payment-kit 1.29.0 → 1.29.2

package/api/src/queues/usage-record.ts

@@ -1,9 +1,10 @@
 import { BN, fromTokenToUnit, fromUnitToToken } from '@ocap/util';
+import { systemFindByPk, systemFindOne } from '../store/scoped';
 
 import dayjs from '../libs/dayjs';
 import { getLock } from '../libs/lock';
 import logger from '../libs/logger';
-import createQueue from '../libs/queue';
+import createQueue, { assertJobObjectTenant } from '../libs/queue';
 import { getPriceUintAmountByCurrency } from '../libs/price';
 import { Invoice, PaymentCurrency, Price, SubscriptionItem, TLineItemExpanded, UsageRecord } from '../store/models';
 import { Subscription } from '../store/models/subscription';
@@ -30,11 +31,12 @@ export async function handleUsageRecord(job: UsageRecordJob) {
 export const doHandleUsageRecord = async (job: UsageRecordJob) => {
   logger.info('handle usage record', job);
 
-  const subscription = await Subscription.findByPk(job.subscriptionId);
+  const subscription = await systemFindByPk(Subscription, job.subscriptionId);
   if (!subscription) {
     logger.warn('Subscription not found', job);
     return;
   }
+  assertJobObjectTenant(subscription);
   if (subscription.isActive() === false) {
     logger.warn('Subscription not active, so usage check is skipped', job);
     return;
@@ -43,17 +45,18 @@ export const doHandleUsageRecord = async (job: UsageRecordJob) => {
     logger.warn('Subscription billing_threshold not set', job);
     return;
   }
-  const currency = await PaymentCurrency.findByPk(subscription.currency_id);
+  const currency = await systemFindByPk(PaymentCurrency, subscription.currency_id);
   if (!currency) {
     logger.warn('Subscription currency not found', job);
     return;
   }
 
-  const item = await SubscriptionItem.findByPk(job.subscriptionItemId);
+  const item = await systemFindByPk(SubscriptionItem, job.subscriptionItemId);
   if (!item) {
     logger.warn('SubscriptionItem not found', job);
     return;
   }
+  assertJobObjectTenant(item);
   // @ts-ignore
   const lines = await Price.expand([{ id: item.id, price_id: item.price_id, quantity: item.quantity }], {
     product: true,
@@ -69,7 +72,7 @@ export const doHandleUsageRecord = async (job: UsageRecordJob) => {
 
   const start = subscription.current_period_start as number;
   const end = subscription.current_period_end as number;
-  const latestThresholdInvoice = await Invoice.findOne({
+  const latestThresholdInvoice = await systemFindOne(Invoice, {
     where: {
       subscription_id: subscription.id,
       billing_reason: 'subscription_threshold',

package/api/src/queues/vendors/commission.ts

@@ -1,6 +1,6 @@
 import { events } from '../../libs/event';
 import logger from '../../libs/logger';
-import createQueue from '../../libs/queue';
+import createQueue, { assertJobObjectTenant } from '../../libs/queue';
 import { Invoice } from '../../store/models';
 import { CheckoutSession } from '../../store/models/checkout-session';
 import { PaymentIntent } from '../../store/models/payment-intent';
@@ -8,6 +8,7 @@ import { Price } from '../../store/models/price';
 import { Product } from '../../store/models/product';
 import { depositVaultQueue } from '../payment';
 import { startVendorFulfillment, triggerCommissionProcess, triggerCoordinatorCheck } from './fulfillment-coordinator';
+import { systemFindAll, systemFindByPk } from '../../store/scoped';
 
 type VendorCommissionJob = {
   invoiceId: string;
@@ -27,7 +28,7 @@ async function checkIfPaymentIntentHasVendors(checkoutSession: CheckoutSession):
     }
 
     // Find corresponding product_ids through price_ids
-    const prices = await Price.findAll({
+    const prices = await systemFindAll(Price, {
       where: { id: priceIds },
       attributes: ['id', 'product_id'],
     });
@@ -43,7 +44,7 @@ async function checkIfPaymentIntentHasVendors(checkoutSession: CheckoutSession):
     }
 
