payment-kit 1.26.4 → 1.27.0

package/api/src/routes/checkout-sessions.ts

@@ -1249,7 +1249,7 @@ export async function startCheckoutSessionFromPaymentLink(id: string, req: Reque
     raw.livemode = link.livemode;
     raw.created_via = 'portal';
     raw.submit_type = link.submit_type;
-    raw.currency_id = link.currency_id || req.currency.id;
+    raw.currency_id = link.currency_id || req.baseCurrency.id;
     if (!raw.currency_id) {
       res.status(400).json({ error: 'Currency not found in payment link' });
       return;
@@ -1539,6 +1539,83 @@ router.post('/:id/abort-stripe', user, ensureCheckoutSessionOpen, async (req, re
   }
 });
 
+// Skip payment method for $0 subscription — user chose "Skip, bind later"
+// Keeps the subscription but sets cancel_at_period_end so it won't renew without a payment method
+router.post('/:id/skip-payment-method', user, ensureCheckoutSessionOpen, async (req, res) => {
+  try {
+    if (!req.user) {
+      return res.status(403).json({ code: 'REQUIRE_LOGIN', error: 'Please login to continue' });
+    }
+
+    const checkoutSession = req.doc as CheckoutSession;
+
+    if (!['subscription', 'setup'].includes(checkoutSession.mode)) {
+      return res.status(400).json({ error: 'Skip payment method is only supported for subscriptions' });
+    }
+
+    const subscriptionIds = getCheckoutSessionSubscriptionIds(checkoutSession);
+    const subscriptions = await Subscription.findAll({ where: { id: subscriptionIds } });
+
+    if (!subscriptions.length) {
+      return res.status(400).json({ error: 'No subscriptions found for this checkout session' });
+    }
+
+    // Cancel Stripe setup intents and activate subscriptions concurrently
+    await Promise.all(
+      subscriptions.map(async (sub) => {
+        const stripeSubId = sub.payment_details?.stripe?.subscription_id;
+        if (stripeSubId) {
+          const method = await PaymentMethod.findByPk(sub.default_payment_method_id);
+          if (method?.type === 'stripe') {
+            const client = method.getStripeClient();
+            try {
+              const stripeSub = await client.subscriptions.retrieve(stripeSubId, {
+                expand: ['pending_setup_intent'],
+              });
+              if (stripeSub.pending_setup_intent && typeof stripeSub.pending_setup_intent !== 'string') {
+                await client.setupIntents.cancel(stripeSub.pending_setup_intent.id);
+              }
+              await client.subscriptions.update(stripeSubId, { cancel_at_period_end: true });
+            } catch (err: any) {
+              logger.error('Failed to update Stripe subscription for skip-payment-method', {
+                checkoutSessionId: checkoutSession.id,
+                subscriptionId: sub.id,
+                stripeSubId,
+                error: err.message,
+              });
+            }
+          }
+        }
+
+        // Activate the local subscription with cancel_at_period_end
+        await sub.update({
+          status: sub.trial_end && sub.trial_end > Date.now() / 1000 ? 'trialing' : 'active',
+          cancel_at_period_end: true,
+        });
+        await addSubscriptionJob(sub, 'cycle', false, sub.trial_end);
+      })
+    );
+
+    // Complete the checkout session
+    await checkoutSession.update({
+      status: 'complete',
+      payment_status: 'no_payment_required',
+    });
+
+    return res.json({
+      checkoutSession: { id: checkoutSession.id, status: 'complete' },
+      skipped: true,
+    });
+  } catch (err: any) {
+    logger.error('Error in skip-payment-method', {
+      sessionId: req.params.id,
+      error: err.message,
+      stack: err.stack,
+    });
+    res.status(500).json({ error: err.message });
+  }
+});
+
 // for checkout page
 router.get('/retrieve/:id', user, async (req, res) => {
   const doc = await CheckoutSession.findByPk(req.params.id);

package/api/src/routes/customers.ts

@@ -312,11 +312,23 @@ router.get('/recharge', sessionMiddleware({ accessKey: true }), async (req, res)
       include: [{ model: SubscriptionItem, as: 'items' }],
     });
 
