@voyant-travel/finance 0.119.5

package/dist/routes-booking-billing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes-booking-billing.d.ts","sourceRoot":"","sources":["../src/routes-booking-billing.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAA;AAgB7C,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kEAsVpC,CAAA"}

package/dist/routes-booking-billing.js

@@ -0,0 +1,223 @@
+import { ActionLedgerIdempotencyConflictError } from "@voyant-travel/action-ledger";
+import { parseJsonBody } from "@voyant-travel/hono";
+import { Hono } from "hono";
+import { getActionLedgerRequestContext, getFinanceRouteRuntime } from "./routes-runtime.js";
+import { financeService, PaymentValidationError } from "./service.js";
+import { applyDefaultBookingPaymentPlanSchema, createPaymentSessionFromGuaranteeSchema, createPaymentSessionFromScheduleSchema, insertBookingGuaranteeSchema, insertBookingItemCommissionSchema, insertBookingItemTaxLineSchema, insertBookingPaymentScheduleSchema, updateBookingGuaranteeSchema, updateBookingItemCommissionSchema, updateBookingItemTaxLineSchema, updateBookingPaymentScheduleSchema, } from "./validation.js";
+export const financeBookingBillingRoutes = new Hono()
+    // ========================================================================
+    // Booking Payment Schedules
+    // ========================================================================
+    .get("/bookings/:bookingId/payment-schedules", async (c) => {
+    return c.json({
+        data: await financeService.listBookingPaymentSchedules(c.get("db"), c.req.param("bookingId")),
+    });
+})
+    .post("/bookings/:bookingId/payment-schedules", async (c) => {
+    try {
+        const runtime = getFinanceRouteRuntime(c);
+        const row = await financeService.createBookingPaymentSchedule(c.get("db"), c.req.param("bookingId"), await parseJsonBody(c, insertBookingPaymentScheduleSchema), {
+            eventBus: runtime?.eventBus,
+            actionLedgerContext: getActionLedgerRequestContext(c),
+            actionLedgerAuthorizationSource: "finance.booking_payment_schedule.route",
+        });
+        if (!row) {
+            return c.json({ error: "Booking not found" }, 404);
+        }
+        return c.json({ data: row }, 201);
+    }
+    catch (error) {
+        if (error instanceof PaymentValidationError) {
+            return c.json({ error: error.message, code: error.code, details: error.details }, error.status);
+        }
+        if (error instanceof ActionLedgerIdempotencyConflictError) {
+            return c.json({
+                error: error.message,
+                existingActionId: error.existingActionId,
+            }, 409);
+        }
+        throw error;
+    }
+})
+    .post("/bookings/:bookingId/payment-schedules/default-plan", async (c) => {
+    const runtime = getFinanceRouteRuntime(c);
+    const rows = await financeService.applyDefaultBookingPaymentPlan(c.get("db"), c.req.param("bookingId"), await parseJsonBody(c, applyDefaultBookingPaymentPlanSchema), {
+        eventBus: runtime?.eventBus,
+        actionLedgerContext: getActionLedgerRequestContext(c),
+        actionLedgerAuthorizationSource: "finance.booking_payment_schedule.default_plan.route",
+    });
+    if (!rows) {
+        return c.json({ error: "Booking not found" }, 404);
+    }
+    return c.json({ data: rows }, 201);
+})
+    .patch("/bookings/:bookingId/payment-schedules/:scheduleId", async (c) => {
+    try {
+        const runtime = getFinanceRouteRuntime(c);
+        const row = await financeService.updateBookingPaymentSchedule(c.get("db"), c.req.param("scheduleId"), await parseJsonBody(c, updateBookingPaymentScheduleSchema), {
+            eventBus: runtime?.eventBus,
+            actionLedgerContext: getActionLedgerRequestContext(c),
+            actionLedgerAuthorizationSource: "finance.booking_payment_schedule.route",
