@voyantjs/transactions 0.2.0 → 0.3.0

package/dist/routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAA;AAoCjE,KAAK,GAAG,GAAG;IACT,QAAQ,EAAE,OAAO,CAAC;QAChB,YAAY,EAAE,MAAM,CAAA;QACpB,WAAW,EAAE,MAAM,CAAA;QACnB,aAAa,EAAE,MAAM,CAAA;QACrB,cAAc,EAAE,MAAM,CAAA;QACtB,yBAAyB,EAAE,MAAM,CAAA;QACjC,eAAe,EAAE,MAAM,CAAA;QACvB,eAAe,EAAE,MAAM,CAAA;QACvB,gBAAgB,EAAE,MAAM,CAAA;QACxB,uBAAuB,EAAE,MAAM,CAAA;QAC/B,6BAA6B,EAAE,MAAM,CAAA;QACrC,UAAU,EAAE,MAAM,CAAA;QAClB,iBAAiB,EAAE,MAAM,CAAA;QACzB,qBAAqB,EAAE,MAAM,CAAA;QAC7B,iBAAiB,EAAE,MAAM,CAAA;QACzB,gBAAgB,EAAE,MAAM,CAAA;QACxB,qBAAqB,EAAE,MAAM,CAAA;QAC7B,2BAA2B,EAAE,MAAM,CAAA;KACpC,CAAC,CAAA;IACF,SAAS,EAAE;QACT,EAAE,EAAE,kBAAkB,CAAA;QACtB,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,KAAK,CAAC,EAAE,OAAO,GAAG,UAAU,GAAG,SAAS,GAAG,UAAU,CAAA;QACrD,UAAU,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAA;QAC/C,MAAM,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;QACxB,iBAAiB,CAAC,EAAE,OAAO,CAAA;QAC3B,uBAAuB,CAAC,EAAE,CAAC,IAAI,EAAE;YAC/B,EAAE,EAAE,kBAAkB,CAAA;YACtB,MAAM,CAAC,EAAE,MAAM,CAAA;YACf,KAAK,CAAC,EAAE,OAAO,GAAG,UAAU,GAAG,SAAS,GAAG,UAAU,CAAA;YACrD,UAAU,CAAC,EAAE,SAAS,GAAG,SAAS,GAAG,UAAU,CAAA;YAC/C,MAAM,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAA;YACxB,iBAAiB,CAAC,EAAE,OAAO,CAAA;YAC3B,eAAe,EAAE,OAAO,GAAG,OAAO,CAAA;YAClC,aAAa,EAAE,MAAM,CAAA;YACrB,QAAQ,EAAE,MAAM,CAAA;YAChB,MAAM,EAAE,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAA;SACrC,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;KACjC,CAAA;CACF,CAAA;AA0HD,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2BAgpB3B,CAAA;AAEJ,MAAM,MAAM,kBAAkB,GAAG,OAAO,kBAAkB,CAAA"}
+{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAI3B,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAA;AAE7C,eAAO,MAAM,kBAAkB,kDAAkB,CAAA;AAIjD,MAAM,MAAM,kBAAkB,GAAG,OAAO,kBAAkB,CAAA"}

package/dist/routes.js

@@ -1,605 +1,6 @@
-import { createKmsProviderFromEnv } from "@voyantjs/utils";
 import { Hono } from "hono";
-import { createTransactionPiiService } from "./pii.js";
-import { transactionPiiAccessLog } from "./schema.js";
-import { transactionsService } from "./service.js";
-import { insertOfferItemParticipantSchema, insertOfferItemSchema, insertOfferParticipantSchema, insertOfferSchema, insertOrderItemParticipantSchema, insertOrderItemSchema, insertOrderParticipantSchema, insertOrderSchema, insertOrderTermSchema, offerItemListQuerySchema, offerItemParticipantListQuerySchema, offerListQuerySchema, offerParticipantListQuerySchema, orderItemListQuerySchema, orderItemParticipantListQuerySchema, orderListQuerySchema, orderParticipantListQuerySchema, orderTermListQuerySchema, updateOfferItemParticipantSchema, updateOfferItemSchema, updateOfferParticipantSchema, updateOfferSchema, updateOrderItemParticipantSchema, updateOrderItemSchema, updateOrderParticipantSchema, updateOrderSchema, updateOrderTermSchema, } from "./validation.js";
-function getRuntimeEnv(c) {
-    const processEnv = globalThis.process?.env ?? {};
-    return {
-        ...processEnv,
-        ...(c.env ?? {}),
-    };
-}
-function hasPiiScope(scopes, action) {
-    if (!scopes || scopes.length === 0) {
-        return false;
-    }
-    return (scopes.includes("*") ||
-        scopes.includes("transactions-pii:*") ||
-        scopes.includes(`transactions-pii:${action}`));
-}
-function hasParticipantIdentityInput(body) {
-    return "dateOfBirth" in body || "nationality" in body;
-}
-async function logTransactionPiiAccess(c, input) {
-    await c
-        .get("db")
-        .insert(transactionPiiAccessLog)
-        .values({
-        participantKind: input.participantKind,
-        parentId: input.parentId ?? null,
-        participantId: input.participantId ?? null,
-        actorId: c.get("userId") ?? null,
-        actorType: c.get("actor") ?? null,
-        callerType: c.get("callerType") ?? null,
-        action: input.action,
-        outcome: input.outcome,
-        reason: input.reason ?? null,
-        metadata: input.metadata ?? null,
-    });
-}
-async function authorizeTransactionPiiAccess(c, input) {
-    if (c.get("isInternalRequest")) {
-        return { allowed: true };
-    }
