npm - payment-kit - Versions diffs - 1.29.0 → 1.29.2 - Mend

payment-kit 1.29.0 → 1.29.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (312) hide show

package/api/dev.ts +41 -2
package/api/hono.d.ts +42 -0
package/api/node-sqlite.d.ts +12 -0
package/api/src/bootstrap.ts +36 -0
package/api/src/crons/base.ts +3 -3
package/api/src/crons/currency.ts +1 -1
package/api/src/crons/index.ts +27 -24
package/api/src/crons/metering-subscription-detection.ts +1 -1
package/api/src/crons/overdue-detection.ts +2 -2
package/api/src/crons/retry-pending-events.ts +6 -0
package/api/src/index.ts +22 -161
package/api/src/integrations/app-store/client.ts +3 -4
package/api/src/integrations/app-store/handlers/subscription.ts +7 -7
package/api/src/integrations/app-store/signed-data-verifier.ts +3 -2
package/api/src/integrations/arcblock/token.ts +21 -7
package/api/src/integrations/google-play/handlers/subscription.ts +6 -6
package/api/src/integrations/google-play/handlers/voided.ts +2 -2
package/api/src/integrations/google-play/verify.ts +3 -2
package/api/src/integrations/iap-reconcile.ts +3 -5
package/api/src/integrations/stripe/handlers/invoice.ts +2 -2
package/api/src/integrations/stripe/handlers/subscription.ts +3 -3
package/api/src/libs/archive/query.ts +19 -0
package/api/src/libs/audit.ts +61 -4
package/api/src/libs/auth.ts +99 -38
package/api/src/libs/context.ts +78 -1
package/api/src/libs/currency.ts +2 -2
package/api/src/libs/dayjs.ts +8 -2
package/api/src/libs/drivers/auth-storage.ts +118 -0
package/api/src/libs/drivers/cron.ts +264 -0
package/api/src/libs/drivers/db.ts +170 -0
package/api/src/libs/drivers/identity.ts +81 -0
package/api/src/libs/drivers/index.ts +40 -0
package/api/src/libs/drivers/locks.ts +226 -0
package/api/src/libs/drivers/migrate-runner.ts +70 -0
package/api/src/libs/drivers/queue.ts +104 -0
package/api/src/libs/drivers/secrets.ts +194 -0
package/api/src/libs/env.ts +170 -54
package/api/src/libs/exchange-rate/service.ts +7 -6
package/api/src/libs/http-fetch-adapter.ts +50 -0
package/api/src/libs/invoice.ts +1 -1
package/api/src/libs/lock.ts +51 -47
package/api/src/libs/logger.ts +48 -8
package/api/src/libs/notification/index.ts +1 -1
package/api/src/libs/notification/template/customer-credit-low-balance.ts +2 -1
package/api/src/libs/notification/template/customer-revenue-succeeded.ts +1 -1
package/api/src/libs/notification/template/customer-reward-succeeded.ts +1 -1
package/api/src/libs/overdraft-protection.ts +1 -1
package/api/src/libs/payout.ts +1 -1
package/api/src/libs/queue/index.ts +259 -52
package/api/src/libs/queue/runtime.ts +175 -0
package/api/src/libs/resource.ts +3 -3
package/api/src/libs/secrets.ts +38 -0
package/api/src/libs/session.ts +3 -2
package/api/src/libs/subscription.ts +5 -5
package/api/src/libs/tenant.ts +92 -0
package/api/src/libs/url.ts +3 -3
package/api/src/libs/util.ts +21 -13
package/api/src/middlewares/hono/cdn.ts +63 -0
package/api/src/middlewares/hono/context.ts +73 -0
package/api/src/middlewares/hono/csrf.ts +72 -0
package/api/src/middlewares/hono/fallback.ts +194 -0
package/api/src/middlewares/hono/pipeline.ts +73 -0
package/api/src/middlewares/hono/resource-mount.ts +42 -0
package/api/src/middlewares/hono/resource.ts +63 -0
package/api/src/middlewares/hono/security.ts +214 -0
package/api/src/middlewares/hono/session.ts +114 -0
package/api/src/middlewares/hono/xss.ts +61 -0
package/api/src/queues/auto-recharge.ts +12 -10
package/api/src/queues/checkout-session.ts +17 -12
package/api/src/queues/credit-consume.ts +40 -36
package/api/src/queues/credit-grant.ts +25 -18
package/api/src/queues/credit-reconciliation.ts +7 -5
package/api/src/queues/discount-status.ts +9 -6
package/api/src/queues/event.ts +12 -4
package/api/src/queues/exchange-rate-health.ts +49 -30
package/api/src/queues/invoice.ts +18 -15
package/api/src/queues/notification.ts +14 -7
package/api/src/queues/payment.ts +41 -28
package/api/src/queues/payout.ts +9 -5
package/api/src/queues/refund.ts +18 -12
package/api/src/queues/subscription.ts +83 -53
package/api/src/queues/token-transfer.ts +15 -10
package/api/src/queues/usage-record.ts +8 -5
package/api/src/queues/vendors/commission.ts +7 -5
package/api/src/queues/vendors/fulfillment-coordinator.ts +17 -13
package/api/src/queues/vendors/fulfillment.ts +4 -2
package/api/src/queues/vendors/return-processor.ts +5 -3
package/api/src/queues/vendors/return-scanner.ts +5 -4
package/api/src/queues/vendors/status-check.ts +10 -7
package/api/src/queues/webhook.ts +60 -32
package/api/src/routes/connect/shared.ts +1 -2
package/api/src/routes/connect/subscribe.ts +3 -3
package/api/src/routes/{archive.ts → hono/archive.ts} +69 -64
package/api/src/routes/{auto-recharge-configs.ts → hono/auto-recharge-configs.ts} +39 -28
package/api/src/routes/{checkout-sessions.ts → hono/checkout-sessions.ts} +790 -923
package/api/src/routes/{coupons.ts → hono/coupons.ts} +93 -76
package/api/src/routes/{credit-grants.ts → hono/credit-grants.ts} +140 -126
package/api/src/routes/hono/credit-tokens.ts +43 -0
package/api/src/routes/{credit-transactions.ts → hono/credit-transactions.ts} +37 -29
package/api/src/routes/{customers.ts → hono/customers.ts} +193 -223
package/api/src/routes/{donations.ts → hono/donations.ts} +41 -32
package/api/src/routes/{entitlements.ts → hono/entitlements.ts} +28 -25
package/api/src/routes/{events.ts → hono/events.ts} +107 -71
package/api/src/routes/{exchange-rate-providers.ts → hono/exchange-rate-providers.ts} +138 -126
package/api/src/routes/hono/exchange-rates.ts +77 -0
package/api/src/routes/hono/index.ts +115 -0
package/api/src/routes/{integrations → hono/integrations}/app-store.ts +68 -48
package/api/src/routes/{integrations → hono/integrations}/google-play.ts +78 -58
package/api/src/routes/hono/integrations/stripe.ts +74 -0
package/api/src/routes/{invoices.ts → hono/invoices.ts} +253 -244