-    const products = (await Product.findAll()).map((x) => x.toJSON());
-    const prices = (await Price.findAll()).map((x) => x.toJSON());
     subscriptions = subscriptions.map((x) => x.toJSON());
+    // S1 optimization: Load only referenced prices (with product) instead of full table scans
+    const priceIds = [
+      ...new Set(subscriptions.flatMap((x: any) => (x.items || []).map((i: any) => i.price_id)).filter(Boolean)),
+    ];
+    const pricesWithProduct =
+      priceIds.length > 0
+        ? await Price.findAll({ where: { id: priceIds }, include: [{ model: Product, as: 'product' }] })
+        : [];
+    const pricesJson = pricesWithProduct.map((x) => x.toJSON());
+    const productMap = new Map<string, any>();
+    pricesJson.forEach((p: any) => {
+      if (p.product) productMap.set(p.product.id, p.product);
+    });
+    const products = Array.from(productMap.values());
     // @ts-ignore
-    subscriptions.forEach((x) => expandLineItems(x.items, products, prices));
+    subscriptions.forEach((x) => expandLineItems(x.items, products, pricesJson));
 
     const relatedSubscriptions = subscriptions.filter((sub) => {
       const payerAddress = getSubscriptionPaymentAddress(sub, paymentMethod.type);

package/api/src/routes/donations.ts

@@ -78,7 +78,7 @@ router.post('/', async (req, res) => {
         livemode: !!req.livemode,
         name: payload.title,
         description: payload.description,
-        currency_id: req.currency.id,
+        currency_id: req.baseCurrency.id,
         via: 'donation',
         prices: [
           {
@@ -103,7 +103,7 @@ router.post('/', async (req, res) => {
     const result = await createPaymentLink({
       livemode: !!req.livemode,
       created_via: req.user?.via,
-      currency_id: req.currency.id,
+      currency_id: req.baseCurrency.id,
       name: payload.title,
       submit_type: 'donate',
       line_items: [{ price_id: price.id, quantity: 1 }],
@@ -149,7 +149,7 @@ router.get('/', async (req, res) => {
       limit: pageSize,
     });
 
-    const method = await PaymentMethod.findByPk(req.currency.payment_method_id);
+    const method = await PaymentMethod.findByPk(req.baseCurrency.payment_method_id);
 
     const totalAmount: string = rows
       .map((x) => x.toJSON())
@@ -158,7 +158,7 @@ router.get('/', async (req, res) => {
 
     res.json({
       supporters: rows,
-      currency: req.currency,
+      currency: req.baseCurrency,
       method,
       total: count,
       totalAmount,

package/api/src/routes/index.ts

@@ -56,19 +56,48 @@ router.use((req, _, next) => {
   next();
 });
 
-router.use(async (req, _, next) => {
-  req.currency = await PaymentCurrency.findOne({ where: { is_base_currency: true, livemode: req.livemode } });
+// Lazy-load base currency with TTL cache to avoid DB query on every request
+const baseCurrencyCache = new Map<string, { data: any; expires: number }>();
+const BASE_CURRENCY_TTL = 5 * 60_000; // 5 minutes (invalidated on model update)
+
+// Lazily register hooks after models are initialized (avoid top-level addHook before Sequelize init)
+let baseCurrencyHooksRegistered = false;
+function ensureBaseCurrencyHooks() {
+  if (baseCurrencyHooksRegistered) return;
+  baseCurrencyHooksRegistered = true;
+  PaymentCurrency.addHook('afterUpdate', 'invalidateBaseCurrencyCache', () => {
+    baseCurrencyCache.clear();
+  });
+  PaymentCurrency.addHook('afterDestroy', 'invalidateBaseCurrencyCacheOnDelete', () => {
+    baseCurrencyCache.clear();
+  });
+}
+
+// Base currency middleware — only needed by routes that use req.currency
+// (checkout-sessions, donations, payment-links, prices, products)
+const loadBaseCurrency = async (req: any, _: any, next: any) => {
+  ensureBaseCurrencyHooks();
+  const key = `base_${req.livemode}`;
+  const cached = baseCurrencyCache.get(key);
+  if (cached && cached.expires > Date.now()) {
+    req.baseCurrency = cached.data;
+  } else {
+    req.baseCurrency = await PaymentCurrency.findOne({ where: { is_base_currency: true, livemode: req.livemode } });
+    if (req.baseCurrency) {
+      baseCurrencyCache.set(key, { data: req.baseCurrency, expires: Date.now() + BASE_CURRENCY_TTL });
+    }
+  }
   next();
-});
+};
 