-    const userId = c.get("userId");
-    if (!userId) {
-        await logTransactionPiiAccess(c, {
-            ...input,
-            outcome: "denied",
-            reason: "missing_user",
-        });
-        return { allowed: false, response: c.json({ error: "Unauthorized" }, 401) };
-    }
-    const customAuthorizer = c.get("authorizeTransactionPii");
-    if (customAuthorizer) {
-        const allowed = await customAuthorizer({
-            db: c.get("db"),
-            userId,
-            actor: c.get("actor"),
-            callerType: c.get("callerType"),
-            scopes: c.get("scopes"),
-            isInternalRequest: c.get("isInternalRequest"),
-            ...input,
-        });
-        if (!allowed) {
-            await logTransactionPiiAccess(c, {
-                ...input,
-                outcome: "denied",
-                reason: "custom_policy_denied",
-            });
-            return { allowed: false, response: c.json({ error: "Forbidden" }, 403) };
-        }
-        return { allowed: true };
-    }
-    const allowed = hasPiiScope(c.get("scopes"), input.action) || c.get("actor") === "staff";
-    if (!allowed) {
-        await logTransactionPiiAccess(c, {
-            ...input,
-            outcome: "denied",
-            reason: "insufficient_scope",
-            metadata: { actor: c.get("actor") ?? null },
-        });
-        return { allowed: false, response: c.json({ error: "Forbidden" }, 403) };
-    }
-    return { allowed: true };
-}
-export const transactionsRoutes = new Hono()
-    .get("/offers", async (c) => {
-    const query = offerListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
-    return c.json(await transactionsService.listOffers(c.get("db"), query));
-})
-    .post("/offers", async (c) => {
-    return c.json({
-        data: await transactionsService.createOffer(c.get("db"), insertOfferSchema.parse(await c.req.json())),
-    }, 201);
-})
-    .get("/offers/:id", async (c) => {
-    const row = await transactionsService.getOfferById(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Offer not found" }, 404);
-    return c.json({ data: row });
-})
-    .patch("/offers/:id", async (c) => {
-    const row = await transactionsService.updateOffer(c.get("db"), c.req.param("id"), updateOfferSchema.parse(await c.req.json()));
-    if (!row)
-        return c.json({ error: "Offer not found" }, 404);
-    return c.json({ data: row });
-})
-    .delete("/offers/:id", async (c) => {
-    const row = await transactionsService.deleteOffer(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Offer not found" }, 404);
-    return c.json({ success: true });
-})
-    .get("/offer-participants", async (c) => {
-    const query = offerParticipantListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
-    return c.json(await transactionsService.listOfferParticipants(c.get("db"), query));
-})
-    .post("/offer-participants", async (c) => {
-    const payload = insertOfferParticipantSchema.parse(await c.req.json());
-    return c.json({
-        data: await (async () => {
-            const row = await transactionsService.createOfferParticipant(c.get("db"), payload);
-            if (!row)
-                return row;
-            if (hasParticipantIdentityInput(payload)) {
-                const pii = createTransactionPiiService({
-                    kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
-                    onAudit: async (event) => {
-                        await logTransactionPiiAccess(c, {
-                            participantKind: event.participantKind,
-                            parentId: row.offerId,
-                            participantId: event.participantId,
-                            action: event.action,
-                            outcome: "allowed",
-                        });
-                    },
-                });
-                await pii.upsertParticipantIdentity(c.get("db"), "offer", row.id, payload, c.get("userId"));
-                return transactionsService.getOfferParticipantById(c.get("db"), row.id);
-            }
-            return row;
-        })(),
-    }, 201);
