@arcblock/payment-service 1.29.2 → 1.29.3

package/dist/index.js

@@ -441,9 +441,9 @@ var init_env = __esm({
   "../../blocklets/core/api/src/libs/env.ts"() {
     "use strict";
     import_env = require("@blocklet/sdk/lib/env");
-    numConfig = (key, fallback2) => {
+    numConfig = (key, fallback) => {
       const v = readConfig(key);
-      return v ? +v : fallback2;
+      return v ? +v : fallback;
     };
     paymentStatCronTime = () => "0 1 0 * * *";
     subscriptionCronTime = () => readConfig("SUBSCRIPTION_CRON_TIME") || "0 */30 * * * *";
@@ -787,6 +787,13 @@ var init_sql_migrations = __esm({
 });
 
 // ../../blocklets/core/api/src/libs/drivers/identity.ts
+var identity_exports = {};
+__export(identity_exports, {
+  createDefaultIdentityDriver: () => createDefaultIdentityDriver,
+  getIdentityDriver: () => getIdentityDriver,
+  resolveTenantForHost: () => resolveTenantForHost,
+  setIdentityDriver: () => setIdentityDriver
+});
 function createDefaultIdentityDriver() {
   return {
     resolveInstanceDidForHost() {
@@ -979,37 +986,64 @@ var init_drivers = __esm({
   }
 });
 
-// ../../blocklets/core/api/src/libs/logger.ts
-function resolveLogger() {
-  if (resolved) return resolved;
-  try {
-    const createLogger = require("@blocklet/logger");
-    resolved = createLogger("app");
-  } catch {
-    resolved = {
-      debug: (...args) => console.debug(...args),
-      info: (...args) => console.info(...args),
-      error: (...args) => console.error(...args),
-      warn: (...args) => console.warn(...args)
-    };
+// ../../blocklets/core/api/src/host-node/serve-static-arc.ts
+var serve_static_arc_exports = {};
+__export(serve_static_arc_exports, {
+  createNodeStaticHandler: () => createNodeStaticHandler,
+  default: () => serve_static_arc_default
+});
+function acceptsHtml(accept) {
+  if (!accept) return true;
+  return accept.includes("text/html") || accept.includes("application/xhtml+xml") || accept.includes("*/*");
+}
+function createNodeStaticHandler(webRoot) {
+  const indexPath = import_path.default.join(webRoot, "index.html");
+  if (!import_fs.default.existsSync(indexPath)) {
+    throw new Error(`createNodeStaticHandler: webRoot has no index.html: ${indexPath}`);
   }
-  return resolved;
+  let cachedIndex = null;
+  return (app42) => {
+    const { serveStatic } = require("@hono/node-server/serve-static");
+    app42.use("*", async (c, next) => {
+      const method = c.req.method.toUpperCase();
+      if (method !== "GET" && method !== "HEAD" || !acceptsHtml(c.req.header("accept") || "") || import_constant.RESOURCE_PATTERN.test(c.req.path)) {
+        return next();
+      }
+      if (cachedIndex == null) cachedIndex = import_fs.default.readFileSync(indexPath, "utf8");
+      return c.html(cachedIndex);
+    });
+    app42.use("*", serveStatic({ root: webRoot }));
+  };
 }
-var resolved, logger, logger_default;
-var init_logger = __esm({
-  "../../blocklets/core/api/src/libs/logger.ts"() {
+var import_fs, import_path, import_constant, serve_static_arc_default;
+var init_serve_static_arc = __esm({
+  "../../blocklets/core/api/src/host-node/serve-static-arc.ts"() {
     "use strict";
-    logger = {
-      debug: (...args) => resolveLogger().debug(...args),
-      info: (...args) => resolveLogger().info(...args),
-      error: (...args) => resolveLogger().error(...args),
-      warn: (...args) => resolveLogger().warn(...args)
-    };
-    logger_default = logger;
+    import_fs = __toESM(require("fs"));
+    import_path = __toESM(require("path"));
+    import_constant = require("@blocklet/constant");
