@antseed/node 0.1.0 → 0.1.2

package/contracts/AntseedEscrow.sol

@@ -1,310 +0,0 @@
-// SPDX-License-Identifier: MIT
-pragma solidity ^0.8.24;
-
-interface IERC20 {
-    function transferFrom(address from, address to, uint256 value) external returns (bool);
-    function transfer(address to, uint256 value) external returns (bool);
-}
-
-/**
- * @title AntseedEscrow
- * @notice Session-scoped USDC escrow used by Antseed payment channels.
- * @dev State mapping matches node/src/payments/crypto/escrow.ts STATE_MAP:
- *      0=open, 1=active, 2=disputed, 3=settled, 4=closed.
- */
-contract AntseedEscrow {
-    enum ChannelState {
-        Open,
-        Active,
-        Disputed,
-        Settled,
-        Closed
-    }
-
-    struct Channel {
-        address buyer;
-        address seller;
-        uint256 amount;
-        ChannelState state;
-        uint64 createdAt;
-        uint64 disputedAt;
-    }
-
-    IERC20 public immutable usdc;
-    address public owner;
-    address public arbiter;
-    address public feeCollector;
-    uint64 public disputeTimeout;
-
-    mapping(bytes32 => Channel) private channels;
-
-    bool private locked;
-
-    event ChannelDeposited(bytes32 indexed sessionId, address indexed buyer, address indexed seller, uint256 amount);
-    event ChannelReleased(bytes32 indexed sessionId, address indexed seller, uint256 amount, address caller);
-    event ChannelSettled(
-        bytes32 indexed sessionId,
-        address indexed seller,
-        uint256 sellerAmount,
-        address indexed feeCollector,
-        uint256 platformAmount,
-        address buyer,
-        uint256 buyerRefund,
-        address caller
-    );
-    event ChannelRefunded(bytes32 indexed sessionId, address indexed buyer, uint256 amount, address caller);
-    event ChannelDisputed(bytes32 indexed sessionId, address indexed caller);
-    event ArbiterUpdated(address indexed previousArbiter, address indexed newArbiter);
-    event FeeCollectorUpdated(address indexed previousFeeCollector, address indexed newFeeCollector);
-    event DisputeTimeoutUpdated(uint64 previousTimeout, uint64 newTimeout);
-    event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
-
-    error InvalidAddress();
-    error InvalidSession();
-    error InvalidAmount();
-    error SessionExists();
-    error InvalidState();
-    error NotAuthorized();
-    error NotOwner();
-    error NotArbiter();
-    error InvalidSplit();
-    error DisputeTimeoutNotReached();
-    error Reentrancy();
-    error TransferFailed();
-
-    modifier nonReentrant() {
-        if (locked) revert Reentrancy();
-        locked = true;
-        _;
-        locked = false;
-    }
-
-    modifier onlyOwner() {
-        if (msg.sender != owner) revert NotOwner();
-        _;
-    }
-
-    constructor(address usdcToken, address initialArbiter) {
-        if (usdcToken == address(0)) revert InvalidAddress();
-        usdc = IERC20(usdcToken);
-        owner = msg.sender;
-        arbiter = initialArbiter == address(0) ? msg.sender : initialArbiter;
-        feeCollector = msg.sender;
-        disputeTimeout = 72 hours;
-    }
-
-    function setArbiter(address newArbiter) external onlyOwner {
-        if (newArbiter == address(0)) revert InvalidAddress();
-        emit ArbiterUpdated(arbiter, newArbiter);
-        arbiter = newArbiter;
-    }
-
-    function transferOwnership(address newOwner) external onlyOwner {
-        if (newOwner == address(0)) revert InvalidAddress();
-        emit OwnershipTransferred(owner, newOwner);
-        owner = newOwner;
-    }
-
-    function setFeeCollector(address newFeeCollector) external onlyOwner {
-        if (newFeeCollector == address(0)) revert InvalidAddress();
-        emit FeeCollectorUpdated(feeCollector, newFeeCollector);
-        feeCollector = newFeeCollector;
-    }
-
-    function setDisputeTimeout(uint64 newTimeout) external onlyOwner {
-        if (newTimeout == 0) revert InvalidAmount();
-        emit DisputeTimeoutUpdated(disputeTimeout, newTimeout);
-        disputeTimeout = newTimeout;
-    }
-
-    /**
-     * @notice Lock buyer funds for a session.
-     * @param sessionId keccak256(sessionIdString) from ethers.id(sessionId)
-     * @param seller seller wallet address
-     * @param amount USDC amount in token base units (6 decimals)
-     */
-    function deposit(bytes32 sessionId, address seller, uint256 amount) external nonReentrant {
-        if (sessionId == bytes32(0)) revert InvalidSession();
-        if (seller == address(0)) revert InvalidAddress();
-        if (amount == 0) revert InvalidAmount();
-
-        Channel storage channel = channels[sessionId];
-        if (channel.buyer != address(0)) revert SessionExists();
-
-        channel.buyer = msg.sender;
-        channel.seller = seller;
-        channel.amount = amount;
-        channel.state = ChannelState.Active;
-        channel.createdAt = uint64(block.timestamp);
-        channel.disputedAt = 0;
-
-        _safeTransferFrom(msg.sender, address(this), amount);
-        emit ChannelDeposited(sessionId, msg.sender, seller, amount);
-    }
-
-    /**
-     * @notice Release escrow to seller.
-     * @dev Active channel: buyer/seller/arbiter can release.
-     *      Disputed channel: only arbiter can release.
-     */
-    function release(bytes32 sessionId) external nonReentrant {
-        Channel storage channel = channels[sessionId];
-        if (channel.state != ChannelState.Active && channel.state != ChannelState.Disputed) {
-            revert InvalidState();
-        }
