feat(all): add self-service account deletion

Users can now delete their own accounts from the profile page. The feature includes:

- New DELETE /api/users/me endpoint with validation for team ownership
- Complete cleanup of user data: teams, MCP installations, memberships, sessions, and preferences
- Confirmation modal requiring typed verification before deletion
- Email confirmation sent after successful deletion
- Automatic logout after account deletion
- Safety check preventing deletion when user owns non-default teams

Fixed missing is_default field in team response that was preventing proper team type detection.

Author: Lasim

services/backend/api-spec.json

@@ -3391,6 +3391,166 @@
             }
           }
         }
+      },
+      "delete": {
+        "summary": "Delete my account",
+        "tags": [
+          "Users"
+        ],
+        "description": "Permanently delete your own account. This action is irreversible and will remove all your data including your default team, MCP installations, preferences, and sessions. You cannot delete your account if you own non-default teams - you must delete those teams first. You will be removed from all teams where you are a member (but not owner).",
+        "security": [
+          {
+            "cookieAuth": []
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Account deleted successfully",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "success": {
+                      "type": "boolean",
+                      "description": "Indicates if the operation was successful"
+                    },
+                    "message": {
+                      "type": "string",
+                      "description": "Success message"
+                    }
+                  },
+                  "required": [
+                    "success",
+                    "message"
+                  ],
+                  "description": "Account deleted successfully"
+                }
+              }
+            }
+          },
+          "400": {
+            "description": "Bad Request - Cannot delete account while owning non-default teams",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "success": {
+                      "type": "boolean",
+                      "default": false,
+                      "description": "Indicates the operation failed"
+                    },
+                    "error": {
+                      "type": "string",
+                      "description": "Error message describing what went wrong"
+                    },
+                    "owned_teams": {
+                      "type": "array",
+                      "items": {
+                        "type": "object",
+                        "properties": {
+                          "id": {
+                            "type": "string",
+                            "description": "Team ID"
+                          },
+                          "name": {
+                            "type": "string",
+                            "description": "Team name"
+                          }
+                        }
+                      },
+                      "description": "List of non-default teams owned by the user"
+                    }
+                  },
+                  "required": [
+                    "success",
+                    "error"
+                  ],
+                  "description": "Bad Request - Cannot delete account while owning non-default teams"
+                }
+              }
+            }
+          },
+          "401": {
+            "description": "Unauthorized - Authentication required",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "success": {
+                      "type": "boolean",
+                      "default": false,
+                      "description": "Indicates the operation failed"
+                    },
+                    "error": {
+                      "type": "string",
+                      "description": "Error message describing what went wrong"
+                    }
+                  },
+                  "required": [
+                    "success",
+                    "error"
+                  ],
+                  "description": "Unauthorized - Authentication required"
+                }
+              }
+            }
+          },
+          "404": {
+            "description": "Not Found - User or default team not found",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "success": {
+                      "type": "boolean",
+                      "default": false,
+                      "description": "Indicates the operation failed"
+                    },
+                    "error": {
+                      "type": "string",
+                      "description": "Error message describing what went wrong"
+                    }
+                  },
+                  "required": [
+                    "success",
+                    "error"
+                  ],
+                  "description": "Not Found - User or default team not found"
+                }
+              }
+            }
+          },
+          "500": {
+            "description": "Internal Server Error",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "success": {
+                      "type": "boolean",
+                      "default": false,
+                      "description": "Indicates the operation failed"
+                    },
+                    "error": {
+                      "type": "string",
+                      "description": "Error message describing what went wrong"
+                    }
+                  },
+                  "required": [
+                    "success",
+                    "error"
+                  ],
+                  "description": "Internal Server Error"
+                }
+              }
+            }
+          }
+        }
       }
     },
     "/api/users/me/teams": {
@@ -3445,6 +3605,10 @@
                             "type": "string",
                             "description": "User ID of the team owner"
                           },
+                          "is_default": {
+                            "type": "boolean",
+                            "description": "Whether this is the default team"
+                          },
                           "created_at": {
                             "type": [
                               "null",
@@ -3473,6 +3637,7 @@
                           "name",
                           "slug",
                           "owner_id",
+                          "is_default",
                           "role",
                           "is_owner"
                         ],

