@voyantjs/transactions 0.1.0

package/dist/routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAsCjE,KAAK,GAAG,GAAG;IACT,QAAQ,EAAE,OAAO,CAAC;QAChB,YAAY,EAAE,MAAM,CAAA;QACpB,WAAW,EAAE,MAAM,CAAA;QACnB,aAAa,EAAE,MAAM,CAAA;QACrB,cAAc,EAAE,MAAM,CAAA;QACtB,yBAAyB,EAAE,MAAM,CAAA;QACjC,eAAe,EAAE,MAAM,CAAA;QACvB,eAAe,EAAE,MAAM,CAAA;QACvB,gBAAgB,EAAE,MAAM,CAAA;QACxB,uBAAuB,EAAE,MAAM,CAAA;QAC/B,6BAA6B,EAAE,MAAM,CAAA;QACrC,UAAU,EAAE,MAAM,CAAA;QAClB,iBAAiB,EAAE,MAAM,CAAA;QACzB,qBAAqB,EAAE,MAAM,CAAA;QAC7B,iBAAiB,EAAE,MAAM,CAAA;QACzB,gBAAgB,EAAE,MAAM,CAAA;QACxB,qBAAqB,EAAE,MAAM,CAAA;QAC7B,2BAA2B,EAAE,MAAM,CAAA;KACpC,CAAC,CAAA;IACF,SAAS,EAAE;QACT,EAAE,EAAE,kBAAkB,CAAA;QACtB,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,KAAK,CAAC,EAAE,OAAO,GAAG,UAAU,GAAG,SAAS,GAAG,UAAU,CAAA;QACrD,UAAU,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAA;QAC/C,MAAM,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;QACxB,iBAAiB,CAAC,EAAE,OAAO,CAAA;QAC3B,uBAAuB,CAAC,EAAE,CAAC,IAAI,EAAE;YAC/B,EAAE,EAAE,kBAAkB,CAAA;YACtB,MAAM,CAAC,EAAE,MAAM,CAAA;YACf,KAAK,CAAC,EAAE,OAAO,GAAG,UAAU,GAAG,SAAS,GAAG,UAAU,CAAA;YACrD,UAAU,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAA;YAC/C,MAAM,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;YACxB,iBAAiB,CAAC,EAAE,OAAO,CAAA;YAC3B,eAAe,EAAE,OAAO,GAAG,OAAO,CAAA;YAClC,aAAa,EAAE,MAAM,CAAA;YACrB,QAAQ,EAAE,MAAM,CAAA;YAChB,MAAM,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAA;SACrC,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;KACjC,CAAA;CACF,CAAA;AAsHD,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2BAklB3B,CAAA;AAEJ,MAAM,MAAM,kBAAkB,GAAG,OAAO,kBAAkB,CAAA"}

package/dist/routes.js

@@ -0,0 +1,598 @@
+import { Hono } from "hono";
+import { createKmsProviderFromEnv } from "@voyantjs/utils";
+import { createTransactionPiiService } from "./pii.js";
+import { transactionPiiAccessLog } from "./schema.js";
+import { transactionsService } from "./service.js";
+import { insertOfferItemParticipantSchema, insertOfferItemSchema, insertOfferParticipantSchema, insertOfferSchema, insertOrderItemParticipantSchema, insertOrderItemSchema, insertOrderParticipantSchema, insertOrderSchema, insertOrderTermSchema, offerItemListQuerySchema, offerItemParticipantListQuerySchema, offerListQuerySchema, offerParticipantListQuerySchema, orderItemListQuerySchema, orderItemParticipantListQuerySchema, orderListQuerySchema, orderParticipantListQuerySchema, orderTermListQuerySchema, updateOfferItemParticipantSchema, updateOfferItemSchema, updateOfferParticipantSchema, updateOfferSchema, updateOrderItemParticipantSchema, updateOrderItemSchema, updateOrderParticipantSchema, updateOrderSchema, updateOrderTermSchema, } from "./validation.js";
+function getRuntimeEnv(c) {
+    const processEnv = globalThis.process?.env ?? {};
+    return {
+        ...processEnv,
+        ...(c.env ?? {}),
+    };
+}
+function hasPiiScope(scopes, action) {
+    if (!scopes || scopes.length === 0) {
+        return false;
+    }
+    return (scopes.includes("*") ||
+        scopes.includes("transactions-pii:*") ||
+        scopes.includes(`transactions-pii:${action}`));
+}
+function hasParticipantIdentityInput(body) {
+    return "dateOfBirth" in body || "nationality" in body;
+}
+async function logTransactionPiiAccess(c, input) {
+    await c.get("db").insert(transactionPiiAccessLog).values({
+        participantKind: input.participantKind,
+        parentId: input.parentId ?? null,
+        participantId: input.participantId ?? null,
+        actorId: c.get("userId") ?? null,
+        actorType: c.get("actor") ?? null,
+        callerType: c.get("callerType") ?? null,
+        action: input.action,
+        outcome: input.outcome,
+        reason: input.reason ?? null,
+        metadata: input.metadata ?? null,
+    });
+}
+async function authorizeTransactionPiiAccess(c, input) {
+    if (c.get("isInternalRequest")) {
+        return { allowed: true };
+    }
+    const userId = c.get("userId");
+    if (!userId) {
+        await logTransactionPiiAccess(c, {
+            ...input,
+            outcome: "denied",
+            reason: "missing_user",
+        });
+        return { allowed: false, response: c.json({ error: "Unauthorized" }, 401) };
+    }
+    const customAuthorizer = c.get("authorizeTransactionPii");
+    if (customAuthorizer) {
+        const allowed = await customAuthorizer({
+            db: c.get("db"),
+            userId,
+            actor: c.get("actor"),
