fix(billing): gate on isBillingEnabled, not isHosted

The paywall should follow billing enforcement, not the hostname. Keying off
isHosted would still 402 free users on a hosted deployment with BILLING_ENABLED
unset. Switch the server gate (api-access, chat embed) to isBillingEnabled and
the deploy-modal UI to the client NEXT_PUBLIC_BILLING_ENABLED flag (matching the
Inbox paywall), so a billing-disabled deployment skips the gate entirely.

Author: TheodoreSpeaks

apps/sim/app/api/chat/utils.test.ts

@@ -31,7 +31,7 @@ const {
   mockGetSession: vi.fn(),
   mockCheckRateLimitDirect: vi.fn().mockResolvedValue({ allowed: true }),
   mockIsWorkspaceApiExecutionEntitled: vi.fn().mockResolvedValue(true),
-  flagState: { isHosted: false },
+  flagState: { isBillingEnabled: false },
 }))
 
 vi.mock('@/lib/billing/core/api-access', () => ({
@@ -77,8 +77,8 @@ vi.mock('@/lib/core/security/deployment', () => ({
 vi.mock('@/lib/core/config/feature-flags', () => ({
   isDev: true,
   isProd: false,
-  get isHosted() {
-    return flagState.isHosted
+  get isBillingEnabled() {
+    return flagState.isBillingEnabled
   },
 }))
 
@@ -474,7 +474,7 @@ describe('Chat API Utils', () => {
 describe('assertChatEmbedAllowed', () => {
   beforeEach(() => {
     vi.clearAllMocks()
-    flagState.isHosted = true
+    flagState.isBillingEnabled = true
     mockIsWorkspaceApiExecutionEntitled.mockResolvedValue(true)
   })
 
@@ -509,8 +509,8 @@ describe('assertChatEmbedAllowed', () => {
     expect(mockIsWorkspaceApiExecutionEntitled).not.toHaveBeenCalled()
   })
 
-  it('is a no-op on self-hosted', async () => {
-    flagState.isHosted = false
+  it('is a no-op when billing is disabled', async () => {
+    flagState.isBillingEnabled = false
     const res = await assertChatEmbedAllowed(
       chatRequest('https://evil.example.com'),
       'wf-1',

apps/sim/app/api/chat/utils.ts

@@ -7,7 +7,7 @@ import { and, eq, isNull } from 'drizzle-orm'
 import type { NextRequest, NextResponse } from 'next/server'
 import { isWorkspaceApiExecutionEntitled } from '@/lib/billing/core/api-access'
 import { getEnv } from '@/lib/core/config/env'
-import { isHosted } from '@/lib/core/config/feature-flags'
+import { isBillingEnabled } from '@/lib/core/config/feature-flags'
 import type { TokenBucketConfig } from '@/lib/core/rate-limiter'
 import { RateLimiter } from '@/lib/core/rate-limiter'
 import {
@@ -70,7 +70,7 @@ export async function assertChatEmbedAllowed(
   workflowId: string,
   requestId: string
 ): Promise<NextResponse | null> {
-  if (!isHosted) return null
+  if (!isBillingEnabled) return null
 
   const origin = request.headers.get('origin')
   if (!origin || isFirstPartyOrigin(origin)) return null

apps/sim/app/workspace/[workspaceId]/w/[workflowId]/components/panel/components/deploy/components/deploy-modal/deploy-modal.tsx

@@ -22,11 +22,11 @@ import {
   ModalTabsTrigger,
 } from '@/components/emcn'
 import { isFree } from '@/lib/billing/plan-helpers'
-import { isHosted } from '@/lib/core/config/feature-flags'
 import { getBaseUrl } from '@/lib/core/utils/urls'
 import { getInputFormatExample as getInputFormatExampleUtil } from '@/lib/workflows/operations/deployment-utils'
 import { useUserPermissionsContext } from '@/app/workspace/[workspaceId]/providers/workspace-permissions-provider'
 import { CreateApiKeyModal } from '@/app/workspace/[workspaceId]/settings/components/api-keys/components'
+import { isBillingEnabled } from '@/app/workspace/[workspaceId]/settings/navigation'
 import {
   releaseDeployAction,
   tryAcquireDeployAction,
@@ -162,7 +162,7 @@ export function DeployModal({
   // Hold the gate closed until the plan is known — isFree(undefined) is true, so
   // gating during load would flash the upgrade wall at paid users.
   const gateProgrammaticDeploy =
-    isHosted && !isLoadingSubscription && isFree(subscriptionData?.data?.plan)
+    isBillingEnabled && !isLoadingSubscription && isFree(subscriptionData?.data?.plan)
   const { data: apiKeysData, isLoading: isLoadingKeys } = useApiKeys(workflowWorkspaceId || '')
   const { data: workspaceSettingsData, isLoading: isLoadingSettings } = useWorkspaceSettings(
     workflowWorkspaceId || ''

apps/sim/lib/billing/core/api-access.test.ts

@@ -3,16 +3,16 @@
  */
 import { beforeEach, describe, expect, it, vi } from 'vitest'
 