     // Get product information
-    const products = await Product.findAll({
+    const products = await systemFindAll(Product, {
       where: { id: productIds },
       attributes: ['id', 'vendor_config'],
     });
@@ -84,11 +85,12 @@ export const handleVendorCommission = async (job: VendorCommissionJob) => {
 
   let checkoutSession: CheckoutSession | null = null;
   try {
-    const invoice = await Invoice.findByPk(job.invoiceId);
+    const invoice = await systemFindByPk(Invoice, job.invoiceId);
     if (!invoice) {
       logger.warn('invoice not found', { id: job.invoiceId });
       return;
     }
+    assertJobObjectTenant(invoice);
 
     // Find CheckoutSession through PaymentIntent
     checkoutSession = await CheckoutSession.findByInvoiceId(invoice.id);
@@ -148,7 +150,7 @@ export const vendorCommissionQueue = createQueue<VendorCommissionJob>({
 });
 
 export const startVendorCommissionQueue = async () => {
-  const payments = await PaymentIntent.findAll({
+  const payments = await systemFindAll(PaymentIntent, {
     where: {
       status: ['requires_capture', 'processing'],
       capture_method: 'automatic',

package/api/src/queues/vendors/fulfillment-coordinator.ts

@@ -3,7 +3,7 @@ import { Op } from 'sequelize';
 import { events } from '../../libs/event';
 import { getLock } from '../../libs/lock';
 import logger from '../../libs/logger';
-import createQueue from '../../libs/queue';
+import createQueue, { assertJobObjectTenant } from '../../libs/queue';
 import dayjs from '../../libs/dayjs';
 import { VendorFulfillmentService } from '../../libs/vendor-util/fulfillment';
 import { CheckoutSession } from '../../store/models/checkout-session';
@@ -17,6 +17,7 @@ import { depositVaultQueue } from '../payment';
 import { addSubscriptionJob } from '../subscription';
 import { SubscriptionWillCanceledSchedule } from '../../crons/subscription-will-canceled';
 import { Invoice } from '../../store/models';
+import { systemFindAll, systemFindByPk, systemFindOne } from '../../store/scoped';
 
 export type VendorInfo = NonNullable<CheckoutSession['vendor_info']>[number];
 
@@ -30,7 +31,7 @@ const MAX_FULFILLMENT_TIMEOUT = 300000;
 
 // Helper function to get order info for coordinated fulfillment
 async function getCoordinatedOrderInfo(checkoutSessionId: string) {
-  const checkoutSession = await CheckoutSession.findByPk(checkoutSessionId);
+  const checkoutSession = await systemFindByPk(CheckoutSession, checkoutSessionId);
 
   if (!checkoutSession) {
     throw new Error('CheckoutSession or Invoice not found');
@@ -370,7 +371,7 @@ export async function handleFulfillmentCoordination(job: CoordinatorJob) {
 }
 
 async function getVendorConfigurations(checkoutSessionId: string): Promise<any[]> {
-  const checkoutSession = await CheckoutSession.findByPk(checkoutSessionId);
+  const checkoutSession = await systemFindByPk(CheckoutSession, checkoutSessionId);
   if (!checkoutSession?.line_items) {
     return [];
   }
@@ -380,7 +381,7 @@ async function getVendorConfigurations(checkoutSessionId: string): Promise<any[]
     return [];
   }
 
-  const prices = await Price.findAll({
+  const prices = await systemFindAll(Price, {
     where: { id: priceIds },
     attributes: ['id', 'product_id'],
   });
@@ -390,12 +391,12 @@ async function getVendorConfigurations(checkoutSessionId: string): Promise<any[]
     return [];
   }
 
-  const product = await Product.findByPk(productIds[0]);
+  const product = await systemFindByPk(Product, productIds[0]);
   return product?.vendor_config || [];
 }
 
 async function getVendorInfo(checkoutSessionId: string): Promise<VendorInfo[]> {
-  const checkoutSession = await CheckoutSession.findByPk(checkoutSessionId);
+  const checkoutSession = await systemFindByPk(CheckoutSession, checkoutSessionId);
   return (checkoutSession?.vendor_info as VendorInfo[]) || [];
 }
 