-        _authorizeForSettlement(channel);
-
-        uint256 amount = channel.amount;
-        channel.amount = 0;
-        channel.state = ChannelState.Settled;
-        channel.disputedAt = 0;
-
-        _safeTransfer(channel.seller, amount);
-        emit ChannelReleased(sessionId, channel.seller, amount, msg.sender);
-    }
-
-    /**
-     * @notice Settle escrow by splitting funds between seller, platform fee collector, and buyer refund.
-     * @dev Active channel: buyer/seller/arbiter can settle.
-     *      Disputed channel: only arbiter can settle.
-     */
-    function settle(bytes32 sessionId, uint256 sellerAmount, uint256 platformAmount) external nonReentrant {
-        Channel storage channel = channels[sessionId];
-        if (channel.state != ChannelState.Active && channel.state != ChannelState.Disputed) {
-            revert InvalidState();
-        }
-        _authorizeForSettlement(channel);
-
-        uint256 amount = channel.amount;
-        if (sellerAmount > amount || platformAmount > amount - sellerAmount) {
-            revert InvalidSplit();
-        }
-        uint256 buyerRefund = amount - sellerAmount - platformAmount;
-
-        channel.amount = 0;
-        channel.state = ChannelState.Settled;
-        channel.disputedAt = 0;
-
-        if (sellerAmount > 0) {
-            _safeTransfer(channel.seller, sellerAmount);
-        }
-        if (platformAmount > 0) {
-            _safeTransfer(feeCollector, platformAmount);
-        }
-        if (buyerRefund > 0) {
-            _safeTransfer(channel.buyer, buyerRefund);
-        }
-
-        emit ChannelSettled(
-            sessionId,
-            channel.seller,
-            sellerAmount,
-            feeCollector,
-            platformAmount,
-            channel.buyer,
-            buyerRefund,
-            msg.sender
-        );
-    }
-
-    /**
-     * @notice Mark an active channel as disputed.
-     */
-    function dispute(bytes32 sessionId) external {
-        Channel storage channel = channels[sessionId];
-        if (channel.state != ChannelState.Active) revert InvalidState();
-        if (msg.sender != channel.buyer && msg.sender != channel.seller && msg.sender != arbiter) {
-            revert NotAuthorized();
-        }
-
-        channel.state = ChannelState.Disputed;
-        channel.disputedAt = uint64(block.timestamp);
-        emit ChannelDisputed(sessionId, msg.sender);
-    }
-
-    /**
-     * @notice Refund escrow to buyer.
-     * @dev Active channel: buyer/arbiter can refund.
-     *      Disputed channel: only arbiter can refund.
-     */
-    function refund(bytes32 sessionId) external nonReentrant {
-        Channel storage channel = channels[sessionId];
-        if (channel.state != ChannelState.Active && channel.state != ChannelState.Disputed) {
-            revert InvalidState();
-        }
-
-        if (channel.state == ChannelState.Active) {
-            if (msg.sender != channel.buyer && msg.sender != arbiter) {
-                revert NotAuthorized();
-            }
-        } else if (msg.sender != arbiter) {
-            revert NotArbiter();
-        }
-
-        uint256 amount = channel.amount;
-        channel.amount = 0;
-        channel.state = ChannelState.Closed;
-        channel.disputedAt = 0;
-
-        _safeTransfer(channel.buyer, amount);
-        emit ChannelRefunded(sessionId, channel.buyer, amount, msg.sender);
-    }
-
-    /**
-     * @notice Resolve stale disputes by refunding the buyer after the dispute timeout.
-     */
-    function resolveDisputeTimeout(bytes32 sessionId) external nonReentrant {
-        Channel storage channel = channels[sessionId];
-        if (channel.state != ChannelState.Disputed) revert InvalidState();
-        if (uint64(block.timestamp) < channel.disputedAt + disputeTimeout) {
-            revert DisputeTimeoutNotReached();
-        }
-
-        uint256 amount = channel.amount;
-        channel.amount = 0;
-        channel.state = ChannelState.Closed;
-        channel.disputedAt = 0;
-
-        _safeTransfer(channel.buyer, amount);
-        emit ChannelRefunded(sessionId, channel.buyer, amount, msg.sender);
-    }
-
-    function getChannel(bytes32 sessionId)
-        external
-        view
-        returns (address buyer, address seller, uint256 amount, uint8 state)
-    {
-        Channel storage channel = channels[sessionId];
-        return (channel.buyer, channel.seller, channel.amount, uint8(channel.state));
-    }
-
-    function _safeTransferFrom(address from, address to, uint256 value) private {
-        (bool ok, bytes memory ret) = address(usdc).call(
-            abi.encodeWithSelector(IERC20.transferFrom.selector, from, to, value)
-        );
-        if (!ok || (ret.length > 0 && !abi.decode(ret, (bool)))) {
-            revert TransferFailed();
-        }
-    }
-
-    function _safeTransfer(address to, uint256 value) private {
-        (bool ok, bytes memory ret) = address(usdc).call(
-            abi.encodeWithSelector(IERC20.transfer.selector, to, value)
-        );
-        if (!ok || (ret.length > 0 && !abi.decode(ret, (bool)))) {
-            revert TransferFailed();
-        }
-    }
-
-    function _authorizeForSettlement(Channel storage channel) private view {
-        if (channel.state == ChannelState.Active) {
-            if (msg.sender != channel.buyer && msg.sender != channel.seller && msg.sender != arbiter) {
-                revert NotAuthorized();
-            }
-            return;
-        }
-        if (msg.sender != arbiter) {
-            revert NotArbiter();
-        }
-    }
-}