package/api/src/routes/{meter-events.ts → hono/meter-events.ts} +120 -110
package/api/src/routes/hono/meters.ts +288 -0
package/api/src/routes/hono/passports.ts +73 -0
package/api/src/routes/{payment-currencies.ts → hono/payment-currencies.ts} +219 -197
package/api/src/routes/{payment-intents.ts → hono/payment-intents.ts} +136 -132
package/api/src/routes/{payment-links.ts → hono/payment-links.ts} +145 -128
package/api/src/routes/{payment-methods.ts → hono/payment-methods.ts} +125 -93
package/api/src/routes/{payment-stats.ts → hono/payment-stats.ts} +30 -25
package/api/src/routes/{payouts.ts → hono/payouts.ts} +55 -47
package/api/src/routes/{prices.ts → hono/prices.ts} +265 -242
package/api/src/routes/{pricing-table.ts → hono/pricing-table.ts} +94 -87
package/api/src/routes/{products.ts → hono/products.ts} +172 -159
package/api/src/routes/{promotion-codes.ts → hono/promotion-codes.ts} +207 -185
package/api/src/routes/hono/redirect.ts +24 -0
package/api/src/routes/{refunds.ts → hono/refunds.ts} +96 -80
package/api/src/routes/{settings.ts → hono/settings.ts} +64 -55
package/api/src/routes/{subscription-items.ts → hono/subscription-items.ts} +64 -57
package/api/src/routes/{subscriptions.ts → hono/subscriptions.ts} +475 -528
package/api/src/routes/{tax-rates.ts → hono/tax-rates.ts} +71 -70
package/api/src/routes/hono/tool.ts +69 -0
package/api/src/routes/{usage-records.ts → hono/usage-records.ts} +47 -42
package/api/src/routes/{vendor.ts → hono/vendor.ts} +315 -167
package/api/src/routes/{webhook-attempts.ts → hono/webhook-attempts.ts} +17 -13
package/api/src/routes/hono/webhook-endpoints.ts +126 -0
package/api/src/service.ts +667 -0
package/api/src/store/migrations/20230911-seeding.ts +2 -1
package/api/src/store/migrations/20260609-remove-did-space-jobs.ts +23 -0
package/api/src/store/migrations/20260610-tenant-columns.ts +40 -0
package/api/src/store/migrations/20260611-tenant-backfill.ts +33 -0
package/api/src/store/models/auto-recharge-config.ts +22 -10
package/api/src/store/models/checkout-session.ts +15 -14
package/api/src/store/models/coupon.ts +29 -20
package/api/src/store/models/credit-grant.ts +38 -29
package/api/src/store/models/credit-transaction.ts +32 -21
package/api/src/store/models/customer.ts +19 -17
package/api/src/store/models/discount.ts +11 -2
package/api/src/store/models/entitlement-grant.ts +21 -9
package/api/src/store/models/entitlement-product.ts +21 -9
package/api/src/store/models/entitlement.ts +19 -10
package/api/src/store/models/event.ts +18 -9
package/api/src/store/models/exchange-rate-provider.ts +17 -4
package/api/src/store/models/invoice-item.ts +18 -9
package/api/src/store/models/invoice.ts +16 -8
package/api/src/store/models/meter-event.ts +27 -9
package/api/src/store/models/meter.ts +31 -22
package/api/src/store/models/payment-currency.ts +25 -8
package/api/src/store/models/payment-intent.ts +15 -6
package/api/src/store/models/payment-link.ts +15 -6
package/api/src/store/models/payment-method.ts +38 -22
package/api/src/store/models/payment-stat.ts +18 -9
package/api/src/store/models/payout.ts +15 -6
package/api/src/store/models/price-quote.ts +17 -8
package/api/src/store/models/price.ts +24 -12
package/api/src/store/models/pricing-table.ts +29 -20
package/api/src/store/models/product-vendor.ts +20 -10
package/api/src/store/models/product.ts +15 -6
package/api/src/store/models/promotion-code.ts +14 -6
package/api/src/store/models/refund.ts +15 -6
package/api/src/store/models/revenue-snapshot.ts +21 -9
package/api/src/store/models/setting.ts +18 -9
package/api/src/store/models/setup-intent.ts +36 -27
package/api/src/store/models/subscription-item.ts +21 -9
package/api/src/store/models/subscription-schedule.ts +21 -9
package/api/src/store/models/subscription.ts +21 -10
package/api/src/store/models/tax-rate.ts +29 -21
package/api/src/store/models/usage-record.ts +11 -2
package/api/src/store/models/webhook-attempt.ts +18 -9
package/api/src/store/models/webhook-endpoint.ts +18 -9
package/api/src/store/scoped-core.ts +55 -0
package/api/src/store/scoped.ts +247 -0
package/api/src/store/sequelize.ts +66 -22
package/api/src/store/sql-migrations.ts +20 -0
package/api/src/store/tenant-backfill.ts +260 -0
package/api/src/store/tenant-model.ts +124 -0
package/api/src/store/tenant-tables.ts +50 -0
package/api/tests/embedded/embedded-multi-mode-d3.spec.ts +257 -0
package/api/tests/fixtures/bare-query-violation.ts +13 -0
package/api/tests/fixtures/core-env-violation.ts +10 -0
package/api/tests/fixtures/host-read-violation.ts +19 -0
package/api/tests/fixtures/tenants.ts +4 -0
package/api/tests/integrations/iap-tenant.spec.ts +284 -0
package/api/tests/libs/archive-query.spec.ts +26 -0
package/api/tests/libs/audit-tenant.spec.ts +153 -0
package/api/tests/libs/context.spec.ts +204 -0
package/api/tests/libs/core-config.spec.ts +115 -0
package/api/tests/libs/cron-driver-d2.spec.ts +237 -0
package/api/tests/libs/crons-conservation-d2.spec.ts +52 -0
package/api/tests/libs/lock-tenant.spec.ts +66 -0
package/api/tests/libs/scoped.spec.ts +222 -0
package/api/tests/libs/secrets-facade.spec.ts +52 -0
package/api/tests/libs/tenancy-slot-authority.spec.ts +209 -0
package/api/tests/libs/tenant-middleware.spec.ts +42 -0
package/api/tests/libs/tenant-scanner.spec.ts +120 -0
package/api/tests/middlewares/hono/cdn.spec.ts +70 -0
package/api/tests/middlewares/hono/context.spec.ts +113 -0
package/api/tests/middlewares/hono/csrf.spec.ts +136 -0
package/api/tests/middlewares/hono/fallback.spec.ts +67 -0
package/api/tests/middlewares/hono/pipeline.spec.ts +47 -0
package/api/tests/middlewares/hono/security.spec.ts +181 -0
package/api/tests/middlewares/hono/session.spec.ts +42 -0
package/api/tests/middlewares/hono/xss.spec.ts +81 -0
package/api/tests/models/tenant-backfill.spec.ts +287 -0
package/api/tests/models/tenant-columns-model.spec.ts +46 -0
package/api/tests/models/tenant-columns.spec.ts +161 -0