@@ -421,7 +422,7 @@ async function updateSingleVendorInfo(
 
   try {
     await sequelize.transaction(async (transaction: any) => {
-      const checkoutSession = await CheckoutSession.findByPk(checkoutSessionId, {
+      const checkoutSession = await systemFindByPk(CheckoutSession, checkoutSessionId, {
         transaction,
         lock: transaction.LOCK.UPDATE,
       });
@@ -566,22 +567,24 @@ export function triggerCoordinatorCheck(checkoutSessionId: string, invoiceId: st
 export async function triggerCommissionProcess(checkoutSessionId: string, invoiceId: string): Promise<void> {
   logger.info('Triggering commission process', { checkoutSessionId, invoiceId });
 
-  const checkoutSession = await CheckoutSession.findByPk(checkoutSessionId);
+  const checkoutSession = await systemFindByPk(CheckoutSession, checkoutSessionId);
   if (!checkoutSession) {
     logger.error('Checkout session not found[triggerCommissionProcess]', { checkoutSessionId });
     return;
   }
+  assertJobObjectTenant(checkoutSession);
 
   if (!invoiceId) {
     logger.warn('Invoice ID not found[triggerCommissionProcess]', { checkoutSessionId, invoiceId });
   }
 
-  const invoice = await Invoice.findByPk(invoiceId || checkoutSession.invoice_id);
+  const invoice = await systemFindByPk(Invoice, invoiceId || checkoutSession.invoice_id);
   if (!invoice) {
     logger.error('Invoice not found[triggerCommissionProcess]', { invoiceId });
     return;
   }
-  const paymentIntent = await PaymentIntent.findOne({
+  assertJobObjectTenant(invoice);
+  const paymentIntent = await systemFindOne(PaymentIntent, {
     where: {
       [Op.or]: [{ id: invoice.payment_intent_id || checkoutSession.payment_intent_id }, { invoice_id: invoiceId }],
     },
@@ -621,7 +624,7 @@ export async function initiateFullRefund(invoiceId: string, reason: string): Pro
   });
 
   try {
-    const paymentIntent = await PaymentIntent.findOne({ where: { invoice_id: invoiceId } });
+    const paymentIntent = await systemFindOne(PaymentIntent, { where: { invoice_id: invoiceId } });
     const checkoutSession = await CheckoutSession.findByInvoiceId(invoiceId);
 
     if (!checkoutSession || !paymentIntent) {
@@ -644,7 +647,7 @@ export async function initiateFullRefund(invoiceId: string, reason: string): Pro
     }
 
     // Calculate remaining amount using the same logic as subscription createProration
-    const refunds = await Refund.findAll({
+    const refunds = await systemFindAll(Refund, {
       where: {
         status: { [Op.not]: 'canceled' },
         payment_intent_id: paymentIntent.id,
@@ -721,11 +724,12 @@ export async function initiateFullRefund(invoiceId: string, reason: string): Pro
  */
 async function cancelSubscriptionForRefund(subscriptionId: string, reason: string): Promise<void> {
   try {
-    const subscription = await Subscription.findByPk(subscriptionId);
+    const subscription = await systemFindByPk(Subscription, subscriptionId);
     if (!subscription) {
       logger.warn('Subscription not found for cancellation', { subscriptionId });
       return;
     }
+    assertJobObjectTenant(subscription);
 
     // Check if subscription is already canceled
     if (subscription.status === 'canceled') {

package/api/src/queues/vendors/fulfillment.ts

@@ -1,9 +1,10 @@
 import { events } from '../../libs/event';
 import logger from '../../libs/logger';
-import createQueue from '../../libs/queue';
+import createQueue, { assertJobObjectTenant } from '../../libs/queue';
 import { VendorFulfillmentService } from '../../libs/vendor-util/fulfillment';
 import { CheckoutSession } from '../../store/models/checkout-session';
 import { updateVendorFulfillmentStatus } from './fulfillment-coordinator';
+import { systemFindByPk } from '../../store/scoped';
 
 type VendorFulfillmentJob = {
   checkoutSessionId: string;
@@ -22,10 +23,11 @@ export const handleVendorFulfillment = async (job: VendorFulfillmentJob) => {
   const { checkoutSessionId, invoiceId, vendorId, vendorConfig } = job;
 
   try {
-    const checkoutSession = await CheckoutSession.findByPk(checkoutSessionId);
+    const checkoutSession = await systemFindByPk(CheckoutSession, checkoutSessionId);
     if (!checkoutSession) {
       throw new Error(`CheckoutSession not found: ${checkoutSessionId}`);
     }
+    assertJobObjectTenant(checkoutSession);
 