package/contracts/MockUSDC.sol

@@ -1,64 +0,0 @@
-// SPDX-License-Identifier: MIT
-pragma solidity ^0.8.24;
-
-/**
- * @title MockUSDC
- * @notice Minimal ERC20 used for local escrow integration tests and examples.
- */
-contract MockUSDC {
-    string public constant name = "Mock USD Coin";
-    string public constant symbol = "USDC";
-    uint8 public constant decimals = 6;
-
-    uint256 public totalSupply;
-
-    mapping(address => uint256) public balanceOf;
-    mapping(address => mapping(address => uint256)) public allowance;
-
-    event Transfer(address indexed from, address indexed to, uint256 value);
-    event Approval(address indexed owner, address indexed spender, uint256 value);
-
-    error InsufficientBalance();
-    error InsufficientAllowance();
-    error InvalidAddress();
-
-    function mint(address to, uint256 amount) external {
-        if (to == address(0)) revert InvalidAddress();
-        totalSupply += amount;
-        balanceOf[to] += amount;
-        emit Transfer(address(0), to, amount);
-    }
-
-    function approve(address spender, uint256 amount) external returns (bool) {
-        allowance[msg.sender][spender] = amount;
-        emit Approval(msg.sender, spender, amount);
-        return true;
-    }
-
-    function transfer(address to, uint256 amount) external returns (bool) {
-        _transfer(msg.sender, to, amount);
-        return true;
-    }
-
-    function transferFrom(address from, address to, uint256 amount) external returns (bool) {
-        uint256 allowed = allowance[from][msg.sender];
-        if (allowed < amount) revert InsufficientAllowance();
-
-        if (allowed != type(uint256).max) {
-            allowance[from][msg.sender] = allowed - amount;
-            emit Approval(from, msg.sender, allowance[from][msg.sender]);
-        }
-
-        _transfer(from, to, amount);
-        return true;
-    }
-
-    function _transfer(address from, address to, uint256 amount) private {
-        if (to == address(0)) revert InvalidAddress();
-        if (balanceOf[from] < amount) revert InsufficientBalance();
-
-        balanceOf[from] -= amount;
-        balanceOf[to] += amount;
-        emit Transfer(from, to, amount);
-    }
-}