package/api/tests/queues/credit-consume-batch.spec.ts +8 -1
package/api/tests/queues/credit-consume.spec.ts +8 -1
package/api/tests/queues/event-tenant.spec.ts +236 -0
package/api/tests/queues/exchange-rate-health-tenant-d6.spec.ts +62 -0
package/api/tests/queues/queue-parity.spec.ts +249 -0
package/api/tests/queues/queue-runtime-surface.spec.ts +277 -0
package/api/tests/queues/queue-teardown-d2.spec.ts +127 -0
package/api/tests/queues/tenant-matrix-a.spec.ts +245 -0
package/api/tests/queues/tenant-matrix-b.spec.ts +168 -0
package/api/tests/routes/connect/hono-attach.spec.ts +107 -0
package/api/tests/service/collapse.spec.ts +96 -0
package/api/tests/store/tenant-crosscut.spec.ts +202 -0
package/api/tests/store/tenant-model-spike.spec.ts +177 -0
package/api/tests/store/tenant-model.spec.ts +162 -0
package/api/tests/store/tenant-residual.spec.ts +196 -0
package/api/third.d.ts +4 -0
package/blocklet.yml +1 -1
package/cloudflare/README.md +26 -6
package/cloudflare/build.ts +28 -13
package/cloudflare/did-connect-auth.ts +0 -217
package/cloudflare/docs/2026-06-10-bundle-size-analysis.md +288 -0
package/cloudflare/migrations/0006_tenant_columns.sql +46 -0
package/cloudflare/migrations/0007_tenant_backfill_indexes.sql +65 -0
package/cloudflare/migrations/0008_schema_parity.sql +16 -0
package/cloudflare/migrations/0009_remove_did_space_jobs.sql +5 -0
package/cloudflare/queue-runtime-mode.ts +13 -0
package/cloudflare/run-build.js +31 -56
package/cloudflare/shims/blocklet-sdk/asset-host-transformer.ts +20 -0
package/cloudflare/shims/blocklet-sdk/config.ts +8 -1
package/cloudflare/shims/blocklet-sdk/login.ts +12 -0
package/cloudflare/shims/blocklet-sdk/service-api.ts +14 -0
package/cloudflare/shims/blocklet-sdk/session.ts +4 -2
package/cloudflare/shims/blocklet-sdk/util-constants.ts +8 -0
package/cloudflare/shims/blocklet-sdk/util-csrf.ts +13 -0
package/cloudflare/shims/blocklet-sdk/util-wallet.ts +8 -0
package/cloudflare/shims/cron.ts +38 -158
package/cloudflare/shims/events.ts +124 -0
package/cloudflare/shims/fastq.ts +15 -1
package/cloudflare/shims/nedb-storage.ts +16 -8
package/cloudflare/shims/node-fetch.ts +35 -0
package/cloudflare/shims/xss.ts +8 -0
package/cloudflare/tenant-middleware.ts +36 -0
package/cloudflare/tests/tenant-middleware.spec.ts +160 -0
package/cloudflare/tests/worker-handler-gate.spec.ts +44 -0
package/cloudflare/worker.ts +204 -433
package/cloudflare/wrangler.local-e2e.jsonc +26 -0
package/jest.config.js +3 -1
package/package.json +33 -38
package/scripts/core-env-whitelist.json +1 -0
package/scripts/e2e-12b-runtime.ts +149 -0
package/scripts/e2e-core-config.ts +125 -0
package/scripts/e2e-d1-tenancy.ts +116 -0
package/scripts/e2e-d2-cron-queue.ts +139 -0
package/scripts/e2e-d3-embedded-multi.ts +171 -0
package/scripts/e2e-hono-s2.ts +125 -0
package/scripts/e2e-hono-s3e.ts +135 -0
package/scripts/e2e-hono-s4.ts +114 -0
package/scripts/e2e-migration-contract.ts +100 -0
package/scripts/e2e-s0.ts +61 -0
package/scripts/e2e-s1.ts +107 -0
package/scripts/e2e-s2.ts +178 -0
package/scripts/e2e-s3.ts +110 -0
package/scripts/e2e-s4.ts +191 -0
package/scripts/e2e-s5.ts +139 -0
package/scripts/e2e-s6.ts +127 -0
package/scripts/e2e-tenant-model.ts +119 -0
package/scripts/e2e-tenant-worker.ts +199 -0
package/scripts/gen-sql-migrations.js +46 -0
package/scripts/phase8-codemod.js +219 -0
package/scripts/phase9a-env-getters-codemod.js +82 -0
package/scripts/scan-core-env.js +109 -0
package/scripts/scan-tenant-queries.js +235 -0
package/scripts/schema-drift-guard.ts +210 -0
package/scripts/tenant-scan-whitelist.json +1 -0
package/src/env.d.ts +13 -1
package/tsconfig.json +1 -1
package/api/src/libs/did-space.ts +0 -235
package/api/src/libs/middleware.ts +0 -50
package/api/src/libs/security.ts +0 -192
package/api/src/queues/space.ts +0 -662
package/api/src/routes/credit-tokens.ts +0 -38
package/api/src/routes/exchange-rates.ts +0 -87
package/api/src/routes/index.ts +0 -142
package/api/src/routes/integrations/stripe.ts +0 -61
package/api/src/routes/meters.ts +0 -274
package/api/src/routes/passports.ts +0 -68
package/api/src/routes/redirect.ts +0 -20
package/api/src/routes/tool.ts +0 -65
package/api/src/routes/webhook-endpoints.ts +0 -126
package/api/tests/routes/credit-grants.spec.ts +0 -1261
package/cloudflare/shims/did-space-js.ts +0 -17
package/cloudflare/shims/did-space.ts +0 -11
package/cloudflare/shims/express-compat/index.ts +0 -80
package/cloudflare/shims/express-compat/types.ts +0 -41
package/cloudflare/shims/lock.ts +0 -115
package/cloudflare/shims/queue.ts +0 -611
package/cloudflare/tests/shims/queue-delayed-persist.spec.ts +0 -87
package/cloudflare/tests/shims/queue-scheduled.spec.ts +0 -186

package/api/src/queues/subscription.ts CHANGED Viewed

@@ -2,7 +2,9 @@ import type { LiteralUnion } from 'type-fest';
 import { BN } from '@ocap/util';
 import { Op } from 'sequelize';
-import { createEvent } from '../libs/audit';
+import { paymentReloadSubscriptionJobs } from '../libs/env';
+import { systemFindAll, systemFindByPk, systemFindOne } from '../store/scoped';
+import { createEvent, reportAuditFailure } from '../libs/audit';
 import { ensurePassportRevoked } from '../integrations/blocklet/passport';
 // eslint-disable-next-line import/no-cycle
 import { batchHandleStripeSubscriptions } from '../integrations/stripe/resource';
@@ -13,7 +15,7 @@ import { events } from '../libs/event';
 import { getLock } from '../libs/lock';
 import logger from '../libs/logger';
 import { getGasPayerExtra, isDelegationSufficientForPayment } from '../libs/payment';
-import createQueue from '../libs/queue';
+import createQueue, { assertJobObjectTenant } from '../libs/queue';
 import { getStatementDescriptor } from '../libs/session';
 import { NonRetryableError } from '../libs/error';
 import {
@@ -83,7 +85,7 @@ async function attachQuotesForInvoice(
     return { lineItems, quotes: [] };
   }