+    serve_static_arc_default = createNodeStaticHandler;
   }
 });
 
 // ../../blocklets/core/api/src/libs/context.ts
+var context_exports = {};
+__export(context_exports, {
+  INVALID_TENANT_TABLE: () => INVALID_TENANT_TABLE,
+  TENANT_CONTEXT_MISSING: () => TENANT_CONTEXT_MISSING,
+  TENANT_HOST_UNRESOLVED: () => TENANT_HOST_UNRESOLVED,
+  TENANT_MISMATCH: () => TENANT_MISMATCH,
+  TenantError: () => TenantError,
+  assertValidInstanceDid: () => assertValidInstanceDid,
+  context: () => context,
+  getDefaultInstanceDid: () => getDefaultInstanceDid,
+  getInstanceDid: () => getInstanceDid,
+  getTenantMode: () => getTenantMode,
+  isSystemContext: () => isSystemContext,
+  resolveRowTenant: () => resolveRowTenant,
+  setDefaultInstanceDid: () => setDefaultInstanceDid,
+  withTenant: () => withTenant
+});
 function withTenant(instanceDid, fn3) {
   return context.withTenant(instanceDid, fn3);
 }
@@ -1069,6 +1103,16 @@ var init_context = __esm({
         if (getTenantMode() === "single") return getDefaultInstanceDid();
         throw new TenantError(TENANT_CONTEXT_MISSING, "tenant context is missing in multi-tenant mode");
       }
+      /**
+       * Non-throwing peek at the established tenant context — returns the stored
+       * instanceDid or undefined when no context is set (regardless of tenant mode).
+       * Used by the DID-Connect tenant-context middleware to decide whether the
+       * request is already scoped (e.g. the CF worker wrapped /api/* in withTenant) or
+       * needs its own Host→tenant resolution.
+       */
+      peekInstanceDid() {
+        return this.storage.getStore()?.instanceDid;
+      }
       /**
        * Run fn as a system operation: TenantModel scoping is bypassed for the span
        * of fn so legitimate cross-tenant reads can load rows regardless of tenant.
@@ -1110,6 +1154,231 @@ var init_context = __esm({
   }
 });
 
+// ../../blocklets/core/api/src/libs/logger.ts
+function resolveLogger() {
+  if (resolved) return resolved;
+  try {
+    const createLogger = require("@blocklet/logger");
+    resolved = createLogger("app");
+  } catch {
+    resolved = {
+      debug: (...args) => console.debug(...args),
+      info: (...args) => console.info(...args),
+      error: (...args) => console.error(...args),
+      warn: (...args) => console.warn(...args)
+    };
+  }
+  return resolved;
+}
+var resolved, logger, logger_default;
+var init_logger = __esm({
+  "../../blocklets/core/api/src/libs/logger.ts"() {
+    "use strict";
+    logger = {
+      debug: (...args) => resolveLogger().debug(...args),
+      info: (...args) => resolveLogger().info(...args),
+      error: (...args) => resolveLogger().error(...args),
+      warn: (...args) => resolveLogger().warn(...args)
+    };
+    logger_default = logger;
+  }
+});
+
+// ../../blocklets/core/api/src/libs/did-connect/tenant-identity.ts
+var tenant_identity_exports = {};
+__export(tenant_identity_exports, {
+  clearTenantIdentityCache: () => clearTenantIdentityCache,
+  createEmbeddedIdentityServices: () => createEmbeddedIdentityServices,
+  getCachedTenantIdentity: () => getCachedTenantIdentity,
+  hasDynamicIdentity: () => hasDynamicIdentity,
+  resolveTenantIdentity: () => resolveTenantIdentity,
+  warmTenantIdentity: () => warmTenantIdentity
+});
+function cacheIdentity(instanceDid, value) {
+  identityCache.set(instanceDid, { value, expiry: Date.now() + IDENTITY_TTL_MS });
+  if (identityCache.size > IDENTITY_CACHE_MAX) {
+    const oldest = identityCache.keys().next().value;
+    if (oldest !== void 0) identityCache.delete(oldest);
