@86d-app/payments 0.0.3 → 0.0.6

package/.turbo/turbo-build.log

@@ -0,0 +1 @@
+$ tsc

package/AGENTS.md

@@ -1,47 +1,54 @@
 # payments module
 
-Provider-agnostic payment processing module. Tracks payment intents, saved payment methods, and refunds locally. Delegates actual payment processing to a configurable `PaymentProvider` (e.g. Stripe).
-
-## Architecture
-
-- `schema.ts` — `paymentIntent`, `paymentMethod`, `refund` entities
-- `service.ts` — `PaymentController`, `PaymentProvider`, `PaymentIntent`, `PaymentMethod`, `Refund` types
-- `service-impl.ts` — `createPaymentController(data, provider?)` factory
-- `endpoints/store/` — customer-facing endpoints (create/confirm/cancel intent, manage payment methods)
-- `endpoints/admin/` — admin endpoints (list, get, refund)
-
-## PaymentProvider Interface
-
-Users plug in a provider by implementing `PaymentProvider`:
-- `createIntent(params)` — returns `{ providerIntentId, status, providerMetadata? }`
-- `confirmIntent(providerIntentId)` — returns updated status
-- `cancelIntent(providerIntentId)` — returns cancelled status
-- `createRefund(params)` — returns `{ providerRefundId, status, providerMetadata? }`
-
-The module works without a provider (offline mode) — intents are stored with `pending` status and transitions are handled locally.
-
-## Store Endpoints
-
-| Method | Path | Description |
-|--------|------|-------------|
-| POST | `/payments/intents` | Create payment intent |
-| GET | `/payments/intents/:id` | Get intent by ID |
-| POST | `/payments/intents/:id/confirm` | Confirm payment |
-| POST | `/payments/intents/:id/cancel` | Cancel payment |
-| GET | `/payments/methods` | List customer's payment methods |
-| DELETE | `/payments/methods/:id` | Delete a payment method |
-
-## Admin Endpoints
-
-| Method | Path | Description |
-|--------|------|-------------|
-| GET | `/admin/payments` | List all intents (filter: customerId, status, orderId) |
-| GET | `/admin/payments/:id` | Get intent detail |
-| POST | `/admin/payments/:id/refund` | Create refund |
-| GET | `/admin/payments/:id/refunds` | List refunds for intent |
-
-## Tests (34 tests)
-
-Run: `bun test` from this directory.
-
-Covers: createIntent, getIntent, confirmIntent, cancelIntent, listIntents, savePaymentMethod, getPaymentMethod, listPaymentMethods, deletePaymentMethod, createRefund, getRefund, listRefunds — all with and without provider.
+Provider-agnostic payment processing. Tracks payment intents, saved payment methods, and refunds. Delegates processing to a configurable `PaymentProvider` (Stripe, Square, PayPal, etc.).
+
+## File structure
+
+```
+src/
+  index.ts              Module definition, PaymentsOptions
+  schema.ts             paymentIntent, paymentMethod, refund entities
+  service.ts            PaymentController, PaymentProvider, type definitions
+  service-impl.ts       createPaymentController(data, provider?) factory
+  store/endpoints/      6 customer-facing endpoints
+  admin/endpoints/      4 admin endpoints
+  admin/components/     PaymentsAdmin UI (intents table, refund modal)
+  __tests__/
+    service-impl.test.ts      Core CRUD (47 tests)
+    controllers.test.ts       Edge cases (65 tests)
+    edge-cases.test.ts        Provider, webhook, filter edge cases (32 tests)
+    endpoint-security.test.ts Security regressions (26 tests)
+    financial-safety.test.ts  Amount validation, status guards, refund cap, webhook dedup (35 tests)
+```
+
+## Key patterns
+
+- **Amount**: Always in smallest currency unit (cents). Must be a positive integer at controller level.
+- **Status machine**: `pending → processing → succeeded → refunded`. Terminal states: `cancelled`, `failed`, `refunded`.
+- **Status guards**: `confirmIntent` only from pending/processing. `cancelIntent` only from pending/processing. `createRefund` only from succeeded/refunded.
+- **Refund cap**: Cumulative non-failed refunds cannot exceed original intent amount. Controller calculates `totalRefunded()` before each refund.
+- **Webhook dedup**: `handleWebhookRefund` deduplicates by `providerRefundId` — retries return the existing refund.
+- **Default payment method**: Only one per customer. `savePaymentMethod(isDefault: true)` clears previous defaults.
+- **Ownership**: Controller has no ownership checks — endpoints must verify `session.user.id === intent.customerId`.
+- **Provider delegation**: If provider configured, delegates to it for createIntent/confirmIntent/cancelIntent/createRefund. Without provider, operates in local mode.
+
+## Data models
+
+- **paymentIntent**: id, providerIntentId?, customerId?, email?, amount, currency, status, orderId?, checkoutSessionId?, metadata, providerMetadata, timestamps
+- **paymentMethod**: id, customerId, providerMethodId, type, last4?, brand?, expiryMonth?, expiryYear?, isDefault, timestamps
+- **refund**: id, paymentIntentId, providerRefundId, amount, reason?, status (pending|succeeded|failed), timestamps
+
+## Events emitted
+
+`payment.completed`, `payment.failed`, `payment.refunded`
+
+## Gotchas
+
+- Endpoint validates `amount` as `z.number().int().positive()` — controller also validates (defense in depth).
+- `createRefund` throws on non-existent intent, wrong status, exceeded cap, or missing provider. Endpoints should catch and return structured errors.
+- `handleWebhookEvent` has no status guards — it trusts the provider (Stripe can set any status). `handleWebhookRefund` deduplicates but doesn't cap amounts (provider-side refunds are authoritative).
+- Admin refund endpoint checks intent existence before calling controller, but doesn't validate intent status — controller handles that.
+
+## Tests (205 total)
+
+Run: `bun test` from this directory. All 5 test files cover: CRUD, status guards, refund cap, webhook dedup, provider delegation, customer isolation, pagination.