+            callerType: c.get("callerType"),
+            scopes: c.get("scopes"),
+            isInternalRequest: c.get("isInternalRequest"),
+            ...input,
+        });
+        if (!allowed) {
+            await logTransactionPiiAccess(c, {
+                ...input,
+                outcome: "denied",
+                reason: "custom_policy_denied",
+            });
+            return { allowed: false, response: c.json({ error: "Forbidden" }, 403) };
+        }
+        return { allowed: true };
+    }
+    const allowed = hasPiiScope(c.get("scopes"), input.action) || c.get("actor") === "staff";
+    if (!allowed) {
+        await logTransactionPiiAccess(c, {
+            ...input,
+            outcome: "denied",
+            reason: "insufficient_scope",
+            metadata: { actor: c.get("actor") ?? null },
+        });
+        return { allowed: false, response: c.json({ error: "Forbidden" }, 403) };
+    }
+    return { allowed: true };
+}
+export const transactionsRoutes = new Hono()
+    .get("/offers", async (c) => {
+    const query = offerListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
+    return c.json(await transactionsService.listOffers(c.get("db"), query));
+})
+    .post("/offers", async (c) => {
+    return c.json({
+        data: await transactionsService.createOffer(c.get("db"), insertOfferSchema.parse(await c.req.json())),
+    }, 201);
+})
+    .get("/offers/:id", async (c) => {
+    const row = await transactionsService.getOfferById(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Offer not found" }, 404);
+    return c.json({ data: row });
+})
+    .patch("/offers/:id", async (c) => {
+    const row = await transactionsService.updateOffer(c.get("db"), c.req.param("id"), updateOfferSchema.parse(await c.req.json()));
+    if (!row)
+        return c.json({ error: "Offer not found" }, 404);
+    return c.json({ data: row });
+})
+    .delete("/offers/:id", async (c) => {
+    const row = await transactionsService.deleteOffer(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Offer not found" }, 404);
+    return c.json({ success: true });
+})
+    .get("/offer-participants", async (c) => {
+    const query = offerParticipantListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
+    return c.json(await transactionsService.listOfferParticipants(c.get("db"), query));
+})
+    .post("/offer-participants", async (c) => {
+    const payload = insertOfferParticipantSchema.parse(await c.req.json());
+    return c.json({
+        data: await (async () => {
+            const row = await transactionsService.createOfferParticipant(c.get("db"), payload);
+            if (!row)
+                return row;
+            if (hasParticipantIdentityInput(payload)) {
+                const pii = createTransactionPiiService({
+                    kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
+                    onAudit: async (event) => {
+                        await logTransactionPiiAccess(c, {
+                            participantKind: event.participantKind,
+                            parentId: row.offerId,
+                            participantId: event.participantId,
+                            action: event.action,
+                            outcome: "allowed",
+                        });
+                    },
+                });
+                await pii.upsertParticipantIdentity(c.get("db"), "offer", row.id, payload, c.get("userId"));
+                return transactionsService.getOfferParticipantById(c.get("db"), row.id);
+            }
+            return row;
+        })(),
+    }, 201);
+})
+    .get("/offer-participants/:id", async (c) => {
+    const row = await transactionsService.getOfferParticipantById(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Offer participant not found" }, 404);
+    return c.json({ data: row });
+})
+    .patch("/offer-participants/:id", async (c) => {
+    const payload = updateOfferParticipantSchema.parse(await c.req.json());
+    const row = await transactionsService.updateOfferParticipant(c.get("db"), c.req.param("id"), payload);
+    if (!row)
+        return c.json({ error: "Offer participant not found" }, 404);
+    if (hasParticipantIdentityInput(payload)) {
+        const pii = createTransactionPiiService({
+            kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
+            onAudit: async (event) => {
+                await logTransactionPiiAccess(c, {
