Confirm create-org and upgrade-plan payments on-session

[lohanidamodar]

Summary

• Updates the create-organization and change-plan submit flows to confirm PaymentIntents on-session via stripe.confirmPayment({redirect: 'if_required'}), treating PaymentAuthentication as the expected default path for paid plans rather than a 3DS edge case.
• Adds a ConfirmPaymentOutcome return shape to the confirmPayment helper in lib/stores/stripe.ts so callers can branch cleanly on succeeded / processing / requires_action / error. Other call sites (account/payments, billing/+page.svelte, BAA enable, retry-invoice) keep the existing redirect-default behavior.
• Adds a paymentProcessing.svelte header alert + checkForUpgradingStatus() which registers it at importance 5 (below readonly / budget / mark-for-deletion / enterpriseTrial / paymentAuthRequired) when team status is upgrading, so the user is not blocked while Stripe is still settling the first charge.
• Relaxes the Indian card-holder warning copy in selectPaymentMethod.svelte: the $150 mandate context now refers to future renewals rather than the no-longer-applicable first-charge 24h delay.

Why

For Indian cards bound by an RBI mandate, the first charge had to wait through a 24h pre-debit notification window when initiated off-session. The team document sat in upgrading / draft and the user was effectively blocked. Authenticating the first charge on-session removes the notification window. Renewals continue to use the existing off-session mandate flow.

Test plan

• bun run lint — no new errors
• bun run check — no new errors in modified files
• bun run test:unit — 235 passed
• Manual: create new org with US, EU-3DS and IN mandate cards; verify success / processing / error UX
• Manual: upgrade plan; verify "Payment is processing" alert appears while Stripe settles and clears once the webhook flips the team to active
• Manual: failed card during create-org; verify error surfaces and the form can be resubmitted

🤖 Generated with Claude Code

[greptile-apps]

Greptile Summary

This PR updates the create-organization and change-plan submit flows to confirm PaymentIntents on-session via stripe.confirmPayment({redirect: 'if_required'}), removing the 24h RBI pre-debit notification window for Indian cards. It also adds a paymentProcessing header alert and checkForUpgradingStatus() so users are not blocked while Stripe settles the first charge.

• stripe.ts: New ConfirmPaymentOutcome type and redirectIfRequired branch in confirmPayment let callers branch cleanly on succeeded / processing / requires_action / error; existing redirect-default callers are unchanged.
• create-organization / change-plan: Payment outcome is now fully branched — error triggers draft cleanup via validatePayment, requires_action returns early for the redirect flow, and succeeded/processing call validate() which correctly handles the upgrading-status info toast.
• BAA flows (BAA.svelte, BAAEnableModal.svelte): Migrated to the same on-session pattern with confirmAddonPayment called after a successful payment outcome.

Confidence Score: 5/5

Safe to merge; the on-session payment flow is well-structured and all callers handle the outcome branches correctly.

The core change is implemented cleanly with all outcome branches handled. The edge case in stripe.ts (unexpected Stripe status codes not in the handled set) lacks a user-visible notification but is not reachable through normal Stripe responses.

The bottom notification blocks in create-organization/+page.svelte and change-plan/+page.svelte (non-PaymentAuthentication paid-plan path) were flagged in a prior review and remain unchanged in this diff.

Important Files Changed

Filename	Overview
src/lib/stores/stripe.ts	Adds ConfirmPaymentOutcome type and on-session confirmPayment branch (redirectIfRequired). Logic is sound for the happy path; edge case where paymentIntent.status falls outside the three expected values returns error without showing a notification toast.
src/routes/(console)/create-organization/+page.svelte	PaymentAuthentication and validate() paths correctly handle upgrading status; the non-PaymentAuthentication bottom block (direct Organization return from create) still shows unconditional success without a teamStatusUpgrading guard — already flagged in prior review.
src/routes/(console)/organization-[organization]/change-plan/+page.svelte	validate() and the PaymentAuthentication branch correctly show the upgrading-status info toast; the direct upgrade() path without PaymentAuthentication still emits unconditional success — already flagged in prior review.
src/lib/components/billing/alerts/paymentProcessing.svelte	New header alert component; correctly reads organization status and hides on billing-excluded routes. No issues found.
src/lib/stores/billing.ts	Adds teamStatusUpgrading constant, checkForUpgradingStatus helper, and imports PaymentProcessing component. Importance 5 correctly slots the alert below existing higher-priority banners.
src/routes/(console)/organization-[organization]/settings/BAAEnableModal.svelte	Adds on-session confirmPayment with full outcome branching, sets error display on failure, and closes modal on success. confirmAddonPayment errors are caught by the outer try-catch. Clean implementation.
src/routes/(console)/organization-[organization]/settings/BAA.svelte	handleReEnable updated with same on-session outcome pattern; errors are covered by the outer try-catch and finally block. No issues found.

_{Reviews (3): Last reviewed commit: "fix(billing): surface real confirmPaymen..." | Re-trigger Greptile}