package/README.md

@@ -9,16 +9,15 @@
 </p>
 
 <p align="center">
-  <a href="https://vercel.com/changelog"><strong>npm</strong></a> ·
   <a href="https://x.com/86d_app"><strong>X</strong></a> ·
-  <a href="https://vercel.com/templates"><strong>LinkedIn</strong></a>
+  <a href="https://www.linkedin.com/company/86d"><strong>LinkedIn</strong></a>
 </p>
 <br/>
 
 > [!WARNING]
 > This project is under active development and is not ready for production use. Please proceed with caution. Use at your own risk.
 
-# @86d-app/payments
+# Payments Module
 
 Provider-agnostic payment processing for the 86d commerce platform. Tracks payment intents, saved payment methods, and refunds locally. Delegates actual processing to a configurable `PaymentProvider` (Stripe, Square, PayPal, etc.).
 
@@ -104,7 +103,7 @@ interface PaymentProvider {
 // ── Payment intents ─────────────────────────────────────────────────────────
 
 controller.createIntent(params: {
-  amount: number;             // in smallest currency unit (e.g. cents)
+  amount: number;             // positive integer, smallest currency unit (e.g. cents)
   currency?: string;          // default: module currency option
   customerId?: string;
   email?: string;
@@ -112,12 +111,15 @@ controller.createIntent(params: {
   checkoutSessionId?: string;
   metadata?: Record<string, unknown>;
 }): Promise<PaymentIntent>
+// Throws: "Amount must be a positive integer"
 
 controller.getIntent(id: string): Promise<PaymentIntent | null>
 
 controller.confirmIntent(id: string): Promise<PaymentIntent | null>
+// Throws: "Cannot confirm intent in '{status}' state" for terminal states
 
 controller.cancelIntent(id: string): Promise<PaymentIntent | null>
+// Throws: "Cannot cancel intent in '{status}' state" for succeeded/failed/refunded
 
 controller.listIntents(params?: {
   customerId?: string;
@@ -149,12 +151,16 @@ controller.deletePaymentMethod(id: string): Promise<boolean>
 