-})
-    .get("/offer-participants/:id", async (c) => {
-    const row = await transactionsService.getOfferParticipantById(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Offer participant not found" }, 404);
-    return c.json({ data: row });
-})
-    .patch("/offer-participants/:id", async (c) => {
-    const payload = updateOfferParticipantSchema.parse(await c.req.json());
-    const row = await transactionsService.updateOfferParticipant(c.get("db"), c.req.param("id"), payload);
-    if (!row)
-        return c.json({ error: "Offer participant not found" }, 404);
-    if (hasParticipantIdentityInput(payload)) {
-        const pii = createTransactionPiiService({
-            kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
-            onAudit: async (event) => {
-                await logTransactionPiiAccess(c, {
-                    participantKind: event.participantKind,
-                    parentId: row.offerId,
-                    participantId: event.participantId,
-                    action: event.action,
-                    outcome: "allowed",
-                });
-            },
-        });
-        await pii.upsertParticipantIdentity(c.get("db"), "offer", row.id, payload, c.get("userId"));
-        return c.json({
-            data: await transactionsService.getOfferParticipantById(c.get("db"), row.id),
-        });
-    }
-    return c.json({ data: row });
-})
-    .get("/offer-participants/:id/travel-details", async (c) => {
-    const participant = await transactionsService.getOfferParticipantById(c.get("db"), c.req.param("id"));
-    if (!participant)
-        return c.json({ error: "Offer participant not found" }, 404);
-    const auth = await authorizeTransactionPiiAccess(c, {
-        participantKind: "offer",
-        participantId: participant.id,
-        parentId: participant.offerId,
-        action: "read",
-    });
-    if (!auth.allowed)
-        return auth.response;
-    const pii = createTransactionPiiService({
-        kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
-        onAudit: async (event) => {
-            await logTransactionPiiAccess(c, {
-                participantKind: event.participantKind,
-                parentId: participant.offerId,
-                participantId: event.participantId,
-                action: event.action,
-                outcome: "allowed",
-            });
-        },
-    });
-    const row = await pii.getParticipantIdentity(c.get("db"), "offer", participant.id, c.get("userId"));
-    if (!row) {
-        await logTransactionPiiAccess(c, {
-            participantKind: "offer",
-            parentId: participant.offerId,
-            participantId: participant.id,
-            action: "read",
-            outcome: "denied",
-            reason: "travel_details_not_found",
-        });
-        return c.json({ error: "Offer participant travel details not found" }, 404);
-    }
-    return c.json({ data: row });
-})
-    .patch("/offer-participants/:id/travel-details", async (c) => {
-    const participant = await transactionsService.getOfferParticipantById(c.get("db"), c.req.param("id"));
-    if (!participant)
-        return c.json({ error: "Offer participant not found" }, 404);
-    const auth = await authorizeTransactionPiiAccess(c, {
-        participantKind: "offer",
-        participantId: participant.id,
-        parentId: participant.offerId,
-        action: "update",
-    });
-    if (!auth.allowed)
-        return auth.response;
-    const pii = createTransactionPiiService({
-        kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
-        onAudit: async (event) => {
-            await logTransactionPiiAccess(c, {
-                participantKind: event.participantKind,
-                parentId: participant.offerId,
-                participantId: event.participantId,
-                action: event.action,
-                outcome: "allowed",
-            });
-        },
-    });
-    const row = await pii.upsertParticipantIdentity(c.get("db"), "offer", participant.id, updateOfferParticipantSchema.parse(await c.req.json()), c.get("userId"));
-    if (!row)
