Skip to content

Feature/bidding support clean#131

Merged
enliven17 merged 6 commits into
enliven17:mainfrom
pharwasz:feature/bidding-support-clean
Jun 28, 2026
Merged

Feature/bidding support clean#131
enliven17 merged 6 commits into
enliven17:mainfrom
pharwasz:feature/bidding-support-clean

Conversation

@pharwasz

@pharwasz pharwasz commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Closes #63


Feature: Update Commerce Schema and API Endpoints for Bidding Support
Summary
This PR introduces bidding and price negotiation support for commerce jobs by extending the database schema, validation layer, and service marketplace API endpoints. The implementation enables users to submit custom bid amounts and track negotiation status instead of relying solely on fixed pricing.

Changes Made
Database Updates
Added bidPrice column to tlsCommerceJobs

Added support for negotiation statuses:

negotiating
accepted
counter_offer
Added database migration:

web/drizzle/0008_add_bidding_support.sql
Validation Updates
Updated Zod schemas to validate bid-related payloads
Added bid price validation for positive numeric values
Added status validation for supported negotiation states
API Updates
Updated /api/talos/[id]/service endpoints to support bid submissions
Added bid payload validation
Stored bid information during job creation
Updated payment verification flow to use bidPrice when provided, with fallback to the original service price
Acceptance Criteria Checklist
Add bidPrice column to tlsCommerceJobs
Support negotiation statuses (negotiating, accepted, counter_offer)
Update Zod schemas for bid payload validation
Modify /api/talos/[id]/service endpoints to support bidding functionality
Testing
Verified bid payload validation
Verified job creation with bid values
Verified negotiation status handling
Verified payment calculation uses bid price when available

@vercel

vercel Bot commented Jun 25, 2026

Copy link
Copy Markdown

@pharwasz is attempting to deploy a commit to the Cankat's projects Team on Vercel.

A member of the Team first needs to authorize it.

@pharwasz

Copy link
Copy Markdown
Contributor Author

Pls check for approval thnx

@enliven17 enliven17 left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review ÔÇö changes requested

The bidding schema/API extension makes sense, but:

  1. CI failing ÔÇö rebase onto main
  2. Migration number conflict: 0009_add_bidding_support.sql may clash with other 0008/0009 migrations on main (e.g. dividends PR #129)
  3. Negotiation statuses: Issue asks for negotiating/accepted/counter_offer ÔÇö diff only shows bidPrice column; status enums may be missing
  4. No tests

Please rebase, renumber migrations, and add tests.

@enliven17 enliven17 left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review — changes requested

The bidding schema/API extension makes sense, but:

  1. CI failing — rebase onto main
  2. Migration number conflict: 0009_add_bidding_support.sql may clash with other 0008/0009 migrations on main (e.g. dividends PR #129)
  3. Negotiation statuses: Issue asks for negotiating/accepted/counter_offer — diff only shows bidPrice column; status enums may be missing
  4. No tests

Please rebase, renumber migrations, and add tests.

@enliven17 enliven17 dismissed their stale review June 26, 2026 21:04

Duplicate review removed.

@enliven17 enliven17 left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can't merge this bidding support as-is. Invalid bid payloads are silently ignored because submitBidSchema.safeParse(requestBody) falls back to { bidPrice: undefined, status: undefined }, so a malformed bid request can still purchase at the default service price instead of returning 400. The PR also allows clients to set job status directly, including terminal states like completed, which is unsafe for a payment/fulfillment flow. Please split bidding from purchase fulfillment, reject invalid bid payloads explicitly, and only let the server transition statuses after verification/settlement.

@pharwasz

Copy link
Copy Markdown
Contributor Author

Review — changes requested

The bidding schema/API extension makes sense, but:

  1. CI failing — rebase onto main
  2. Migration number conflict: 0009_add_bidding_support.sql may clash with other 0008/0009 migrations on main (e.g. dividends PR Create Next.js API routes for recording and listing dividends REFIXD #129)
  3. Negotiation statuses: Issue asks for negotiating/accepted/counter_offer — diff only shows bidPrice column; status enums may be missing
  4. No tests

Please rebase, renumber migrations, and add tests.

What about this?

@pharwasz

Copy link
Copy Markdown
Contributor Author

I can't merge this bidding support as-is. Invalid bid payloads are silently ignored because submitBidSchema.safeParse(requestBody) falls back to { bidPrice: undefined, status: undefined }, so a malformed bid request can still purchase at the default service price instead of returning 400. The PR also allows clients to set job status directly, including terminal states like completed, which is unsafe for a payment/fulfillment flow. Please split bidding from purchase fulfillment, reject invalid bid payloads explicitly, and only let the server transition statuses after verification/settlement.

Alright Will get it done

@pharwasz

pharwasz commented Jun 28, 2026

Copy link
Copy Markdown
Contributor Author

Hi @enliven17, I've addressed all the feedback from your last two reviews. Here's a breakdown of what was fixed:

1. Invalid bid payloads now explicitly rejected (400)
Replaced the silent safeParse fallthrough with an explicit check — if bid fields are present but invalid, the request is rejected with a 400 and a list of validation issues instead of silently purchasing at service price.