 // ── Refunds ─────────────────────────────────────────────────────────────────
 
-// Throws if payment intent not found; marks intent status as "refunded"
+// Only on succeeded/refunded intents. Cumulative refunds capped at intent amount.
 controller.createRefund(params: {
   intentId: string;
-  amount?: number;   // omit for full refund
+  amount?: number;   // positive integer; omit for full refund
   reason?: string;
 }): Promise<Refund>
+// Throws: "Payment intent not found"
+// Throws: "Cannot refund intent in '{status}' state"
+// Throws: "Refund amount must be positive"
+// Throws: "Refund amount {n} exceeds remaining refundable amount {m}"
 
 controller.getRefund(id: string): Promise<Refund | null>
 
@@ -206,7 +212,21 @@ const method = await controller.savePaymentMethod({
 | `succeeded` | Payment completed successfully |
 | `failed` | Payment failed |
 | `cancelled` | Intent was cancelled |
-| `refunded` | Payment has been refunded |
+| `refunded` | Payment has been (partially or fully) refunded |
+
+## Financial Safety Guards
+
+The payments controller enforces several financial safety rules at the controller level:
+
+| Rule | Description |
+|---|---|
+| **Amount validation** | `createIntent` rejects zero, negative, and fractional amounts. Amount must be a positive integer (smallest currency unit). |
+| **Confirm guards** | `confirmIntent` only works on `pending` or `processing` intents. Throws on `cancelled`, `failed`, `refunded`. |
+| **Cancel guards** | `cancelIntent` only works on `pending` or `processing` intents. Throws on `succeeded`, `failed`, `refunded`. |
+| **Refund guards** | `createRefund` only works on `succeeded` or `refunded` intents. Throws on `pending`, `processing`, `cancelled`, `failed`. |
+| **Refund cap** | Cumulative non-failed refunds cannot exceed the original intent amount. Partial refunds are tracked and summed. |
+| **Refund amount** | Refund amount must be positive. Zero and negative amounts are rejected. |
+| **Webhook dedup** | `handleWebhookRefund` deduplicates by `providerRefundId` — webhook retries return the existing refund instead of creating duplicates. |
 
 ## Types
 

package/dist/__tests__/controllers.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=controllers.test.d.ts.map

package/dist/__tests__/controllers.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"controllers.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/controllers.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/edge-cases.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=edge-cases.test.d.ts.map

package/dist/__tests__/edge-cases.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"edge-cases.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/edge-cases.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/endpoint-security.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=endpoint-security.test.d.ts.map

package/dist/__tests__/endpoint-security.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"endpoint-security.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/endpoint-security.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/financial-safety.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=financial-safety.test.d.ts.map

package/dist/__tests__/financial-safety.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"financial-safety.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/financial-safety.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/service-impl.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=service-impl.test.d.ts.map

package/dist/__tests__/service-impl.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"service-impl.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/service-impl.test.ts"],"names":[],"mappings":""}

package/dist/admin/components/index.d.ts

@@ -0,0 +1,2 @@
+export { PaymentsAdmin } from "./payments-admin";
+//# sourceMappingURL=index.d.ts.map

package/dist/admin/components/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/admin/components/index.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/admin/components/payments-admin.d.ts

@@ -0,0 +1,2 @@
+export declare function PaymentsAdmin(): import("react").JSX.Element;
+//# sourceMappingURL=payments-admin.d.ts.map

package/dist/admin/components/payments-admin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"payments-admin.d.ts","sourceRoot":"","sources":["../../../src/admin/components/payments-admin.tsx"],"names":[],"mappings":"AA8fA,wBAAgB,aAAa,gCAU5B"}

package/dist/admin/endpoints/create-refund.d.ts

@@ -0,0 +1,20 @@
+import { z } from "@86d-app/core";
+export declare const createRefund: import("better-call").StrictEndpoint<"/admin/payments/:id/refund", {
+    method: "POST";
+    params: z.ZodObject<{
+        id: z.ZodString;
+    }, z.core.$strip>;
+    body: z.ZodObject<{
+        amount: z.ZodOptional<z.ZodNumber>;
+        reason: z.ZodOptional<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>;
+    }, z.core.$strip>;
+}, {
+    error: string;
+    status: number;
+    refund?: never;
+} | {
+    refund: import("../..").Refund;
+    error?: never;
+    status?: never;
+}>;
+//# sourceMappingURL=create-refund.d.ts.map

