payment-kit 1.26.2 → 1.26.3

package/api/src/libs/discount/coupon.ts

@@ -1,4 +1,5 @@
 import { BN, fromUnitToToken } from '@ocap/util';
+import { Op } from 'sequelize';
 
 import pick from 'lodash/pick';
 import {
@@ -43,10 +44,12 @@ export async function validPromotionCode(
     customerId,
     amount,
     currencyId,
+    checkoutSessionId,
   }: {
     customerId?: string;
     amount?: string;
     currencyId?: string;
+    checkoutSessionId?: string;
   }
 ) {
   if (!promotionCode.active) {
@@ -60,15 +63,21 @@ export async function validPromotionCode(
   }
   if (customerId) {
     const customer = await Customer.findByPkOrDid(customerId);
-    if (promotionCode.verification_type === 'user_restricted' && customer?.did) {
-      if (!promotionCode.customer_dids?.includes(customer.did)) {
+    // For user_restricted promo codes, check DID against allowed list
+    // customer?.did works when Customer record exists; customerId itself may be a DID for new users
+    const customerDid = customer?.did || customerId;
+    if (promotionCode.verification_type === 'user_restricted' && customerDid) {
+      if (!promotionCode.customer_dids?.includes(customerDid)) {
         return { valid: false, reason: 'This promotion code is not available for your account' };
       }
     }
     if (promotionCode.restrictions?.first_time_transaction) {
-      const previousDiscounts = await Discount.count({
-        where: { customer_id: customerId, coupon_id: promotionCode.coupon_id },
-      });
+      const whereClause: any = { customer_id: customerId, coupon_id: promotionCode.coupon_id };
+      // Exclude discount records from the current checkout session (re-submit scenario)
+      if (checkoutSessionId) {
+        whereClause.checkout_session_id = { [Op.ne]: checkoutSessionId };
+      }
+      const previousDiscounts = await Discount.count({ where: whereClause });
       if (previousDiscounts > 0) {
         return { valid: false, reason: 'This promotion is only available for first-time purchases' };
       }
@@ -774,6 +783,7 @@ export async function checkPromotionCodeEligibility({
   amount,
   currencyId,
   lineItems = [],
+  checkoutSessionId,
 }: {
   promotionCode: PromotionCode;
   couponId: string;
@@ -781,9 +791,27 @@ export async function checkPromotionCodeEligibility({
   amount: string;
   currencyId: string;
   lineItems?: TLineItemExpanded[];
+  checkoutSessionId?: string;
 }): Promise<{ eligible: boolean; reason?: string }> {
+  // When re-submitting (e.g. user closed Stripe modal and retries), the current checkout session
+  // may already have confirmed Discount records that incremented times_redeemed.
+  // We need to exclude the current session's usage from max_redemptions checks to avoid
+  // falsely rejecting the promo code that this session itself already consumed.
+  let currentSessionUsage = 0;
+  if (checkoutSessionId) {
+    currentSessionUsage = await Discount.count({
+      where: {
+        checkout_session_id: checkoutSessionId,
+        promotion_code_id: promotionCode.id,
+        confirmed: true,
+      },
+    });
+  }
+
   // Basic promotion code checks
-  if (!promotionCode.active) {
+  // When re-submitting, the discount-status queue may have already deactivated the promo code
+  // because this session's own usage pushed it past max_redemptions. Skip active check in that case.
+  if (!promotionCode.active && currentSessionUsage === 0) {
     return { eligible: false, reason: 'This promotion code is no longer available' };
   }
 
@@ -791,8 +819,11 @@ export async function checkPromotionCodeEligibility({
     return { eligible: false, reason: 'This promotion code has expired and cannot be used' };
   }
 
-  if (promotionCode.max_redemptions && (promotionCode.times_redeemed ?? 0) >= promotionCode.max_redemptions) {
-    return { eligible: false, reason: 'This promotion code has been fully redeemed and is no longer available' };
+  if (promotionCode.max_redemptions) {
+    const effectiveRedeemed = (promotionCode.times_redeemed ?? 0) - currentSessionUsage;
+    if (effectiveRedeemed >= promotionCode.max_redemptions) {
+      return { eligible: false, reason: 'This promotion code has been fully redeemed and is no longer available' };
+    }
   }
 
