✨️ server: add activity and push notification on card decline by aguxez · Pull Request #622 · exactly/exa

aguxez · 2026-01-07T15:06:48Z

closes #114

Summary by CodeRabbit

New Features
- Push notifications for declined transactions and insufficient-funds events.
- Activity feed now records declined transactions and "requested" actions with status, reason, timestamps, merchant/icon, and transaction details.
- User-facing handling for frozen or non-active cards with clear responses.
Bug Fixes
- Fixed a key typo.
Tests
- Added/updated tests for declined-transaction flows, push notifications, and activity serialization.
Chores
- Version/changeset updates.

Greptile Summary

This PR wires up activity-feed entries and push notifications for declined card transactions. When Panda delivers a requested webhook for a frozen/inactive card, or when a created/updated webhook carries status: "declined", the new reject() helper inserts (or appends to) a transaction record with a zero-hash placeholder and sends a targeted push notification for recognized decline reasons (insufficient_funds, merchant_blocked, frozen_card). The PandaActivity schema is extended to parse these records on the activity-feed API side.

Key changes:

New reject() function in panda.ts uses PostgreSQL jsonb_set to append declined bodies to existing transaction rows and gates push notifications via xmax = 0 (first-insert detection).
PandaActivity transformer normalizes "requested" to "created" and spreads status/reason onto the output when a declined body is found; the settled field is removed (no consumers found in the codebase).
Frozen-card and non-active card states now receive distinct trackAuthorizationRejected calls in the requested handler; only the frozen-card path calls reject().
captureException context for bad transactions is improved by flattening valibot issues instead of passing raw parse objects.

Issues found:

mapped.find(b => b.status === "declined") picks the first declined body, so when multiple declined entries accumulate for the same transaction (e.g., a created decline followed by an updated decline with a different reason), the stale earlier reason is shown to the user. findLast would show the most recent.
reject() is called in the generic unexpected-error path (line 469) regardless of whether the error was issuing-network related. Any unhandled server error will produce a reason: "transaction declined" activity record that is indistinguishable from a real network decline to the user, though no push notification is sent.

Confidence Score: 3/5

Mostly safe to merge with two moderate logic issues: stale decline reasons shown to users and misleading "transaction declined" entries for server errors.
The core notification and activity-feed logic is solid with good test coverage. However, two verified logic issues warrant attention: (1) find() instead of findLast() will surface stale decline reasons when multiple declines accumulate for a transaction, and (2) unexpected server errors now create permanent "transaction declined" activity records indistinguishable from real declines to users. Neither causes data loss or security issues, but both degrade UX and observability. The issues are straightforward to fix and should be addressed before or immediately after merge.
server/api/activity.ts (findLast fix) and server/hooks/panda.ts (unexpected-error handling)

Sequence Diagram

sequenceDiagram
    participant Panda
    participant Hook as panda.ts hook
    participant DB as transactions DB
    participant Push as Push Notification

    Panda->>Hook: POST requested (card spend attempt)
    Hook->>DB: query card by id (fetch status)
    alt card FROZEN
        Hook->>DB: reject() → INSERT/APPEND declined body (frozen_card)
        Hook->>Push: sendDeclinedNotification (if isNew)
        Hook-->>Panda: 403 frozen card
    else card not ACTIVE
        Hook-->>Panda: 403 card not active (no reject() call)
    else card ACTIVE
        Hook->>Hook: risk assess + prepareCollection
        alt PandaError (e.g. InsufficientAccountLiquidity)
            Hook->>DB: reject() → INSERT/APPEND declined body
            Hook->>Push: sendDeclinedNotification (if isNew & notify)
            Hook-->>Panda: 557 error code
        else unexpected error
            Hook->>DB: reject() → INSERT/APPEND declined body (reason: "transaction declined")
            Hook-->>Panda: 569 ouch
        else success
            Hook-->>Panda: 200 ok
        end
    end

    Panda->>Hook: POST created/updated (status: declined)
    Hook->>DB: await reject() → INSERT/APPEND declined body
    Hook->>Push: sendDeclinedNotification (if isNew & notify)
    Hook-->>Panda: 200 ok

    note over DB,Push: isNew = (xmax = 0) — only first insert fires notification

_{Last reviewed commit: dd260a8}

changeset-bot · 2026-01-07T15:06:52Z

🦋 Changeset detected

Latest commit: 2e193da

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@exactly/server	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

coderabbitai · 2026-01-07T15:07:01Z

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

@coderabbitai resume to resume automatic reviews.
@coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

▶️ Resume reviews
🔍 Trigger review

Walkthrough

Adds server-side decline handling: classifies decline reasons, persists declined transaction bodies, routes frozen/non-active/error flows through new decline handlers, triggers push notifications for select decline types, extends activity schema to include "requested"/declined fields, and adds tests for declines and notifications.