services/backend/api-spec.yaml

@@ -2364,6 +2364,119 @@ paths:
                   - success
                   - error
                 description: Internal Server Error
+    delete:
+      summary: Delete my account
+      tags:
+        - Users
+      description: Permanently delete your own account. This action is irreversible
+        and will remove all your data including your default team, MCP
+        installations, preferences, and sessions. You cannot delete your account
+        if you own non-default teams - you must delete those teams first. You
+        will be removed from all teams where you are a member (but not owner).
+      security:
+        - cookieAuth: []
+      responses:
+        "200":
+          description: Account deleted successfully
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    description: Indicates if the operation was successful
+                  message:
+                    type: string
+                    description: Success message
+                required:
+                  - success
+                  - message
+                description: Account deleted successfully
+        "400":
+          description: Bad Request - Cannot delete account while owning non-default teams
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    default: false
+                    description: Indicates the operation failed
+                  error:
+                    type: string
+                    description: Error message describing what went wrong
+                  owned_teams:
+                    type: array
+                    items:
+                      type: object
+                      properties:
+                        id:
+                          type: string
+                          description: Team ID
+                        name:
+                          type: string
+                          description: Team name
+                    description: List of non-default teams owned by the user
+                required:
+                  - success
+                  - error
+                description: Bad Request - Cannot delete account while owning non-default teams
+        "401":
+          description: Unauthorized - Authentication required
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    default: false
+                    description: Indicates the operation failed
+                  error:
+                    type: string
+                    description: Error message describing what went wrong
+                required:
+                  - success
+                  - error
+                description: Unauthorized - Authentication required
+        "404":
+          description: Not Found - User or default team not found
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    default: false
+                    description: Indicates the operation failed
+                  error:
+                    type: string
+                    description: Error message describing what went wrong
+                required:
+                  - success
+                  - error
+                description: Not Found - User or default team not found
+        "500":
+          description: Internal Server Error
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  success:
+                    type: boolean
+                    default: false
+                    description: Indicates the operation failed
+                  error:
+                    type: string
+                    description: Error message describing what went wrong
+                required:
+                  - success
+                  - error
+                description: Internal Server Error
   /api/users/me/teams:
     get:
       summary: Get current user teams
@@ -2405,6 +2518,9 @@ paths:
                         owner_id:
                           type: string
                           description: User ID of the team owner
+                        is_default:
+                          type: boolean
+                          description: Whether this is the default team
                         created_at:
                           type:
                             - "null"
@@ -2426,6 +2542,7 @@ paths:
                         - name
                         - slug
                         - owner_id
+                        - is_default
                         - role
                         - is_owner
                       additionalProperties: false

services/backend/src/email/templates/account-deleted.pug

@@ -0,0 +1,56 @@
+//- @description Email notification when a user account is deleted
+//- @variables userName, userEmail, deletionDate, supportEmail
+extends layouts/base.pug
+
+block content
+  h1 Account Deleted
+
+  p Hi #{userName},
+
+  p This email confirms that your DeployStack account has been permanently deleted on #{new Date(deletionDate).toLocaleDateString()}.
+
+  h2 What was deleted?
+
+  p The following data has been permanently removed from our systems:
+
+  ul
+    li
+      strong Your user account 
+      | - All personal information associated with #{userEmail}
+    li
+      strong Your default team 
+      | - Your personal team and all associated data
+    li
+      strong All MCP server installations 
+      | - All MCP servers configured in your default team
+    li
+      strong All team memberships 
+      | - You have been removed from all teams where you were a member
+    li
+      strong All user preferences 
+      | - All configuration settings and preferences
+    li
+      strong All active sessions 
+      | - You have been logged out from all devices
+
+  h2 Important Information
+
+  p
+    strong This action is permanent and cannot be undone.
+
+  p You will no longer be able to:
+
+  ul
+    li Log in with your email address: #{userEmail}
+    li Access any data from your deleted account
+    li Recover any MCP server configurations or settings
+
+  p
+    | If you did not request this deletion or believe this was done in error, please contact our support team immediately at 
+    strong #{supportEmail || '[email protected]'}
+    | .
+
+  p.text-muted
+    | Thank you for using DeployStack.
+    br
+    | The DeployStack Team