   // Get associated coupon and validate
@@ -801,17 +832,46 @@ export async function checkPromotionCodeEligibility({
     return { eligible: false, reason: 'This promotion is no longer available' };
   }
 
-  // Coupon validity check
+  // Coupon validity check — adjust temporarily to exclude current session's usage
+  const originalCouponValid = coupon.valid;
+  if (currentSessionUsage > 0) {
+    if (!coupon.valid) coupon.valid = true;
+    if (coupon.times_redeemed && coupon.times_redeemed > 0) {
+      coupon.times_redeemed -= currentSessionUsage;
+    }
+  }
   const couponValidation = validCoupon(coupon, lineItems);
+  if (currentSessionUsage > 0) {
+    coupon.valid = originalCouponValid;
+    if (coupon.times_redeemed != null) {
+      coupon.times_redeemed += currentSessionUsage;
+    }
+  }
   if (!couponValidation.valid) {
     return { eligible: false, reason: couponValidation.reason };
   }
 
+  // Adjust promotionCode temporarily for validPromotionCode's checks
+  // Re-submit scenario: restore active + adjust times_redeemed to exclude current session's usage
+  const originalActive = promotionCode.active;
+  if (currentSessionUsage > 0) {
+    if (!promotionCode.active) promotionCode.active = true;
+    if (promotionCode.times_redeemed && promotionCode.times_redeemed > 0) {
+      promotionCode.times_redeemed -= currentSessionUsage;
+    }
+  }
   const promotionValidation = await validPromotionCode(promotionCode, {
     customerId,
     amount,
     currencyId,
+    checkoutSessionId,
   });
+  if (currentSessionUsage > 0) {
+    promotionCode.active = originalActive;
+    if (promotionCode.times_redeemed != null) {
+      promotionCode.times_redeemed += currentSessionUsage;
+    }
+  }
   if (!promotionValidation.valid) {
     return { eligible: false, reason: promotionValidation.reason };
   }

package/api/src/libs/discount/discount.ts

@@ -239,6 +239,24 @@ function calculateDiscountForLineItems({
   // 4. Calculate discount amount based ONLY on eligible products, not the entire cart
   const totalDiscountAmount = calculateDiscountAmount(coupon, totalEligibleAmount, currency);
 
+  // Fixed amount coupon with no matching currency — discount is 0, treat as not applicable
+  if (coupon.amount_off && (!coupon.percent_off || coupon.percent_off <= 0) && totalDiscountAmount === '0') {
+    const enhancedLineItems = lineItems.map((item) => ({
+      ...item,
+      discountable: false,
+      discount_amounts: [],
+    }));
+    return {
+      enhancedLineItems,
+      discountSummary: {
+        appliedCoupon: null,
+        discountAmount: '0',
+        totalDiscountAmount: '0',
+        finalTotal: baseTotal,
+      },
+    };
+  }
+
   // Ensure discount doesn't exceed base total
   const adjustedDiscountAmount = new BN(totalDiscountAmount).gt(new BN(baseTotal)) ? baseTotal : totalDiscountAmount;
 

package/api/src/libs/env.ts

@@ -47,6 +47,11 @@ export const updateDataConcurrency: number = process.env.UPDATE_DATA_CONCURRENCY
   ? +process.env.UPDATE_DATA_CONCURRENCY
   : 5; // 默认并发数为 5
 