     const orderInfo = {
       checkoutSessionId,

package/api/src/queues/vendors/return-processor.ts

@@ -1,10 +1,11 @@
 import logger from '../../libs/logger';
-import createQueue from '../../libs/queue';
+import createQueue, { assertJobObjectTenant } from '../../libs/queue';
 import { VendorFulfillmentService } from '../../libs/vendor-util/fulfillment';
 import { buildRefundInfoFromPayout } from '../../libs/vendor-util/tool';
 import { CheckoutSession, Payout } from '../../store/models';
 import { payoutQueue } from '../payout';
 import { VendorInfo } from './fulfillment-coordinator';
+import { systemFindByPk, systemFindOne } from '../../store/scoped';
 
 export const MAX_RETURN_RETRY = 3;
 
@@ -30,7 +31,8 @@ async function handleReturnProcessorJob(job: ReturnProcessorJob): Promise<void>
   });
 
   try {
-    const checkoutSession = await CheckoutSession.findByPk(checkoutSessionId);
+    const checkoutSession = await systemFindByPk(CheckoutSession, checkoutSessionId);
+    assertJobObjectTenant(checkoutSession);
 
     if (!checkoutSession) {
       logger.warn('CheckoutSession not found', { checkoutSessionId });
@@ -156,7 +158,7 @@ async function callVendorReturn(vendor: VendorInfo, checkoutSession: CheckoutSes
     throw new Error(`No adapter found for vendor: ${vendor.vendor_id}`);
   }
 
-  const payoutInfo = await Payout.findOne({
+  const payoutInfo = await systemFindOne(Payout, {
     where: { vendor_info: { order_id: vendor.order_id, vendor_id: vendor.vendor_id } },
   });
   let refundInfo;

package/api/src/queues/vendors/return-scanner.ts

@@ -6,6 +6,7 @@ import { CheckoutSession, Subscription } from '../../store/models';
 import { vendorReturnProcessorQueue } from './return-processor';
 import { VendorInfo } from './fulfillment-coordinator';
 import { events } from '../../libs/event';
+import { systemFindAll, systemFindOne } from '../../store/scoped';
 
 export const vendorReturnScannerQueue = createQueue({
   name: 'vendor-return-scanner',
@@ -56,7 +57,7 @@ async function findSessionsNeedingVendorReturn(): Promise<CheckoutSession[]> {
     // First, find canceled subscriptions
     const oneWeekAgo = dayjs().subtract(7, 'day').unix();
 
-    const canceledSubscriptions = await Subscription.findAll({
+    const canceledSubscriptions = await systemFindAll(Subscription, {
       where: { status: 'canceled', canceled_at: { [Op.gt]: oneWeekAgo } },
       attributes: ['id'],
     });
@@ -64,7 +65,7 @@ async function findSessionsNeedingVendorReturn(): Promise<CheckoutSession[]> {
     const canceledSubscriptionIds = canceledSubscriptions.map((sub) => sub.id);
 
     // Find checkout sessions with completed fulfillment and canceled subscriptions
-    const readyToReturnSessions = await CheckoutSession.findAll({
+    const readyToReturnSessions = await systemFindAll(CheckoutSession, {
       where: {
         fulfillment_status: { [Op.notIn]: ['returning', 'returned', 'failed'] },
         subscription_id: { [Op.in]: canceledSubscriptionIds },
@@ -75,7 +76,7 @@ async function findSessionsNeedingVendorReturn(): Promise<CheckoutSession[]> {
     });
 
     // Find checkout sessions already in returning status
-    const returningSessions = await CheckoutSession.findAll({
+    const returningSessions = await systemFindAll(CheckoutSession, {
       where: {
         fulfillment_status: 'returning',
         subscription_id: { [Op.ne]: null as any },
@@ -135,7 +136,7 @@ events.on('customer.subscription.deleted', async (subscription: Subscription) =>
     return;
   }
 