Changes

Cohort / File(s)	Summary
Changesets `.changeset/honest-peas-stand.md`, `.changeset/six-dancers-hang.md`	Add two changeset files bumping `@exactly/server` (patch); metadata only.
Decline Handling Core `server/hooks/panda.ts`	Add DECLINE_REASONS and NOTIFICATION_TRIGGERING_REASONS; new helpers (`getDeclineReason`, `handleDeclinedTransaction`, `updateTransactionRecord`, `sendDeclinedNotification`, `handleRejectedTransaction*`); integrate decline flow for requested/created/error paths; persist declined bodies; handle frozen/non-active card flows and route errors through decline handlers.
Activity Schema & Transform `server/api/activity.ts`	Extend PandaActivity bodies to accept `requested`, optional `status`/`reason`, nested `body.spend` with `enrichedMerchantIcon`; normalize "requested" to "created"; propagate merchant icon and single timestamp; add declined-path shaping. CardActivity action set now includes `requested`.
Decline & Notification Tests `server/test/hooks/panda.test.ts`	Add OneSignal import and push-notification tests; replace balance checks with `maxWithdraw`; safer transaction receipt handling; insert declined-transaction fixtures and assert appended bodies and pushes.
Activity Tests `server/test/api/activity.test.ts`	Add `httpSerialize`/`removeUndefined` helpers; refactor logs/borrows gathering; adjust test payload shapes and assertions to use serialized comparisons.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant CardSystem as Card System
    participant PandaHook as Panda Hook
    participant DB as Database
    participant Notif as Notification Service

    Client->>CardSystem: submit transaction
    CardSystem->>PandaHook: webhook / payload
    PandaHook->>DB: fetch card & transaction
    alt card FROZEN or not ACTIVE
        DB-->>PandaHook: card status != ACTIVE
        PandaHook->>PandaHook: getDeclineReason()
        PandaHook->>PandaHook: handleRejectedTransactionSync()
        PandaHook-->>CardSystem: 403 / decline response
    else processing error or explicit decline
        PandaHook->>PandaHook: getDeclineReason()
        PandaHook->>DB: updateTransactionRecord(...) with declined body
        DB-->>PandaHook: OK
        PandaHook->>PandaHook: handleDeclinedTransaction()
        PandaHook->>Notif: sendDeclinedNotification()
        Notif-->>Client: push notification delivered
    else success
        PandaHook-->>CardSystem: success response
    end

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

🥅 server: fingerprint keeper errors for sentry grouping #743 — Modifies error-handling in server/hooks/panda.ts, touching contract error/fingerprint and error paths (closely related).
🥅 server: handle misc panda errors from sentry #736 — Changes server/hooks/panda.ts and panda notification/test flows (overlaps decline/notification logic).

Suggested reviewers

nfmelendez
cruzdanilo
franm91

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately describes the main changes: adding activity tracking and push notification functionality for card decline events.
Linked Issues check	✅ Passed	The PR addresses both objectives from issue `#114`: storing activity records on card decline and sending push notifications on specific decline reasons.
Out of Scope Changes check	✅ Passed	All changes are within scope: core decline handling in panda.ts, activity API expansion in activity.ts, and corresponding tests. Two changeset files document the changes appropriately.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch card-declined-events

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

gemini-code-assist · 2026-01-07T15:07:06Z

Summary of Changes

Hello @aguxez, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the server's transaction handling by introducing a mechanism to process declined card transactions. The immediate user-facing change is the implementation of push notifications, which will inform users instantly about rejected purchases. Although the foundational code for recording these declined transactions as user activity has been added, this specific database logging functionality is temporarily disabled, pending the development of corresponding user interface elements.