+        });
+        if (!row) {
+            return c.json({ error: "Payment schedule not found" }, 404);
+        }
+        return c.json({ data: row });
+    }
+    catch (error) {
+        if (error instanceof PaymentValidationError) {
+            return c.json({ error: error.message, code: error.code, details: error.details }, error.status);
+        }
+        throw error;
+    }
+})
+    .post("/bookings/:bookingId/payment-schedules/:scheduleId/payment-session", async (c) => {
+    try {
+        const runtime = getFinanceRouteRuntime(c);
+        const row = await financeService.createPaymentSessionFromBookingSchedule(c.get("db"), c.req.param("scheduleId"), await parseJsonBody(c, createPaymentSessionFromScheduleSchema), {
+            eventBus: runtime?.eventBus,
+            actionLedgerContext: getActionLedgerRequestContext(c),
+            actionLedgerAuthorizationSource: "finance.payment_session.route",
+        });
+        if (!row) {
+            return c.json({ error: "Payment schedule not found" }, 404);
+        }
+        return c.json({ data: row }, 201);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : "Unable to create payment session";
+        return c.json({ error: message }, 409);
+    }
+})
+    .delete("/bookings/:bookingId/payment-schedules/:scheduleId", async (c) => {
+    const runtime = getFinanceRouteRuntime(c);
+    const row = await financeService.deleteBookingPaymentSchedule(c.get("db"), c.req.param("scheduleId"), {
+        eventBus: runtime?.eventBus,
+        actionLedgerContext: getActionLedgerRequestContext(c),
+        actionLedgerAuthorizationSource: "finance.booking_payment_schedule.route",
+    });
+    if (!row) {
+        return c.json({ error: "Payment schedule not found" }, 404);
+    }
+    return c.json({ success: true }, 200);
+})
+    // ========================================================================
+    // Booking Guarantees
+    // ========================================================================
+    .get("/bookings/:bookingId/guarantees", async (c) => {
+    return c.json({
+        data: await financeService.listBookingGuarantees(c.get("db"), c.req.param("bookingId")),
+    });
+})
+    .post("/bookings/:bookingId/guarantees", async (c) => {
+    const runtime = getFinanceRouteRuntime(c);
+    const row = await financeService.createBookingGuarantee(c.get("db"), c.req.param("bookingId"), await parseJsonBody(c, insertBookingGuaranteeSchema), {
+        eventBus: runtime?.eventBus,
+        actionLedgerContext: getActionLedgerRequestContext(c),
+        actionLedgerAuthorizationSource: "finance.booking_guarantee.route",
+    });
+    if (!row) {
+        return c.json({ error: "Booking not found" }, 404);
+    }
+    return c.json({ data: row }, 201);
+})
+    .post("/bookings/:bookingId/guarantees/:guaranteeId/payment-session", async (c) => {
+    try {
+        const runtime = getFinanceRouteRuntime(c);
+        const row = await financeService.createPaymentSessionFromBookingGuarantee(c.get("db"), c.req.param("guaranteeId"), await parseJsonBody(c, createPaymentSessionFromGuaranteeSchema), {
+            eventBus: runtime?.eventBus,
+            actionLedgerContext: getActionLedgerRequestContext(c),
+            actionLedgerAuthorizationSource: "finance.payment_session.route",
+        });
+        if (!row) {
+            return c.json({ error: "Booking guarantee not found" }, 404);
+        }
+        return c.json({ data: row }, 201);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : "Unable to create payment session";
+        return c.json({ error: message }, 409);
+    }
+})
+    .patch("/bookings/:bookingId/guarantees/:guaranteeId", async (c) => {
+    const runtime = getFinanceRouteRuntime(c);
+    const row = await financeService.updateBookingGuarantee(c.get("db"), c.req.param("guaranteeId"), await parseJsonBody(c, updateBookingGuaranteeSchema), {