+  }
+}
+function clearTenantIdentityCache(instanceDid) {
+  if (instanceDid) identityCache.delete(instanceDid);
+  else identityCache.clear();
+}
+function hasDynamicIdentity() {
+  return typeof getIdentityDriver().getInstanceAppIdentity === "function";
+}
+async function resolveTenantIdentity(instanceDidArg) {
+  const instanceDid = instanceDidArg ?? getInstanceDid();
+  const cached = identityCache.get(instanceDid);
+  if (cached && cached.expiry > Date.now()) return cached.value;
+  const driver = getIdentityDriver();
+  if (typeof driver.getInstanceAppIdentity !== "function") {
+    throw new Error(
+      "resolveTenantIdentity: the active IdentityDriver does not implement getInstanceAppIdentity \u2014 a non-blocklet-server DID-Connect runtime requires an AUTH_SERVICE-backed identity driver"
+    );
+  }
+  const identity = await driver.getInstanceAppIdentity(instanceDid);
+  if (!identity || !identity.appSk) {
+    throw new Error(`resolveTenantIdentity: no app signing key for instance "${instanceDid}" (fail-closed)`);
+  }
+  if (identity.appSk.length < 66) {
+    throw new Error(
+      `resolveTenantIdentity: appSk for instance "${instanceDid}" is too short (${identity.appSk.length} chars) to derive a wallet (fail-closed)`
+    );
+  }
+  const wallet2 = (0, import_wallet.fromSecretKey)(identity.appSk, walletType);
+  const ethWallet2 = (0, import_wallet.fromSecretKey)(identity.appSk.slice(0, 66), ethWalletType);
+  const permanentWallet = identity.appPsk ? (0, import_wallet.fromSecretKey)(identity.appPsk, walletType) : wallet2;
+  const value = {
+    instanceDid,
+    wallet: wallet2,
+    ethWallet: ethWallet2,
+    permanentWallet,
+    appInfo: identity.appInfo ?? {}
+  };
+  cacheIdentity(instanceDid, value);
+  return value;
+}
+function getCachedTenantIdentity(instanceDidArg) {
+  const instanceDid = instanceDidArg ?? getInstanceDid();
+  const cached = identityCache.get(instanceDid);
+  if (!cached || cached.expiry <= Date.now()) {
+    throw new Error(
+      `tenant identity for "${instanceDid}" is not resolved (fail-closed) \u2014 warmTenantIdentity must run in the request/job scope before any wallet access`
+    );
+  }
+  return cached.value;
+}
+async function warmTenantIdentity(instanceDidArg) {
+  if (!hasDynamicIdentity()) return;
+  try {
+    await resolveTenantIdentity(instanceDidArg);
+  } catch (err) {
+    logger_default.warn("[tenant-identity] warm failed \u2014 wallet access will fail-closed", {
+      error: err instanceof Error ? err.message : String(err)
+    });
+  }
+}
+function createEmbeddedIdentityServices() {
+  return {
+    getBusinessWallet(chain) {
+      const identity = getCachedTenantIdentity();
+      return chain === "ethereum" ? identity.ethWallet : identity.wallet;
+    },
+    directory() {
+      return EMBEDDED_DIRECTORY;
+    }
+  };
+}
+var Mcrypto, import_wallet, walletType, ethWalletType, IDENTITY_TTL_MS, IDENTITY_CACHE_MAX, identityCache, EMBEDDED_DIRECTORY;
+var init_tenant_identity = __esm({
+  "../../blocklets/core/api/src/libs/did-connect/tenant-identity.ts"() {
+    "use strict";
+    Mcrypto = __toESM(require("@ocap/mcrypto"));
+    import_wallet = require("@ocap/wallet");
+    init_context();
+    init_drivers();
+    init_logger();
+    walletType = {
+      role: Mcrypto.types.RoleType.ROLE_APPLICATION,
+      pk: Mcrypto.types.KeyType.ED25519,
+      hash: Mcrypto.types.HashType.SHA3
+    };
+    ethWalletType = (0, import_wallet.WalletType)("ethereum");
+    IDENTITY_TTL_MS = 5 * 60 * 1e3;
+    IDENTITY_CACHE_MAX = 512;