Highlights

New Transaction Handling: Implemented a new handleDeclinedTransaction function to process card rejections within the panda hook.
Push Notifications for Declines: Enabled push notifications for users when their card transactions are declined, providing immediate feedback on rejected purchases.
Deferred Activity Logging: Prepared the server-side logic for logging declined transactions as activity in the database, though this feature is currently commented out and awaiting UI implementation.
Test Coverage for Future Features: Added it.todo test cases to cover the future enablement of declined transaction activity logging, ensuring proper functionality once the UI is ready.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	`/gemini review`	Performs a code review for the current pull request in its current state.
Pull Request Summary	`/gemini summary`	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	`/gemini help`	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

coderabbitai

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @server/hooks/panda.ts:
- Around line 955-998: Remove the large commented-out DB logic inside
handleDeclinedTransaction and track the work in your issue tracker: create an
issue describing the pending UI changes needed to handle declined transactions
and include its ID; then replace the commented block with a single-line comment
in handleDeclinedTransaction referencing that issue (e.g., "See ISSUE-1234:
enable declined-transaction persistence once UI supports it"). Ensure the rest
of the function (push notification and error capture) remains unchanged.
- Line 965: Replace the existing comment "// TODO: Enable once UI has proper
designs to handle declined transactions in activity" with the coding-guideline
compliant format: use uppercase tag, a single space, and a fully lowercase
comment body (e.g. "// TODO enable once ui has proper designs to handle declined
transactions in activity"); update the line containing that TODO comment in the
server/hooks/panda.ts hook to remove the colon and capitalize only the TODO tag.

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0860357 and 118a340.

📒 Files selected for processing (3)

.changeset/honest-peas-stand.md
server/hooks/panda.ts
server/test/hooks/panda.test.ts

🧰 Additional context used

📓 Path-based instructions (7)

**/.changeset/*.md

📄 CodeRabbit inference engine (.cursor/rules/style.mdc)

Use a lowercase sentence in the imperative present tense for changeset summaries

Files:

.changeset/honest-peas-stand.md

server/**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/server.mdc)

server/**/*.ts: Use c.var object to pass strongly-typed data between Hono middleware and route handlers; do not use c.set
All request validation (headers, body, params) must be handled by @hono/valibot-validator middleware; do not perform manual validation inside route handlers
Use Hono's built-in error handling by throwing new HTTPException() for expected errors; unhandled errors will be caught and logged automatically
Enforce Node.js best practices using ESLint plugin:n/recommended configuration
Enforce Drizzle ORM best practices using ESLint plugin:drizzle/all configuration, including requiring where clauses for update and delete operations
Use Drizzle ORM query builder for all database interactions; do not write raw SQL queries unless absolutely unavoidable
All authentication and authorization logic must be implemented in Hono middleware
Do not access process.env directly in application code; load all configuration and secrets once at startup and pass them through dependency injection or context
Avoid long-running, synchronous operations; use async/await correctly and be mindful of CPU-intensive tasks to prevent blocking the event loop

Files:

server/hooks/panda.ts
server/test/hooks/panda.test.ts

**/*.{js,ts,tsx,jsx,sol}

📄 CodeRabbit inference engine (AGENTS.md)

Follow linter/formatter (eslint, prettier, solhint) strictly with high strictness level. No any type.

Files:

server/hooks/panda.ts
server/test/hooks/panda.test.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

Omit redundant type names in variable declarations - let the type system explain itself

**/*.{ts,tsx}: Use PascalCase for TypeScript types and interfaces
Use valibot for all runtime validation of API inputs, environment variables, and other data; define schemas once and reuse them
Infer TypeScript types from valibot schemas using type User = v.Input<typeof UserSchema> instead of manually defining interfaces

Files:

server/hooks/panda.ts
server/test/hooks/panda.test.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{ts,tsx,js,jsx}: Omit contextual names - don't repeat class/module names in members
Omit meaningless words like 'data', 'state', 'manager', 'engine', 'value' from variable and function names unless they add disambiguation