+                    participantKind: event.participantKind,
+                    parentId: row.offerId,
+                    participantId: event.participantId,
+                    action: event.action,
+                    outcome: "allowed",
+                });
+            },
+        });
+        await pii.upsertParticipantIdentity(c.get("db"), "offer", row.id, payload, c.get("userId"));
+        return c.json({ data: await transactionsService.getOfferParticipantById(c.get("db"), row.id) });
+    }
+    return c.json({ data: row });
+})
+    .get("/offer-participants/:id/travel-details", async (c) => {
+    const participant = await transactionsService.getOfferParticipantById(c.get("db"), c.req.param("id"));
+    if (!participant)
+        return c.json({ error: "Offer participant not found" }, 404);
+    const auth = await authorizeTransactionPiiAccess(c, {
+        participantKind: "offer",
+        participantId: participant.id,
+        parentId: participant.offerId,
+        action: "read",
+    });
+    if (!auth.allowed)
+        return auth.response;
+    const pii = createTransactionPiiService({
+        kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
+        onAudit: async (event) => {
+            await logTransactionPiiAccess(c, {
+                participantKind: event.participantKind,
+                parentId: participant.offerId,
+                participantId: event.participantId,
+                action: event.action,
+                outcome: "allowed",
+            });
+        },
+    });
+    const row = await pii.getParticipantIdentity(c.get("db"), "offer", participant.id, c.get("userId"));
+    if (!row) {
+        await logTransactionPiiAccess(c, {
+            participantKind: "offer",
+            parentId: participant.offerId,
+            participantId: participant.id,
+            action: "read",
+            outcome: "denied",
+            reason: "travel_details_not_found",
+        });
+        return c.json({ error: "Offer participant travel details not found" }, 404);
+    }
+    return c.json({ data: row });
+})
+    .patch("/offer-participants/:id/travel-details", async (c) => {
+    const participant = await transactionsService.getOfferParticipantById(c.get("db"), c.req.param("id"));
+    if (!participant)
+        return c.json({ error: "Offer participant not found" }, 404);
+    const auth = await authorizeTransactionPiiAccess(c, {
+        participantKind: "offer",
+        participantId: participant.id,
+        parentId: participant.offerId,
+        action: "update",
+    });
+    if (!auth.allowed)
+        return auth.response;
+    const pii = createTransactionPiiService({
+        kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
+        onAudit: async (event) => {
+            await logTransactionPiiAccess(c, {
+                participantKind: event.participantKind,
+                parentId: participant.offerId,
+                participantId: event.participantId,
+                action: event.action,
+                outcome: "allowed",
+            });
+        },
+    });
+    const row = await pii.upsertParticipantIdentity(c.get("db"), "offer", participant.id, updateOfferParticipantSchema.parse(await c.req.json()), c.get("userId"));
+    if (!row)
+        return c.json({ error: "Offer participant not found" }, 404);
+    return c.json({ data: row });
+})
+    .delete("/offer-participants/:id/travel-details", async (c) => {
+    const participant = await transactionsService.getOfferParticipantById(c.get("db"), c.req.param("id"));
+    if (!participant)
+        return c.json({ error: "Offer participant not found" }, 404);
+    const auth = await authorizeTransactionPiiAccess(c, {
+        participantKind: "offer",
+        participantId: participant.id,
+        parentId: participant.offerId,
+        action: "delete",
+    });
+    if (!auth.allowed)
+        return auth.response;
+    const pii = createTransactionPiiService({
+        kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
+        onAudit: async (event) => {
+            await logTransactionPiiAccess(c, {
+                participantKind: event.participantKind,
+                parentId: participant.offerId,
+                participantId: event.participantId,
+                action: event.action,
+                outcome: "allowed",
+            });
+        },
+    });
+    const row = await pii.deleteParticipantIdentity(c.get("db"), "offer", participant.id, c.get("userId"));