+        eventBus: runtime?.eventBus,
+        actionLedgerContext: getActionLedgerRequestContext(c),
+        actionLedgerAuthorizationSource: "finance.booking_guarantee.route",
+    });
+    if (!row) {
+        return c.json({ error: "Booking guarantee not found" }, 404);
+    }
+    return c.json({ data: row });
+})
+    .delete("/bookings/:bookingId/guarantees/:guaranteeId", async (c) => {
+    const runtime = getFinanceRouteRuntime(c);
+    const row = await financeService.deleteBookingGuarantee(c.get("db"), c.req.param("guaranteeId"), {
+        eventBus: runtime?.eventBus,
+        actionLedgerContext: getActionLedgerRequestContext(c),
+        actionLedgerAuthorizationSource: "finance.booking_guarantee.route",
+    });
+    if (!row) {
+        return c.json({ error: "Booking guarantee not found" }, 404);
+    }
+    return c.json({ success: true }, 200);
+})
+    // ========================================================================
+    // Booking Item Taxes
+    // ========================================================================
+    .get("/booking-items/:bookingItemId/tax-lines", async (c) => {
+    return c.json({
+        data: await financeService.listBookingItemTaxLines(c.get("db"), c.req.param("bookingItemId")),
+    });
+})
+    .post("/booking-items/:bookingItemId/tax-lines", async (c) => {
+    const row = await financeService.createBookingItemTaxLine(c.get("db"), c.req.param("bookingItemId"), await parseJsonBody(c, insertBookingItemTaxLineSchema));
+    if (!row) {
+        return c.json({ error: "Booking item not found" }, 404);
+    }
+    return c.json({ data: row }, 201);
+})
+    .patch("/booking-items/:bookingItemId/tax-lines/:taxLineId", async (c) => {
+    const row = await financeService.updateBookingItemTaxLine(c.get("db"), c.req.param("taxLineId"), await parseJsonBody(c, updateBookingItemTaxLineSchema));
+    if (!row) {
+        return c.json({ error: "Booking item tax line not found" }, 404);
+    }
+    return c.json({ data: row });
+})
+    .delete("/booking-items/:bookingItemId/tax-lines/:taxLineId", async (c) => {
+    const row = await financeService.deleteBookingItemTaxLine(c.get("db"), c.req.param("taxLineId"));
+    if (!row) {
+        return c.json({ error: "Booking item tax line not found" }, 404);
+    }
+    return c.json({ success: true }, 200);
+})
+    // ========================================================================
+    // Booking Item Commissions
+    // ========================================================================
+    .get("/booking-items/:bookingItemId/commissions", async (c) => {
+    return c.json({
+        data: await financeService.listBookingItemCommissions(c.get("db"), c.req.param("bookingItemId")),
+    });
+})
+    .post("/booking-items/:bookingItemId/commissions", async (c) => {
+    const row = await financeService.createBookingItemCommission(c.get("db"), c.req.param("bookingItemId"), await parseJsonBody(c, insertBookingItemCommissionSchema));
+    if (!row) {
+        return c.json({ error: "Booking item not found" }, 404);
+    }
+    return c.json({ data: row }, 201);
+})
+    .patch("/booking-items/:bookingItemId/commissions/:commissionId", async (c) => {
+    const row = await financeService.updateBookingItemCommission(c.get("db"), c.req.param("commissionId"), await parseJsonBody(c, updateBookingItemCommissionSchema));
+    if (!row) {
+        return c.json({ error: "Booking item commission not found" }, 404);
+    }
+    return c.json({ data: row });
+})
+    .delete("/booking-items/:bookingItemId/commissions/:commissionId", async (c) => {
+    const row = await financeService.deleteBookingItemCommission(c.get("db"), c.req.param("commissionId"));
+    if (!row) {
+        return c.json({ error: "Booking item commission not found" }, 404);
+    }
+    return c.json({ success: true }, 200);
+});