+    identityCache = /* @__PURE__ */ new Map();
+    EMBEDDED_DIRECTORY = {
+      getUser(did) {
+        if (!did) return { user: null };
+        return {
+          user: { did, fullName: did, email: "", phone: "", remark: "", connectedAccounts: [{ provider: "wallet", did }] }
+        };
+      },
+      getUsers() {
+        return { users: [] };
+      },
+      getVault() {
+        return null;
+      },
+      getBlocklet() {
+        return { id: "", site: { id: "" } };
+      }
+    };
+  }
+});
+
+// ../../blocklets/core/api/src/libs/did-connect/runtime-did-connect-js.ts
+function createDidConnectJsRuntime(opts) {
+  const fallbackAppInfo = { ...DEFAULT_APP_INFO, ...opts.defaultAppInfo ?? {} };
+  return {
+    tokenStorage: opts.tokenStorage,
+    createAuthenticator() {
+      const { WalletAuthenticator } = require("@arcblock/did-connect-js");
+      const config4 = {
+        // Function-valued, per-tenant: resolve the signing wallet from the host
+        // IdentityDriver.getInstanceAppIdentity each time the authenticator signs.
+        // `.toJSON()` matches the standalone worker (the SDK reconstructs the full
+        // wallet — incl. sk — via fromJSON before signing).
+        wallet: async () => {
+          const { wallet: wallet2 } = await resolveTenantIdentity();
+          return wallet2.toJSON();
+        },
+        appInfo: async ({ baseUrl } = {}) => {
+          const { appInfo } = await resolveTenantIdentity();
+          return {
+            name: appInfo.name || fallbackAppInfo.name,
+            description: appInfo.description || fallbackAppInfo.description,
+            icon: appInfo.icon || fallbackAppInfo.icon,
+            link: appInfo.link || baseUrl
+          };
+        },
+        timeout: opts.timeout ?? 3e4
+      };
+      if (opts.chainInfo) config4.chainInfo = opts.chainInfo;
+      if (opts.txEncoder) config4.txEncoder = opts.txEncoder;
+      return new WalletAuthenticator(config4);
+    },
+    createHandlers({ authenticator: authenticator2, tokenStorage }) {
+      const { WalletHandlers } = require("@arcblock/did-connect-js");
+      return new WalletHandlers({ authenticator: authenticator2, tokenStorage });
+    }
+  };
+}
+var DEFAULT_APP_INFO;
+var init_runtime_did_connect_js = __esm({
+  "../../blocklets/core/api/src/libs/did-connect/runtime-did-connect-js.ts"() {
+    "use strict";
+    init_tenant_identity();
+    DEFAULT_APP_INFO = {
+      name: "Payment Kit",
+      description: "Payment Kit",
+      icon: "https://www.arcblock.io/favicon.ico"
+    };
+  }
+});
+
+// ../../blocklets/core/api/src/host-node/did-connect-runtime-node.ts
+var did_connect_runtime_node_exports = {};
+__export(did_connect_runtime_node_exports, {
+  createNodeDidConnectRuntime: () => createNodeDidConnectRuntime
+});
+function createNodeDidConnectRuntime(opts) {
+  const { createTxEncoder } = require("@ocap/client/encode");
+  return createDidConnectJsRuntime({
+    tokenStorage: opts?.tokenStorage,
+    txEncoder: createTxEncoder(),
+    timeout: opts?.timeout ?? 3e4
+  });
+}
+var init_did_connect_runtime_node = __esm({
+  "../../blocklets/core/api/src/host-node/did-connect-runtime-node.ts"() {
+    "use strict";
+    init_runtime_did_connect_js();
+  }
+});
+
 // ../../blocklets/core/api/src/middlewares/hono/xss.ts
 function xss() {
   return async (c, next) => {
@@ -1329,9 +1598,12 @@ var auth_exports = {};
 __export(auth_exports, {
   authenticator: () => authenticator,
   blocklet: () => blocklet,
+  createBlockletServerDidConnectRuntime: () => createBlockletServerDidConnectRuntime,