-  const currency = (await PaymentCurrency.findByPk(currencyId, {
+  const currency = (await systemFindByPk(PaymentCurrency, currencyId, {
     include: [{ model: PaymentMethod, as: 'payment_method' }],
   })) as PaymentCurrency & { payment_method: PaymentMethod };
   if (!currency) {
@@ -178,22 +180,24 @@ const doHandleSubscriptionInvoice = async ({
   metadata?: Record<string, any>;
 }) => {
   // Do we still have the customer
-  const customer = await Customer.findByPk(subscription.customer_id);
+  const customer = await systemFindByPk(Customer, subscription.customer_id);
   if (!customer) {
     logger.warn(`Customer ${subscription.customer_id} not found for subscription: ${subscription.id}`);
     return null;
   }
+  assertJobObjectTenant(customer);
   // Do we still have the currency
-  const currency = await PaymentCurrency.findByPk(subscription.currency_id);
+  const currency = await systemFindByPk(PaymentCurrency, subscription.currency_id);
   if (!currency) {
     logger.warn(`Currency ${subscription.currency_id} not found for subscription: ${subscription.id}`);
     return null;
   }
+  assertJobObjectTenant(currency);
   // Do not proceed if previous invoice is not immutable
   if (reason === 'cycle') {
-    const previous = await Invoice.findOne({
+    const previous = await systemFindOne(Invoice, {
       where: {
         subscription_id: subscription.id,
         period_start: subscription.current_period_start,
@@ -203,7 +207,7 @@ const doHandleSubscriptionInvoice = async ({
     });
     let existOverdraftProtection;
     if (previous) {
-      existOverdraftProtection = await Invoice.findOne({
+      existOverdraftProtection = await systemFindOne(Invoice, {
         where: {
           subscription_id: subscription.id,
           billing_reason: 'overdraft_protection',
@@ -220,7 +224,7 @@ const doHandleSubscriptionInvoice = async ({
   // check if invoice already created for this reason
   if (['cycle', 'cancel', 'recover'].includes(reason)) {
-    const exist = await Invoice.findOne({
+    const exist = await systemFindOne(Invoice, {
       where: {
         subscription_id: subscription.id,
         period_start: start,
@@ -235,7 +239,7 @@ const doHandleSubscriptionInvoice = async ({
   }
   // expand subscription items
-  const subscriptionItems = await SubscriptionItem.findAll({ where: { subscription_id: subscription.id } });
+  const subscriptionItems = await systemFindAll(SubscriptionItem, { where: { subscription_id: subscription.id } });
   let expandedItems = await Price.expand(
     subscriptionItems.map((x) => ({ id: x.id, price_id: x.price_id, quantity: x.quantity })),
     { product: true }
@@ -251,7 +255,7 @@ const doHandleSubscriptionInvoice = async ({
       createEvent('Subscription', 'usage.report.empty', subscription, {
         usageReportStart,
         usageReportEnd,
-      }).catch(console.error);
+      }).catch(reportAuditFailure);
       logger.info('create usage report empty event', {
         subscriptionId: subscription.id,
         usageReportStart,
@@ -542,11 +546,12 @@ export async function handleSubscriptionInvoice(args: Parameters<typeof doHandle
 }
 const handleSubscriptionBeforeCancel = async (subscription: Subscription) => {
-  const paymentCurrency = await PaymentCurrency.findByPk(subscription.currency_id);
+  const paymentCurrency = await systemFindByPk(PaymentCurrency, subscription.currency_id);
   if (!paymentCurrency) {
     logger.warn('Payment currency not found for subscription', { subscription: subscription.id });
     return;
   }
+  assertJobObjectTenant(paymentCurrency);
   if (paymentCurrency.isCredit()) {
     logger.info('Skip invoice creation for credit subscription', { subscription: subscription.id });
     return;
@@ -592,12 +597,12 @@ const handleSubscriptionWhenActive = async (subscription: Subscription) => {
   // Check if this is a credit subscription
   const isCredit = await subscription.isConsumesCredit();
-  const paymentCurrency = await PaymentCurrency.findByPk(subscription.currency_id);
+  const paymentCurrency = await systemFindByPk(PaymentCurrency, subscription.currency_id);
   if (isCredit && paymentCurrency?.isCredit()) {
     // For credit subscriptions, check credit availability instead of creating invoices
-    const customer = await Customer.findByPk(subscription.customer_id);
-    const paymentMethod = await PaymentMethod.findByPk(subscription.default_payment_method_id);
+    const customer = await systemFindByPk(Customer, subscription.customer_id);
+    const paymentMethod = await systemFindByPk(PaymentMethod, subscription.default_payment_method_id);
     if (!customer || !paymentMethod || !paymentCurrency) {
       logger.warn('Credit subscription cycle skipped due to missing dependencies', {
@@ -757,7 +762,7 @@ const handleFinalInvoicePayment = async (
   paymentCurrency: PaymentCurrency
 ) => {
   // Check if there's any unpaid final metered invoice
-  const lastInvoice = await Invoice.findOne({
+  const lastInvoice = await systemFindOne(Invoice, {
     where: {
       subscription_id: subscription.id,
       billing_reason: 'subscription_cancel',
@@ -775,7 +780,7 @@ const handleFinalInvoicePayment = async (
   }
   // Check payment status and handle accordingly
-  const paymentIntent = await PaymentIntent.findByPk(lastInvoice.payment_intent_id);
+  const paymentIntent = await systemFindByPk(PaymentIntent, lastInvoice.payment_intent_id);
   if (!paymentIntent) {
     logger.warn('PaymentIntent not found for final invoice', {
       subscription: subscription.id,
@@ -783,6 +788,7 @@ const handleFinalInvoicePayment = async (
     });
     return;
   }
+  assertJobObjectTenant(paymentIntent);
   // If payment already succeeded, skip processing
   if (paymentIntent.status === 'succeeded') {
@@ -794,7 +800,7 @@ const handleFinalInvoicePayment = async (
     return;
   }
