diff --git a/app/api/projects/create/route.ts b/app/api/projects/create/route.ts
index 0e08e5e..f5d89e4 100644
--- a/app/api/projects/create/route.ts
+++ b/app/api/projects/create/route.ts
@@ -21,17 +21,33 @@ export async function POST(request: Request) {
     }
 
     const email = session.user.email;
+    const workspace = email.split('@')[0].toLowerCase().replace(/[^a-z0-9]+/g, '-') + '-account';
 
-    // Resolve user record from fs_users
+    // Upsert user into fs_users — guarantees the FK target exists
+    await query(`
+      INSERT INTO fs_users (id, user_id, data)
+      VALUES (gen_random_uuid()::text, $1, $2::jsonb)
+      ON CONFLICT ((data->>'email')) DO UPDATE
+        SET user_id = EXCLUDED.user_id,
+            data    = fs_users.data || EXCLUDED.data,
+            updated_at = NOW()
+    `, [
+      session.user.id,
+      JSON.stringify({
+        email,
+        name: session.user.name,
+        image: session.user.image,
+        workspace,
+      }),
+    ]);
+
+    // Fetch the canonical fs_users row (now guaranteed to exist)
     const users = await query<{ id: string; data: any }>(`
       SELECT id, data FROM fs_users WHERE data->>'email' = $1 LIMIT 1
     `, [email]);
 
-    const firebaseUserId = users[0]?.id || session.user.id || randomUUID();
-    const userData = users[0]?.data || {};
-    const workspace =
-      userData.workspace ||
-      email.split('@')[0].toLowerCase().replace(/[^a-z0-9]+/g, '-') + '-account';
+    const firebaseUserId = users[0]!.id;
+    const userData = users[0]!.data || {};
 
     const body = await request.json();
     const {