+    if (!row)
+        return c.json({ error: "Offer participant travel details not found" }, 404);
+    return c.json({ success: true });
+})
+    .delete("/offer-participants/:id", async (c) => {
+    const row = await transactionsService.deleteOfferParticipant(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Offer participant not found" }, 404);
+    return c.json({ success: true });
+})
+    .get("/offer-items", async (c) => {
+    const query = offerItemListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
+    return c.json(await transactionsService.listOfferItems(c.get("db"), query));
+})
+    .post("/offer-items", async (c) => {
+    return c.json({
+        data: await transactionsService.createOfferItem(c.get("db"), insertOfferItemSchema.parse(await c.req.json())),
+    }, 201);
+})
+    .get("/offer-items/:id", async (c) => {
+    const row = await transactionsService.getOfferItemById(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Offer item not found" }, 404);
+    return c.json({ data: row });
+})
+    .patch("/offer-items/:id", async (c) => {
+    const row = await transactionsService.updateOfferItem(c.get("db"), c.req.param("id"), updateOfferItemSchema.parse(await c.req.json()));
+    if (!row)
+        return c.json({ error: "Offer item not found" }, 404);
+    return c.json({ data: row });
+})
+    .delete("/offer-items/:id", async (c) => {
+    const row = await transactionsService.deleteOfferItem(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Offer item not found" }, 404);
+    return c.json({ success: true });
+})
+    .get("/offer-item-participants", async (c) => {
+    const query = offerItemParticipantListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
+    return c.json(await transactionsService.listOfferItemParticipants(c.get("db"), query));
+})
+    .post("/offer-item-participants", async (c) => {
+    return c.json({
+        data: await transactionsService.createOfferItemParticipant(c.get("db"), insertOfferItemParticipantSchema.parse(await c.req.json())),
+    }, 201);
+})
+    .get("/offer-item-participants/:id", async (c) => {
+    const row = await transactionsService.getOfferItemParticipantById(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Offer item participant not found" }, 404);
+    return c.json({ data: row });
+})
+    .patch("/offer-item-participants/:id", async (c) => {
+    const row = await transactionsService.updateOfferItemParticipant(c.get("db"), c.req.param("id"), updateOfferItemParticipantSchema.parse(await c.req.json()));
+    if (!row)
+        return c.json({ error: "Offer item participant not found" }, 404);
+    return c.json({ data: row });
+})
+    .delete("/offer-item-participants/:id", async (c) => {
+    const row = await transactionsService.deleteOfferItemParticipant(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Offer item participant not found" }, 404);
+    return c.json({ success: true });
+})
+    .get("/orders", async (c) => {
+    const query = orderListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
+    return c.json(await transactionsService.listOrders(c.get("db"), query));
+})
+    .post("/orders", async (c) => {
+    return c.json({
+        data: await transactionsService.createOrder(c.get("db"), insertOrderSchema.parse(await c.req.json())),
+    }, 201);
+})
+    .get("/orders/:id", async (c) => {
+    const row = await transactionsService.getOrderById(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Order not found" }, 404);
+    return c.json({ data: row });
+})
+    .patch("/orders/:id", async (c) => {
+    const row = await transactionsService.updateOrder(c.get("db"), c.req.param("id"), updateOrderSchema.parse(await c.req.json()));
+    if (!row)
+        return c.json({ error: "Order not found" }, 404);
+    return c.json({ data: row });
+})
+    .delete("/orders/:id", async (c) => {
+    const row = await transactionsService.deleteOrder(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Order not found" }, 404);
+    return c.json({ success: true });
+})
+    .get("/order-participants", async (c) => {
+    const query = orderParticipantListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
+    return c.json(await transactionsService.listOrderParticipants(c.get("db"), query));
+})
+    .post("/order-participants", async (c) => {
+    const payload = insertOrderParticipantSchema.parse(await c.req.json());
+    return c.json({