-  const customer = await Customer.findByPk(subscription.customer_id);
+  const customer = await systemFindByPk(Customer, subscription.customer_id);
   if (!customer) {
     logger.warn('Final invoice settlement skipped because customer not found', {
       subscription: subscription.id,
@@ -802,6 +808,7 @@ const handleFinalInvoicePayment = async (
     });
     return;
   }
+  assertJobObjectTenant(customer);
   logger.info('Found unpaid final invoice, checking user delegation balance', {
     subscription: subscription.id,
@@ -834,7 +841,7 @@ const handleFinalInvoicePayment = async (
 };
 export const handleStakeSlashAfterCancel = async (subscription: Subscription, forceSlash: boolean = false) => {
-  const invoice = await Invoice.findByPk(subscription.latest_invoice_id);
+  const invoice = await systemFindByPk(Invoice, subscription.latest_invoice_id);
   if (!invoice || (invoice.status !== 'uncollectible' && !forceSlash)) {
     logger.warn('Stake slashing aborted because invoice status', {
       subscription: subscription.id,
@@ -843,7 +850,7 @@ export const handleStakeSlashAfterCancel = async (subscription: Subscription, fo
     });
     return;
   }
-  const currency = await PaymentCurrency.findByPk(invoice.currency_id || subscription.currency_id);
+  const currency = await systemFindByPk(PaymentCurrency, invoice.currency_id || subscription.currency_id);
   if (!currency) {
     logger.warn('Stake slashing aborted because currency not found', {
       subscription: subscription.id,
@@ -852,7 +859,8 @@ export const handleStakeSlashAfterCancel = async (subscription: Subscription, fo
     });
     return;
   }
-  const method = await PaymentMethod.findByPk(currency.payment_method_id);
+  assertJobObjectTenant(currency);
+  const method = await systemFindByPk(PaymentMethod, currency.payment_method_id);
   if (!method || method.type !== 'arcblock') {
     logger.warn('Stake slashing aborted because payment method not arcblock', {
       subscription: subscription.id,
@@ -861,7 +869,7 @@ export const handleStakeSlashAfterCancel = async (subscription: Subscription, fo
     });
     return;
   }
-  const customer = await Customer.findByPk(subscription.customer_id);
+  const customer = await systemFindByPk(Customer, subscription.customer_id);
   if (!customer) {
     logger.warn('Stake slashing aborted because customer not found', {
       subscription: subscription.id,
@@ -870,7 +878,8 @@ export const handleStakeSlashAfterCancel = async (subscription: Subscription, fo
     });
     return;
   }
-  const paymentIntent = await PaymentIntent.findByPk(invoice.payment_intent_id);
+  assertJobObjectTenant(customer);
+  const paymentIntent = await systemFindByPk(PaymentIntent, invoice.payment_intent_id);
   if (!paymentIntent) {
     logger.warn('Stake slashing aborted because payment intent not found', {
       subscription: subscription.id,
@@ -878,6 +887,7 @@ export const handleStakeSlashAfterCancel = async (subscription: Subscription, fo
     });
     return;
   }
+  assertJobObjectTenant(paymentIntent);
   // Use lock to prevent race condition with payment queue
   const lock = getLock(`payment-${paymentIntent.id}`);
@@ -1023,7 +1033,7 @@ export const handleStakeSlashAfterCancel = async (subscription: Subscription, fo
 };
 const ensureReturnStake = async (subscription: Subscription, paymentCurrencyId?: string, stakingAddress?: string) => {
-  const paymentCurrency = await PaymentCurrency.findByPk(paymentCurrencyId || subscription.currency_id);
+  const paymentCurrency = await systemFindByPk(PaymentCurrency, paymentCurrencyId || subscription.currency_id);
   if (!paymentCurrency) {
     logger.warn('Stake return skipped because no payment currency', {
       subscription: subscription.id,
@@ -1031,7 +1041,9 @@ const ensureReturnStake = async (subscription: Subscription, paymentCurrencyId?:
     });
     return;
   }
-  const paymentMethod = await PaymentMethod.findByPk(
+  assertJobObjectTenant(paymentCurrency);
+  const paymentMethod = await systemFindByPk(
+    PaymentMethod,
     paymentCurrency.payment_method_id || subscription.default_payment_method_id
   );
   if (paymentMethod?.type !== 'arcblock') {
@@ -1066,7 +1078,7 @@ const ensureReturnStake = async (subscription: Subscription, paymentCurrencyId?:
     return;
   }
   if (result.return_amount !== '0') {
-    const invoice = await Invoice.findOne({
+    const invoice = await systemFindOne(Invoice, {
       where: {
         billing_reason: 'stake',
         subscription_id: subscription.id,
@@ -1122,7 +1134,7 @@ const ensureReturnStake = async (subscription: Subscription, paymentCurrencyId?:
 };
 const slashStakeOnCancel = async (subscription: Subscription) => {
-  const paymentMethod = await PaymentMethod.findByPk(subscription.default_payment_method_id);
+  const paymentMethod = await systemFindByPk(PaymentMethod, subscription.default_payment_method_id);
   if (paymentMethod?.type !== 'arcblock') {
     logger.warn('Stake slashing skipped because payment method not arcblock', {
       subscription: subscription.id,
@@ -1130,7 +1142,7 @@ const slashStakeOnCancel = async (subscription: Subscription) => {
     });
     return;
   }
-  const customer = await Customer.findByPk(subscription.customer_id);
+  const customer = await systemFindByPk(Customer, subscription.customer_id);
   if (!customer) {
     logger.warn('Stake slashing skipped because customer not found', {
       subscription: subscription.id,
@@ -1138,7 +1150,8 @@ const slashStakeOnCancel = async (subscription: Subscription) => {
     });
     return;
   }
-  const currency = await PaymentCurrency.findByPk(subscription.currency_id);
+  assertJobObjectTenant(customer);
+  const currency = await systemFindByPk(PaymentCurrency, subscription.currency_id);
   if (!currency) {
     logger.warn('Stake slashing skipped because currency not found', {
       subscription: subscription.id,
