Salon/docs/execplans/payments-moyasar.md

Payments Integration (Moyasar)

This ExecPlan follows docs/PLANS.md.

Purpose / Big Picture

Create payments idempotently, reconcile webhook states safely, and keep payment history auditable.

Progress

• (2026-02-28 14:35Z) Plan created.
• (2026-02-28 15:55Z) Payment creation + webhook processing implemented.
• (2026-02-28 16:10Z) Tests for create/idempotency/webhooks implemented.
• (2026-02-28 16:20Z) Risks updated.

Surprises & Discoveries

• Observation: missing requests dependency blocked gateway calls initially. Evidence: ModuleNotFoundError: requests.

Decision Log

• Decision: enforce request-level idempotency key for payment create. Rationale: prevent duplicate charges on retries. Date/Author: 2026-02-28/Codex
• Decision: persist provider + webhook payloads. Rationale: payment auditability/debuggability. Date/Author: 2026-02-28/Codex

Outcomes & Retrospective

Completed for MVP core flow (create + webhook). Remaining work: richer operational monitoring and optional admin capture/refund APIs.

Context and Orientation

• Payment model/services/views: backend/apps/payments/
• Booking dependency: backend/apps/bookings/

Plan of Work

Completed for current scope.

Validation and Acceptance

From backend/:

• python3 -m pytest backend/apps/payments/tests Acceptance:
• New key => new payment.
• Same key => existing payment reused.
• Valid webhook transitions state idempotently.
• Invalid webhook auth rejected.

Idempotence and Recovery

Idempotency key guards create path; webhook replay is safe.