-  const session = await CheckoutSession.findOne({
+  const session = await systemFindOne(CheckoutSession, {
     where: { subscription_id: subscription.id },
     attributes: ['id', 'vendor_info'],
   });

package/api/src/queues/vendors/status-check.ts

@@ -1,15 +1,16 @@
 import { joinURL } from 'ufo';
 import { Auth as VendorAuth } from '@blocklet/payment-vendor';
-import createQueue from '../../libs/queue';
+import createQueue, { assertJobObjectTenant } from '../../libs/queue';
 import { CheckoutSession } from '../../store/models/checkout-session';
 import { ProductVendor } from '../../store/models';
 import { fulfillmentCoordinatorQueue } from './fulfillment-coordinator';
 import logger from '../../libs/logger';
 import { vendorTimeoutMinutes } from '../../libs/env';
 import { VendorFulfillmentService } from '../../libs/vendor-util/fulfillment';
+import { systemFindAll, systemFindByPk } from '../../store/scoped';
 
 export const startVendorStatusCheckSchedule = async () => {
-  const checkoutSessions = await CheckoutSession.findAll({
+  const checkoutSessions = await systemFindAll(CheckoutSession, {
     where: { fulfillment_status: 'sent' },
   });
 
@@ -41,7 +42,8 @@ export const handleVendorStatusCheck = async (job: VendorStatusCheckJob) => {
   const { checkoutSessionId, vendorId } = job;
   logger.info('handleVendorStatusCheck', { checkoutSessionId, vendorId });
 
-  const checkoutSession = await CheckoutSession.findByPk(checkoutSessionId);
+  const checkoutSession = await systemFindByPk(CheckoutSession, checkoutSessionId);
+  assertJobObjectTenant(checkoutSession);
 
   const vendor = checkoutSession?.vendor_info?.find((v) => v.vendor_id === vendorId);
   if (!vendor) {
@@ -49,7 +51,7 @@ export const handleVendorStatusCheck = async (job: VendorStatusCheckJob) => {
     return { status: 'fail' };
   }
 
-  const TIMEOUT_THRESHOLD = vendorTimeoutMinutes * 60 * 1000;
+  const TIMEOUT_THRESHOLD = vendorTimeoutMinutes() * 60 * 1000;
   const now = Date.now();
 
   if (vendor.lastAttemptAt) {
@@ -61,11 +63,11 @@ export const handleVendorStatusCheck = async (job: VendorStatusCheckJob) => {
         vendorId,
         status: vendor.status,
         timeSinceLastAttempt: `${Math.floor(timeSinceLastAttempt / 1000)}s`,
-        timeoutThreshold: `${vendorTimeoutMinutes}min (${Math.floor(TIMEOUT_THRESHOLD / 1000)}s)`,
+        timeoutThreshold: `${vendorTimeoutMinutes()}min (${Math.floor(TIMEOUT_THRESHOLD / 1000)}s)`,
       });
 
       vendor.status = 'failed';
-      vendor.error_message = `Timeout: ${vendor.status} status exceeded ${vendorTimeoutMinutes} minutes`;
+      vendor.error_message = `Timeout: ${vendor.status} status exceeded ${vendorTimeoutMinutes()} minutes`;
       vendor.lastAttemptAt = new Date().toISOString();
 
       const updatedVendorInfo = checkoutSession?.vendor_info?.map((v) => {
@@ -92,7 +94,8 @@ export const handleVendorStatusCheck = async (job: VendorStatusCheckJob) => {
 
   try {
     if (!vendor.app_url) {
-      const productVendor = await ProductVendor.findByPk(vendorId);
+      const productVendor = await systemFindByPk(ProductVendor, vendorId);
+      if (productVendor) assertJobObjectTenant(productVendor);
       const url = productVendor?.app_url;
       logger.info('found vendor url', { url, productVendor });
 

package/api/src/queues/webhook.ts

@@ -1,9 +1,12 @@
 import componentApi from '@blocklet/sdk/lib/util/component-api';
 import { AxiosError } from 'axios';
 import { Op } from 'sequelize';
+import { systemFindAll, systemFindByPk } from '../store/scoped';
 
 import { wallet } from '../libs/auth';
+import { context } from '../libs/context';
 import logger from '../libs/logger';
+import { TENANT_MISMATCH, resolveRowTenant } from '../libs/tenant';
 import createQueue from '../libs/queue';
 import { MAX_RETRY_COUNT, getNextRetry, getWebhookJobId } from '../libs/util';
 import { webhookAlertWindowMinutes, webhookAlertMinFailures } from '../libs/env';
@@ -46,13 +49,13 @@ type WebhookJob = {
 export const handleWebhook = async (job: WebhookJob) => {
   logger.info('handle webhook', job);
 