package/contracts/README.md

@@ -1,102 +0,0 @@
-# Antseed Escrow Contract
-
-`AntseedEscrow.sol` is the on-chain escrow contract used by the payment channel flow.
-
-## Contract Paths
-
-- `node/contracts/AntseedEscrow.sol` - production escrow contract
-- `node/contracts/MockUSDC.sol` - test-only ERC20 used for local integration flows
-
-## ABI Compatibility
-
-The contract exposes the runtime methods expected by `BaseEscrowClient`:
-
-- `deposit(bytes32 sessionId, address seller, uint256 amount)`
-- `release(bytes32 sessionId)`
-- `settle(bytes32 sessionId, uint256 sellerAmount, uint256 platformAmount)`
-- `dispute(bytes32 sessionId)`
-- `refund(bytes32 sessionId)`
-- `resolveDisputeTimeout(bytes32 sessionId)`
-- `getChannel(bytes32 sessionId) returns (address buyer, address seller, uint256 amount, uint8 state)`
-
-Owner/admin methods:
-
-- `setArbiter(address)`
-- `setFeeCollector(address)`
-- `setDisputeTimeout(uint64 seconds)`
-
-Deployment uses the constructor signature:
-
-- `constructor(address usdcToken, address initialArbiter)`
-
-Channel states are encoded as:
-
-- `0 = open`
-- `1 = active`
-- `2 = disputed`
-- `3 = settled`
-- `4 = closed`
-
-## Compile
-
-Example using Foundry (`forge`):
-
-```bash
-cd node
-forge build --root . --contracts contracts --out contracts/out
-```
-
-Example using `solc`:
-
-```bash
-solc --optimize --bin --abi node/contracts/AntseedEscrow.sol -o node/contracts/out
-```
-
-## Deploy (TypeScript Helper)
-
-Deploy the compiled contract using ethers.js or your preferred toolchain. The constructor expects `(address usdcToken, address initialArbiter)`.
-
-For programmatic deployment, use `BaseEscrowClient` from `@antseed/node`:
-
-```ts
-import { BaseEscrowClient } from '@antseed/node';
-
-const client = new BaseEscrowClient({
-  rpcUrl: process.env.RPC_URL!,
-  contractAddress: deployedAddress,
-  usdcAddress: process.env.USDC_ADDRESS!,
-});
-```
-
-## End-to-End Integration Test
-
-A full on-chain test lives in:
-
-- `node/tests/escrow-contract.integration.test.ts`
-
-It compiles `AntseedEscrow.sol` + `MockUSDC.sol`, starts a local Anvil chain, deploys the contract, and exercises:
-
-- `deposit -> release`
-- `deposit -> dispute -> arbiter refund`
-- `deposit -> settle(seller/platform/refund split)`
-- `deposit -> dispute -> resolveDisputeTimeout`
-
-Run only this suite:
-
-```bash
-cd node
-npm test -- escrow-contract.integration.test.ts
-```
-
-The test auto-skips when `anvil` or `forge` is unavailable.
-
-## Operational Notes
-
-- `deposit` sets `buyer = msg.sender`; it expects an approved USDC `transferFrom`.
-- `release` while active can be called by buyer/seller/arbiter.
-- `release` while disputed requires arbiter.
-- `settle` while active can be called by buyer/seller/arbiter.
-- `settle` while disputed requires arbiter and supports explicit seller/platform payouts with automatic buyer refund remainder.
-- `refund` while active can be called by buyer/arbiter.
-- `refund` while disputed requires arbiter.
-- `resolveDisputeTimeout` allows anyone to refund a stale disputed channel after `disputeTimeout`.