+// When set to 'true' or '1', the system stops accepting new orders.
+// Existing checkout sessions can still be viewed but new submissions will be rejected.
+export const stopAcceptingOrders: boolean =
+  process.env.PAYMENT_KIT_STOP_ACCEPTING_ORDERS === 'true' || process.env.PAYMENT_KIT_STOP_ACCEPTING_ORDERS === '1';
+
 export const exchangeRateCacheTTLSeconds: number = process.env.EXCHANGE_RATE_CACHE_TTL_SECONDS
   ? +process.env.EXCHANGE_RATE_CACHE_TTL_SECONDS
   : 10 * 60;

package/api/src/libs/invoice.ts

@@ -40,7 +40,7 @@ import {
 } from './subscription';
 import logger from './logger';
 import { ensureOverdraftProtectionPrice } from './overdraft-protection';
-import { CHARGE_SUPPORTED_CHAIN_TYPES } from './constants';
+
 import { emitAsync } from './event';
 import { getPriceUintAmountByCurrency } from './price';
 import { generateQuotesForInvoiceItems } from './invoice-quote';
@@ -156,18 +156,16 @@ export async function getInvoiceShouldPayTotal(invoice: Invoice) {
     const setup = getSubscriptionCycleSetup(subscription.pending_invoice_item_interval, invoice.period_start);
     let offset = 0;
     let filterFunc = (item: any) => item;
-    if (CHARGE_SUPPORTED_CHAIN_TYPES.includes(paymentMethod.type)) {
-      switch (invoice.billing_reason) {
-        case 'subscription_cancel':
-          filterFunc = (item: any) => item.price?.recurring?.usage_type === 'metered';
-          break;
-        case 'subscription_cycle':
-          filterFunc = (item: any) => item.price?.type === 'recurring';
-          offset = setup.cycle / 1000;
-          break;
-        default:
-          filterFunc = () => true;
-      }
+    switch (invoice.billing_reason) {
+      case 'subscription_cancel':
+        filterFunc = (item: any) => item.price?.recurring?.usage_type === 'metered';
+        break;
+      case 'subscription_cycle':
+        filterFunc = (item: any) => item.price?.type === 'recurring';
+        offset = setup.cycle / 1000;
+        break;
+      default:
+        filterFunc = () => true;
     }
     const previousPeriodStart = setup.period.start - offset;
     const previousPeriodEnd = setup.period.end - offset;

package/api/src/libs/notification/template/exchange-rate-alert.ts

@@ -59,7 +59,7 @@ export class ExchangeRateAlertEmailTemplate implements BaseEmailTemplate<Exchang
     const locale = await getUserLocale(userDid);
 
     const viewProvidersLink = getUrl(
-      withQuery('admin/settings/exchange-rate-providers', {
+      withQuery('admin/products/exchange-rate-providers', {
         locale,
         ...getConnectQueryParam({ userDid }),
       })

package/api/src/queues/exchange-rate-health.ts

@@ -5,7 +5,8 @@ import { getExchangeRateService } from '../libs/exchange-rate';
 import { createEvent } from '../libs/audit';
 
 // Representative tokens to test for health checks
-const REPRESENTATIVE_TOKENS = ['ABT', 'ETH', 'USDC'];
+// Note: USDC/USD are stablecoins pegged to USD, they don't need exchange rate provider checks
+const REPRESENTATIVE_TOKENS = ['ABT', 'ETH'];
 
 interface HealthCheckJob {
   type: 'health_check';

package/api/src/queues/payment.ts

@@ -130,12 +130,8 @@ export async function updateSubscriptionOnPaymentSuccess(
     return;
   }
 
-  // Handle past_due subscription recovery
-  if (subscription.status === 'past_due' && subscription.cancelation_details?.reason === 'payment_failed') {
-    await handlePastDueSubscriptionRecovery(subscription, paymentIntent);
-    return;
-  }
-  if (subscription.status === 'past_due' && subscription.cancelation_details?.reason === 'insufficient_credit') {
+  // Handle past_due subscription recovery (payment_failed, insufficient_credit, slippage_below_threshold, etc.)
+  if (subscription.status === 'past_due') {
     await handlePastDueSubscriptionRecovery(subscription, paymentIntent);
     return;
   }

package/api/src/routes/checkout-sessions.ts

@@ -79,6 +79,7 @@ import {
   Invoice,
   Coupon,
   PromotionCode,
+  Discount,
 } from '../store/models';
 import type { ChainType } from '../store/models/types';
 import { CheckoutSession } from '../store/models/checkout-session';
@@ -109,7 +110,7 @@ import { handleStripeSubscriptionSucceed } from '../integrations/stripe/handlers
 import { CHARGE_SUPPORTED_CHAIN_TYPES } from '../libs/constants';
 import { blocklet } from '../libs/auth';
 import { addSubscriptionJob } from '../queues/subscription';
-import { updateDataConcurrency } from '../libs/env';
+import { updateDataConcurrency, stopAcceptingOrders } from '../libs/env';
 import {
   expandLineItemsWithCouponInfo,
   expandDiscountsWithDetails,
@@ -313,6 +314,8 @@ async function validatePromotionCodesOnSubmit(
     }
 