+        data: await (async () => {
+            const row = await transactionsService.createOrderParticipant(c.get("db"), payload);
+            if (!row)
+                return row;
+            if (hasParticipantIdentityInput(payload)) {
+                const pii = createTransactionPiiService({
+                    kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
+                    onAudit: async (event) => {
+                        await logTransactionPiiAccess(c, {
+                            participantKind: event.participantKind,
+                            parentId: row.orderId,
+                            participantId: event.participantId,
+                            action: event.action,
+                            outcome: "allowed",
+                        });
+                    },
+                });
+                await pii.upsertParticipantIdentity(c.get("db"), "order", row.id, payload, c.get("userId"));
+                return transactionsService.getOrderParticipantById(c.get("db"), row.id);
+            }
+            return row;
+        })(),
+    }, 201);
+})
+    .get("/order-participants/:id", async (c) => {
+    const row = await transactionsService.getOrderParticipantById(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Order participant not found" }, 404);
+    return c.json({ data: row });
+})
+    .patch("/order-participants/:id", async (c) => {
+    const payload = updateOrderParticipantSchema.parse(await c.req.json());
+    const row = await transactionsService.updateOrderParticipant(c.get("db"), c.req.param("id"), payload);
+    if (!row)
+        return c.json({ error: "Order participant not found" }, 404);
+    if (hasParticipantIdentityInput(payload)) {
+        const pii = createTransactionPiiService({
+            kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
+            onAudit: async (event) => {
+                await logTransactionPiiAccess(c, {
+                    participantKind: event.participantKind,
+                    parentId: row.orderId,
+                    participantId: event.participantId,
+                    action: event.action,
+                    outcome: "allowed",
+                });
+            },
+        });
+        await pii.upsertParticipantIdentity(c.get("db"), "order", row.id, payload, c.get("userId"));
+        return c.json({ data: await transactionsService.getOrderParticipantById(c.get("db"), row.id) });
+    }
+    return c.json({ data: row });
+})
+    .get("/order-participants/:id/travel-details", async (c) => {
+    const participant = await transactionsService.getOrderParticipantById(c.get("db"), c.req.param("id"));
+    if (!participant)
+        return c.json({ error: "Order participant not found" }, 404);
+    const auth = await authorizeTransactionPiiAccess(c, {
+        participantKind: "order",
+        participantId: participant.id,
+        parentId: participant.orderId,
+        action: "read",
+    });
+    if (!auth.allowed)
+        return auth.response;
+    const pii = createTransactionPiiService({
+        kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
+        onAudit: async (event) => {
+            await logTransactionPiiAccess(c, {
+                participantKind: event.participantKind,
+                parentId: participant.orderId,
+                participantId: event.participantId,
+                action: event.action,
+                outcome: "allowed",
+            });
+        },
+    });
+    const row = await pii.getParticipantIdentity(c.get("db"), "order", participant.id, c.get("userId"));
+    if (!row) {
+        await logTransactionPiiAccess(c, {
+            participantKind: "order",
+            parentId: participant.orderId,
+            participantId: participant.id,
+            action: "read",
+            outcome: "denied",
+            reason: "travel_details_not_found",
+        });
+        return c.json({ error: "Order participant travel details not found" }, 404);
+    }
+    return c.json({ data: row });
+})
+    .patch("/order-participants/:id/travel-details", async (c) => {
+    const participant = await transactionsService.getOrderParticipantById(c.get("db"), c.req.param("id"));
+    if (!participant)
+        return c.json({ error: "Order participant not found" }, 404);
+    const auth = await authorizeTransactionPiiAccess(c, {
+        participantKind: "order",
+        participantId: participant.id,
