fix: remove debug logs from authentication and organization switching to enhance security and prevent sensitive information leakage

CHANGELOG.md

@@ -25,6 +25,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 ### Fixed
 
 - **Organization context switch.** Switching away from a deleted organization now stores the session correctly instead of using an insecure fallback.
+- **Removed debug logs.** Auth and organization-switching details no longer leak into the browser console in production.
 
 ## [0.10.0-alpha] - 2026-02-21
 

app/actions/auth.ts

@@ -112,18 +112,13 @@ export async function exchangeAuthCode(code: string, codeVerifier: string, redir
 
 export async function setSessionAction(accessToken: string, refreshToken?: string) {
     try {
-        console.log('[setSessionAction] Decoding token...')
         if (!accessToken) throw new Error('Access token is missing')
         
         const payloadPart = accessToken.split('.')[1]
         const payload: UserPayload = JSON.parse(Buffer.from(payloadPart, 'base64').toString())
         
-        console.log('[setSessionAction] Token Payload:', { sub: payload.sub, org_id: payload.org_id })
-
         const cookieStore = await cookies()
         const cookieDomain = getCookieDomain()
-        
-        console.log('[setSessionAction] Setting cookies with domain:', cookieDomain)
 
         cookieStore.set('access_token', accessToken, {
             httpOnly: true,
@@ -146,8 +141,6 @@ export async function setSessionAction(accessToken: string, refreshToken?: strin
             })
         }
         
-        console.log('[setSessionAction] Cookies set successfully')
-
         return {
             success: true,
             user: {

components/WorkspaceSwitcher.tsx

@@ -12,7 +12,6 @@ export default function OrganizationSwitcher({ orgs, activeOrgId }: { orgs: Orga
   const [switching, setSwitching] = useState<string | null>(null)
 
   const handleSwitch = async (orgId: string | null) => {
-    console.log('Switching to organization:', orgId)
     setSwitching(orgId || 'personal')
     try {
       // * If orgId is null, we can't switch context via API in the same way if strict mode is on

lib/api/organization.ts

@@ -47,7 +47,6 @@ export async function getUserOrganizations(): Promise<OrganizationMember[]> {
 // Switch Context (Get token for specific org)
 export async function switchContext(organizationId: string | null): Promise<{ access_token: string; expires_in: number }> {
   const payload = { organization_id: organizationId || '' }
-  console.log('Sending switch context request:', payload)
   return await authFetch<{ access_token: string; expires_in: number }>('/auth/switch-context', {
     method: 'POST',
     body: JSON.stringify(payload),

lib/auth/context.tsx

@@ -159,7 +159,6 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
           // * If user has organizations but no context (org_id), switch to the first one
           if (!user.org_id && organizations.length > 0) {
              const firstOrg = organizations[0]
-             console.log('Auto-switching to organization:', firstOrg.organization_name)
              
              try {
                  const { access_token } = await switchContext(firstOrg.organization_id)