package/src/config/encryption.test.ts

@@ -1,49 +0,0 @@
-import { describe, it, expect } from 'vitest'
-import { encryptValue, decryptValue, deriveMachineKey, generateSalt } from './encryption.js'
-
-describe('encryption', () => {
-  it('should round-trip encrypt and decrypt', () => {
-    const salt = generateSalt()
-    const key = deriveMachineKey(salt)
-    const plaintext = 'sk-ant-api03-secret-key-value'
-    const encrypted = encryptValue(plaintext, key)
-    expect(encrypted).not.toBe(plaintext)
-    const decrypted = decryptValue(encrypted, key)
-    expect(decrypted).toBe(plaintext)
-  })
-
-  it('should produce different ciphertexts for same input (random IV)', () => {
-    const salt = generateSalt()
-    const key = deriveMachineKey(salt)
-    const plaintext = 'test-secret'
-    const a = encryptValue(plaintext, key)
-    const b = encryptValue(plaintext, key)
-    expect(a).not.toBe(b)
-  })
-
-  it('should fail to decrypt with wrong key', () => {
-    const salt1 = generateSalt()
-    const salt2 = generateSalt()
-    const key1 = deriveMachineKey(salt1)
-    const key2 = deriveMachineKey(salt2)
-    const encrypted = encryptValue('secret', key1)
-    expect(() => decryptValue(encrypted, key2)).toThrow()
-  })
-
-  it('should handle empty string', () => {
-    const salt = generateSalt()
-    const key = deriveMachineKey(salt)
-    const encrypted = encryptValue('', key)
-    const decrypted = decryptValue(encrypted, key)
-    expect(decrypted).toBe('')
-  })
-
-  it('should handle unicode', () => {
-    const salt = generateSalt()
-    const key = deriveMachineKey(salt)
-    const plaintext = 'héllo wörld 🔑'
-    const encrypted = encryptValue(plaintext, key)
-    const decrypted = decryptValue(encrypted, key)
-    expect(decrypted).toBe(plaintext)
-  })
-})

package/src/config/encryption.ts

@@ -1,53 +0,0 @@
-import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto'
-import { hostname, homedir } from 'node:os'
-
-const ALGORITHM = 'aes-256-gcm'
-const SALT_LENGTH = 32
-const IV_LENGTH = 16
-const TAG_LENGTH = 16
-const KEY_LENGTH = 32
-
-/**
- * Derive an encryption key from a machine-specific seed.
- */
-export function deriveMachineKey(salt: Buffer): Buffer {
-  const seed = [
-    process.env['USER'] ?? process.env['USERNAME'] ?? '',
-    hostname(),
-    homedir(),
-  ].join(':')
-  return scryptSync(seed, salt, KEY_LENGTH)
-}
-
-/**
- * Encrypt a string value. Returns base64-encoded ciphertext with IV and auth tag prepended.
- */
-export function encryptValue(plaintext: string, key: Buffer): string {
-  const iv = randomBytes(IV_LENGTH)
-  const cipher = createCipheriv(ALGORITHM, key, iv)
-  const encrypted = Buffer.concat([cipher.update(plaintext, 'utf-8'), cipher.final()])
-  const tag = cipher.getAuthTag()
-  const combined = Buffer.concat([iv, tag, encrypted])
-  return combined.toString('base64')
-}
-
-/**
- * Decrypt a base64-encoded value produced by encryptValue.
- */
-export function decryptValue(encoded: string, key: Buffer): string {
-  const combined = Buffer.from(encoded, 'base64')
-  const iv = combined.subarray(0, IV_LENGTH)
-  const tag = combined.subarray(IV_LENGTH, IV_LENGTH + TAG_LENGTH)
-  const ciphertext = combined.subarray(IV_LENGTH + TAG_LENGTH)
-  const decipher = createDecipheriv(ALGORITHM, key, iv)
-  decipher.setAuthTag(tag)
-  const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()])
-  return decrypted.toString('utf-8')
-}
-
-/**
- * Generate a fresh random salt for key derivation.
- */
-export function generateSalt(): Buffer {
-  return randomBytes(SALT_LENGTH)
-}