+        parentId: participant.orderId,
+        action: "update",
+    });
+    if (!auth.allowed)
+        return auth.response;
+    const pii = createTransactionPiiService({
+        kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
+        onAudit: async (event) => {
+            await logTransactionPiiAccess(c, {
+                participantKind: event.participantKind,
+                parentId: participant.orderId,
+                participantId: event.participantId,
+                action: event.action,
+                outcome: "allowed",
+            });
+        },
+    });
+    const row = await pii.upsertParticipantIdentity(c.get("db"), "order", participant.id, updateOrderParticipantSchema.parse(await c.req.json()), c.get("userId"));
+    if (!row)
+        return c.json({ error: "Order participant not found" }, 404);
+    return c.json({ data: row });
+})
+    .delete("/order-participants/:id/travel-details", async (c) => {
+    const participant = await transactionsService.getOrderParticipantById(c.get("db"), c.req.param("id"));
+    if (!participant)
+        return c.json({ error: "Order participant not found" }, 404);
+    const auth = await authorizeTransactionPiiAccess(c, {
+        participantKind: "order",
+        participantId: participant.id,
+        parentId: participant.orderId,
+        action: "delete",
+    });
+    if (!auth.allowed)
+        return auth.response;
+    const pii = createTransactionPiiService({
+        kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
+        onAudit: async (event) => {
+            await logTransactionPiiAccess(c, {
+                participantKind: event.participantKind,
+                parentId: participant.orderId,
+                participantId: event.participantId,
+                action: event.action,
+                outcome: "allowed",
+            });
+        },
+    });
+    const row = await pii.deleteParticipantIdentity(c.get("db"), "order", participant.id, c.get("userId"));
+    if (!row)
+        return c.json({ error: "Order participant travel details not found" }, 404);
+    return c.json({ success: true });
+})
+    .delete("/order-participants/:id", async (c) => {
+    const row = await transactionsService.deleteOrderParticipant(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Order participant not found" }, 404);
+    return c.json({ success: true });
+})
+    .get("/order-items", async (c) => {
+    const query = orderItemListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
+    return c.json(await transactionsService.listOrderItems(c.get("db"), query));
+})
+    .post("/order-items", async (c) => {
+    return c.json({
+        data: await transactionsService.createOrderItem(c.get("db"), insertOrderItemSchema.parse(await c.req.json())),
+    }, 201);
+})
+    .get("/order-items/:id", async (c) => {
+    const row = await transactionsService.getOrderItemById(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Order item not found" }, 404);
+    return c.json({ data: row });
+})
+    .patch("/order-items/:id", async (c) => {
+    const row = await transactionsService.updateOrderItem(c.get("db"), c.req.param("id"), updateOrderItemSchema.parse(await c.req.json()));
+    if (!row)
+        return c.json({ error: "Order item not found" }, 404);
+    return c.json({ data: row });
+})
+    .delete("/order-items/:id", async (c) => {
+    const row = await transactionsService.deleteOrderItem(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Order item not found" }, 404);
+    return c.json({ success: true });
+})
+    .get("/order-item-participants", async (c) => {
+    const query = orderItemParticipantListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
+    return c.json(await transactionsService.listOrderItemParticipants(c.get("db"), query));
+})
+    .post("/order-item-participants", async (c) => {
+    return c.json({
+        data: await transactionsService.createOrderItemParticipant(c.get("db"), insertOrderItemParticipantSchema.parse(await c.req.json())),
+    }, 201);
+})
+    .get("/order-item-participants/:id", async (c) => {
+    const row = await transactionsService.getOrderItemParticipantById(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Order item participant not found" }, 404);
+    return c.json({ data: row });
+})
+    .patch("/order-item-participants/:id", async (c) => {