package/dist/routes-booking-create.d.ts

@@ -0,0 +1,3 @@
+import type { HonoExtension } from "@voyant-travel/hono/module";
+export declare const bookingsCreateExtension: HonoExtension;
+//# sourceMappingURL=routes-booking-create.d.ts.map

package/dist/routes-booking-create.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes-booking-create.d.ts","sourceRoot":"","sources":["../src/routes-booking-create.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAA;AAwO/D,eAAO,MAAM,uBAAuB,EAAE,aAQrC,CAAA"}

package/dist/routes-booking-create.js

@@ -0,0 +1,194 @@
+import { parseJsonBody } from "@voyant-travel/hono";
+import { Hono } from "hono";
+import { FINANCE_ROUTE_RUNTIME_CONTAINER_KEY } from "./route-runtime.js";
+import { bookingCreateSchema, createBooking } from "./service-booking-create.js";
+import { dualCreateBooking, dualCreateBookingSchema } from "./service-bookings-dual-create.js";
+function resolveRuntime(container) {
+    try {
+        return container?.resolve(FINANCE_ROUTE_RUNTIME_CONTAINER_KEY);
+    }
+    catch {
+        return undefined;
+    }
+}
+function getBookingCreateActionLedgerRequestContext(c) {
+    const context = {
+        userId: c.get("userId") ?? null,
+        agentId: c.get("agentId") ?? null,
+        workflowPrincipalId: c.get("workflowPrincipalId") ?? null,
+        principalSubtype: c.get("principalSubtype") ?? null,
+        sessionId: c.get("sessionId") ?? null,
+        apiTokenId: c.get("apiTokenId") ?? c.get("apiKeyId") ?? null,
+        callerType: c.get("callerType") ?? null,
+        actor: c.get("actor") ?? null,
+        isInternalRequest: c.get("isInternalRequest") ?? false,
+        organizationId: c.get("organizationId") ?? null,
+        workflowRunId: c.get("workflowRunId") ?? null,
+        workflowStepId: c.get("workflowStepId") ?? null,
+        correlationId: c.req.header("x-correlation-id") ?? c.req.header("x-request-id") ?? null,
+    };
+    if (context.userId ||
+        context.agentId ||
+        context.workflowPrincipalId ||
+        context.apiTokenId ||
+        context.isInternalRequest) {
+        return context;
+    }
+    return undefined;
+}
+/**
+ * Mounted under `/v1/admin/bookings/*` via the extension's `module` target, so
+ * the endpoint's public-facing path lands at `POST /v1/admin/bookings/create`
+ * even though the code lives in `@voyant-travel/finance`. See the header comment in
+ * service-booking-create.ts for why finance owns this orchestration.
+ */
+const createBookingRoutes = new Hono()
+    .post("/create", async (c) => {
+    const input = await parseJsonBody(c, bookingCreateSchema);
+    const runtime = resolveRuntime(c.var.container);
+    const outcome = await createBooking(c.get("db"), input, {
+        userId: c.get("userId"),
+        runtime: {
+            ...(runtime ?? {}),
+            actionLedgerContext: getBookingCreateActionLedgerRequestContext(c),
+            actionLedgerAuthorizationSource: "booking.create.route",
+        },
+    });
+    switch (outcome.status) {
+        case "ok":
+            return c.json({ data: outcome.result }, 201);
+        case "invalid_payment_schedules":
+            return c.json({
+                error: "Invalid payment schedules",
+                issues: outcome.issues,
+            }, 400);
+        case "payload_resolver_mismatch":
+            return c.json({
+                error: "Booking payload does not match the resolved draft",
+                code: "payload_resolver_mismatch",
+                mismatches: outcome.mismatches,
+            }, 400);
+        case "room_occupancy_insufficient":
+            return c.json({
+                error: "Selected rooms cannot seat the booking party",
+                code: "room_occupancy_insufficient",
+                pax: outcome.pax,
+                occupancyMax: outcome.occupancyMax,
+                shortfall: outcome.shortfall,
+            }, 400);
+        case "duplicate_booking":
+            return c.json({
+                error: "Duplicate booking",
+                code: "duplicate_booking",
+                existingBookingId: outcome.existingBooking.id,
+                existingBookingNumber: outcome.existingBooking.bookingNumber,
+                existingBookingStatus: outcome.existingBooking.status,
+            }, 409);
+        case "product_not_found":
+            return c.json({ error: "Product not found or unavailable" }, 404);
+        case "voucher_not_found":
+            return c.json({ error: "Voucher not found" }, 404);
+        case "voucher_inactive":
+            return c.json({ error: "Voucher is not active" }, 409);
+        case "voucher_not_started":