-  const event = await Event.findByPk(job.eventId);
+  const event = await systemFindByPk(Event, job.eventId);
   if (!event) {
     logger.warn('event not found when attempt webhook', job);
     return;
   }
 
-  const webhook = await WebhookEndpoint.findByPk(job.webhookId);
+  const webhook = await systemFindByPk(WebhookEndpoint, job.webhookId);
   if (!webhook) {
     logger.warn('webhook not found on attempt', job);
     return;
@@ -62,9 +65,28 @@ export const handleWebhook = async (job: WebhookJob) => {
     return;
   }
 
-  const lastRetryCount = await WebhookAttempt.max('retry_count', {
-    where: { event_id: event.id, webhook_endpoint_id: webhook.id },
-  });
+  // Phase 4 (W1-3) handler invariant: a forged/mixed job payload must never
+  // deliver one tenant's event to another tenant's endpoint. No attempt row
+  // is written for rejected pairs (alert only).
+  const eventTenant = resolveRowTenant(event);
+  if (resolveRowTenant(webhook) !== eventTenant) {
+    logger.error('[webhook] tenant mismatch between event and endpoint, delivery refused', {
+      code: TENANT_MISMATCH,
+      eventId: event.id,
+      webhookId: webhook.id,
+    });
+    return;
+  }
+
+  // The webhook job is tenant-agnostic at dispatch (it only carries ids); the
+  // handler derives the authoritative tenant from the loaded event. Run the
+  // tenant-scoped reads/writes under that tenant so TenantModel scopes/stamps
+  // consistently (the cross-tenant loads above used system* on purpose).
+  const lastRetryCount = await context.withTenant(eventTenant, () =>
+    WebhookAttempt.max('retry_count', {
+      where: { event_id: event.id, webhook_endpoint_id: webhook.id },
+    })
+  );
 
   const retryCount = lastRetryCount ? +lastRetryCount + 1 : 1;
 
@@ -74,10 +96,10 @@ export const handleWebhook = async (job: WebhookJob) => {
     // expand basic fields
     const { object } = json.data;
     if (object.customer_id && !object.customer) {
-      object.customer = await Customer.findByPk(object.customer_id);
+      object.customer = await systemFindByPk(Customer, object.customer_id);
     }
     if (object.currency_id && !object.currency) {
-      object.currency = await PaymentCurrency.findByPk(object.currency_id);
+      object.currency = await systemFindByPk(PaymentCurrency, object.currency_id);
     }
 
     // verify similar to component call, but supports external urls
@@ -92,33 +114,39 @@ export const handleWebhook = async (job: WebhookJob) => {
       },
     });
 
-    await WebhookAttempt.create({
-      livemode: event.livemode,
-      event_id: event.id,
-      webhook_endpoint_id: webhook.id,
-      status: 'succeeded',
-      response_status: result.status,
-      response_body: result.data || {},
-      retry_count: retryCount,
-    });
+    await context.withTenant(eventTenant, () =>
+      WebhookAttempt.create({
+        livemode: event.livemode,
+        instance_did: eventTenant,
+        event_id: event.id,
+        webhook_endpoint_id: webhook.id,
+        status: 'succeeded',
+        response_status: result.status,
+        response_body: result.data || {},
+        retry_count: retryCount,
+      })
+    );
     logger.info('WebhookAttempt created successfully', { eventId: event.id, webhookId: webhook.id });
 
-    await decrementPendingWebhooks(event, webhook.id);
+    await context.withTenant(eventTenant, () => decrementPendingWebhooks(event, webhook.id));
 
     logger.info('webhook attempt success', { ...job, retryCount });
   } catch (err: any) {
     logger.warn('webhook attempt error', { ...job, retryCount, message: err.message });
     const errorStatus = (err as AxiosError).response?.status || 500;
 