**/*.{ts,tsx,js,jsx}: Prefer function declarations for all multi-line functions; use function expressions or arrow functions only for single-line implementations
Prefer const for all variable declarations by default; only use let if the variable's value will be reassigned
Declare each variable on its own line with its own const or let keyword, not multiple declarations on one line
Use camelCase for TypeScript variables and functions
Always use import type { ... } for type imports
Use relative paths for all imports within the project; avoid tsconfig path aliases
Follow eslint-plugin-import order: react, external libraries, then relative paths
Use object and array destructuring to access and use properties
Use object method shorthand syntax when a function is a property of an object
Prefer optional chaining (?.), nullish coalescing (??), object and array spreading (...), and for...of loops over traditional syntax
Do not use abbreviations or cryptic names; write out full words like error, parameters, request instead of err, params, req
Use Number.parseInt() instead of the global parseInt() function when parsing numbers
All classes called with new must use PascalCase
Use Buffer.from(), Buffer.alloc(), or Buffer.allocUnsafe() instead of the deprecated new Buffer()
Use @ts-expect-error instead of @ts-ignore; follow it immediately with a single-line lowercase comment explaining why the error is expected, without separators like - or :
Do not include the type in a variable's name; let the static type system do its job (e.g., use const user: User not const userObject: User)
Do not repeat the name of a class or module within its members; omit contextual names (e.g., use `class User { getProfil...

Files:

server/hooks/panda.ts
server/test/hooks/panda.test.ts

server/**/*.{ts,tsx}

📄 CodeRabbit inference engine (AGENTS.md)

server/**/*.{ts,tsx}: Server API: implement schema-first approach using OpenAPI via hono with validation via valibot middleware
Server database: drizzle schema is source of truth. Migrations required. No direct database access in handlers - use c.var.db

Files:

server/hooks/panda.ts
server/test/hooks/panda.test.ts

**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/style.mdc)

For files with a single default export, name the file identically to the export; for files with multiple exports, use camelCase with a strong preference for a single word

Files:

server/hooks/panda.ts
server/test/hooks/panda.test.ts

🧠 Learnings (2)

📚 Learning: 2025-12-31T00:23:55.034Z

Learnt from: cruzdanilo
Repo: exactly/exa PR: 610
File: .changeset/ready-experts-fly.md:1-2
Timestamp: 2025-12-31T00:23:55.034Z
Learning: In the exactly/exa repository, allow and require empty changeset files (containing only --- separators) when changes are not user-facing and do not warrant a version bump. This is needed because CI runs changeset status --since origin/main and requires a changeset file to exist. Ensure such empty changesets are used only for non-user-facing changes and document the rationale in the commit or changelog notes.

Applied to files:

.changeset/honest-peas-stand.md

📚 Learning: 2025-12-23T19:58:16.574Z

Learnt from: CR
Repo: exactly/exa PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-23T19:58:16.574Z
Learning: Zero config local dev environment: no `.env` files, mock all external services

Applied to files:

server/test/hooks/panda.test.ts

🧬 Code graph analysis (2)

server/hooks/panda.ts (1)

server/utils/onesignal.ts (1)

sendPushNotification (7-25)

server/test/hooks/panda.test.ts (1)

server/database/schema.ts (1)

transactions (36-43)

🔇 Additional comments (5)

server/test/hooks/panda.test.ts (2)

2-2: LGTM!

Import adjustments for mocks are clean and improve organization.

Also applies to: 7-7

1352-1439: Test stubs properly scaffolded for future implementation.

The two test cases for declined transaction handling are well-structured and align with the commented-out database logic in server/hooks/panda.ts. Using it.todo is appropriate while waiting for UI designs.

server/hooks/panda.ts (2)

533-533: LGTM!

The call to handleDeclinedTransaction is correctly placed after the mutex is released, and the type cast is necessary due to TypeScript's union type handling.

988-998: LGTM!

Push notification implementation properly formats the transaction details and includes error handling consistent with the rest of the codebase.

.changeset/honest-peas-stand.md (1)

1-5: LGTM!

Changeset properly documents the feature addition with appropriate version bump and clear description.

sentry · 2026-01-07T18:21:48Z

Codecov Report

❌ Patch coverage is 73.26733% with 27 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.08%. Comparing base (45de6b3) to head (2e193da).
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
server/api/activity.ts	76.19%	7 Missing and 8 partials ⚠️
server/hooks/panda.ts	68.42%	8 Missing and 4 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #622      +/-   ##
==========================================
+ Coverage   71.23%   72.08%   +0.85%     
==========================================
  Files         212      212              
  Lines        8378     8655     +277     
  Branches     2741     2876     +135     
==========================================
+ Hits         5968     6239     +271     
- Misses       2132     2140       +8     
+ Partials      278      276       -2

Flag	Coverage Δ
e2e	`65.49% <48.51%> (-5.74%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

devin-ai-integration

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 4 additional flags.

greptile-apps

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

greptile-apps

Your free trial has ended. If you'd like to continue receiving code reviews, you can add a payment method here.

devin-ai-integration

Devin Review found 1 new potential issue.