+            return c.json({ error: "Voucher is not yet valid" }, 409);
+        case "voucher_expired":
+            return c.json({ error: "Voucher has expired" }, 409);
+        case "voucher_insufficient_balance":
+            return c.json({ error: "Voucher does not have enough balance" }, 409);
+        case "group_not_found":
+            return c.json({ error: "Booking group not found" }, 404);
+        case "booking_already_in_group":
+            return c.json({
+                error: "Booking is already a member of a group",
+                currentGroupId: outcome.currentGroupId,
+            }, 409);
+    }
+})
+    .post("/dual-create", async (c) => {
+    const input = await parseJsonBody(c, dualCreateBookingSchema);
+    const runtime = resolveRuntime(c.var.container);
+    const outcome = await dualCreateBooking(c.get("db"), input, {
+        userId: c.get("userId"),
+        runtime: {
+            ...(runtime ?? {}),
+            actionLedgerContext: getBookingCreateActionLedgerRequestContext(c),
+            actionLedgerAuthorizationSource: "booking.create.route",
+        },
+    });
+    if (outcome.status === "ok") {
+        return c.json({ data: outcome.result }, 201);
+    }
+    // Both failure branches carry a nested create reason. Map them to
+    // the same HTTP codes the single create endpoint uses so callers
+    // can treat them uniformly, and surface which sub-booking tripped.
+    const which = outcome.status === "primary_failed" ? "primary" : "secondary";
+    const reason = outcome.reason;
+    const body = { which, reasonStatus: reason.status };
+    switch (reason.status) {
+        case "invalid_payment_schedules":
+            return c.json({
+                ...body,
+                error: `${which}: invalid payment schedules`,
+                issues: reason.issues,
+            }, 400);
+        case "payload_resolver_mismatch":
+            return c.json({
+                ...body,
+                error: `${which}: booking payload does not match the resolved draft`,
+                code: "payload_resolver_mismatch",
+                mismatches: reason.mismatches,
+            }, 400);
+        case "room_occupancy_insufficient":
+            return c.json({
+                ...body,
+                error: `${which}: selected rooms cannot seat the booking party`,
+                code: "room_occupancy_insufficient",
+                pax: reason.pax,
+                occupancyMax: reason.occupancyMax,
+                shortfall: reason.shortfall,
+            }, 400);
+        case "duplicate_booking":
+            return c.json({
+                ...body,
+                error: `${which}: duplicate booking`,
+                code: "duplicate_booking",
+                existingBookingId: reason.existingBooking.id,
+                existingBookingNumber: reason.existingBooking.bookingNumber,
+                existingBookingStatus: reason.existingBooking.status,
+            }, 409);
+        case "product_not_found":
+            return c.json({ ...body, error: `${which}: product not found or unavailable` }, 404);
+        case "voucher_not_found":
+            return c.json({ ...body, error: `${which}: voucher not found` }, 404);
+        case "voucher_inactive":
+            return c.json({ ...body, error: `${which}: voucher is not active` }, 409);
+        case "voucher_not_started":
+            return c.json({ ...body, error: `${which}: voucher is not yet valid` }, 409);
+        case "voucher_expired":
+            return c.json({ ...body, error: `${which}: voucher has expired` }, 409);
+        case "voucher_insufficient_balance":
+            return c.json({ ...body, error: `${which}: voucher does not have enough balance` }, 409);
+        case "group_not_found":
+            return c.json({ ...body, error: `${which}: group linking failed` }, 500);
+        case "booking_already_in_group":
+            return c.json({
+                ...body,
+                error: `${which}: booking is already in a group`,
+                currentGroupId: reason.currentGroupId,
+            }, 409);
+    }
+});
+const bookingsCreateExtensionDef = {
+    name: "bookings-create",
+    module: "bookings",
+};
+export const bookingsCreateExtension = {
+    extension: bookingsCreateExtensionDef,
+    // Mount on both surfaces to mirror bookings' own module routes. The legacy
+    // `/v1/bookings/...` path is what existing bookings-react hooks hit; the
+    // `/v1/admin/bookings/...` path is staff-guarded and the forward-looking
+    // convention. Both serve the same handler.
+    adminRoutes: createBookingRoutes,
+    routes: createBookingRoutes,
+};