package/dist/admin/endpoints/create-refund.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-refund.d.ts","sourceRoot":"","sources":["../../../src/admin/endpoints/create-refund.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqC,CAAC,EAAE,MAAM,eAAe,CAAC;AAGrE,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;EA0BxB,CAAC"}

package/dist/admin/endpoints/get-intent.d.ts

@@ -0,0 +1,16 @@
+import { z } from "@86d-app/core";
+export declare const getIntentAdmin: import("better-call").StrictEndpoint<"/admin/payments/:id", {
+    method: "GET";
+    params: z.ZodObject<{
+        id: z.ZodString;
+    }, z.core.$strip>;
+}, {
+    error: string;
+    status: number;
+    intent?: never;
+} | {
+    intent: import("../..").PaymentIntent;
+    error?: never;
+    status?: never;
+}>;
+//# sourceMappingURL=get-intent.d.ts.map

package/dist/admin/endpoints/get-intent.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-intent.d.ts","sourceRoot":"","sources":["../../../src/admin/endpoints/get-intent.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuB,CAAC,EAAE,MAAM,eAAe,CAAC;AAGvD,eAAO,MAAM,cAAc;;;;;;;;;;;;;EAY1B,CAAC"}

package/dist/admin/endpoints/index.d.ts

@@ -0,0 +1,63 @@
+export declare const adminEndpoints: {
+    "/admin/payments": import("better-call").StrictEndpoint<"/admin/payments", {
+        method: "GET";
+        query: import("zod").ZodObject<{
+            customerId: import("zod").ZodOptional<import("zod").ZodString>;
+            status: import("zod").ZodOptional<import("zod").ZodEnum<{
+                pending: "pending";
+                processing: "processing";
+                succeeded: "succeeded";
+                failed: "failed";
+                cancelled: "cancelled";
+                refunded: "refunded";
+            }>>;
+            orderId: import("zod").ZodOptional<import("zod").ZodString>;
+            take: import("zod").ZodOptional<import("zod").ZodCoercedNumber<unknown>>;
+            skip: import("zod").ZodOptional<import("zod").ZodCoercedNumber<unknown>>;
+        }, import("zod/v4/core").$strip>;
+    }, {
+        intents: import("../..").PaymentIntent[];
+        total: number;
+    }>;
+    "/admin/payments/:id": import("better-call").StrictEndpoint<"/admin/payments/:id", {
+        method: "GET";
+        params: import("zod").ZodObject<{
+            id: import("zod").ZodString;
+        }, import("zod/v4/core").$strip>;
+    }, {
+        error: string;
+        status: number;
+        intent?: never;
+    } | {
+        intent: import("../..").PaymentIntent;
+        error?: never;
+        status?: never;
+    }>;
+    "/admin/payments/:id/refund": import("better-call").StrictEndpoint<"/admin/payments/:id/refund", {
+        method: "POST";
+        params: import("zod").ZodObject<{
+            id: import("zod").ZodString;
+        }, import("zod/v4/core").$strip>;
+        body: import("zod").ZodObject<{
+            amount: import("zod").ZodOptional<import("zod").ZodNumber>;
+            reason: import("zod").ZodOptional<import("zod").ZodPipe<import("zod").ZodString, import("zod").ZodTransform<string, string>>>;
+        }, import("zod/v4/core").$strip>;
+    }, {
+        error: string;
+        status: number;
+        refund?: never;
+    } | {
+        refund: import("../..").Refund;
+        error?: never;
+        status?: never;
+    }>;
+    "/admin/payments/:id/refunds": import("better-call").StrictEndpoint<"/admin/payments/:id/refunds", {
+        method: "GET";
+        params: import("zod").ZodObject<{
+            id: import("zod").ZodString;
+        }, import("zod/v4/core").$strip>;
+    }, {
+        refunds: import("../..").Refund[];
+    }>;
+};
+//# sourceMappingURL=index.d.ts.map

package/dist/admin/endpoints/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/admin/endpoints/index.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAK1B,CAAC"}

