fix(api,web): separate workspace context from auth session (#551)

Co-authored-by: Jason Woltje <jason@diversecanvas.com>
Co-committed-by: Jason Woltje <jason@diversecanvas.com>

apps/web/src/lib/auth/auth-context.tsx

@@ -11,6 +11,7 @@ import {
 } from "react";
 import type { AuthUser, AuthSession } from "@mosaic/shared";
 import { apiGet, apiPost } from "../api/client";
+import { fetchUserWorkspaces } from "../api/workspaces";
 import { IS_MOCK_AUTH_MODE } from "../config";
 import { parseAuthError } from "./auth-errors";
 
@@ -134,10 +135,18 @@ function RealAuthProvider({ children }: { children: ReactNode }): React.JSX.Elem
       setUser(session.user);
       setAuthError(null);
 
-      // Persist workspace ID to localStorage so useWorkspaceId and apiRequest
-      // can pick it up without re-fetching the session.
-      // Prefer currentWorkspaceId (the user's active workspace) over workspaceId.
-      persistWorkspaceId(session.user.currentWorkspaceId ?? session.user.workspaceId);
+      // Fetch the user's workspace memberships and persist the default.
+      // Workspace context is an application concern, not an auth concern —
+      // BetterAuth does not return workspace fields on the session user.
+      try {
+        const workspaces = await fetchUserWorkspaces();
+        const defaultWorkspace = workspaces[0];
+        if (defaultWorkspace) {
+          persistWorkspaceId(defaultWorkspace.id);
+        }
+      } catch (wsError) {
+        logAuthError("Failed to fetch workspaces after session check", wsError);
+      }
 
       // Track session expiry timestamp
       expiresAtRef.current = new Date(session.session.expiresAt);