@@ -1146,6 +1159,7 @@ const slashStakeOnCancel = async (subscription: Subscription) => {
     });
     return;
   }
+  assertJobObjectTenant(currency);
   const address = await getSubscriptionStakeAddress(subscription, customer.did, paymentMethod);
   const result = await getSubscriptionStakeSlashSetup(subscription, address, paymentMethod);
   const stakeEnough = await checkRemainingStake(paymentMethod, currency, address, result.return_amount);
@@ -1169,7 +1183,7 @@ const slashStakeOnCancel = async (subscription: Subscription) => {
   }
   // FIXME: handle exist one more invoices
-  const invoice = await Invoice.findOne({
+  const invoice = await systemFindOne(Invoice, {
     where: {
       subscription_id: subscription.id,
       billing_reason: 'slash_stake',
@@ -1235,13 +1249,14 @@ const ensureRefundOnCancel = async (subscription: Subscription) => {
     });
     return;
   }
-  const lastInvoice = await Invoice.findByPk(subscription.latest_invoice_id);
+  const lastInvoice = await systemFindByPk(Invoice, subscription.latest_invoice_id);
   if (!lastInvoice) {
     logger.warn('Refund skipped because no latest invoice', {
       subscription: subscription.id,
     });
     return;
   }
+  assertJobObjectTenant(lastInvoice);
   const result = await getSubscriptionRefundSetup(subscription, subscription.cancel_at, lastInvoice.currency_id);
   if (result.remainingUnused === '0') {
@@ -1251,7 +1266,7 @@ const ensureRefundOnCancel = async (subscription: Subscription) => {
     });
     return;
   }
-  const currency = await PaymentCurrency.findByPk(lastInvoice?.currency_id);
+  const currency = await systemFindByPk(PaymentCurrency, lastInvoice?.currency_id);
   const item = await Refund.create({
     type: 'refund',
     livemode: subscription.livemode,
@@ -1299,7 +1314,7 @@ const ensureReturnOverdraftProtectionStake = async (subscription: Subscription,
     });
     return;
   }
-  const paymentCurrency = await PaymentCurrency.findByPk(paymentCurrencyId || subscription.currency_id);
+  const paymentCurrency = await systemFindByPk(PaymentCurrency, paymentCurrencyId || subscription.currency_id);
   if (!paymentCurrency) {
     logger.warn('Return overdraft protection stake skipped because currency not found', {
       subscription: subscription.id,
@@ -1307,7 +1322,8 @@ const ensureReturnOverdraftProtectionStake = async (subscription: Subscription,
     });
     return;
   }
-  const paymentMethod = await PaymentMethod.findByPk(paymentCurrency.payment_method_id);
+  assertJobObjectTenant(paymentCurrency);
+  const paymentMethod = await systemFindByPk(PaymentMethod, paymentCurrency.payment_method_id);
   if (!paymentMethod) {
     logger.warn('Return overdraft protection stake skipped because payment method not found', {
       subscription: subscription.id,
@@ -1315,6 +1331,7 @@ const ensureReturnOverdraftProtectionStake = async (subscription: Subscription,
     });
     return;
   }
+  assertJobObjectTenant(paymentMethod);
   if (paymentMethod?.type !== 'arcblock') {
     logger.info('Return overdraft protection stake skipped because payment method is not arcblock', {
       subscription: subscription.id,
@@ -1346,7 +1363,7 @@ const ensureSlashOverdraftProtectionStake = async (subscription: Subscription) =
     });
     return;
   }
-  const paymentCurrency = await PaymentCurrency.findByPk(subscription.currency_id);
+  const paymentCurrency = await systemFindByPk(PaymentCurrency, subscription.currency_id);
   if (!paymentCurrency) {
     logger.warn('Slash overdraft protection stake skipped because currency not found', {
       subscription: subscription.id,
@@ -1354,7 +1371,8 @@ const ensureSlashOverdraftProtectionStake = async (subscription: Subscription) =
     });
     return;
   }
-  const paymentMethod = await PaymentMethod.findByPk(paymentCurrency.payment_method_id);
+  assertJobObjectTenant(paymentCurrency);
+  const paymentMethod = await systemFindByPk(PaymentMethod, paymentCurrency.payment_method_id);
   if (!paymentMethod) {
     logger.warn('Slash overdraft protection stake skipped because payment method not found', {
       subscription: subscription.id,
@@ -1362,6 +1380,7 @@ const ensureSlashOverdraftProtectionStake = async (subscription: Subscription) =
     });
     return;
   }
+  assertJobObjectTenant(paymentMethod);
   if (paymentMethod?.type !== 'arcblock') {
     logger.info('Slash overdraft protection stake skipped because payment method is not arcblock', {
       subscription: subscription.id,
@@ -1386,11 +1405,12 @@ const ensureSlashOverdraftProtectionStake = async (subscription: Subscription) =
 export const handleSubscription = async (job: SubscriptionJob) => {
   logger.info('handle subscription', job);
-  const subscription = await Subscription.findByPk(job.subscriptionId);
+  const subscription = await systemFindByPk(Subscription, job.subscriptionId);
   if (!subscription) {
     logger.warn('Subscription not found', { subscription: job.subscriptionId });
     return;
   }
+  assertJobObjectTenant(subscription);
   if (EXPECTED_SUBSCRIPTION_STATUS.includes(subscription.status) === false) {
     logger.warn('Subscription status not expected', { subscription: subscription.id, status: subscription.status });
     return;
@@ -1468,7 +1488,7 @@ export const subscriptionQueue = createQueue<SubscriptionJob>({
  * Checks for subscriptions that may have missed billing periods during downtime
  */
 export const handleCreditSubscriptionRecovery = async () => {
-  const lock = getLock('creditSubscriptionRecovery');
+  const lock = getLock('creditSubscriptionRecovery', { scope: 'global' });
   if (lock.locked) {
     return;
   }
@@ -1478,7 +1498,7 @@ export const handleCreditSubscriptionRecovery = async () => {
     await lock.acquire();
     // Find active credit subscriptions that might need recovery
-    const creditSubscriptions = await Subscription.findAll({