   ethWallet: () => ethWallet,
   getVaultAddress: () => getVaultAddress,
   handlers: () => handlers,
+  setDidConnectRuntime: () => setDidConnectRuntime,
+  setDidConnectTokenStorage: () => setDidConnectTokenStorage,
   wallet: () => wallet
 });
 function lazyProxy(factory) {
@@ -1360,18 +1632,81 @@ function lazyProxy(factory) {
 function ensureNotificationPatch() {
   if (notificationPatched) return;
   notificationPatched = true;
-  const { getWallet: getWallet3, getAccessWallet } = require("@blocklet/sdk/lib/wallet");
+  const { getWallet, getAccessWallet } = require("@blocklet/sdk/lib/wallet");
   const notificationExports = require("@blocklet/sdk/service/notification");
   notificationExports.getSender = () => ({
-    appDid: blockletAppId() || getWallet3(void 0, "", "sk").address,
+    appDid: blockletAppId() || getWallet(void 0, "", "sk").address,
     wallet: getAccessWallet()
   });
   logger_default.info("[sdk-patch] notification.getSender overridden", { expectedAppId: blockletAppId() });
 }
 function makeWallet(...args) {
   ensureNotificationPatch();
-  const { getWallet: getWallet3 } = require("@blocklet/sdk/lib/wallet");
-  return getWallet3(...args);
+  const { getWallet } = require("@blocklet/sdk/lib/wallet");
+  return getWallet(...args);
+}
+function activeBusinessWallet(chain) {
+  const driver = getIdentityDriver();
+  if (typeof driver.getBusinessWallet === "function") {
+    return driver.getBusinessWallet(chain);
+  }
+  return chain === "ethereum" ? envEthWallet : envWallet;
+}
+function businessWalletProxy(chain) {
+  return new Proxy({}, {
+    get(_t, prop) {
+      const w = activeBusinessWallet(chain);
+      const value = w[prop];
+      if (typeof value !== "function") return value;
+      if (value._isMockFunction) return value;
+      return value.bind(w);
+    },
+    set(_t, prop, value) {
+      activeBusinessWallet(chain)[prop] = value;
+      return true;
+    },
+    has(_t, prop) {
+      return prop in activeBusinessWallet(chain);
+    }
+  });
+}
+function setDidConnectRuntime(runtime) {
+  injectedRuntime = runtime;
+}
+function setDidConnectTokenStorage(storage) {
+  injectedTokenStorage = storage;
+}
+function createBlockletServerDidConnectRuntime() {
+  return {
+    createAuthenticator() {
+      const { WalletAuthenticator } = require("@blocklet/sdk/lib/wallet-authenticator");
+      const { createTxEncoder } = require("@ocap/client/encode");
+      return new WalletAuthenticator({ wallet: makeWallet(void 0, "", "sk"), txEncoder: createTxEncoder() });
+    },
+    createHandlers({ authenticator: auth28, tokenStorage }) {
+      const { WalletHandlers } = require("@blocklet/sdk/lib/wallet-handler");
+      return new WalletHandlers({ authenticator: auth28, tokenStorage });
+    }
+  };
+}
+function activeRuntime() {
+  return injectedRuntime ?? createBlockletServerDidConnectRuntime();
+}
+function buildTokenStorage() {
+  if (injectedRuntime?.tokenStorage) return injectedRuntime.tokenStorage;
+  if (injectedTokenStorage) return injectedTokenStorage;
+  const AuthStorage = require("@arcblock/did-connect-storage-nedb");
+  return new AuthStorage({
+    // `env.dataDir` (the blocklet runtime data dir) is undefined in a bare
+    // embedded host like arc — `store/sequelize.ts` already guards its own
+    // use, but this DID-Connect token store was the one unguarded path and
+    // crashed `buildConnectRoutesHono` with `path.join(undefined, …)`. Fall
+    // back to the OS temp dir (DID-Connect session tokens are ephemeral; the
+    // blocklet server still gets its real dataDir natively).