-    await WebhookAttempt.create({
-      livemode: event.livemode,
-      event_id: event.id,
-      webhook_endpoint_id: webhook.id,
-      status: 'failed',
-      response_status: errorStatus,
-      response_body: (err as AxiosError).response?.data || {},
-      retry_count: retryCount,
-    });
+    await context.withTenant(eventTenant, () =>
+      WebhookAttempt.create({
+        livemode: event.livemode,
+        instance_did: eventTenant,
+        event_id: event.id,
+        webhook_endpoint_id: webhook.id,
+        status: 'failed',
+        response_status: errorStatus,
+        response_body: (err as AxiosError).response?.data || {},
+        retry_count: retryCount,
+      })
+    );
     logger.info('Failed WebhookAttempt created', { eventId: event.id, webhookId: webhook.id });
 
     try {
@@ -143,16 +171,16 @@ export const handleWebhook = async (job: WebhookJob) => {
         });
       });
     } else {
-      await decrementPendingWebhooks(event, webhook.id);
+      await context.withTenant(eventTenant, () => decrementPendingWebhooks(event, webhook.id));
     }
   }
 };
 
 // Alert if webhook continuously fails within configured time window
 async function checkAndNotifyWebhookFailures(webhookId: string) {
-  const alertWindowStart = new Date(Date.now() - webhookAlertWindowMinutes * 60 * 1000);
+  const alertWindowStart = new Date(Date.now() - webhookAlertWindowMinutes() * 60 * 1000);
 
-  const recentAttempts = await WebhookAttempt.findAll({
+  const recentAttempts = await systemFindAll(WebhookAttempt, {
     where: {
       webhook_endpoint_id: webhookId,
       created_at: { [Op.gte]: alertWindowStart },
@@ -167,7 +195,7 @@ async function checkAndNotifyWebhookFailures(webhookId: string) {
   }
 
   const failedCountInWindow = recentAttempts.filter((attempt) => attempt.status === 'failed').length;
-  if (failedCountInWindow < webhookAlertMinFailures) {
+  if (failedCountInWindow < webhookAlertMinFailures()) {
     return;
   }
 
@@ -185,8 +213,8 @@ async function checkAndNotifyWebhookFailures(webhookId: string) {
   logger.info('Notification job added for webhook consecutive failures', {
     webhookId,
     failedCountInWindow,
-    alertWindowMinutes: webhookAlertWindowMinutes,
-    minFailures: webhookAlertMinFailures,
+    alertWindowMinutes: webhookAlertWindowMinutes(),
+    minFailures: webhookAlertMinFailures(),
   });
 }
 

package/api/src/routes/connect/shared.ts

@@ -5,7 +5,6 @@ import { toDelegateAddress } from '@arcblock/did-util/cbor';
 import type { DelegateState as DelegateStateType, Transaction } from '@ocap/client';
 import { BN, fromTokenToUnit, toBase58 } from '@ocap/util';
 import { fromPublicKey } from '@ocap/wallet';
-import type { Request } from 'express';
 import isEmpty from 'lodash/isEmpty';
 import dayjs from '../../libs/dayjs';
 import { estimateMaxGasForTx, hasStakedForGas } from '../../integrations/arcblock/stake';
@@ -1583,7 +1582,7 @@ export async function executeOcapTransactions(
   userPk: string,
   claims: any[],
   paymentMethod: PaymentMethod,
-  requestSource: Request | Request[] | any[],
+  requestSource: any | any[],
   subscriptionId?: string,
   paymentCurrencyContract?: string,
   nonce?: string

package/api/src/routes/connect/subscribe.ts

@@ -29,7 +29,7 @@ const updateInvoices = async (invoices: Invoice[], update: Partial<Invoice>) =>
     invoices.map((invoice) => async () => {
       await invoice.update(update);
     }),
-    { concurrency: updateDataConcurrency }
+    { concurrency: updateDataConcurrency() }
   );
 };
 
@@ -38,7 +38,7 @@ const updateSubscriptions = async (subscriptions: Subscription[], update: Partia
     subscriptions.map((subscription) => async () => {
       await subscription.update(update);
     }),
-    { concurrency: updateDataConcurrency }
+    { concurrency: updateDataConcurrency() }
   );
 };
 
@@ -254,7 +254,7 @@ export default {
         subscriptions.map((subscription) => async () => {
           await addSubscriptionJob(subscription, 'cycle', false, subscription.trial_end);
         }),
-        { concurrency: updateDataConcurrency }
+        { concurrency: updateDataConcurrency() }
       );
 
       logger.info('CheckoutSession updated with multiple subscriptions', {