package/src/config/plugin-config-manager.test.ts

@@ -1,92 +0,0 @@
-import { describe, it, expect, beforeEach } from 'vitest'
-import { mkdtemp, rm } from 'node:fs/promises'
-import { tmpdir } from 'node:os'
-import { join } from 'node:path'
-import { addInstance, removeInstance, getInstance, getInstances, updateInstanceConfig, loadPluginConfig } from './plugin-config-manager.js'
-import type { ConfigField } from '../interfaces/plugin.js'
-
-const schema: ConfigField[] = [
-  { key: 'API_KEY', label: 'API Key', type: 'secret', required: true },
-  { key: 'BASE_URL', label: 'Base URL', type: 'string', required: false },
-]
-
-describe('plugin-config-manager', () => {
-  let tmpDir: string
-  let configPath: string
-
-  beforeEach(async () => {
-    tmpDir = await mkdtemp(join(tmpdir(), 'antseed-test-'))
-    configPath = join(tmpDir, 'config.json')
-  })
-
-  it('should add and retrieve an instance', async () => {
-    await addInstance(configPath, {
-      id: 'test-provider',
-      package: '@antseed/provider-test',
-      type: 'provider',
-      config: { API_KEY: 'sk-secret-123', BASE_URL: 'https://api.test.com' },
-    }, schema)
-
-    const instance = await getInstance(configPath, 'test-provider')
-    expect(instance).not.toBeNull()
-    expect(instance!.id).toBe('test-provider')
-    expect(instance!.config['API_KEY']).toBe('sk-secret-123')
-    expect(instance!.config['BASE_URL']).toBe('https://api.test.com')
-  })
-
-  it('should encrypt secrets in the file', async () => {
-    await addInstance(configPath, {
-      id: 'test',
-      package: '@antseed/provider-test',
-      type: 'provider',
-      config: { API_KEY: 'sk-secret', BASE_URL: 'https://api.test.com' },
-    }, schema)
-
-    const raw = await loadPluginConfig(configPath)
-    const stored = raw.instances[0]!.config
-    // Secret should be encrypted (prefixed with enc:)
-    expect(typeof stored['API_KEY']).toBe('string')
-    expect((stored['API_KEY'] as string).startsWith('enc:')).toBe(true)
-    // Non-secret should be plain
-    expect(stored['BASE_URL']).toBe('https://api.test.com')
-  })
-
-  it('should remove an instance', async () => {
-    await addInstance(configPath, {
-      id: 'to-remove',
-      package: '@antseed/provider-test',
-      type: 'provider',
-      config: {},
-    })
-    await removeInstance(configPath, 'to-remove')
-    const instance = await getInstance(configPath, 'to-remove')
-    expect(instance).toBeNull()
-  })
-
-  it('should list all instances', async () => {
-    await addInstance(configPath, { id: 'a', package: 'pkg-a', type: 'provider', config: {} })
-    await addInstance(configPath, { id: 'b', package: 'pkg-b', type: 'router', config: {} })
-    const all = await getInstances(configPath)
-    expect(all).toHaveLength(2)
-    expect(all.map(i => i.id)).toEqual(['a', 'b'])
-  })
-
-  it('should update instance config', async () => {
-    await addInstance(configPath, {
-      id: 'updatable',
-      package: 'pkg',
-      type: 'provider',
-      config: { API_KEY: 'old-key' },
-    }, schema)
-
-    await updateInstanceConfig(configPath, 'updatable', { API_KEY: 'new-key' }, schema)
-    const updated = await getInstance(configPath, 'updatable')
-    expect(updated!.config['API_KEY']).toBe('new-key')
-  })
-
-  it('should reject duplicate instance IDs', async () => {
-    await addInstance(configPath, { id: 'dup', package: 'pkg', type: 'provider', config: {} })
-    await expect(addInstance(configPath, { id: 'dup', package: 'pkg', type: 'provider', config: {} }))
-      .rejects.toThrow('already exists')
-  })
-})