package/dist/admin/endpoints/list-intents.d.ts

@@ -0,0 +1,22 @@
+import { z } from "@86d-app/core";
+export declare const listIntents: import("better-call").StrictEndpoint<"/admin/payments", {
+    method: "GET";
+    query: z.ZodObject<{
+        customerId: z.ZodOptional<z.ZodString>;
+        status: z.ZodOptional<z.ZodEnum<{
+            pending: "pending";
+            processing: "processing";
+            succeeded: "succeeded";
+            failed: "failed";
+            cancelled: "cancelled";
+            refunded: "refunded";
+        }>>;
+        orderId: z.ZodOptional<z.ZodString>;
+        take: z.ZodOptional<z.ZodCoercedNumber<unknown>>;
+        skip: z.ZodOptional<z.ZodCoercedNumber<unknown>>;
+    }, z.core.$strip>;
+}, {
+    intents: import("../..").PaymentIntent[];
+    total: number;
+}>;
+//# sourceMappingURL=list-intents.d.ts.map

package/dist/admin/endpoints/list-intents.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"list-intents.d.ts","sourceRoot":"","sources":["../../../src/admin/endpoints/list-intents.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuB,CAAC,EAAE,MAAM,eAAe,CAAC;AAGvD,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;EAgCvB,CAAC"}

package/dist/admin/endpoints/list-refunds.d.ts

@@ -0,0 +1,10 @@
+import { z } from "@86d-app/core";
+export declare const listRefunds: import("better-call").StrictEndpoint<"/admin/payments/:id/refunds", {
+    method: "GET";
+    params: z.ZodObject<{
+        id: z.ZodString;
+    }, z.core.$strip>;
+}, {
+    refunds: import("../..").Refund[];
+}>;
+//# sourceMappingURL=list-refunds.d.ts.map

package/dist/admin/endpoints/list-refunds.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"list-refunds.d.ts","sourceRoot":"","sources":["../../../src/admin/endpoints/list-refunds.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuB,CAAC,EAAE,MAAM,eAAe,CAAC;AAGvD,eAAO,MAAM,WAAW;;;;;;;EAWvB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,11 @@
+import type { Module } from "@86d-app/core";
+import type { PaymentProvider } from "./service";
+export type { PaymentController, PaymentIntent, PaymentIntentStatus, PaymentMethod, PaymentProvider, ProviderIntentResult, ProviderRefundResult, Refund, RefundStatus, } from "./service";
+export interface PaymentsOptions {
+    /** Default currency for payment intents */
+    currency?: string;
+    /** Payment provider implementation (e.g. StripePaymentProvider) */
+    provider?: PaymentProvider;
+}
+export default function payments(options?: PaymentsOptions): Module;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAiB,MAAM,eAAe,CAAC;AAG3D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAIjD,YAAY,EACX,iBAAiB,EACjB,aAAa,EACb,mBAAmB,EACnB,aAAa,EACb,eAAe,EACf,oBAAoB,EACpB,oBAAoB,EACpB,MAAM,EACN,YAAY,GACZ,MAAM,WAAW,CAAC;AAEnB,MAAM,WAAW,eAAe;IAC/B,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,mEAAmE;IACnE,QAAQ,CAAC,EAAE,eAAe,CAAC;CAC3B;AAED,MAAM,CAAC,OAAO,UAAU,QAAQ,CAAC,OAAO,CAAC,EAAE,eAAe,GAAG,MAAM,CA+BlE"}

