field 'stripe_account_id'>,
+        "stripe_account_id": null,
         "test_mode": true,
       },
       "headers": Headers { <some fields may have been hidden> },
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts
index 3f13e04dba..0e46e5feb1 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/payments/purchase-session.test.ts
@@ -136,6 +136,7 @@ it("should return client secret for one-time price (no interval)", async ({ expe
   await Payments.setup();
   await Project.updateConfig({
     payments: {
+      testMode: false,
       products: {
         "ot-product": {
           displayName: "One Time Product",
@@ -184,6 +185,7 @@ it("should error on one-time price quantity > 1 when product is not stackable",
   await Payments.setup();
   await Project.updateConfig({
     payments: {
+      testMode: false,
       products: {
         "ot-non-stack": {
           displayName: "One Time Non-Stackable",
@@ -281,6 +283,9 @@ it("should return client secret for one-time price even if a conflicting group s
   });
   expect(testModeRes.status).toBe(200);
 
+  // Flip to live mode for the next purchase. Path notation preserves products/productLines.
+  await Project.updateConfig({ "payments.testMode": false });
+
   // Now purchase one-time product in same group; should succeed and return client secret
   const createUrlRespB = await niceBackendFetch("/api/latest/payments/purchases/create-purchase-url", {
     method: "POST",
@@ -373,6 +378,7 @@ it("should create purchase URL, validate code, and create purchase session", asy
 it("should create purchase URL with inline product, validate code, and create purchase session", async ({ expect }) => {
   await Project.createAndSwitch({ config: { magic_link_enabled: true } });
   await Payments.setup();
+  await Project.updateConfig({ "payments.testMode": false });
 
   const { userId } = await Auth.fastSignUp();
   const response = await niceBackendFetch("/api/latest/payments/purchases/create-purchase-url", {
@@ -713,7 +719,7 @@ it("should update existing stripe subscription when switching products within a
   await Payments.setup();
   await Project.updateConfig({
     payments: {
-      testMode: true,
+      testMode: false,
       productLines: {
         grp: { displayName: "Test Group" },
       },
@@ -884,6 +890,9 @@ it("should cancel DB-only subscription then create Stripe subscription when swit
   });
   expect(testModeRes.status).toBe(200);
 
+  // Flip to live mode so the next purchase exercises the Stripe path.
+  await Project.updateConfig({ "payments.testMode": false });
+
   // Now purchase productB in non test-mode; should cancel DB-only sub and create Stripe subscription
   const resUrlB = await niceBackendFetch("/api/latest/payments/purchases/create-purchase-url", {
     method: "POST",
@@ -1036,9 +1045,9 @@ it("should block one-time purchase in same group after prior one-time purchase i
   const codeB = (urlB.body as { url: string }).url.match(/\/purchase\/([a-z0-9-_]+)/)?.[1];
   expect(codeB).toBeDefined();
 
-  const resB = await niceBackendFetch("/api/latest/payments/purchases/purchase-session", {
+  const resB = await niceBackendFetch("/api/latest/internal/payments/test-mode-purchase-session", {
     method: "POST",
-    accessType: "client",
+    accessType: "admin",
     body: { full_code: codeB, price_id: "one", quantity: 1 },
   });
   expect(resB.status).toBe(400);
@@ -1224,15 +1233,15 @@ it("switches from an existing paid subscription to a $0 subscription in the same
   expect(createUrlFree.status).toBe(200);
   const codeFree = (createUrlFree.body as { url: string }).url.match(/\/purchase\/([a-z0-9-_]+)/)?.[1]!;
 