+    const row = await transactionsService.updateOrderItemParticipant(c.get("db"), c.req.param("id"), updateOrderItemParticipantSchema.parse(await c.req.json()));
+    if (!row)
+        return c.json({ error: "Order item participant not found" }, 404);
+    return c.json({ data: row });
+})
+    .delete("/order-item-participants/:id", async (c) => {
+    const row = await transactionsService.deleteOrderItemParticipant(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Order item participant not found" }, 404);
+    return c.json({ success: true });
+})
+    .get("/order-terms", async (c) => {
+    const query = orderTermListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
+    return c.json(await transactionsService.listOrderTerms(c.get("db"), query));
+})
+    .post("/order-terms", async (c) => {
+    return c.json({
+        data: await transactionsService.createOrderTerm(c.get("db"), insertOrderTermSchema.parse(await c.req.json())),
+    }, 201);
+})
+    .get("/order-terms/:id", async (c) => {
+    const row = await transactionsService.getOrderTermById(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Order term not found" }, 404);
+    return c.json({ data: row });
+})
+    .patch("/order-terms/:id", async (c) => {
+    const row = await transactionsService.updateOrderTerm(c.get("db"), c.req.param("id"), updateOrderTermSchema.parse(await c.req.json()));
+    if (!row)
+        return c.json({ error: "Order term not found" }, 404);
+    return c.json({ data: row });
+})
+    .delete("/order-terms/:id", async (c) => {
+    const row = await transactionsService.deleteOrderTerm(c.get("db"), c.req.param("id"));
+    if (!row)
+        return c.json({ error: "Order term not found" }, 404);
+    return c.json({ success: true });
+});

package/dist/schema/participant-identity.d.ts

@@ -0,0 +1,28 @@
+import type { KmsEnvelope } from "@voyantjs/db/schema/iam/kms";
+import { z } from "zod";
+export declare const transactionParticipantIdentitySchema: z.ZodObject<{
+    dateOfBirth: z.ZodNullable<z.ZodOptional<z.ZodString>>;
+    nationality: z.ZodNullable<z.ZodOptional<z.ZodString>>;
+}, z.core.$strip>;
+export declare const decryptedTransactionParticipantIdentitySchema: z.ZodObject<{
+    participantId: z.ZodString;
+    participantKind: z.ZodEnum<{
+        offer: "offer";
+        order: "order";
+    }>;
+    dateOfBirth: z.ZodNullable<z.ZodString>;
+    nationality: z.ZodNullable<z.ZodString>;
+    createdAt: z.ZodDate;
+    updatedAt: z.ZodDate;
+}, z.core.$strip>;
+export declare const transactionParticipantIdentityEnvelopeSchema: z.ZodObject<{
+    identityEncrypted: z.ZodNullable<z.ZodOptional<z.ZodNullable<z.ZodObject<{
+        enc: z.ZodString;
+    }, z.core.$strip>>>>;
+}, z.core.$strip>;
+export type TransactionParticipantIdentity = z.infer<typeof transactionParticipantIdentitySchema>;
+export type TransactionParticipantIdentityEnvelope = {
+    identityEncrypted?: KmsEnvelope | null;
+};
+export type DecryptedTransactionParticipantIdentity = z.infer<typeof decryptedTransactionParticipantIdentitySchema>;
+//# sourceMappingURL=participant-identity.d.ts.map

package/dist/schema/participant-identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"participant-identity.d.ts","sourceRoot":"","sources":["../../src/schema/participant-identity.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAA;AAE9D,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,eAAO,MAAM,oCAAoC;;;iBAG/C,CAAA;AAEF,eAAO,MAAM,6CAA6C;;;;;;;;;;iBAOxD,CAAA;AAEF,eAAO,MAAM,4CAA4C;;;;iBAEvD,CAAA;AAEF,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oCAAoC,CAAC,CAAA;AACjG,MAAM,MAAM,sCAAsC,GAAG;IACnD,iBAAiB,CAAC,EAAE,WAAW,GAAG,IAAI,CAAA;CACvC,CAAA;AACD,MAAM,MAAM,uCAAuC,GAAG,CAAC,CAAC,KAAK,CAC3D,OAAO,6CAA6C,CACrD,CAAA"}

package/dist/schema/participant-identity.js

@@ -0,0 +1,17 @@
+import { kmsEnvelopeSchema } from "@voyantjs/db/schema/iam/kms";
+import { z } from "zod";
+export const transactionParticipantIdentitySchema = z.object({
+    dateOfBirth: z.string().optional().nullable(),
+    nationality: z.string().max(2).optional().nullable(),
+});
+export const decryptedTransactionParticipantIdentitySchema = z.object({
+    participantId: z.string(),
+    participantKind: z.enum(["offer", "order"]),
+    dateOfBirth: z.string().nullable(),
+    nationality: z.string().nullable(),
+    createdAt: z.date(),
+    updatedAt: z.date(),
+});
+export const transactionParticipantIdentityEnvelopeSchema = z.object({
+    identityEncrypted: kmsEnvelopeSchema.optional().nullable(),
+});