+    dbPath: import_path2.default.join(env_default.dataDir || import_os.default.tmpdir(), "auth.db"),
+    // @ts-ignore
+    onload: console.warn
+  });
 }
 async function getVaultAddress() {
   try {
@@ -1385,33 +1720,32 @@ async function getVaultAddress() {
     return null;
   }
 }
-var import_path, notificationPatched, wallet, ethWallet, authenticator, handlers, blocklet;
+var import_os, import_path2, notificationPatched, envWallet, envEthWallet, wallet, ethWallet, injectedRuntime, injectedTokenStorage, authenticator, handlers, blocklet;
 var init_auth = __esm({
   "../../blocklets/core/api/src/libs/auth.ts"() {
     "use strict";
-    import_path = __toESM(require("path"));
+    import_os = __toESM(require("os"));
+    import_path2 = __toESM(require("path"));
     init_env();
+    init_drivers();
     init_logger();
     notificationPatched = false;
-    wallet = lazyProxy(() => makeWallet());
-    ethWallet = lazyProxy(() => makeWallet("ethereum"));
-    authenticator = lazyProxy(() => {
-      const { WalletAuthenticator } = require("@blocklet/sdk/lib/wallet-authenticator");
-      return new WalletAuthenticator({ wallet: makeWallet(void 0, "", "sk") });
-    });
+    envWallet = lazyProxy(() => makeWallet());
+    envEthWallet = lazyProxy(() => makeWallet("ethereum"));
+    wallet = businessWalletProxy("arcblock");
+    ethWallet = businessWalletProxy("ethereum");
+    injectedRuntime = null;
+    injectedTokenStorage = null;
+    authenticator = lazyProxy(() => activeRuntime().createAuthenticator());
     handlers = lazyProxy(() => {
-      const AuthStorage = require("@arcblock/did-connect-storage-nedb");
-      const { WalletHandlers } = require("@blocklet/sdk/lib/wallet-handler");
-      return new WalletHandlers({
-        authenticator,
-        tokenStorage: new AuthStorage({
-          dbPath: import_path.default.join(env_default.dataDir, "auth.db"),
-          // @ts-ignore
-          onload: console.warn
-        })
-      });
+      const tokenStorage = buildTokenStorage();
+      return activeRuntime().createHandlers({ authenticator, tokenStorage });
     });
     blocklet = lazyProxy(() => {
+      const driver = getIdentityDriver();
+      if (typeof driver.directory === "function") {
+        return driver.directory();
+      }
       ensureNotificationPatch();
       const { BlockletService: BlockletService2 } = require("@blocklet/sdk/service/auth");
       return new BlockletService2();
@@ -6310,7 +6644,7 @@ function authenticate({
     if (embed && embedToken && embedId) {
       let embedOk = false;
       try {
-        const w = wallet2();
+        const w = wallet;
         const verified = await w.verify(embedId, embedToken);
         if (!verified) {
           return c.json({ error: `Invalid signature for embed: ${embedId}` }, 401);
@@ -6377,19 +6711,15 @@ function authenticate({
     return c.json({ error: "Not authorized to perform this action" }, 403);
   };
 }
-var import_verify_sign, import_verify_session, import_wallet, cachedWallet, wallet2;
+var import_verify_sign, import_verify_session;
 var init_security = __esm({
   "../../blocklets/core/api/src/middlewares/hono/security.ts"() {
     "use strict";
     import_verify_sign = require("@blocklet/sdk/lib/util/verify-sign");
     import_verify_session = require("@blocklet/sdk/lib/util/verify-session");
-    import_wallet = require("@blocklet/sdk/lib/wallet");
     init_env();
+    init_auth();
     init_customer();
-    wallet2 = () => {
-      cachedWallet ??= (0, import_wallet.getWallet)();
-      return cachedWallet;