     // Use unified eligibility check - this includes all validations
+    // Pass checkoutSessionId so re-submit after Stripe modal cancel won't falsely reject
+    // promo codes whose max_redemptions were already consumed by this same session
     const eligibilityCheck = await checkPromotionCodeEligibility({
       promotionCode,
       couponId,
@@ -320,6 +323,7 @@ async function validatePromotionCodesOnSubmit(
       amount: amount || checkoutSession.amount_total,
       currencyId: checkoutSession.currency_id || '',
       lineItems,
+      checkoutSessionId: checkoutSession.id,
     });
 
     if (!eligibilityCheck.eligible) {
@@ -347,6 +351,58 @@ async function validatePromotionCodesOnSubmit(
   });
 }
 
+/**
+ * Recover checkout session discount config from confirmed discount records.
+ * This handles edge cases where checkout_session.discounts was unexpectedly cleared
+ * while discount usage has already been recorded for the same open session.
+ */
+async function recoverDiscountConfigFromRecords(checkoutSession: CheckoutSession) {
+  if (checkoutSession.discounts?.length) {
+    return checkoutSession.discounts;
+  }
+
+  const latestDiscountRecord = await Discount.findOne({
+    where: {
+      checkout_session_id: checkoutSession.id,
+      confirmed: true,
+    },
+    order: [['updated_at', 'DESC']],
+  });
+
+  if (!latestDiscountRecord) {
+    return checkoutSession.discounts || [];
+  }
+
+  const recordCurrencyId = latestDiscountRecord.metadata?.currency_id;
+  // Avoid restoring a discount that was intentionally removed after currency switch.
+  if (recordCurrencyId && checkoutSession.currency_id && recordCurrencyId !== checkoutSession.currency_id) {
+    return checkoutSession.discounts || [];
+  }
+
+  const recoveredDiscount = {
+    promotion_code: latestDiscountRecord.promotion_code_id,
+    coupon: latestDiscountRecord.coupon_id,
+    discount_amount: latestDiscountRecord.metadata?.discount_amount,
+    verification_method: latestDiscountRecord.verification_method,
+    verification_data: latestDiscountRecord.verification_data,
+  };
+
+  const recoveredDiscounts = [recoveredDiscount];
+  await checkoutSession.update({
+    discounts: recoveredDiscounts,
+  });
+  checkoutSession.discounts = recoveredDiscounts as any;
+
+  logger.info('Recovered checkout session discounts from discount records', {
+    checkoutSessionId: checkoutSession.id,
+    discountRecordId: latestDiscountRecord.id,
+    couponId: latestDiscountRecord.coupon_id,
+    promotionCodeId: latestDiscountRecord.promotion_code_id,
+  });
+
+  return recoveredDiscounts;
+}
+
 /**
  * Calculate and update payment amount for checkout session
  */
@@ -1515,6 +1571,11 @@ router.get('/retrieve/:id', user, async (req, res) => {
   // @ts-ignore
   doc.line_items = await Price.expand(rawLineItems, { upsell: true });
 
+  // Recover discount config for open sessions if checkout_session.discounts was unexpectedly cleared.
+  if (!doc.discounts?.length && doc.status === 'open' && doc.payment_status !== 'paid') {
+    await recoverDiscountConfigFromRecords(doc);
+  }
+
   // Enhance line items with coupon information if discounts are applied
   if (doc.discounts?.length) {
     doc.line_items = await expandLineItemsWithCouponInfo(
@@ -1628,6 +1689,7 @@ router.get('/retrieve/:id', user, async (req, res) => {
     paymentLink: doc.payment_link_id ? await PaymentLink.findByPk(doc.payment_link_id) : null,
     paymentIntent,
     customer: req.user ? await Customer.findOne({ where: { did: req.user.did } }) : null,
+    ...(stopAcceptingOrders ? { stopAcceptingOrders: true } : {}),
   });
 });
 