View 13 additional findings in Devin Review.

devin-ai-integration · 2026-03-10T13:52:49Z

server/hooks/panda.ts

+        if (card.status !== "ACTIVE") {
+          trackAuthorizationRejected(account, payload, card.mode, card.credential.source, "card-not-active");
+          return c.json({ code: "card not active" }, 403);


🟡 Missing reject call for non-ACTIVE, non-FROZEN card status leaves declined transaction unrecorded

At server/hooks/panda.ts:271-273, when the card status is neither ACTIVE nor FROZEN (e.g., DELETED), the handler tracks the rejection and returns 403, but does not call reject() to record the declined transaction in the database. This is inconsistent with the FROZEN path at line 263-268 which does call reject(). As a result, Panda will receive a 403 and send back a "created" webhook with status: "declined", but there will be no corresponding "requested" decline record in the DB. While the eventual "created" decline will be recorded, the reason context from the original request rejection is lost.

Suggested change

if (card.status !== "ACTIVE") {

trackAuthorizationRejected(account, payload, card.mode, card.credential.source, "card-not-active");

return c.json({ code: "card not active" }, 403);

if (card.status !== "ACTIVE") {

trackAuthorizationRejected(account, payload, card.mode, card.credential.source, "card-not-active");

await reject(account, payload, jsonBody, "card not active");

return c.json({ code: "card not active" }, 403);

}

Was this helpful? React with 👍 or 👎 to provide feedback.

devin-ai-integration

Devin Review found 5 potential issues.

View 4 additional findings in Devin Review.

devin-ai-integration · 2026-03-10T14:29:22Z

server/api/activity.ts

🔴 PandaActivity throws "invalid flow" for records containing only "requested" bodies

When reject() is called during the "requested" webhook handler (e.g., frozen card at server/hooks/panda.ts:266, InsufficientAccountLiquidity at server/hooks/panda.ts:457), it stores a transaction record with a single body having action: "requested". When the activity API later processes this record through PandaActivity, the flow reducer at server/api/activity.ts:600-601 skips "requested" operations (return f), leaving both flow.created and flow.completed as undefined. This causes details at line 610 to be undefined, and line 611 throws "invalid flow". This throw inside the valibot transform can crash the entire activity API request for the user.

Race condition timeline

"requested" webhook arrives → reject() stores a record with one body (action: "requested", status: "declined")

User queries the activity API → PandaActivity transform throws "invalid flow" because no "created" or "completed" operation exists in the flow

Panda sends "created" webhook with status: "declined" → reject() appends a second body → record is now valid

The window between steps 1 and 3 is the bug trigger. If the "created" follow-up webhook never arrives (or arrives to a different server instance), the record is permanently broken.

(Refers to lines 610-611)

Prompt for agents

In server/api/activity.ts, at lines 610-611, the PandaActivity transform throws "invalid flow" when `flow.created` and `flow.completed` are both undefined. This happens when the only operations have action "requested" (which are skipped by the flow reducer at line 600-601). Fix this by handling the declined-only case. When `details` is undefined but `declined` is defined, use the `declined` operation as the details source instead of throwing. For example: const details = flow.created ?? flow.completed ?? declined; if (!details) throw new Error("invalid flow"); This ensures records that contain only "requested" declined bodies can be processed correctly without throwing.

Was this helpful? React with 👍 or 👎 to provide feedback.

devin-ai-integration · 2026-03-10T14:29:24Z

server/hooks/panda.ts

+  declineReason: string,
+) {
+  const { spend } = payload.body;
+  const transactionId = payload.body.id ?? payload.id;


🟡 reject() uses webhook event ID as transaction primary key when payload.body.id is undefined

In reject() at server/hooks/panda.ts:1236, transactionId is computed as payload.body.id ?? payload.id. For "requested" action payloads, payload.body.id is optional (server/hooks/panda.ts:127: v.optional(v.string())). When body.id is undefined, the webhook event ID (payload.id) is used as the transaction record's primary key. A subsequent "created" webhook for the same card transaction uses the actual transaction body ID, so reject() would insert a new record (different primary key) instead of appending via onConflictDoUpdate. This creates an orphaned declined record that is disconnected from the actual transaction flow.

