@lunora/payment 1.0.0-alpha.10 → 1.0.0-alpha.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.mjs CHANGED
@@ -6,8 +6,8 @@ export { entitlementsForReference, featureNames, hasActivePrice, resolveEntitlem
6
6
  export { LunoraPaymentError } from './packem_shared/LunoraPaymentError-B3hEzXSs.mjs';
7
7
  export { default as idempotencyKey } from './packem_shared/idempotencyKey-BFzDCA7g.mjs';
8
8
  export { addMoney, allocateMoney, compareMoney, formatMoney, fromMoneyJSON, isZeroDecimalCurrency, isZeroMoney, money, subtractMoney, toMoneyJSON, zeroMoney } from './packem_shared/addMoney-bCcs1nyw.mjs';
9
- export { createPolarAdapter } from './packem_shared/createPolarAdapter-BJtVGSlF.mjs';
10
- export { createStripeAdapter } from './packem_shared/createStripeAdapter-D40MVBXg.mjs';
9
+ export { createPolarAdapter } from './packem_shared/createPolarAdapter-CgErk9zo.mjs';
10
+ export { createStripeAdapter } from './packem_shared/createStripeAdapter-oDvMhpeX.mjs';
11
11
  export { reconcile } from './packem_shared/reconcile-CI1ukJF9.mjs';
12
12
  export { default as paymentTables } from './packem_shared/paymentTables-DccHwWr_.mjs';
13
13
  export { PAYMENT_TERMINAL_STATES, SUBSCRIPTION_TERMINAL_STATES, canTransitionPayment, canTransitionSubscription, nextPaymentState, nextSubscriptionState } from './packem_shared/PAYMENT_TERMINAL_STATES-DrxV0clv.mjs';
@@ -12,7 +12,10 @@ const PAYMENT_STATE_BY_POLAR_ORDER_STATUS = {
12
12
  const SUBSCRIPTION_STATE_BY_POLAR_STATUS = {
13
13
  active: "active",
14
14
  canceled: "canceled",
15
- incomplete: "trialing",
15
+ // SECURITY: `incomplete` (first payment not completed) must not map to an
16
+ // entitling state — see the equivalent note in the Stripe adapter. Treat it as
17
+ // non-entitling `past_due`; reserve `trialing` for a genuine trial.
18
+ incomplete: "past_due",
16
19
  incomplete_expired: "canceled",
17
20
  past_due: "past_due",
18
21
  trialing: "trialing",
@@ -15,7 +15,14 @@ const PAYMENT_STATE_BY_STRIPE_STATUS = {
15
15
  const SUBSCRIPTION_STATE_BY_STRIPE_STATUS = {
16
16
  active: "active",
17
17
  canceled: "canceled",
18
- incomplete: "trialing",
18
+ // SECURITY: `incomplete` means the FIRST payment has not succeeded (SCA
19
+ // `requires_action` or a failed initial charge). It must NOT map to an
20
+ // entitling state — Stripe's recommended `payment_behavior: "default_incomplete"`
21
+ // makes `incomplete` the initial status of every new subscription, so mapping
22
+ // it to `trialing` (which is in ACTIVE_STATES) would grant paid entitlements
23
+ // before any payment. Reserve `trialing` for a genuine Stripe trial (status
24
+ // `trialing`, mapped below); treat `incomplete` as non-entitling `past_due`.
25
+ incomplete: "past_due",
19
26
  incomplete_expired: "canceled",
20
27
  past_due: "past_due",
21
28
  paused: "paused",
@@ -102,12 +109,14 @@ const mapEvent = (eventId, eventType, object) => {
102
109
  }
103
110
  case "checkout.session.completed": {
104
111
  if (readString(object, "mode") === "subscription") {
112
+ const paymentStatus = readString(object, "payment_status");
113
+ const paid = paymentStatus === "paid" || paymentStatus === "no_payment_required";
105
114
  return {
106
115
  ...base,
107
116
  customerId: readString(object, "customer"),
108
117
  referenceId: readReferenceId(object),
109
118
  subscriptionId: readString(object, "subscription"),
110
- type: "subscription.active"
119
+ type: paid ? "subscription.active" : "subscription.updated"
111
120
  };
112
121
  }
113
122
  const amountTotal = readNumber(object, "amount_total");
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lunora/payment",
3
- "version": "1.0.0-alpha.10",
3
+ "version": "1.0.0-alpha.12",
4
4
  "description": "Provider-agnostic payments for Lunora: Stripe-first adapter, webhook sync, and subscription/payment state machine",
5
5
  "keywords": [
6
6
  "billing",
@@ -47,7 +47,7 @@
47
47
  "access": "public"
48
48
  },
49
49
  "dependencies": {
50
- "@lunora/server": "1.0.0-alpha.10",
50
+ "@lunora/server": "1.0.0-alpha.12",
51
51
  "@lunora/values": "1.0.0-alpha.3",
52
52
  "dinero.js": "2.0.2"
53
53
  },