chore: Integrate confirmation booking audit

[tomerqodo]

Benchmark PR from qodo-benchmark#714

[greptile-apps]

Greptile Summary

This PR integrates booking audit tracking into the confirmation flow by adding actor and actionSource parameters throughout the booking confirmation pipeline. The changes track who initiated booking confirmations/rejections and from which source (WEBAPP, API_V2, MAGIC_LINK, or WEBHOOK).

Key changes:

• Added MAGIC_LINK enum value to BookingAuditSource in schema and related types
• Integrated fireBookingAcceptedEvent and fireRejectionEvent to track confirmation/rejection events
• Updated all confirmation entry points (TRPC, API routes, magic links, payment webhooks) to pass actor and actionSource
• Added getAppActor utility for payment webhook actor tracking
• Added support for bulk rejection audit tracking
• Comprehensive test coverage for audit integration

Critical issue found:

• In handleConfirmation.ts:413, the oldStatus is incorrectly set to BookingStatus.ACCEPTED instead of booking.status for non-recurring bookings, which will break audit tracking by reporting incorrect status transitions

Confidence Score: 2/5

• This PR has a critical logical error that will cause incorrect audit data
• The PR has solid architecture and comprehensive test coverage, but contains a critical bug in handleConfirmation.ts:413 where oldStatus is hardcoded to BookingStatus.ACCEPTED instead of using the actual booking status. This will cause audit logs to show incorrect status transitions (e.g., ACCEPTED → ACCEPTED instead of PENDING → ACCEPTED), breaking audit integrity
• Pay close attention to packages/features/bookings/lib/handleConfirmation.ts:413 - the oldStatus bug must be fixed before merging

Important Files Changed

Filename	Overview
packages/features/bookings/lib/handleConfirmation.ts	Added booking audit integration with actor and actionSource tracking, but contains critical bug where oldStatus is incorrectly set to ACCEPTED instead of booking.status
packages/trpc/server/routers/viewer/bookings/confirm.handler.ts	Added rejection event handling and integrated booking audit for both accepted and rejected bookings with proper actor tracking
packages/prisma/schema.prisma	Added MAGIC_LINK enum value to BookingAuditSource for tracking magic link confirmations
packages/app-store/_utils/payments/handlePaymentSuccess.ts	Updated to pass app actor and webhook action source for payment success confirmations
apps/web/test/lib/confirm.handler.test.ts	Extensive test coverage for booking confirmation with audit integration and bulk operations

Sequence Diagram

sequenceDiagram
    participant Client as Client/User
    participant API as API Route/TRPC
    participant ConfirmHandler as confirmHandler
    participant HandleConfirmation as handleConfirmation
    participant BookingEventHandler as BookingEventHandlerService
    participant Prisma as Database
    participant EventManager as EventManager
    participant Webhooks as Webhooks/Workflows

    Client->>API: Confirm booking request
    Note over Client,API: Via WEBAPP, API_V2, or MAGIC_LINK
    API->>API: Create actor (makeUserActor/makeAppActor)
    API->>API: Set actionSource
    API->>ConfirmHandler: confirmHandler(input, ctx)
    ConfirmHandler->>Prisma: Get booking details
    Prisma-->>ConfirmHandler: Booking data
    ConfirmHandler->>ConfirmHandler: Authorize user access
    
    alt Booking Confirmed
        ConfirmHandler->>HandleConfirmation: handleConfirmation(...)
        HandleConfirmation->>EventManager: Create calendar events
        EventManager-->>HandleConfirmation: Event creation results
        
        alt Recurring Event
            HandleConfirmation->>Prisma: Find unconfirmed recurring bookings
            HandleConfirmation->>BookingEventHandler: fireBookingAcceptedEvent (bulk)
            BookingEventHandler->>Prisma: Queue audit tasks
            HandleConfirmation->>Prisma: Update all recurring bookings
        else Single Event
            HandleConfirmation->>Prisma: Update booking status
            HandleConfirmation->>BookingEventHandler: fireBookingAcceptedEvent (single)
            BookingEventHandler->>Prisma: Queue audit task
        end
        
        HandleConfirmation->>Webhooks: Send confirmation emails
        HandleConfirmation->>Webhooks: Schedule workflow reminders
        HandleConfirmation->>Webhooks: Trigger webhooks (BOOKING_CREATED)
        HandleConfirmation-->>ConfirmHandler: Success
        
    else Booking Rejected
        ConfirmHandler->>Prisma: Update booking status to REJECTED
        ConfirmHandler->>BookingEventHandler: fireRejectionEvent
        BookingEventHandler->>Prisma: Queue rejection audit task
        ConfirmHandler->>Webhooks: Send rejection emails
        ConfirmHandler->>Webhooks: Trigger webhooks (BOOKING_REJECTED)
        ConfirmHandler-->>Client: Rejection confirmed
    end
    
    ConfirmHandler-->>API: Return result
    API-->>Client: Confirmation/Rejection response

Loading

[greptile-apps]

_{26 files reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

logic: oldStatus incorrectly set to BookingStatus.ACCEPTED; should be booking.status (the booking's status before confirmation)

Suggested change

	oldStatus: BookingStatus.ACCEPTED,
	oldStatus: booking.status,

Prompt To Fix With AI

This is a comment left during a code review.
Path: packages/features/bookings/lib/handleConfirmation.ts
Line: 413:413

Comment:
**logic:** `oldStatus` incorrectly set to `BookingStatus.ACCEPTED`; should be `booking.status` (the booking's status before confirmation)

```suggestion
        oldStatus: booking.status,
```

How can I resolve this? If you propose a fix, please make it concise.