package/dist/routes-booking-reads.d.ts

@@ -0,0 +1,46 @@
+import type { Env } from "./routes-shared.js";
+export declare const financeBookingReadRoutes: import("hono/hono-base").HonoBase<Env, {
+    "/bookings/:bookingId/payments": {
+        $get: {
+            input: {
+                param: {
+                    bookingId: string;
+                };
+            };
+            output: {
+                error: string;
+            };
+            outputFormat: "json";
+            status: 404;
+        } | {
+            input: {
+                param: {
+                    bookingId: string;
+                };
+            };
+            output: {
+                data: {
+                    bookingId: string;
+                    payments: {
+                        id: string;
+                        invoiceId: string;
+                        invoiceNumber: string;
+                        invoiceType: "invoice" | "proforma" | "credit_note";
+                        status: "failed" | "pending" | "completed" | "refunded";
+                        paymentMethod: "other" | "bank_transfer" | "credit_card" | "voucher" | "debit_card" | "cash" | "cheque" | "wallet" | "direct_bill";
+                        amountCents: number;
+                        currency: string;
+                        baseCurrency: string | null;
+                        baseAmountCents: number | null;
+                        paymentDate: string;
+                        referenceNumber: string | null;
+                        notes: string | null;
+                    }[];
+                };
+            };
+            outputFormat: "json";
+            status: import("hono/utils/http-status").ContentfulStatusCode;
+        };
+    };
+}, "/", "/bookings/:bookingId/payments">;
+//# sourceMappingURL=routes-booking-reads.d.ts.map

package/dist/routes-booking-reads.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes-booking-reads.d.ts","sourceRoot":"","sources":["../src/routes-booking-reads.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAA;AAE7C,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;wCAsBjC,CAAA"}

package/dist/routes-booking-reads.js

@@ -0,0 +1,20 @@
+import { Hono } from "hono";
+export const financeBookingReadRoutes = new Hono()
+    // ========================================================================
+    // Booking-scoped reads (admin)
+    // ========================================================================
+    // Mirror the customer-portal's `/v1/public/finance/bookings/:bookingId/payments`
+    // endpoint on the admin surface. The admin actor guard
+    // (`requireActor("staff")`) blocks staff sessions from hitting the
+    // public path, but operators absolutely need to see the canonical
+    // `payments` rows on the booking detail page. This handler reuses
+    // the same publicFinanceService helper so the response shape is
+    // identical to the customer-portal flow.
+    .get("/bookings/:bookingId/payments", async (c) => {
+    const { publicFinanceService } = await import("./service-public.js");
+    const result = await publicFinanceService.getBookingPayments(c.get("db"), c.req.param("bookingId"));
+    if (!result) {
+        return c.json({ error: "Booking payments not found" }, 404);
+    }
+    return c.json({ data: result });
+});