 router.use('/auto-recharge-configs', autoRechargeConfigs);
-router.use('/checkout-sessions', checkoutSessions);
+router.use('/checkout-sessions', loadBaseCurrency, checkoutSessions);
 router.use('/coupons', coupons);
 router.use('/credit-grants', creditGrants);
 router.use('/credit-tokens', creditTokens);
 router.use('/credit-transactions', creditTransactions);
 router.use('/customers', customers);
-router.use('/donations', donations);
+router.use('/donations', loadBaseCurrency, donations);
 router.use('/events', events);
 router.use('/invoices', invoices);
 router.use('/integrations/stripe', stripe);
@@ -76,14 +105,14 @@ router.use('/meter-events', meterEvents);
 router.use('/meters', meters);
 router.use('/passports', passports);
 router.use('/payment-intents', paymentIntents);
-router.use('/payment-links', paymentLinks);
+router.use('/payment-links', loadBaseCurrency, paymentLinks);
 router.use('/payment-methods', paymentMethods);
 router.use('/payment-currencies', paymentCurrencies);
 router.use('/payment-stats', paymentStats);
-router.use('/prices', prices);
+router.use('/prices', loadBaseCurrency, prices);
 router.use('/pricing-tables', pricingTables);
 router.use('/tax-rates', taxRates);
-router.use('/products', products);
+router.use('/products', loadBaseCurrency, products);
 router.use('/promotion-codes', promotionCodes);
 router.use('/exchange-rate-providers', exchangeRateProviders);
 router.use('/exchange-rates', exchangeRates);

package/api/src/routes/invoices.ts

@@ -833,8 +833,19 @@ router.get('/:id', authPortal, async (req, res) => {
           };
         });
       }
-      const products = (await Product.findAll()).map((x) => x.toJSON());
-      const prices = (await Price.findAll()).map((x) => x.toJSON());
+      // S1 optimization: Load only referenced prices (with product) instead of full table scans
+      const priceIds: string[] = [
+        ...new Set((json.lines || []).map((i: any) => i.price_id).filter(Boolean) as string[]),
+      ];
+      const pricesWithProduct =
+        priceIds.length > 0
+          ? await Price.findAll({ where: { id: priceIds }, include: [{ model: Product, as: 'product' }] })
+          : [];
+      const pricesJson = pricesWithProduct.map((x: any) => x.toJSON());
+      const productMap = new Map<string, any>();
+      pricesJson.forEach((p: any) => {
+        if (p.product) productMap.set(p.product.id, p.product);
+      });
       const paymentCurrencies = (
         await PaymentCurrency.findAll({
           where: {
@@ -843,7 +854,7 @@ router.get('/:id', authPortal, async (req, res) => {
         })
       ).map((x) => x.toJSON());
       // @ts-ignore
-      expandLineItems(json.lines, products, prices, paymentCurrencies);
+      expandLineItems(json.lines, Array.from(productMap.values()), pricesJson, paymentCurrencies);
 
       // Get discount details from total_discount_amounts
       let discountDetails: any[] = [];

package/api/src/routes/meter-events.ts

@@ -10,6 +10,8 @@ import { formatMetadata } from '../libs/util';
 import { trimDecimals } from '../libs/math-utils';
 import { Customer, Meter, MeterEvent, MeterEventStatus, PaymentCurrency, Subscription } from '../store/models';
 
+import { getCachedMeter, getCachedCurrency } from '../libs/reference-cache';
+
 const router = Router();
 const auth = authenticate<MeterEvent>({ component: true, roles: ['owner', 'admin'] });
 const authMine = authenticate<MeterEvent>({ component: true, roles: ['owner', 'admin'], mine: true });
@@ -225,40 +227,54 @@ router.get('/stats', authMine, async (req, res) => {
 });
 
 router.post('/', auth, async (req, res) => {
+  const t0 = performance.now();
   try {
     const { error } = meterEventSchema.validate(req.body);
     if (error) {
       return res.status(400).json({ error: `Meter event create request invalid: ${error.message}` });
     }
 
