fix(accounts): never read the app id as the active account from the URL

In the sandbox/preview the app is served under /<appId>/ (the dev-server base
path), so getActiveAccountIdFromPath returned the app id and the request
interceptor sent it as X-Active-Account-Id — the server then failed the
membership lookup and account-scoped reads got no active account (the app hung
on load). Pass the appId through createClient -> createAxiosClient and skip a
leading app-id segment, reading the account from the next segment instead.
Single-tenant and production multi-tenant (served under /<accountId>/) are
unaffected.

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: felixkob

src/client.ts

@@ -112,13 +112,15 @@ export function createClient(config: CreateClientConfig): Base44Client {
     baseURL: `${serverUrl}/api`,
     headers,
     token,
+    appId: String(appId),
     onError: options?.onError,
   });
 
   const functionsAxiosClient = createAxiosClient({
     baseURL: `${serverUrl}/api`,
     headers: functionHeaders,
     token,
+    appId: String(appId),
     interceptResponses: false,
     onError: options?.onError,
   });
@@ -132,13 +134,15 @@ export function createClient(config: CreateClientConfig): Base44Client {
     baseURL: `${serverUrl}/api`,
     headers: serviceRoleHeaders,
     token: serviceToken,
+    appId: String(appId),
     onError: options?.onError,
   });
 
   const serviceRoleFunctionsAxiosClient = createAxiosClient({
     baseURL: `${serverUrl}/api`,
     headers: functionHeaders,
     token: serviceToken,
+    appId: String(appId),
     interceptResponses: false,
   });
 

src/modules/accounts.ts

@@ -28,7 +28,7 @@ export function createAccountsModule(
 
   return {
     getActiveAccountId(): string | undefined {
-      return getActiveAccountIdFromPath();
+      return getActiveAccountIdFromPath(appId);
     },
 
     switchAccount(accountId: string, subPath = ""): void {

src/utils/axios-client.ts

@@ -149,12 +149,14 @@ export function createAxiosClient({
   baseURL,
   headers = {},
   token,
+  appId,
   interceptResponses = true,
   onError,
 }: {
   baseURL: string;
   headers?: Record<string, string>;
   token?: string;
+  appId?: string;
   interceptResponses?: boolean;
   onError?: (error: Error) => void;
 }) {
@@ -180,8 +182,9 @@ export function createAxiosClient({
       // so account-scoped reads/writes stay isolated to the current tenant even
       // after a client-side account switch. The path is the canonical source, so
       // it overrides any stale default header (e.g. one frozen at module load);
-      // no-op for single-tenant apps (no account segment in the path).
-      const activeAccountId = getActiveAccountIdFromPath();
+      // no-op for single-tenant apps (no account segment in the path). The app id
+      // is passed so the sandbox base path (/<appId>/) is never read as an account.
+      const activeAccountId = getActiveAccountIdFromPath(appId);
       if (activeAccountId) {
         config.headers.set("X-Active-Account-Id", activeAccountId);
       }

src/utils/common.ts

@@ -7,12 +7,19 @@ export const isInIFrame = !isNode && window.self !== window.top;
 // switches that don't reload the module.
 const ACCOUNT_ID_RE = /^[a-f0-9]{24}$/;
 
-export function getActiveAccountIdFromPath(): string | undefined {
+/**
+ * The active account id from the URL, or undefined.
+ *
+ * In the sandbox/preview the app is served under `/<appId>/` (the dev-server base
+ * path), so the first segment is the app id — its own base, NOT an account. When
+ * `appId` is supplied and matches the leading segment, it's skipped so the app id
+ * is never sent as an account id; the account, if any, is the next segment.
+ */
+export function getActiveAccountIdFromPath(appId?: string): string | undefined {
   if (isNode) return undefined;
-  const firstSegment = window.location.pathname.split("/").filter(Boolean)[0];
-  return firstSegment && ACCOUNT_ID_RE.test(firstSegment)
-    ? firstSegment
-    : undefined;
+  const segments = window.location.pathname.split("/").filter(Boolean);
+  const candidate = appId && segments[0] === appId ? segments[1] : segments[0];
+  return candidate && ACCOUNT_ID_RE.test(candidate) ? candidate : undefined;
 }
 
 export const generateUuid = () => {