+    const creditSubscriptions = await systemFindAll(Subscription, {
       where: {
         status: ['active', 'trialing'],
       },
@@ -1565,7 +1585,7 @@ export const handleCreditSubscriptionRecovery = async () => {
 };
 export const startSubscriptionQueue = async () => {
-  const lock = getLock('startSubscriptionQueue');
+  const lock = getLock('startSubscriptionQueue', { scope: 'global' });
   if (lock.locked) {
     return;
   }
@@ -1576,7 +1596,7 @@ export const startSubscriptionQueue = async () => {
     // First handle credit subscription recovery
     await handleCreditSubscriptionRecovery();
-    const subscriptions = await Subscription.findAll({
+    const subscriptions = await systemFindAll(Subscription, {
       where: {
         status: EXPECTED_SUBSCRIPTION_STATUS,
       },
@@ -1603,7 +1623,7 @@ export const startSubscriptionQueue = async () => {
           return;
         }
         logger.info('add subscription job', { subscription: x.id, action: 'cycle' });
-        await addSubscriptionJob(x, 'cycle', process.env.PAYMENT_RELOAD_SUBSCRIPTION_JOBS === '1');
+        await addSubscriptionJob(x, 'cycle', paymentReloadSubscriptionJobs());
       })
     );
@@ -1624,10 +1644,11 @@ export const slashStakeQueue = createQueue({
   name: 'slashStake',
   onJob: async (job) => {
     const { subscriptionId } = job;
-    const subscription = await Subscription.findByPk(subscriptionId);
+    const subscription = await systemFindByPk(Subscription, subscriptionId);
     if (!subscription) {
       return;
     }
+    assertJobObjectTenant(subscription);
     await slashStakeOnCancel(subscription);
   },
   options: {
@@ -1643,10 +1664,11 @@ export const returnStakeQueue = createQueue({
   name: 'returnStake',
   onJob: async (job) => {
     const { subscriptionId, stakingAddress, paymentCurrencyId } = job;
-    const subscription = await Subscription.findByPk(subscriptionId);
+    const subscription = await systemFindByPk(Subscription, subscriptionId);
     if (!subscription) {
       return;
     }
+    assertJobObjectTenant(subscription);
     await ensureReturnStake(subscription, paymentCurrencyId, stakingAddress);
   },
   options: {
@@ -1662,10 +1684,11 @@ export const subscriptionCancelRefund = createQueue({
   name: 'subscription-cancel-refund',
   onJob: async (job) => {
     const { subscriptionId } = job;
-    const subscription = await Subscription.findByPk(subscriptionId);
+    const subscription = await systemFindByPk(Subscription, subscriptionId);
     if (!subscription) {
       return;
     }
+    assertJobObjectTenant(subscription);
     await ensureRefundOnCancel(subscription);
   },
   options: {
@@ -1681,10 +1704,11 @@ export const returnOverdraftProtectionQueue = createQueue({
   name: 'returnOverdraftProtection',
   onJob: async (job) => {
     const { subscriptionId, paymentCurrencyId } = job;
-    const subscription = await Subscription.findByPk(subscriptionId);
+    const subscription = await systemFindByPk(Subscription, subscriptionId);
     if (!subscription) {
       return;
     }
+    assertJobObjectTenant(subscription);
     await ensureReturnOverdraftProtectionStake(subscription, paymentCurrencyId);
   },
   options: {
@@ -1700,10 +1724,11 @@ export const slashOverdraftProtectionQueue = createQueue({
   name: 'slashOverdraftProtection',
   onJob: async (job) => {
     const { subscriptionId } = job;
-    const subscription = await Subscription.findByPk(subscriptionId);
+    const subscription = await systemFindByPk(Subscription, subscriptionId);
     if (!subscription) {
       return;
     }
+    assertJobObjectTenant(subscription);
     await ensureSlashOverdraftProtectionStake(subscription);
   },
   options: {
@@ -1791,7 +1816,7 @@ events.on('customer.subscription.recovered', async (subscription: Subscription)
   logger.info('subscription cancel job replaced after recover', { subscription: subscription.id });
   await subscriptionQueue.delete(`cancel-${subscription.id}`);
   await subscriptionQueue.delete(subscription.id);
-  const doc = await Subscription.findByPk(subscription.id);
+  const doc = await systemFindByPk(Subscription, subscription.id);
   await handleSubscriptionAfterRecover(doc!);
 });
@@ -1837,10 +1862,11 @@ events.on('customer.subscription.upgraded', async (subscription: Subscription) =
 });
 events.on('customer.stake.revoked', async ({ subscriptionId, tx }: { subscriptionId: string; tx: any }) => {
-  const subscription = await Subscription.findByPk(subscriptionId);
+  const subscription = await systemFindByPk(Subscription, subscriptionId);
   if (!subscription) {
     return;
   }
+  assertJobObjectTenant(subscription);
   const { address } = tx.tx.itxJson;
   if (address === subscription.overdraft_protection?.payment_details?.arcblock?.staking?.address) {
@@ -1893,12 +1919,13 @@ events.on('customer.stake.revoked', async ({ subscriptionId, tx }: { subscriptio
 events.on('setup_intent.succeeded', async (setupIntent: SetupIntent) => {
   logger.info('setup intent succeeded', { setupIntent: setupIntent.id });
   if (setupIntent.metadata?.from_currency && setupIntent?.metadata?.subscription_id) {
-    const subscription = await Subscription.findByPk(setupIntent.metadata.subscription_id);
+    const subscription = await systemFindByPk(Subscription, setupIntent.metadata.subscription_id);
     if (!subscription) {
       logger.info('skip return stake because no subscription found', { setupIntent: setupIntent.id });
       return;
     }
-    const stakingInvoice = await Invoice.findOne({
+    assertJobObjectTenant(subscription);
+    const stakingInvoice = await systemFindOne(Invoice, {
       where: {
         subscription_id: subscription.id,
         billing_reason: 'stake',
@@ -1984,11 +2011,12 @@ type SlippagePreCheckJob = {
 async function handleSlippagePreCheck(job: SlippagePreCheckJob): Promise<void> {