-    const existing = await MeterEvent.isEventExists(req.body.identifier);
+    // Phase 1: dedupe + meter + customer lookups in parallel (all independent)
+    let t1 = performance.now();
+    const [existing, meter, customer] = await Promise.all([
+      MeterEvent.isEventExists(req.body.identifier),
+      getCachedMeter(req.body.event_name),
+      Customer.findByPkOrDid(req.body.payload.customer_id),
+    ]);
+    const tPhase1 = performance.now() - t1;
+
     if (existing) {
       return res.status(400).json({ error: `Event with identifier "${req.body.identifier}" already exists` });
     }
-
-    const meter = await Meter.getMeterByEventName(req.body.event_name);
     if (!meter) {
       return res
         .status(400)
         .json({ error: `Meter not found for event name "${req.body.event_name}"`, code: 'METER_NOT_FOUND' });
     }
-
     if (meter.status !== 'active') {
       return res
         .status(400)
         .json({ error: 'Meter is not active, please activate it first.', code: 'METER_NOT_ACTIVE' });
     }
+    if (!customer) {
+      return res.status(400).json({ error: 'Customer not found' });
+    }
+
+    // Phase 2: currency + subscription in parallel (currency depends on meter)
+    t1 = performance.now();
+    const [paymentCurrency, subscription] = await Promise.all([
+      getCachedCurrency(meter.currency_id),
+      req.body.payload.subscription_id
+        ? Subscription.findByPk(req.body.payload.subscription_id)
+        : Promise.resolve(null),
+    ]);
+    const tPhase2 = performance.now() - t1;
 
-    const paymentCurrency = await PaymentCurrency.findByPk(meter.currency_id);
     if (!paymentCurrency) {
       return res.status(400).json({ error: `Payment currency not found for meter "${meter.id}"` });
     }
 
-    if (req.body.payload.subscription_id) {
-      const subscription = await Subscription.findByPk(req.body.payload.subscription_id);
-      if (!subscription) {
-        return res.status(400).json({ error: `Subscription not found for meter event "${req.body.event_name}"` });
-      }
+    if (subscription) {
       if (subscription.currency_id !== paymentCurrency.id) {
         return res.status(400).json({ error: 'Subscription currency does not match meter currency' });
       }
@@ -271,11 +287,8 @@ router.post('/', auth, async (req, res) => {
       if (subscription.isImmutable()) {
         return res.status(400).json({ error: 'Subscription is immutable' });
       }
-    }
-
-    const customer = await Customer.findByPkOrDid(req.body.payload.customer_id);
-    if (!customer) {
-      return res.status(400).json({ error: 'Customer not found' });
+    } else if (req.body.payload.subscription_id) {
+      return res.status(400).json({ error: `Subscription not found for meter event "${req.body.event_name}"` });
     }
 
     const timestamp = req.body.timestamp || req.body.payload.timestamp || Math.floor(Date.now() / 1000);
@@ -304,13 +317,26 @@ router.post('/', auth, async (req, res) => {
       timestamp,
     };
 
+    t1 = performance.now();
     const event = await MeterEvent.create(eventData);
+    const tCreate = performance.now() - t1;
+
+    const tTotal = performance.now() - t0;
 
     logger.info('Meter event created and will be queued for processing via afterCreate hook', {
       eventId: event.id,
       eventName: event.event_name,
     });
 
+    // Server-Timing header for benchmark observability
+    const timings = [
+      `phase1;dur=${tPhase1.toFixed(1)}`,
+      `phase2;dur=${tPhase2.toFixed(1)}`,
+      `create;dur=${tCreate.toFixed(1)}`,
+      `total;dur=${tTotal.toFixed(1)}`,
+    ];
+    res.set('Server-Timing', timings.join(', '));
+
     return res.json({
       ...event.toJSON(),
       processing: {

package/api/src/routes/payment-links.ts

@@ -231,7 +231,7 @@ router.post('/', auth, async (req, res) => {
       ...req.body,
       livemode: !!req.livemode,
       created_via: req.user?.via,
-      currency_id: req.body.currency_id || req.currency.id,
+      currency_id: req.body.currency_id || req.baseCurrency.id,
       metadata: formatMetadata(req.body.metadata),
     });
     logger.info('Payment link created successfully', { id: result.id, user: req.user?.did });
@@ -437,7 +437,7 @@ router.post('/stash', auth, async (req, res) => {
     raw.active = true;
     raw.livemode = !!req.livemode;
     raw.created_via = req.user?.via;
-    raw.currency_id = raw.currency_id || req.currency.id;
+    raw.currency_id = raw.currency_id || req.baseCurrency.id;
     // Merge existing metadata with preview flag
     raw.metadata = { ...raw.metadata, preview: '1' };
 