package/dist/schema.d.ts

@@ -0,0 +1,169 @@
+export declare const paymentsSchema: {
+    paymentIntent: {
+        fields: {
+            id: {
+                type: "string";
+                required: true;
+            };
+            /** Provider-assigned intent ID (e.g. Stripe's pi_xxx) */
+            providerIntentId: {
+                type: "string";
+                required: false;
+            };
+            customerId: {
+                type: "string";
+                required: false;
+            };
+            email: {
+                type: "string";
+                required: false;
+            };
+            /** Amount in smallest currency unit (e.g. cents) */
+            amount: {
+                type: "number";
+                required: true;
+            };
+            currency: {
+                type: "string";
+                required: true;
+                defaultValue: string;
+            };
+            status: {
+                type: ("pending" | "processing" | "succeeded" | "failed" | "cancelled" | "refunded")[];
+                required: true;
+                defaultValue: string;
+            };
+            paymentMethodId: {
+                type: "string";
+                required: false;
+            };
+            orderId: {
+                type: "string";
+                required: false;
+            };
+            checkoutSessionId: {
+                type: "string";
+                required: false;
+            };
+            metadata: {
+                type: "json";
+                required: false;
+                defaultValue: {};
+            };
+            providerMetadata: {
+                type: "json";
+                required: false;
+                defaultValue: {};
+            };
+            createdAt: {
+                type: "date";
+                required: true;
+                defaultValue: () => Date;
+            };
+            updatedAt: {
+                type: "date";
+                required: true;
+                defaultValue: () => Date;
+                onUpdate: () => Date;
+            };
+        };
+    };
+    paymentMethod: {
+        fields: {
+            id: {
+                type: "string";
+                required: true;
+            };
+            customerId: {
+                type: "string";
+                required: true;
+            };
+            /** Provider-assigned method ID (e.g. Stripe's pm_xxx) */
+            providerMethodId: {
+                type: "string";
+                required: true;
+            };
+            /** card | bank_transfer | wallet */
+            type: {
+                type: "string";
+                required: true;
+                defaultValue: string;
+            };
+            last4: {
+                type: "string";
+                required: false;
+            };
+            brand: {
+                type: "string";
+                required: false;
+            };
+            expiryMonth: {
+                type: "number";
+                required: false;
+            };
+            expiryYear: {
+                type: "number";
+                required: false;
+            };
+            isDefault: {
+                type: "boolean";
+                required: true;
+                defaultValue: false;
+            };
+            createdAt: {
+                type: "date";
+                required: true;
+                defaultValue: () => Date;
+            };
+            updatedAt: {
+                type: "date";
+                required: true;
+                defaultValue: () => Date;
+                onUpdate: () => Date;
+            };
+        };
+    };
+    refund: {
+        fields: {
+            id: {
+                type: "string";
+                required: true;
+            };
+            paymentIntentId: {
+                type: "string";
+                required: true;
+            };
+            /** Provider-assigned refund ID */
+            providerRefundId: {
+                type: "string";
+                required: true;
+            };
+            /** Refund amount in smallest currency unit */
+            amount: {
+                type: "number";
+                required: true;
+            };
+            reason: {
+                type: "string";
+                required: false;
+            };
+            status: {
+                type: ("pending" | "succeeded" | "failed")[];
+                required: true;
+                defaultValue: string;
+            };
+            createdAt: {
+                type: "date";
+                required: true;
+                defaultValue: () => Date;
+            };
+            updatedAt: {
+                type: "date";
+                required: true;
+                defaultValue: () => Date;
+                onUpdate: () => Date;
+            };
+        };
+    };
+};
+//# sourceMappingURL=schema.d.ts.map

package/dist/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,cAAc;;;;;;;YAIxB,yDAAyD;;;;;;;;;;;;;YAIzD,oDAAoD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAqCpD,yDAAyD;;;;;YAEzD,oCAAoC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;YAwBpC,kCAAkC;;;;;YAElC,8CAA8C;;;;;;;;;;;;;;;;;;;;;;;;;;;CAqBzB,CAAC"}

package/dist/service-impl.d.ts

@@ -0,0 +1,4 @@
+import type { ModuleDataService } from "@86d-app/core";
+import type { PaymentController, PaymentProvider } from "./service";
+export declare function createPaymentController(data: ModuleDataService, provider?: PaymentProvider): PaymentController;
+//# sourceMappingURL=service-impl.d.ts.map

package/dist/service-impl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"service-impl.d.ts","sourceRoot":"","sources":["../src/service-impl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AACvD,OAAO,KAAK,EACX,iBAAiB,EAIjB,eAAe,EAEf,MAAM,WAAW,CAAC;AAEnB,wBAAgB,uBAAuB,CACtC,IAAI,EAAE,iBAAiB,EACvB,QAAQ,CAAC,EAAE,eAAe,GACxB,iBAAiB,CAyXnB"}