Was this helpful? React with 👍 or 👎 to provide feedback.

devin-ai-integration · 2026-03-10T14:29:26Z

server/api/activity.ts

      }),
    ]
      .filter(<T>(value: T | undefined): value is T => value !== undefined)
+      .filter((item) => chain.id === anvil.id || !("status" in item && item.status === "declined"))


🚩 Declined filter hides items in production but not test — intentional but fragile

The new filter at server/api/activity.ts:431 uses chain.id === anvil.id to show declined transactions only in the anvil (test) environment. In production, all declined items are silently removed from the response. This is presumably a temporary measure while client-side support for declined transactions is being built. However, this couples the API behavior to the chain ID, meaning staging environments on non-anvil chains would also hide declined items. Consider using a feature flag or explicit query parameter instead of chain ID for more predictable behavior.

Was this helpful? React with 👍 or 👎 to provide feedback.

devin-ai-integration · 2026-03-10T14:29:27Z

server/hooks/panda.ts

+        if (card.status === "FROZEN") {
+          trackAuthorizationRejected(account, payload, card.mode, card.credential.source, "frozen-card");
+
+          await reject(account, payload, jsonBody, "frozen_card");
+
+          return c.json({ code: "frozen card" }, 403 as UnofficialStatusCode);
+        }
+
+        if (card.status !== "ACTIVE") {
+          trackAuthorizationRejected(account, payload, card.mode, card.credential.source, "card-not-active");
+          return c.json({ code: "card not active" }, 403);


🚩 Card status query change removes ACTIVE filter — broadens initial query

At server/hooks/panda.ts:254-255, the card query was changed from where: and(eq(cards.id, ...), eq(cards.status, 'ACTIVE')) to just where: eq(cards.id, ...), with status checks moved to application code (lines 263-273). This is needed to support the frozen card rejection flow. However, the card.status !== 'ACTIVE' check at line 271 returns 403 without calling reject(), unlike the FROZEN path at line 263-268 which does call reject(). This means cards in DELETED state (the third enum value per server/database/schema.ts:22) will return 403 but won't store a declined transaction record, creating an asymmetry in decline tracking.

Was this helpful? React with 👍 or 👎 to provide feedback.

devin-ai-integration · 2026-03-10T14:29:29Z

server/api/activity.ts

      type,
-      settled: !!flow.completed,
      usdAmount,
+      status: declined ? ("declined" as const) : flow.completed ? ("settled" as const) : ("pending" as const),


🚩 Breaking change: settled boolean replaced with status string enum

The PandaActivity output at server/api/activity.ts:639 replaces settled: boolean with status: 'declined' | 'settled' | 'pending'. This is a breaking change for any API consumers that rely on the settled field. Since this is a patch changeset (.changeset/yummy-lands-end.md), existing clients consuming this API may break if they check for settled instead of status. If there are mobile app versions in the wild that read settled, they would stop receiving that field.

Was this helpful? React with 👍 or 👎 to provide feedback.

sentry · 2026-03-13T15:11:32Z

server/api/activity.ts

      timestamp,
      merchant: { city, country, name, state },


Bug: The PandaActivity transformer ignores "requested" actions, causing an "invalid flow" error for frozen card declines, which are then silently dropped from the user's activity feed.
_{Severity: HIGH}

Suggested Fix

Modify the flow reducer in server/api/activity.ts to handle "requested" actions for declined transactions. Instead of ignoring them, the reducer should populate the flow object appropriately, perhaps by treating the "requested" action as a completed action when its status is "declined". This will prevent the "invalid flow" error and allow the declined transaction to be displayed in the activity feed.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not valid. Location: server/api/activity.ts#L616-L617 Potential issue: When a card is frozen, a webhook with a `"requested"` action is processed. The `PandaActivity` transformer's flow reducer at `server/api/activity.ts:600-601` explicitly ignores `"requested"` actions (`case "requested": return f;`). Consequently, the `flow` object has no `created` or `completed` properties. This causes the code at lines 614-616 to throw an "invalid flow" error. The error is caught, but the transaction is silently dropped and never appears in the user's activity feed, defeating the purpose of the PR.

aguxez requested review from cruzdanilo and nfmelendez as code owners January 7, 2026 15:06