2. Client status submissions locked down
Split submitBidSchema so clients can only submit negotiating or counter_offer. Terminal states (completed, accepted, rejected, pending) are now set exclusively server-side after verification/settlement.

3. Migration renumbered to 0008
Renamed 0009_add_bidding_support.sql0008_add_bidding_support.sql to take the correct slot after 0007_add_api_audit_logs.sql on main. Confirmed 0008 is free.

4. Rebased onto main
Branch is up to date with enliven17:main, no conflicts.

5. Tests added
9 e2e tests covering: malformed bidPrice (string, negative, zero), terminal status rejections (completed, accepted, rejected), valid passthrough cases (negotiating, counter_offer), and no-bid-field passthrough.

All changes are in commit f8b69fb and e82fd6c. Kindly check to confirm

pharwasz added 4 commits June 28, 2026 09:58
- Add bidPrice column to tlsCommerceJobs schema
- Add status enum for negotiation states (negotiating, accepted, counter_offer)
- Create migration file 0008_add_bidding_support.sql
- Update Zod schemas with submitBidSchema for bid validation
- Modify /api/talos/[id]/service POST endpoint to support bid payloads
- Payment verification uses bidPrice when provided, falls back to service price
- Job creation stores bidPrice and custom status when provided
@pharwasz pharwasz force-pushed the feature/bidding-support-clean branch from e82fd6c to 3b6fe9d Compare June 28, 2026 09:06

@enliven17 enliven17 left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update. This is closer, but I still can't merge it yet.

Blocking issues:

  1. route.diff is committed as a binary file. This looks accidental and should be removed from the PR.
  2. The service route still lets the requester-provided bidPrice become the expectedAmount for verifyX402Payment. That means a client can lower the amount they need to pay just by sending a lower bid in the same request. A bid needs a server-side accepted/approved state before it can replace service.price for payment verification and revenue/job amounts.
  3. The new e2e assertions such as expect(res.status).not.toBe(400) are too broad; they can pass while the endpoint is still failing for the wrong reason. Please add focused tests around the validation/schema behavior and the accepted-bid payment path.
  4. Please clean up the indentation/formatting in the modified route before the next review pass.

Once the accidental file is removed and bid pricing is tied to a server-accepted negotiation state, I can re-check it.

@pharwasz

Copy link
Copy Markdown
Contributor Author

Thanks for the update. This is closer, but I still can't merge it yet.

Blocking issues:

  1. route.diff is committed as a binary file. This looks accidental and should be removed from the PR.
  2. The service route still lets the requester-provided bidPrice become the expectedAmount for verifyX402Payment. That means a client can lower the amount they need to pay just by sending a lower bid in the same request. A bid needs a server-side accepted/approved state before it can replace service.price for payment verification and revenue/job amounts.
  3. The new e2e assertions such as expect(res.status).not.toBe(400) are too broad; they can pass while the endpoint is still failing for the wrong reason. Please add focused tests around the validation/schema behavior and the accepted-bid payment path.
  4. Please clean up the indentation/formatting in the modified route before the next review pass.

Once the accidental file is removed and bid pricing is tied to a server-accepted negotiation state, I can re-check it.

I've addressed all 4 blocking issues from your latest review:

1. route.diff removed
The accidental binary file has been deleted from the PR.

2. bidPrice no longer affects payment verification
Payment is now always verified against service.price. bidPrice is stored on the job record only as a negotiation reference — it cannot reduce what the client pays.

3. Tests tightened
Replaced all expect(res.status).not.toBe(400) assertions with focused checks. The valid bid passthrough tests now assert exactly 400 with body.error containing "X-PAYMENT" — proving bid validation passed and the request correctly advanced to the payment header check.

4. Indentation/formatting cleaned up
The bid validation block in route.ts is now consistently indented to match the rest of the POST handler.

All changes are in commit 1495c65. Ready for re-check!

@enliven17 enliven17 left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update. The accidental route.diff file is gone and verifying x402 against service.price fixes the main payment-bypass issue. However, this still is not merge-ready.

Blocking issue: after verifying the customer paid the full service price, the route still records amount: bidData.bidPrice ?? service.price in both tlsCommerceJobs and tlsRevenues. That means a request with bidPrice: 1 can pay the listed price but persist the job/revenue as 1, which under-reports revenue and creates inconsistent financial history.

Please keep amount and revenue records tied to the actually verified payment amount (service.price) unless there is a separate server-side accepted bid/negotiation record. Store bidPrice only in the separate nullable bidPrice column for negotiation metadata.

Local check: targeted ESLint passed with only an existing unused beforeAll warning in tests/api-e2e.test.ts.

…tion metadata only, remove unused beforeAll import

@enliven17 enliven17 left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the follow-up. I rechecked this on top of the current main: the accidental file is gone, x402 verification stays tied to the listed service price, and job/revenue �mount now stays tied to service.price while �idPrice is stored only as negotiation metadata. Targeted ESLint and the OpenAPI snapshot test passed locally. Note:
ext build still fails on an existing unrelated buy-token FeeBumpTransaction type issue in main, not on this PR's changed files.

@enliven17 enliven17 merged commit de73c93 into enliven17:main Jun 28, 2026
1 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

feature: Update commerce schema and API endpoints for bidding support

2 participants