@@ -2490,6 +2552,14 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
       return res.status(403).json({ code: 'REQUIRE_LOGIN', error: 'Please login to continue' });
     }
 
+    // Check if system is accepting new orders
+    if (stopAcceptingOrders) {
+      return res.status(422).json({
+        code: 'STOP_ACCEPTING_ORDERS',
+        error: 'We are not accepting new orders at this time. Please try again later.',
+      });
+    }
+
     // Idempotency check: If already complete/paid, return existing state
     if (checkoutSession.status === 'complete' || checkoutSession.payment_status === 'paid') {
       await checkoutSession.reload();
@@ -3515,6 +3585,13 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
       return res.status(403).json({ code: 'REQUIRE_LOGIN', error: 'Please login to continue' });
     }
 
+    if (stopAcceptingOrders) {
+      return res.status(422).json({
+        code: 'STOP_ACCEPTING_ORDERS',
+        error: 'We are not accepting new orders at this time. Please try again later.',
+      });
+    }
+
     const checkoutSession = req.doc as CheckoutSession;
 
     if (checkoutSession.line_items) {
@@ -4134,11 +4211,10 @@ router.post('/:id/apply-promotion', user, ensureCheckoutSessionOpen, async (req,
       return res.status(403).json({ error: 'Authentication required' });
     }
 
-    // Find customer by DID
+    // Find customer by DID (may not exist yet for new users who haven't submitted)
     const customer = await Customer.findOne({ where: { did: req.user.did } });
-    if (!customer) {
-      return res.status(400).json({ error: 'Customer not found' });
-    }
+    // Use customer.id if exists, otherwise fall back to DID for promo validation
+    const customerId = customer?.id || req.user.did;
 
     // Get currency
     const curCurrencyId = currencyId || checkoutSession.currency_id;
@@ -4200,7 +4276,7 @@ router.post('/:id/apply-promotion', user, ensureCheckoutSessionOpen, async (req,
       lineItems: itemsWithQuotes,
       promotionCodeId: foundPromotionCode.id,
       couponId: foundPromotionCode.coupon_id,
-      customerId: customer.id,
+      customerId,
       currency,
       billingContext: {
         trialing: isTrialing,
@@ -4295,6 +4371,11 @@ router.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async
       return res.status(403).json({ error: 'Authentication required' });
     }
 
+    // Try recovering discounts from confirmed records before deciding there is nothing to recalculate.
+    if (!checkoutSession.discounts?.length) {
+      await recoverDiscountConfigFromRecords(checkoutSession);
+    }
+
     // Check if there are existing discounts to recalculate
     if (!checkoutSession.discounts?.length) {
       return res.json({
@@ -4305,12 +4386,6 @@ router.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async
       });
     }
 
-    // Find customer by DID
-    const customer = await Customer.findOne({ where: { did: req.user.did } });
-    if (!customer) {
-      return res.status(400).json({ error: 'Customer not found' });
-    }
-
     // Get new currency
     const currency = await PaymentCurrency.findByPk(newCurrencyId);
     if (!currency) {
@@ -4320,6 +4395,10 @@ router.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async
     const checkoutItems = checkoutSession.line_items || [];
     // Get line items - no need for quote data since frontend calculates discount amounts
     const expandedItems = await Price.expand(checkoutSession.line_items || [], { product: true, upsell: true });
+    const supportedCurrencyIds = getSupportedPaymentCurrencies(expandedItems as any[]);
+    if (!supportedCurrencyIds.includes(newCurrencyId)) {
+      return res.status(400).json({ error: 'Currency not supported for this checkout session' });
+    }
 
     // Get the first discount (assuming only one promotion code at a time)
     const existingDiscount = checkoutSession.discounts[0];
@@ -4340,11 +4419,29 @@ router.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async
       Coupon.findByPk(couponId),
     ]);
 
