Make invoice payment activation idempotent and auditable #2

New Issue

sirily · 2026-03-10T14:40:53+03:00

sirily commented

2026-03-10 14:40:53 +03:00

Problem
packages/db/src/billing-store.ts re-applies subscription activation every time markInvoicePaid is called, even when the invoice is already paid, and it does not write an admin audit-log entry.

Why this matters
Repeated admin calls can rewrite billing periods, create duplicate cycle_reset ledger rows, and leave no audit trail for a high-impact billing action.

Acceptance criteria

markInvoicePaid becomes idempotent for already-paid invoices.
Expired/canceled/invalid transitions are handled deliberately instead of silently mutating state.
Admin-triggered invoice activation writes an audit-log entry with actor metadata.
Add tests for replayed mark-paid calls.

Problem `packages/db/src/billing-store.ts` re-applies subscription activation every time `markInvoicePaid` is called, even when the invoice is already `paid`, and it does not write an admin audit-log entry. Why this matters Repeated admin calls can rewrite billing periods, create duplicate `cycle_reset` ledger rows, and leave no audit trail for a high-impact billing action. Acceptance criteria - `markInvoicePaid` becomes idempotent for already-paid invoices. - Expired/canceled/invalid transitions are handled deliberately instead of silently mutating state. - Admin-triggered invoice activation writes an audit-log entry with actor metadata. - Add tests for replayed `mark-paid` calls.

sirily referenced a pull request that will close this issue

2026-03-10 17:13:51 +03:00

fix: make invoice payment activation idempotent #18

sirily closed this issue

2026-03-10 17:53:01 +03:00

sirily referenced this issue from a commit

2026-03-10 17:53:03 +03:00

fix: make invoice payment activation idempotent (#18)

Sign in to join this conversation.