All Docs
FeaturesAgentOS WorkUpdated March 12, 2026

Bug Fix: Recruitment Dashboard Redirect Loop — v1.0.31

Bug Fix: Recruitment Dashboard Redirect Loop — v1.0.31

Published: v1.0.31

Overview

We shipped a targeted bug fix that resolves a redirect loop affecting all authenticated users on the /dashboard/recruitment page. Users were being sent to /onboarding on every visit, regardless of whether they had an organisation configured.

What was happening

The recruitment dashboard page read orgId directly from the session object:

const orgId = (session.user as { orgId?: string }).orgId;

This looks reasonable at first glance, but the platform's session type — defined centrally in src/platform/auth/auth.ts — only includes the following fields:

// Session user shape (auth.ts)
{
  id: string;
  name: string;
  email: string;
  image: string;
}

orgId is not set anywhere in the JWT callback, so the TypeScript cast silently succeeded while the runtime value was always undefined. The page's organisation guard then interpreted undefined as "no org assigned" and issued a redirect('/onboarding') — for every authenticated user, every time.

The fix

The platform already has a canonical pattern for reading orgId at the page level: pull it from the x-org-id cookie. This is exactly what the admin dashboard does (src/app/dashboard/admin/page.tsx, lines 18–20). The recruitment page now follows the same approach:

const cookieStore = await cookies();
const orgId = cookieStore.get('x-org-id')?.value ?? null;

This is a one-line behaviour change. No changes were required to the session type, the JWT callback, or any middleware.

Who was affected

All authenticated users navigating to /dashboard/recruitment were affected. The redirect loop meant the recruitment module was completely inaccessible through normal navigation since the bug was introduced.

Upgrade notes

No action is required on your end. The fix is applied at the server component level and takes effect immediately on the next page load. Ensure the x-org-id cookie is being set correctly by your authentication middleware — if you are running a self-hosted deployment and users still encounter the redirect after upgrading to v1.0.31, verify that your middleware is writing the x-org-id cookie on sign-in.

Related