-    if (!foundPromotionCode || !foundPromotionCode.active) {
+    if (!foundPromotionCode) {
+      return res.status(400).json({ error: 'Promotion code not found' });
+    }
+    if (!coupon) {
+      return res.status(400).json({ error: 'Coupon not found' });
+    }
+
+    // Re-submit scenario: discount-status queue may have deactivated the promo/coupon
+    // because this session's own usage pushed it past max_redemptions.
+    // Exclude current session's confirmed discount records before checking active/valid.
+    const currentSessionUsage = await Discount.count({
+      where: {
+        checkout_session_id: checkoutSession.id,
+        promotion_code_id: foundPromotionCode.id,
+        confirmed: true,
+      },
+    });
+
+    if (!foundPromotionCode.active && currentSessionUsage === 0) {
       return res.status(400).json({ error: 'Promotion code no longer active' });
     }
 
-    if (!coupon || !coupon.valid) {
+    if (!coupon.valid && currentSessionUsage === 0) {
       return res.status(400).json({ error: 'Coupon no longer valid' });
     }
 
@@ -4355,6 +4452,10 @@ router.post('/:id/recalculate-promotion', user, ensureCheckoutSessionOpen, async
       coupon.currency_options?.[currency.id]?.amount_off; // Has currency option
 
     if (!canApplyWithCurrency) {
+      // Rollback previously confirmed discount usage/records for this open checkout session.
+      // This resets coupon/promotion counters when discount becomes inapplicable.
+      await rollbackDiscountUsageForCheckoutSession(checkoutSession.id);
+
       // Remove discount if it can't be applied with new currency
       await checkoutSession.update({
         discounts: [],
@@ -4887,6 +4988,15 @@ router.put('/:id/switch-currency', user, ensureCheckoutSessionOpen, async (req,
       return res.status(400).json({ error: 'Currency not found' });
     }
 
+    const expandedItemsForSupportCheck = await Price.expand(checkoutSession.line_items || [], {
+      product: true,
+      upsell: true,
+    });
+    const supportedCurrencyIds = getSupportedPaymentCurrencies(expandedItemsForSupportCheck as any[]);
+    if (!supportedCurrencyIds.includes(newCurrencyId)) {
+      return res.status(400).json({ error: 'Currency not supported for this checkout session' });
+    }
+
     const oldCurrencyId = checkoutSession.currency_id;
     const currencyChanged = oldCurrencyId && oldCurrencyId !== newCurrencyId;
 

package/api/tests/libs/coupon.spec.ts

@@ -77,6 +77,26 @@ describe('libs/discount/coupon.ts', () => {
       });
     });
 