-const { mockGetHighestPrioritySubscription, mockGetWorkspaceBilledAccountUserId, hostedState } =
+const { mockGetHighestPrioritySubscription, mockGetWorkspaceBilledAccountUserId, billingState } =
   vi.hoisted(() => ({
     mockGetHighestPrioritySubscription: vi.fn(),
     mockGetWorkspaceBilledAccountUserId: vi.fn(),
-    hostedState: { isHosted: true },
+    billingState: { isBillingEnabled: true },
   }))
 
 vi.mock('@/lib/core/config/feature-flags', () => ({
-  get isHosted() {
-    return hostedState.isHosted
+  get isBillingEnabled() {
+    return billingState.isBillingEnabled
   },
 }))
 
@@ -32,7 +32,7 @@ import {
 describe('isApiExecutionEntitled', () => {
   beforeEach(() => {
     vi.clearAllMocks()
-    hostedState.isHosted = true
+    billingState.isBillingEnabled = true
   })
 
   it('is false for a free plan', async () => {
@@ -54,7 +54,7 @@ describe('isApiExecutionEntitled', () => {
   )
 
   it('is true on self-hosted regardless of plan, without a subscription lookup', async () => {
-    hostedState.isHosted = false
+    billingState.isBillingEnabled = false
     expect(await isApiExecutionEntitled('user-1')).toBe(true)
     expect(mockGetHighestPrioritySubscription).not.toHaveBeenCalled()
   })
@@ -68,7 +68,7 @@ describe('isApiExecutionEntitled', () => {
 describe('isWorkspaceApiExecutionEntitled', () => {
   beforeEach(() => {
     vi.clearAllMocks()
-    hostedState.isHosted = true
+    billingState.isBillingEnabled = true
   })
 
   it('is false when the workspace billed account is free', async () => {
@@ -84,7 +84,7 @@ describe('isWorkspaceApiExecutionEntitled', () => {
   })
 
   it('skips the billed-account lookup on self-hosted', async () => {
-    hostedState.isHosted = false
+    billingState.isBillingEnabled = false
     expect(await isWorkspaceApiExecutionEntitled('ws-1')).toBe(true)
     expect(mockGetWorkspaceBilledAccountUserId).not.toHaveBeenCalled()
   })

apps/sim/lib/billing/core/api-access.ts

@@ -1,6 +1,6 @@
 import { getHighestPrioritySubscription } from '@/lib/billing/core/subscription'
 import { isPaid } from '@/lib/billing/plan-helpers'
-import { isHosted } from '@/lib/core/config/feature-flags'
+import { isBillingEnabled } from '@/lib/core/config/feature-flags'
 import { getWorkspaceBilledAccountUserId } from '@/lib/workspaces/utils'
 
 /**
@@ -11,29 +11,29 @@ export const API_EXECUTION_REQUIRES_PAID_PLAN_MESSAGE =
   'Programmatic workflow execution requires a paid plan. Upgrade to Pro or higher to use the API.'
 
 /**
- * Whether `userId` may run workflows programmatically. Always allowed on
- * self-hosted (no billing) and when no user is resolved; on hosted, requires a
- * paid plan.
+ * Whether `userId` may run workflows programmatically. Always allowed when
+ * billing enforcement is off (self-hosted / `BILLING_ENABLED` unset) and when no
+ * user is resolved; otherwise requires a paid plan.
  *
  * `getHighestPrioritySubscription` rolls up organization memberships, so a free
  * individual belonging to a paid org/workspace is entitled.
  */
 export async function isApiExecutionEntitled(userId: string | undefined): Promise<boolean> {
-  if (!isHosted || !userId) return true
+  if (!isBillingEnabled || !userId) return true
 
   const subscription = await getHighestPrioritySubscription(userId)
   return isPaid(subscription?.plan)
 }
 
 /**
  * Workspace-scoped variant of {@link isApiExecutionEntitled} that gates on the
- * workspace's billed account. Short-circuits on self-hosted before any DB
- * lookup, so the billed-account query only runs on hosted.
+ * workspace's billed account. Short-circuits when billing is off before any DB
+ * lookup, so the billed-account query only runs when billing is enforced.
  */
 export async function isWorkspaceApiExecutionEntitled(
   workspaceId: string | undefined
 ): Promise<boolean> {
-  if (!isHosted || !workspaceId) return true
+  if (!isBillingEnabled || !workspaceId) return true
 
   const billedUserId = await getWorkspaceBilledAccountUserId(workspaceId)
   return isApiExecutionEntitled(billedUserId ?? undefined)