package/api/src/routes/prices.ts

@@ -337,7 +337,7 @@ router.post('/', auth, async (req, res) => {
     const result = await createPrice({
       ...req.body,
       livemode: !!req.livemode,
-      currency_id: req.body.currency_id || req.currency.id,
+      currency_id: req.body.currency_id || req.baseCurrency.id,
       created_via: req.user?.via as string,
       quantity_sold: 0,
     });

package/api/src/routes/pricing-table.ts

@@ -115,14 +115,15 @@ router.get('/', auth, async (req, res) => {
 
     const priceIds: string[] = uniq(list.reduce((acc: string[], x) => acc.concat(x.items.map((i) => i.price_id)), []));
     const prices = await Price.findAll({ where: { id: priceIds }, include: [{ model: Product, as: 'product' }] });
-    const products = await Product.findAll({ where: { id: uniq(prices.map((x) => x.product_id)) } });
+    // Derive products from the already-included price.product association (avoids redundant Product.findAll)
+    const productMap = new Map(prices.filter((p) => (p as any).product).map((p) => [p.product_id, (p as any).product]));
 
     list.forEach((x) => {
       x.items.forEach((i) => {
         // @ts-ignore
         i.price = prices.find((p) => p.id === i.price_id);
         // @ts-ignore
-        i.product = products.find((p) => p.id === i.product_id);
+        i.product = productMap.get(i.product_id);
       });
     });
 

package/api/src/routes/products.ts

@@ -296,7 +296,7 @@ router.post('/', auth, async (req, res) => {
       type: req.body.type || 'service',
       livemode: !!req.livemode,
       created_via: req.user?.via,
-      currency_id: req.currency.id,
+      currency_id: req.baseCurrency.id,
       metadata: formatMetadata(req.body.metadata),
     });
     logger.info('Product and prices created', {
@@ -609,7 +609,7 @@ router.post('/batch-price-update', auth, async (req, res) => {
 
         const prices = await Price.findAll({ where: { product_id: product.id } });
         for (const price of prices) {
-          if (price.currency_id === req.currency.id) {
+          if (price.currency_id === req.baseCurrency.id) {
             const unit = new BN(price.unit_amount).div(new BN(factor)).toString();
             const options = cloneDeep(price.currency_options);
             const option = options.find((x) => x.currency_id === price.currency_id);

package/api/src/routes/subscription-items.ts

@@ -87,10 +87,19 @@ router.get('/', auth, async (req, res) => {
     });
     const list = rows.map((x) => x.toJSON());
     if (where.subscription_id) {
-      const products = (await Product.findAll()).map((x) => x.toJSON());
-      const prices = (await Price.findAll()).map((x) => x.toJSON());
+      // S1 optimization: Load only referenced prices (with product) instead of full table scans
+      const priceIds = [...new Set(list.map((i: any) => i.price_id).filter(Boolean))];
+      const pricesWithProduct =
+        priceIds.length > 0
+          ? await Price.findAll({ where: { id: priceIds }, include: [{ model: Product, as: 'product' }] })
+          : [];
+      const pricesJson = pricesWithProduct.map((x) => x.toJSON());
+      const productMap = new Map<string, any>();
+      pricesJson.forEach((p: any) => {
+        if (p.product) productMap.set(p.product.id, p.product);
+      });
       // @ts-ignore
-      expandLineItems(list, products, prices);
+      expandLineItems(list, Array.from(productMap.values()), pricesJson);
     }
     res.json({ count, list, paging: { page, pageSize } });
   } catch (err) {

package/api/src/routes/subscriptions.ts

@@ -77,6 +77,28 @@ import { ensureOverdraftProtectionPrice } from '../libs/overdraft-protection';
 import { CHARGE_SUPPORTED_CHAIN_TYPES } from '../libs/constants';
 import { getSubscriptionDiscountStats } from '../libs/discount/redemption';
 