+    it('allows first_time_transaction re-submit by excluding current session', async () => {
+      jest.spyOn(Customer, 'findByPkOrDid').mockResolvedValue({ did: 'did:user:1' } as any);
+      // When checkoutSessionId is provided, the Discount.count query excludes current session
+      jest.spyOn(Discount, 'count').mockResolvedValue(0 as any);
+      const pc: any = {
+        active: true,
+        restrictions: { first_time_transaction: true },
+        coupon_id: 'c1',
+      };
+      await expect(validPromotionCode(pc, { customerId: 'c1', checkoutSessionId: 'cs_123' })).resolves.toEqual({
+        valid: true,
+      });
+      // Verify the count query was called with Op.ne exclusion
+      expect(Discount.count).toHaveBeenCalledWith({
+        where: expect.objectContaining({
+          checkout_session_id: expect.any(Object),
+        }),
+      });
+    });
+
     it('checks minimum amount by currency', async () => {
       jest.spyOn(PaymentCurrency, 'findByPk').mockResolvedValue({ id: 'usd', decimal: 2, symbol: 'USD' } as any);
       const pc: any = {
@@ -123,6 +143,43 @@ describe('libs/discount/coupon.ts', () => {
       });
       expect(result.eligible).toBe(true);
     });
+
+    it('allows re-submit when max_redemptions reached by current session', async () => {
+      // Scenario: promo has max_redemptions=1, times_redeemed=1 (from this session's first submit)
+      // User closed Stripe modal and re-submits — should NOT be rejected
+      jest.spyOn(Discount, 'count').mockResolvedValue(1 as any); // current session has 1 confirmed discount
+      jest.spyOn(Coupon, 'findByPk').mockResolvedValue({ valid: true, times_redeemed: 1, max_redemptions: 1 } as any);
+      jest.spyOn(Customer, 'findByPkOrDid').mockResolvedValue({ did: 'did:user:1' } as any);
+      const couponModule = await import('../../src/libs/discount/coupon');
+      jest.spyOn(couponModule, 'validCoupon').mockReturnValue({ valid: true } as any);
+
+      const result = await checkPromotionCodeEligibility({
+        promotionCode: { id: 'pc1', active: true, max_redemptions: 1, times_redeemed: 1 } as any,
+        couponId: 'c1',
+        customerId: 'u1',
+        amount: '100',
+        currencyId: 'usd',
+        checkoutSessionId: 'cs_123',
+      });
+      expect(result.eligible).toBe(true);
+    });
+
+    it('rejects when max_redemptions reached by other sessions', async () => {
+      // Scenario: promo has max_redemptions=1, times_redeemed=1, but NOT from current session
+      jest.spyOn(Discount, 'count').mockResolvedValue(0 as any); // current session has no confirmed discount
+      jest.spyOn(Coupon, 'findByPk').mockResolvedValue({ valid: true } as any);
+
+      const result = await checkPromotionCodeEligibility({
+        promotionCode: { id: 'pc1', active: true, max_redemptions: 1, times_redeemed: 1 } as any,
+        couponId: 'c1',
+        customerId: 'u1',
+        amount: '100',
+        currencyId: 'usd',
+        checkoutSessionId: 'cs_456',
+      });
+      expect(result.eligible).toBe(false);
+      expect(result.reason).toContain('fully redeemed');
+    });
   });
 
   describe('validateDiscountForBilling & getValidDiscountsForSubscriptionBilling', () => {

package/blocklet.yml

@@ -14,7 +14,7 @@ repository:
   type: git
   url: git+https://github.com/blocklet/payment-kit.git
 specVersion: 1.2.8
-version: 1.26.2
+version: 1.26.3
 logo: logo.png
 files:
   - dist

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "payment-kit",
-  "version": "1.26.2",
+  "version": "1.26.3",
   "scripts": {
     "dev": "blocklet dev --open",
     "prelint": "npm run types",
@@ -59,9 +59,9 @@
     "@blocklet/error": "^0.3.5",
     "@blocklet/js-sdk": "^1.17.8-beta-20260104-120132-cb5b1914",
     "@blocklet/logger": "^1.17.8-beta-20260104-120132-cb5b1914",
-    "@blocklet/payment-broker-client": "1.26.2",
-    "@blocklet/payment-react": "1.26.2",
-    "@blocklet/payment-vendor": "1.26.2",
+    "@blocklet/payment-broker-client": "1.26.3",
+    "@blocklet/payment-react": "1.26.3",
+    "@blocklet/payment-vendor": "1.26.3",
     "@blocklet/sdk": "^1.17.8-beta-20260104-120132-cb5b1914",
     "@blocklet/ui-react": "^3.5.1",
     "@blocklet/uploader": "^0.3.19",
@@ -132,7 +132,7 @@
   "devDependencies": {
     "@abtnode/types": "^1.17.8-beta-20260104-120132-cb5b1914",
     "@arcblock/eslint-config-ts": "^0.3.3",
-    "@blocklet/payment-types": "1.26.2",
+    "@blocklet/payment-types": "1.26.3",
     "@types/cookie-parser": "^1.4.9",
     "@types/cors": "^2.8.19",
     "@types/debug": "^4.1.12",
@@ -179,5 +179,5 @@
       "parser": "typescript"
     }
   },
-  "gitHead": "71242a68d27d56666487176425153dc08071960f"
+  "gitHead": "18c5d045139c572b52465e15c4c63b3e327efab5"
 }