chore(payments): tier 4 audit cleanup

- #9: rename InvoiceStatus.FAILED -> CANCELLED. Maps Xendit's
  payment_session.canceled event onto a distinct status (was lumped under
  EXPIRED), giving the previously-orphaned enum value a real path. Earnings
  page references and dropdown label updated. No DB migration needed: the
  status column is a plain string with no CHECK constraint and no rows
  carry the old "failed" value (no path ever set it).

- #12: get_user_balance now rejects non-gateway wallet types (e.g. MPP)
  with HTTP 400 instead of silently returning 0.0. Mirrors the wallet-type
  validation already in create_invoice.

- #13: add a TODO on list_for_tenant noting that pagination + date-range
  filters are wanted before any tenant exceeds ~5k invoices. Defer until
  there's a concrete scale need.

- #17: fix EndpointRepository.get_by_id type hint (was int, column is UUID).
  Pre-existing nit.

Skipped: #11 (endpoint hard-delete clears endpoint_id from ledger via
SET NULL cascade) — design call, current behavior is defensible since the
archived flag exists for soft-delete.

Author: shubham3121

backend/syft_space/components/endpoints/repository.py

@@ -39,7 +39,7 @@ async def get_all(self, tenant_id: UUID) -> list[Endpoint]:
             result = await session.exec(statement)
             return list(result.all())
 
-    async def get_by_id(self, id: int, tenant_id: UUID) -> Endpoint | None:
+    async def get_by_id(self, id: UUID, tenant_id: UUID) -> Endpoint | None:
         """Get an endpoint by ID within a tenant.
 
         Args:

backend/syft_space/components/payments/gateway/entities.py

@@ -25,8 +25,8 @@ class InvoiceStatus(str, Enum):
 
     PENDING = "pending"
     PAID = "paid"
-    EXPIRED = "expired"
-    FAILED = "failed"
+    EXPIRED = "expired"  # provider session timed out
+    CANCELLED = "cancelled"  # user or admin abandoned the session
 
 
 class EntryType(str, Enum):

backend/syft_space/components/payments/gateway/handlers.py

@@ -314,6 +314,18 @@ async def get_user_balance(
         wallet = await self.wallet_repo.get_by_id(wallet_id, tenant.id)
         if not wallet:
             raise HTTPException(status_code=404, detail="Wallet not found")
+        # Only gateway wallets (e.g. xendit) carry a UserBalance row. MPP and
+        # other non-gateway types would silently return 0.0 here, which reads
+        # as a successful "you have no money" response — confusing. Reject
+        # them so the caller sees a clear error instead.
+        if wallet.wallet_type not in self.gateways:
+            raise HTTPException(
+                status_code=400,
+                detail=(
+                    f"Wallet type '{wallet.wallet_type}' does not support "
+                    f"prepaid balance lookup"
+                ),
+            )
         balance = await self.balance_service.get_balance(
             wallet_id=wallet.id, tenant_id=tenant.id, user_email=user_email
         )

backend/syft_space/components/payments/gateway/invoice_repository.py

@@ -60,8 +60,13 @@ async def list_for_tenant(
     ) -> list[Invoice]:
         """Admin view: all invoices for a tenant, newest first.
 
-        Optional status filter (pending|paid|expired|failed). No pagination —
+        Optional status filter (pending|paid|expired|cancelled). No pagination —
         invoice volume is low (a few per user per month).
+
+        TODO: paginate when any tenant exceeds ~5k invoices. Likely wants
+        date-range filters too rather than just cursor (admin reporting use
+        cases want "last 30 days," not "next 50 rows"). Defer until concrete
+        scale or product requirement.
         """
         statement = select(Invoice).where(Invoice.tenant_id == tenant_id)
         if status:
@@ -81,7 +86,7 @@ async def list_for_user_in_wallet(
 
         Used by the satellite-token /invoices/me endpoint so callers can check
         whether a pending invoice already exists before creating a new one.
-        Optional status filter (pending|paid|expired|failed).
+        Optional status filter (pending|paid|expired|cancelled).
         """
         statement = select(Invoice).where(
             Invoice.wallet_id == wallet_id,

backend/syft_space/components/payments/gateway/xendit/gateway.py

@@ -49,7 +49,7 @@ class XenditGateway:
     _EVENT_STATUS_MAP = {
         "payment_session.completed": InvoiceStatus.PAID,
         "payment_session.expired": InvoiceStatus.EXPIRED,
-        "payment_session.canceled": InvoiceStatus.EXPIRED,
+        "payment_session.canceled": InvoiceStatus.CANCELLED,
     }
 
     def resolve_purchase(

frontend/src/pages/EarningsPage.vue

@@ -51,7 +51,7 @@
             <SelectItem value="pending">Pending</SelectItem>
             <SelectItem value="paid">Paid</SelectItem>
             <SelectItem value="expired">Expired</SelectItem>
-            <SelectItem value="failed">Failed</SelectItem>
+            <SelectItem value="cancelled">Cancelled</SelectItem>
           </SelectContent>
         </Select>
         <Input v-model="emailFilter" placeholder="Filter by email..." class="h-9 max-w-sm flex-1" />
@@ -94,7 +94,7 @@
                     'text-emerald-600 border-emerald-300': inv.status === 'paid',
                     'text-amber-600 border-amber-300': inv.status === 'pending',
                     'text-red-600 border-red-300':
-                      inv.status === 'expired' || inv.status === 'failed',
+                      inv.status === 'expired' || inv.status === 'cancelled',
                   }"
                 >
                   {{ inv.status }}
@@ -192,7 +192,7 @@ const pendingCount = computed(
 const expiredCount = computed(
   () =>
     emailScopedInvoices.value.filter(
-      (i) => i.status === 'expired' || i.status === 'failed',
+      (i) => i.status === 'expired' || i.status === 'cancelled',
     ).length,
 )