+// S1 optimization: Load only the products/prices referenced by a set of subscriptions,
+// instead of Product.findAll() + Price.findAll() full table scans.
+async function loadProductsAndPricesForSubscriptions(docs: any[]): Promise<{ products: any[]; prices: any[] }> {
+  const priceIds = uniq(docs.flatMap((x) => (x.items || []).map((i: any) => i.price_id)).filter(Boolean));
+  if (priceIds.length === 0) {
+    return { products: [], prices: [] };
+  }
+  const prices = await Price.findAll({
+    where: { id: priceIds },
+    include: [{ model: Product, as: 'product' }],
+  });
+  const pricesJson = prices.map((x) => x.toJSON());
+  // Derive products from the already-included price.product association
+  const productMap = new Map<string, any>();
+  pricesJson.forEach((p: any) => {
+    if (p.product) {
+      productMap.set(p.product.id, p.product);
+    }
+  });
+  return { products: Array.from(productMap.values()), prices: pricesJson };
+}
+
 const router = Router();
 const auth = authenticate<Subscription>({ component: true, roles: ['owner', 'admin'] });
 const authMine = authenticate<Subscription>({ component: true, roles: ['owner', 'admin'], mine: true });
@@ -436,9 +458,8 @@ router.post('/', auth, async (req, res) => {
       ],
     });
 
-    const products = (await Product.findAll()).map((x) => x.toJSON());
-    const allPrices = (await Price.findAll()).map((x) => x.toJSON());
     const doc = result!.toJSON();
+    const { products, prices: allPrices } = await loadProductsAndPricesForSubscriptions([doc]);
     // @ts-ignore
     expandLineItems(doc.items, products, allPrices);
 
@@ -523,9 +544,8 @@ router.get('/', authMine, async (req, res) => {
       // https://github.com/sequelize/sequelize/issues/9481
       distinct: true,
     });
-    const products = (await Product.findAll()).map((x) => x.toJSON());
-    const prices = (await Price.findAll()).map((x) => x.toJSON());
     const docs = list.map((x) => x.toJSON());
+    const { products, prices } = await loadProductsAndPricesForSubscriptions(docs);
     // @ts-ignore
     docs.forEach((x) => expandLineItems(x.items, products, prices));
     if (includeLatestInvoiceQuote) {
@@ -592,9 +612,8 @@ router.get('/search', auth, async (req, res) => {
     ],
   });
 
-  const products = (await Product.findAll()).map((x) => x.toJSON());
-  const prices = (await Price.findAll()).map((x) => x.toJSON());
   const docs = list.map((x) => x.toJSON());
+  const { products, prices } = await loadProductsAndPricesForSubscriptions(docs);
   // @ts-ignore
   docs.forEach((x) => expandLineItems(x.items, products, prices));
   if (includeLatestInvoiceQuote) {
@@ -624,8 +643,7 @@ router.get('/:id', authPortal, async (req, res) => {
       const json: any = doc.toJSON();
       const isConsumesCredit = await doc.isConsumesCredit();
       const serviceType = isConsumesCredit ? 'credit' : 'standard';
-      const products = (await Product.findAll()).map((x) => x.toJSON());
-      const prices = (await Price.findAll()).map((x) => x.toJSON());
+      const { products, prices } = await loadProductsAndPricesForSubscriptions([json]);
       // @ts-ignore
       expandLineItems(json.items, products, prices);
       // @ts-ignore
@@ -645,7 +663,7 @@ router.get('/:id', authPortal, async (req, res) => {
       // Get payment method details
       let paymentMethodDetails = null;
       try {
-        const paymentMethod = await PaymentMethod.findByPk(doc.default_payment_method_id);
+        const paymentMethod = (doc as any).paymentMethod as PaymentMethod | null;
         if (paymentMethod?.type === 'stripe' && json.payment_details?.stripe?.subscription_id) {
           const client = paymentMethod.getStripeClient();
           const stripeSubscription = await client.subscriptions.retrieve(json.payment_details.stripe.subscription_id, {

package/api/src/store/migrations/20260306-checkout-session-indexes.ts

@@ -0,0 +1,23 @@
+/* eslint-disable no-console */
+import { createIndexIfNotExists, type Migration } from '../migrate';
+
+export const up: Migration = async ({ context }) => {
+  console.log('🚀 Adding checkout_sessions performance indexes...');
+
+  await createIndexIfNotExists(
+    context,
+    'checkout_sessions',
+    ['payment_intent_id'],
+    'idx_checkout_sessions_payment_intent'
+  );
+  await createIndexIfNotExists(context, 'checkout_sessions', ['subscription_id'], 'idx_checkout_sessions_subscription');
+  await createIndexIfNotExists(context, 'checkout_sessions', ['status'], 'idx_checkout_sessions_status');
+
+  console.log('✅ checkout_sessions indexes created');
+};
+
+export const down: Migration = async ({ context }) => {
+  await context.removeIndex('checkout_sessions', 'idx_checkout_sessions_payment_intent');
+  await context.removeIndex('checkout_sessions', 'idx_checkout_sessions_subscription');
+  await context.removeIndex('checkout_sessions', 'idx_checkout_sessions_status');
+};