   const { subscriptionId, renewalTime } = job;
-  const subscription = await Subscription.findByPk(subscriptionId);
+  const subscription = await systemFindByPk(Subscription, subscriptionId);
   if (!subscription) {
     logger.warn('Slippage pre-check: Subscription not found', { subscriptionId });
     return;
   }
+  assertJobObjectTenant(subscription);
   // Skip if subscription is not in active status
   if (!['active', 'trialing'].includes(subscription.status)) {
@@ -2007,17 +2035,19 @@ async function handleSlippagePreCheck(job: SlippagePreCheckJob): Promise<void> {
   }
   // Get payment currency and payment method
-  const paymentCurrency = await PaymentCurrency.findByPk(subscription.currency_id);
+  const paymentCurrency = await systemFindByPk(PaymentCurrency, subscription.currency_id);
   if (!paymentCurrency) {
     logger.info('Slippage pre-check: Payment currency not found', { subscriptionId });
     return;
   }
+  assertJobObjectTenant(paymentCurrency);
-  const paymentMethod = await PaymentMethod.findByPk(paymentCurrency.payment_method_id);
+  const paymentMethod = await systemFindByPk(PaymentMethod, paymentCurrency.payment_method_id);
   if (!paymentMethod) {
     logger.info('Slippage pre-check: Payment method not found', { subscriptionId });
     return;
   }
+  assertJobObjectTenant(paymentMethod);
   // Get current exchange rate
   try {

package/api/src/queues/token-transfer.ts CHANGED Viewed

@@ -1,8 +1,9 @@
 import { BN } from '@ocap/util';
 import logger from '../libs/logger';
-import createQueue from '../libs/queue';
+import createQueue, { assertJobObjectTenant } from '../libs/queue';
 import { getAccountState, transferTokenFromCustomer, getCustomerTokenBalance } from '../integrations/arcblock/token';
 import { CreditTransaction, CreditGrant, Customer, MeterEvent, PaymentCurrency, Subscription } from '../store/models';
+import { systemFindAll, systemFindByPk } from '../store/scoped';
 type TokenTransferJob = {
   creditTransactionId: string;
@@ -30,11 +31,12 @@ type ValidationResult =
  * Validate transfer job and fetch required data
  */
 async function validateAndFetchData(job: TokenTransferJob): Promise<ValidationResult> {
-  const creditTransaction = await CreditTransaction.findByPk(job.creditTransactionId);
+  const creditTransaction = await systemFindByPk(CreditTransaction, job.creditTransactionId);
   if (!creditTransaction) {
     logger.warn('CreditTransaction not found', { creditTransactionId: job.creditTransactionId });
     return { valid: false };
   }
+  assertJobObjectTenant(creditTransaction);
   // Check if already transferred
   if (creditTransaction.transfer_status === 'completed') {
@@ -42,11 +44,12 @@ async function validateAndFetchData(job: TokenTransferJob): Promise<ValidationRe
     return { valid: false };
   }
-  const creditGrant = await CreditGrant.findByPk(job.creditGrantId);
+  const creditGrant = await systemFindByPk(CreditGrant, job.creditGrantId);
   if (!creditGrant) {
     logger.warn('CreditGrant not found', { creditGrantId: job.creditGrantId });
     return { valid: false };
   }
+  assertJobObjectTenant(creditGrant);
   const customer = await Customer.findByPkOrDid(job.customerDid);
   if (!customer) {
@@ -54,21 +57,23 @@ async function validateAndFetchData(job: TokenTransferJob): Promise<ValidationRe
     return { valid: false };
   }
-  const paymentCurrency = await PaymentCurrency.findByPk(job.paymentCurrencyId);
+  const paymentCurrency = await systemFindByPk(PaymentCurrency, job.paymentCurrencyId);
   if (!paymentCurrency) {
     logger.warn('PaymentCurrency not found', { paymentCurrencyId: job.paymentCurrencyId });
     return { valid: false };
   }
+  assertJobObjectTenant(paymentCurrency);
-  const meterEvent = await MeterEvent.findByPk(job.meterEventId);
+  const meterEvent = await systemFindByPk(MeterEvent, job.meterEventId);
   if (!meterEvent) {
     logger.warn('MeterEvent not found', { meterEventId: job.meterEventId });
     return { valid: false };
   }
+  assertJobObjectTenant(meterEvent);
   let subscription: Subscription | undefined;
   if (job.subscriptionId) {
-    subscription = (await Subscription.findByPk(job.subscriptionId)) || undefined;
+    subscription = (await systemFindByPk(Subscription, job.subscriptionId)) || undefined;
   }
   return {
@@ -239,7 +244,7 @@ tokenTransferQueue.on('finished', ({ id, job }) => {
 tokenTransferQueue.on('failed', async ({ id, job, error }) => {
   logger.error('Token transfer job failed after all retries', { id, job, error: error.message });
-  const creditTransaction = await CreditTransaction.findByPk(job.creditTransactionId);
+  const creditTransaction = await systemFindByPk(CreditTransaction, job.creditTransactionId);
   if (creditTransaction && creditTransaction.transfer_status !== 'completed') {
     await creditTransaction.update({
@@ -295,7 +300,7 @@ export async function startTokenTransferQueue(): Promise<void> {
     logger.info('Token transfer queue started');
     // Process any pending transfers on startup
-    const pendingTransactions = await CreditTransaction.findAll({
+    const pendingTransactions = await systemFindAll(CreditTransaction, {
       where: {
         transfer_status: 'pending',
       },
@@ -309,8 +314,8 @@ export async function startTokenTransferQueue(): Promise<void> {
     await Promise.all(
       pendingTransactions.map(async (transaction) => {
         try {
-          const customer = (await Customer.findByPk(transaction.customer_id))!;
-          const creditGrant = (await CreditGrant.findByPk(transaction.credit_grant_id))!;
+          const customer = (await systemFindByPk(Customer, transaction.customer_id))!;
+          const creditGrant = (await systemFindByPk(CreditGrant, transaction.credit_grant_id))!;
           await addTokenTransferJob({
             creditTransactionId: transaction.id,