-        return c.json({ error: "Offer participant not found" }, 404);
-    return c.json({ data: row });
-})
-    .delete("/offer-participants/:id/travel-details", async (c) => {
-    const participant = await transactionsService.getOfferParticipantById(c.get("db"), c.req.param("id"));
-    if (!participant)
-        return c.json({ error: "Offer participant not found" }, 404);
-    const auth = await authorizeTransactionPiiAccess(c, {
-        participantKind: "offer",
-        participantId: participant.id,
-        parentId: participant.offerId,
-        action: "delete",
-    });
-    if (!auth.allowed)
-        return auth.response;
-    const pii = createTransactionPiiService({
-        kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
-        onAudit: async (event) => {
-            await logTransactionPiiAccess(c, {
-                participantKind: event.participantKind,
-                parentId: participant.offerId,
-                participantId: event.participantId,
-                action: event.action,
-                outcome: "allowed",
-            });
-        },
-    });
-    const row = await pii.deleteParticipantIdentity(c.get("db"), "offer", participant.id, c.get("userId"));
-    if (!row)
-        return c.json({ error: "Offer participant travel details not found" }, 404);
-    return c.json({ success: true });
-})
-    .delete("/offer-participants/:id", async (c) => {
-    const row = await transactionsService.deleteOfferParticipant(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Offer participant not found" }, 404);
-    return c.json({ success: true });
-})
-    .get("/offer-items", async (c) => {
-    const query = offerItemListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
-    return c.json(await transactionsService.listOfferItems(c.get("db"), query));
-})
-    .post("/offer-items", async (c) => {
-    return c.json({
-        data: await transactionsService.createOfferItem(c.get("db"), insertOfferItemSchema.parse(await c.req.json())),
-    }, 201);
-})
-    .get("/offer-items/:id", async (c) => {
-    const row = await transactionsService.getOfferItemById(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Offer item not found" }, 404);
-    return c.json({ data: row });
-})
-    .patch("/offer-items/:id", async (c) => {
-    const row = await transactionsService.updateOfferItem(c.get("db"), c.req.param("id"), updateOfferItemSchema.parse(await c.req.json()));
-    if (!row)
-        return c.json({ error: "Offer item not found" }, 404);
-    return c.json({ data: row });
-})
-    .delete("/offer-items/:id", async (c) => {
-    const row = await transactionsService.deleteOfferItem(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Offer item not found" }, 404);
-    return c.json({ success: true });
-})
-    .get("/offer-item-participants", async (c) => {
-    const query = offerItemParticipantListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
-    return c.json(await transactionsService.listOfferItemParticipants(c.get("db"), query));
-})
-    .post("/offer-item-participants", async (c) => {
-    return c.json({
-        data: await transactionsService.createOfferItemParticipant(c.get("db"), insertOfferItemParticipantSchema.parse(await c.req.json())),
-    }, 201);
-})
-    .get("/offer-item-participants/:id", async (c) => {
-    const row = await transactionsService.getOfferItemParticipantById(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Offer item participant not found" }, 404);
-    return c.json({ data: row });
-})
-    .patch("/offer-item-participants/:id", async (c) => {
-    const row = await transactionsService.updateOfferItemParticipant(c.get("db"), c.req.param("id"), updateOfferItemParticipantSchema.parse(await c.req.json()));
-    if (!row)
-        return c.json({ error: "Offer item participant not found" }, 404);
-    return c.json({ data: row });
-})
-    .delete("/offer-item-participants/:id", async (c) => {
-    const row = await transactionsService.deleteOfferItemParticipant(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Offer item participant not found" }, 404);
-    return c.json({ success: true });
