Group B fixes

src/app/api/team/[userId]/role/route.ts

@@ -53,6 +53,12 @@ export async function PATCH(
   if (!isCustomerOwner(user)) {
     return NextResponse.json({ error: "Forbidden" }, { status: 403 });
   }
+  if (user.isPersonal) {
+    return NextResponse.json(
+      { error: "Personal accounts have no team roles to change." },
+      { status: 403 }
+    );
+  }
 
   const { userId } = await params;
 

src/app/api/team/invite/route.ts

@@ -35,6 +35,16 @@ export async function POST(req: Request) {
   if (!canMutate(user)) {
     return NextResponse.json({ error: "Forbidden" }, { status: 403 });
   }
+  if (user.isPersonal) {
+    return NextResponse.json(
+      {
+        error:
+          "Personal accounts cannot invite additional members. Upgrade to a company account to add a team.",
+        code: "personal_account",
+      },
+      { status: 403 }
+    );
+  }
 
   const body = await req.json().catch(() => null);
   const parsed = inviteSchema.safeParse(body);

src/app/api/team/route.ts

@@ -24,6 +24,12 @@ export async function GET() {
   if (!canMutate(user)) {
     return NextResponse.json({ error: "Forbidden" }, { status: 403 });
   }
+  if (user.isPersonal) {
+    return NextResponse.json(
+      { error: "Personal accounts do not have a team." },
+      { status: 403 }
+    );
+  }
 
   try {
     const members = await getOrgMembers(user.orgId);