package/api/src/store/models/checkout-session.ts

@@ -502,8 +502,9 @@ export class CheckoutSession extends Model<InferAttributes<CheckoutSession>, Inf
         createdAt: 'created_at',
         updatedAt: 'updated_at',
         hooks: {
-          afterCreate: (model: CheckoutSession, options) =>
-            createEvent('CheckoutSession', 'checkout.session.created', model, options).catch(console.error),
+          afterCreate: (model: CheckoutSession, options) => {
+            createEvent('CheckoutSession', 'checkout.session.created', model, options).catch(console.error);
+          },
           afterUpdate: (model: CheckoutSession, options) => {
             createStatusEvent(
               'CheckoutSession',

package/api/src/store/models/coupon.ts

@@ -153,12 +153,15 @@ export class Coupon extends Model<InferAttributes<Coupon>, InferCreationAttribut
       createdAt: 'created_at',
       updatedAt: 'updated_at',
       hooks: {
-        afterCreate: (model: Coupon, options) =>
-          createEvent('Coupon', 'coupon.created', model, options).catch(console.error),
-        afterUpdate: (model: Coupon, options) =>
-          createEvent('Coupon', 'coupon.updated', model, options).catch(console.error),
-        afterDestroy: (model: Coupon, options) =>
-          createEvent('Coupon', 'coupon.deleted', model, options).catch(console.error),
+        afterCreate: (model: Coupon, options) => {
+          createEvent('Coupon', 'coupon.created', model, options).catch(console.error);
+        },
+        afterUpdate: (model: Coupon, options) => {
+          createEvent('Coupon', 'coupon.updated', model, options).catch(console.error);
+        },
+        afterDestroy: (model: Coupon, options) => {
+          createEvent('Coupon', 'coupon.deleted', model, options).catch(console.error);
+        },
       },
     });
   }

package/api/src/store/models/credit-grant.ts

@@ -262,7 +262,10 @@ export class CreditGrant extends Model<InferAttributes<CreditGrant>, InferCreati
 
       await this.save();
 
-      await createEvent('CreditGrant', 'customer.credit_grant.consumed', this).catch(console.error);
+      // Fire-and-forget: audit event should not block the consumption hot path.
+      // Trade-off: if the process crashes between save() and this call, the audit event is lost,
+      // but grant state is already persisted and can be reconciled from DB.
+      createEvent('CreditGrant', 'customer.credit_grant.consumed', this).catch(console.error);
     }
 
     return {

package/api/src/store/models/credit-transaction.ts

@@ -126,8 +126,9 @@ export class CreditTransaction extends Model<
         { fields: ['transfer_status'] },
       ],
       hooks: {
-        afterCreate: (model: CreditTransaction, options) =>
-          createEvent('CreditTransaction', 'customer.credit_transaction.created', model, options).catch(console.error),
+        afterCreate: (model: CreditTransaction, options) => {
+          createEvent('CreditTransaction', 'customer.credit_transaction.created', model, options).catch(console.error);
+        },
       },
     });
   }

package/api/src/store/models/customer.ts

@@ -258,12 +258,15 @@ export class Customer extends Model<InferAttributes<Customer>, InferCreationAttr
         createdAt: 'created_at',
         updatedAt: 'updated_at',
         hooks: {
-          afterCreate: (model: Customer, options) =>
-            createEvent('Customer', 'customer.created', model, options).catch(console.error),
-          afterUpdate: (model: Customer, options) =>
-            createEvent('Customer', 'customer.updated', model, options).catch(console.error),
-          afterDestroy: (model: Customer, options) =>
-            createEvent('Customer', 'customer.deleted', model, options).catch(console.error),
+          afterCreate: (model: Customer, options) => {
+            createEvent('Customer', 'customer.created', model, options).catch(console.error);
+          },
+          afterUpdate: (model: Customer, options) => {
+            createEvent('Customer', 'customer.updated', model, options).catch(console.error);
+          },
+          afterDestroy: (model: Customer, options) => {
+            createEvent('Customer', 'customer.deleted', model, options).catch(console.error);
+          },
         },
       }
     );