-})
-    .get("/orders", async (c) => {
-    const query = orderListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
-    return c.json(await transactionsService.listOrders(c.get("db"), query));
-})
-    .post("/orders", async (c) => {
-    return c.json({
-        data: await transactionsService.createOrder(c.get("db"), insertOrderSchema.parse(await c.req.json())),
-    }, 201);
-})
-    .get("/orders/:id", async (c) => {
-    const row = await transactionsService.getOrderById(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Order not found" }, 404);
-    return c.json({ data: row });
-})
-    .patch("/orders/:id", async (c) => {
-    const row = await transactionsService.updateOrder(c.get("db"), c.req.param("id"), updateOrderSchema.parse(await c.req.json()));
-    if (!row)
-        return c.json({ error: "Order not found" }, 404);
-    return c.json({ data: row });
-})
-    .delete("/orders/:id", async (c) => {
-    const row = await transactionsService.deleteOrder(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Order not found" }, 404);
-    return c.json({ success: true });
-})
-    .get("/order-participants", async (c) => {
-    const query = orderParticipantListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
-    return c.json(await transactionsService.listOrderParticipants(c.get("db"), query));
-})
-    .post("/order-participants", async (c) => {
-    const payload = insertOrderParticipantSchema.parse(await c.req.json());
-    return c.json({
-        data: await (async () => {
-            const row = await transactionsService.createOrderParticipant(c.get("db"), payload);
-            if (!row)
-                return row;
-            if (hasParticipantIdentityInput(payload)) {
-                const pii = createTransactionPiiService({
-                    kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
-                    onAudit: async (event) => {
-                        await logTransactionPiiAccess(c, {
-                            participantKind: event.participantKind,
-                            parentId: row.orderId,
-                            participantId: event.participantId,
-                            action: event.action,
-                            outcome: "allowed",
-                        });
-                    },
-                });
-                await pii.upsertParticipantIdentity(c.get("db"), "order", row.id, payload, c.get("userId"));
-                return transactionsService.getOrderParticipantById(c.get("db"), row.id);
-            }
-            return row;
-        })(),
-    }, 201);
-})
-    .get("/order-participants/:id", async (c) => {
-    const row = await transactionsService.getOrderParticipantById(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Order participant not found" }, 404);
-    return c.json({ data: row });
-})
-    .patch("/order-participants/:id", async (c) => {
-    const payload = updateOrderParticipantSchema.parse(await c.req.json());
-    const row = await transactionsService.updateOrderParticipant(c.get("db"), c.req.param("id"), payload);
-    if (!row)
-        return c.json({ error: "Order participant not found" }, 404);
-    if (hasParticipantIdentityInput(payload)) {
-        const pii = createTransactionPiiService({
-            kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
-            onAudit: async (event) => {
-                await logTransactionPiiAccess(c, {
-                    participantKind: event.participantKind,
-                    parentId: row.orderId,
-                    participantId: event.participantId,
-                    action: event.action,
-                    outcome: "allowed",
-                });
-            },
-        });
-        await pii.upsertParticipantIdentity(c.get("db"), "order", row.id, payload, c.get("userId"));
-        return c.json({
-            data: await transactionsService.getOrderParticipantById(c.get("db"), row.id),
-        });
-    }
-    return c.json({ data: row });
-})
-    .get("/order-participants/:id/travel-details", async (c) => {