-  const switchRes = await niceBackendFetch("/api/latest/payments/purchases/purchase-session", {
+  const switchRes = await niceBackendFetch("/api/latest/internal/payments/test-mode-purchase-session", {
     method: "POST",
-    accessType: "client",
+    accessType: "admin",
     body: { full_code: codeFree, price_id: "monthly", quantity: 1 },
   });
   expect(switchRes).toMatchInlineSnapshot(`
     NiceResponse {
       "status": 200,
-      "body": {},
+      "body": { "success": true },
       "headers": Headers { <some fields may have been hidden> },
     }
   `);
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/payments/switch-plans.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/payments/switch-plans.test.ts
index aeea5d1df6..92720d5c1e 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/payments/switch-plans.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/payments/switch-plans.test.ts
@@ -7,6 +7,7 @@ async function setupProducts(products: Record<string, any>, productLines?: Recor
   await Payments.setup();
   await Project.updateConfig({
     payments: {
+      testMode: false,
       productLines,
       products,
     },
diff --git a/apps/e2e/tests/backend/endpoints/api/v1/payments/validate-code.test.ts b/apps/e2e/tests/backend/endpoints/api/v1/payments/validate-code.test.ts
index 4a8bda72a7..c596aeb50a 100644
--- a/apps/e2e/tests/backend/endpoints/api/v1/payments/validate-code.test.ts
+++ b/apps/e2e/tests/backend/endpoints/api/v1/payments/validate-code.test.ts
@@ -255,7 +255,7 @@ it("should include conflicting_products when switching within the same group", a
       "status": 200,
       "body": {
         "already_bought_non_stackable": false,
-        "charges_enabled": false,
+        "charges_enabled": null,
         "conflicting_products": [
           {
             "display_name": "Product A",
@@ -283,7 +283,7 @@ it("should include conflicting_products when switching within the same group", a
         },
         "project_id": "<stripped UUID>",
         "project_logo_url": null,
-        "stripe_account_id": <stripped field 'stripe_account_id'>,
+        "stripe_account_id": null,
         "test_mode": true,
       },
       "headers": Headers { <some fields may have been hidden> },
@@ -296,6 +296,7 @@ it("should reject untrusted return_url and accept trusted return_url", async ({
   await Payments.setup();
   await Project.updateConfig({
     payments: {
+      testMode: false,
       products: {
         "test-product": {
           displayName: "Test Product",
@@ -380,7 +381,7 @@ it("should reject untrusted return_url and accept trusted return_url", async ({
         "project_id": "<stripped UUID>",
         "project_logo_url": null,
         "stripe_account_id": <stripped field 'stripe_account_id'>,
-        "test_mode": true,
+        "test_mode": false,
       },
       "headers": Headers { <some fields may have been hidden> },
     }

From fe8433d8cbfa7f1e14c4d5eaa7df4ef39ebc30d1 Mon Sep 17 00:00:00 2001
From: nams1570 <amanganapathy@gmail.com>
Date: Fri, 29 May 2026 13:50:01 -0700
Subject: [PATCH 6/6] chore: truthiness style changes

---
 .../products/[customer_type]/[customer_id]/switch/route.ts  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/switch/route.ts b/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/switch/route.ts
index 739e814d30..0d8782f113 100644
--- a/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/switch/route.ts
+++ b/apps/backend/src/app/api/latest/payments/products/[customer_type]/[customer_id]/switch/route.ts
@@ -151,7 +151,7 @@ export const POST = createSmartRouteHandler({
     // Server-granted subscriptions (no stripeSubscriptionId) are immutable via this endpoint
     // in live mode; they must be cancelled through admin tooling before the customer switches plans.
     // In test mode they're swapped via the DB-only short-circuit below.
-    if (existingSub && !existingSub.stripeSubscriptionId && !testMode) {
+    if (existingSub != null && existingSub.stripeSubscriptionId == null && !testMode) {
       throw new StatusError(400, "This subscription cannot be switched.");
     }
     // Free-plan fallthrough: if the customer claims to be switching "from" a free product
@@ -194,7 +194,7 @@ export const POST = createSmartRouteHandler({
       throw new StatusError(400, "This product is not stackable; quantity must be 1");
     }
 
-    if (testMode && (!existingSub || !existingSub.stripeSubscriptionId)) {
+    if (testMode && (existingSub == null || existingSub.stripeSubscriptionId == null)) {
       await grantProductToCustomer({
         prisma,
         tenancy: auth.tenancy,
@@ -210,7 +210,7 @@ export const POST = createSmartRouteHandler({
     }
 
     // For now, we don't allow switching out of a Stripe-backed subscription while the project is in test mode.
-    if (testMode && existingSub && existingSub.stripeSubscriptionId) {
+    if (testMode && existingSub != null && existingSub.stripeSubscriptionId != null) {
       throw new StatusError(
         400,
         "Cannot switch a live subscription while the project is in test mode. " +