-    };
   }
 });
 
@@ -8814,8 +9144,8 @@ async function getVerifier(bundleId, environment) {
   const cached = verifierCache.get(key);
   if (cached) return cached;
   const mod = await import("@apple/app-store-server-library");
-  const env13 = environment === "production" ? mod.Environment.PRODUCTION : mod.Environment.SANDBOX;
-  const verifier = new mod.SignedDataVerifier(APPLE_ROOT_CERTS, false, env13, bundleId);
+  const env12 = environment === "production" ? mod.Environment.PRODUCTION : mod.Environment.SANDBOX;
+  const verifier = new mod.SignedDataVerifier(APPLE_ROOT_CERTS, false, env12, bundleId);
   verifierCache.set(key, verifier);
   return verifier;
 }
@@ -8861,8 +9191,8 @@ async function getApiClient(creds) {
   const cached = apiClientCache.get(key);
   if (cached) return cached;
   const mod = await import("@apple/app-store-server-library");
-  const env13 = creds.environment === "production" ? mod.Environment.PRODUCTION : mod.Environment.SANDBOX;
-  const client = new mod.AppStoreServerAPIClient(creds.privateKeyPem, creds.keyId, creds.issuerId, creds.bundleId, env13);
+  const env12 = creds.environment === "production" ? mod.Environment.PRODUCTION : mod.Environment.SANDBOX;
+  const client = new mod.AppStoreServerAPIClient(creds.privateKeyPem, creds.keyId, creds.issuerId, creds.bundleId, env12);
   apiClientCache.set(key, client);
   return client;
 }
@@ -9289,12 +9619,17 @@ var init_client2 = __esm({
 });
 
 // ../../blocklets/core/api/src/store/sequelize.ts
+var sequelize_exports = {};
+__export(sequelize_exports, {
+  sequelize: () => sequelize,
+  setDefaultSequelize: () => setDefaultSequelize
+});
 function buildSequelize() {
   const seq = new import_sequelize16.Sequelize({
     dialect: "sqlite",
     logging: sqlLog(),
     benchmark: sqlLog() && sqlBenchmark(),
-    storage: (0, import_path2.join)(env_default.dataDir, "payment-kit.db"),
+    storage: (0, import_path3.join)(env_default.dataDir, "payment-kit.db"),
     pool: {
       min: sequelizeOptionsPoolMin(),
       max: sequelizeOptionsPoolMax(),
@@ -9310,12 +9645,15 @@ function buildSequelize() {
   pragma("PRAGMA cache_size = -16000");
   return seq;
 }
-var import_sqlite3, import_path2, import_cls_hooked, import_sequelize16, namespace, instance, getSequelize, sequelize;
+function setDefaultSequelize(seq) {
+  instance = seq;
+}
+var import_sqlite3, import_path3, import_cls_hooked, import_sequelize16, namespace, instance, getSequelize, sequelize;
 var init_sequelize = __esm({
   "../../blocklets/core/api/src/store/sequelize.ts"() {
     "use strict";
     import_sqlite3 = require("sqlite3");
-    import_path2 = require("path");
+    import_path3 = require("path");
     import_cls_hooked = __toESM(require("cls-hooked"));
     import_sequelize16 = require("sequelize");
     init_env();
@@ -14849,9 +15187,9 @@ var init_remote_signer = __esm({
     "use strict";
     import_ethers = require("ethers");
     RemoteSigner = class _RemoteSigner extends import_ethers.ethers.AbstractSigner {
-      constructor(wallet3, provider) {
+      constructor(wallet2, provider) {
         super(provider);
-        this.wallet = wallet3;
+        this.wallet = wallet2;
       }
       /**
        * Returns the address of the signer
@@ -14888,8 +15226,8 @@ var init_remote_signer = __esm({
        * Signs typed data (EIP-712)
        * Optional but useful for signing structured data
        */
-      async signTypedData(domain, types2, value) {
-        const hash = import_ethers.ethers.TypedDataEncoder.hash(domain, types2, value);