-    const participant = await transactionsService.getOrderParticipantById(c.get("db"), c.req.param("id"));
-    if (!participant)
-        return c.json({ error: "Order participant not found" }, 404);
-    const auth = await authorizeTransactionPiiAccess(c, {
-        participantKind: "order",
-        participantId: participant.id,
-        parentId: participant.orderId,
-        action: "read",
-    });
-    if (!auth.allowed)
-        return auth.response;
-    const pii = createTransactionPiiService({
-        kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
-        onAudit: async (event) => {
-            await logTransactionPiiAccess(c, {
-                participantKind: event.participantKind,
-                parentId: participant.orderId,
-                participantId: event.participantId,
-                action: event.action,
-                outcome: "allowed",
-            });
-        },
-    });
-    const row = await pii.getParticipantIdentity(c.get("db"), "order", participant.id, c.get("userId"));
-    if (!row) {
-        await logTransactionPiiAccess(c, {
-            participantKind: "order",
-            parentId: participant.orderId,
-            participantId: participant.id,
-            action: "read",
-            outcome: "denied",
-            reason: "travel_details_not_found",
-        });
-        return c.json({ error: "Order participant travel details not found" }, 404);
-    }
-    return c.json({ data: row });
-})
-    .patch("/order-participants/:id/travel-details", async (c) => {
-    const participant = await transactionsService.getOrderParticipantById(c.get("db"), c.req.param("id"));
-    if (!participant)
-        return c.json({ error: "Order participant not found" }, 404);
-    const auth = await authorizeTransactionPiiAccess(c, {
-        participantKind: "order",
-        participantId: participant.id,
-        parentId: participant.orderId,
-        action: "update",
-    });
-    if (!auth.allowed)
-        return auth.response;
-    const pii = createTransactionPiiService({
-        kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
-        onAudit: async (event) => {
-            await logTransactionPiiAccess(c, {
-                participantKind: event.participantKind,
-                parentId: participant.orderId,
-                participantId: event.participantId,
-                action: event.action,
-                outcome: "allowed",
-            });
-        },
-    });
-    const row = await pii.upsertParticipantIdentity(c.get("db"), "order", participant.id, updateOrderParticipantSchema.parse(await c.req.json()), c.get("userId"));
-    if (!row)
-        return c.json({ error: "Order participant not found" }, 404);
-    return c.json({ data: row });
-})
-    .delete("/order-participants/:id/travel-details", async (c) => {
-    const participant = await transactionsService.getOrderParticipantById(c.get("db"), c.req.param("id"));
-    if (!participant)
-        return c.json({ error: "Order participant not found" }, 404);
-    const auth = await authorizeTransactionPiiAccess(c, {
-        participantKind: "order",
-        participantId: participant.id,
-        parentId: participant.orderId,
-        action: "delete",
-    });
-    if (!auth.allowed)
-        return auth.response;
-    const pii = createTransactionPiiService({
-        kms: createKmsProviderFromEnv(getRuntimeEnv(c)),
-        onAudit: async (event) => {
-            await logTransactionPiiAccess(c, {
-                participantKind: event.participantKind,
-                parentId: participant.orderId,
-                participantId: event.participantId,
-                action: event.action,
-                outcome: "allowed",
-            });
-        },
-    });
-    const row = await pii.deleteParticipantIdentity(c.get("db"), "order", participant.id, c.get("userId"));
-    if (!row)
-        return c.json({ error: "Order participant travel details not found" }, 404);
-    return c.json({ success: true });
-})
-    .delete("/order-participants/:id", async (c) => {
-    const row = await transactionsService.deleteOrderParticipant(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Order participant not found" }, 404);
