feat(links): harden expiry processing, add audit + notifications

[DeePrincipal-dev-lang]

feat(links): harden expiry processing, add audit + notifications

• Summary: Add an idempotent expiry sweep for payment links that reliably transitions open links to expired even with delayed jobs or event replays. Record detailed expiry audit rows, emit admin audit events, and notify link owners.

What changed:

• Migration: 20260629000000_add_payment_link_expiry_hardening.sql

• Service (expiry sweep): payment-link-expiry.service.ts

• Module registration: links.module.ts

• Notification plumbing: notification.service.ts, notification.events.ts, notification.types.ts

• Tests: payment-link-expiry.service.unit.spec.ts

• Behavior / rationale:

  • The sweep updates only rows where status = 'open' and expires_at <= NOW(), so repeated runs, delayed workers, or replayed events are safe and idempotent.
  • Each expiry writes a row to payment_link_expiry_audit, logs an admin audit via AuditService.log, and emits a payment.link.expired event targeted to the link owner.
  • Auto-match and other writers already guard with .eq('status', 'open'), preventing late payments from silently overwriting an expired state; the expiry sweep mirrors that pattern for determinism.

• Acceptance criteria mapping:

  • Deterministic & replay-safe: ensured by status-guarded update and audit trail.
  • Late payments do not silently overwrite expired state: update only affects open rows; auto-match also requires open.
  • Operators can inspect why/when a link expired: payment_link_expiry_audit + admin audit logs.

• How to run locally

  • Apply DB migration to your Postgres/Supabase:

    # (run in your DB migration tooling / psql)
    psql $DATABASE_URL -f app/backend/supabase/migrations/20260629000000_add_payment_link_expiry_hardening.sql

  • Run backend tests:

    pnpm --filter app/backend install
    pnpm --filter app/backend test

  • Run the expiry sweep manually (example from Node REPL or call service via admin endpoint if you add one). The service also runs every minute via Cron.
    closes BE-64: Payment Link Expiry Worker Hardening #548

[drips-wave]

@DeePrincipal-dev-lang Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

[Cedarich]

@DeePrincipal-dev-lang fix workflow