-    return c.json({ success: true });
-})
-    .get("/order-items", async (c) => {
-    const query = orderItemListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
-    return c.json(await transactionsService.listOrderItems(c.get("db"), query));
-})
-    .post("/order-items", async (c) => {
-    return c.json({
-        data: await transactionsService.createOrderItem(c.get("db"), insertOrderItemSchema.parse(await c.req.json())),
-    }, 201);
-})
-    .get("/order-items/:id", async (c) => {
-    const row = await transactionsService.getOrderItemById(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Order item not found" }, 404);
-    return c.json({ data: row });
-})
-    .patch("/order-items/:id", async (c) => {
-    const row = await transactionsService.updateOrderItem(c.get("db"), c.req.param("id"), updateOrderItemSchema.parse(await c.req.json()));
-    if (!row)
-        return c.json({ error: "Order item not found" }, 404);
-    return c.json({ data: row });
-})
-    .delete("/order-items/:id", async (c) => {
-    const row = await transactionsService.deleteOrderItem(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Order item not found" }, 404);
-    return c.json({ success: true });
-})
-    .get("/order-item-participants", async (c) => {
-    const query = orderItemParticipantListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
-    return c.json(await transactionsService.listOrderItemParticipants(c.get("db"), query));
-})
-    .post("/order-item-participants", async (c) => {
-    return c.json({
-        data: await transactionsService.createOrderItemParticipant(c.get("db"), insertOrderItemParticipantSchema.parse(await c.req.json())),
-    }, 201);
-})
-    .get("/order-item-participants/:id", async (c) => {
-    const row = await transactionsService.getOrderItemParticipantById(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Order item participant not found" }, 404);
-    return c.json({ data: row });
-})
-    .patch("/order-item-participants/:id", async (c) => {
-    const row = await transactionsService.updateOrderItemParticipant(c.get("db"), c.req.param("id"), updateOrderItemParticipantSchema.parse(await c.req.json()));
-    if (!row)
-        return c.json({ error: "Order item participant not found" }, 404);
-    return c.json({ data: row });
-})
-    .delete("/order-item-participants/:id", async (c) => {
-    const row = await transactionsService.deleteOrderItemParticipant(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Order item participant not found" }, 404);
-    return c.json({ success: true });
-})
-    .get("/order-terms", async (c) => {
-    const query = orderTermListQuerySchema.parse(Object.fromEntries(new URL(c.req.url).searchParams));
-    return c.json(await transactionsService.listOrderTerms(c.get("db"), query));
-})
-    .post("/order-terms", async (c) => {
-    return c.json({
-        data: await transactionsService.createOrderTerm(c.get("db"), insertOrderTermSchema.parse(await c.req.json())),
-    }, 201);
-})
-    .get("/order-terms/:id", async (c) => {
-    const row = await transactionsService.getOrderTermById(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Order term not found" }, 404);
-    return c.json({ data: row });
-})
-    .patch("/order-terms/:id", async (c) => {
-    const row = await transactionsService.updateOrderTerm(c.get("db"), c.req.param("id"), updateOrderTermSchema.parse(await c.req.json()));
-    if (!row)
-        return c.json({ error: "Order term not found" }, 404);
-    return c.json({ data: row });
-})
-    .delete("/order-terms/:id", async (c) => {
-    const row = await transactionsService.deleteOrderTerm(c.get("db"), c.req.param("id"));
-    if (!row)
-        return c.json({ error: "Order term not found" }, 404);
-    return c.json({ success: true });
-});
+import { transactionOfferRoutes } from "./routes-offers.js";
+import { transactionOrderRoutes } from "./routes-orders.js";
+export const transactionsRoutes = new Hono();
+transactionsRoutes.route("/", transactionOfferRoutes);
+transactionsRoutes.route("/", transactionOrderRoutes);