+      async signTypedData(domain, types3, value) {
+        const hash = import_ethers.ethers.TypedDataEncoder.hash(domain, types3, value);
         const signature = await this.wallet.signETH(hash, false);
         return import_ethers.ethers.hexlify(signature);
       }
@@ -19013,10 +19351,10 @@ var init_discount2 = __esm({
 });
 
 // ../../blocklets/core/api/src/libs/slippage.ts
-function normalizeSlippagePercent3(value, fallback2 = DEFAULT_SLIPPAGE_PERCENT3) {
+function normalizeSlippagePercent3(value, fallback = DEFAULT_SLIPPAGE_PERCENT3) {
   const normalized = typeof value === "string" ? Number(value) : Number(value);
   if (!Number.isFinite(normalized) || normalized < 0) {
-    return fallback2;
+    return fallback;
   }
   return normalized;
 }
@@ -29022,13 +29360,21 @@ function injectJobTenant(job) {
   }
   return { ...job, instance_did: context.getInstanceDid() };
 }
+async function warmThenRun(onJob, job) {
+  const { warmTenantIdentity: warmTenantIdentity2 } = (
+    // eslint-disable-next-line global-require
+    (init_tenant_identity(), __toCommonJS(tenant_identity_exports))
+  );
+  await warmTenantIdentity2();
+  return onJob(job);
+}
 function runJobWithTenant(job, onJob) {
   const tenant = job?.instance_did;
   if (tenant) {
-    return withTenant(tenant, () => onJob(job));
+    return withTenant(tenant, () => warmThenRun(onJob, job));
   }
   if (getTenantMode() === "single") {
-    return withTenant(getDefaultInstanceDid(), () => onJob(job));
+    return withTenant(getDefaultInstanceDid(), () => warmThenRun(onJob, job));
   }
   const err = new TenantError(TENANT_CONTEXT_MISSING, "legacy job without tenant refused in multi mode");
   err.nonRetryable = true;
@@ -39734,6 +40080,7 @@ var init_payment2 = __esm({
     init_token();
     init_audit();
     init_auth();
+    init_context();
     init_dayjs();
     init_error();
     init_event2();
@@ -40677,16 +41024,23 @@ var init_payment2 = __esm({
           capture_method: "automatic"
         }
       });
-      payments.forEach(async (x) => {
-        const supportAutoCharge = await PaymentMethod.supportAutoCharge(x.payment_method_id);
-        if (supportAutoCharge === false) {
-          return;
-        }
-        const exist = await paymentQueue.get(x.id);
-        if (!exist) {
-          paymentQueue.push({ id: x.id, job: { paymentIntentId: x.id } });
+      for (const x of payments) {
+        const dispatch = async () => {
+          const supportAutoCharge = await PaymentMethod.supportAutoCharge(x.payment_method_id);
+          if (supportAutoCharge === false) {
+            return;
+          }
+          const exist = await paymentQueue.get(x.id);
+          if (!exist) {
+            paymentQueue.push({ id: x.id, job: { paymentIntentId: x.id } });
+          }
+        };
+        try {
+          await (x.instance_did ? withTenant(x.instance_did, dispatch) : dispatch());
+        } catch (error) {
+          logger_default.error("startPaymentQueue: re-queue failed", { id: x.id, error });
         }
-      });
+      }
     };
     paymentQueue.on("failed", ({ id, job, error }) => {
       logger_default.error("Payment job failed", { id, job, error });
@@ -41402,12 +41756,12 @@ async function createPaymentStat(date) {
     })
   );
 }
-var import_fs, import_path3, import_util121, import_sequelize67;
+var import_fs2, import_path4, import_util121, import_sequelize67;
 var init_payment_stat2 = __esm({
   "../../blocklets/core/api/src/crons/payment-stat.ts"() {
     "use strict";
-    import_fs = __toESM(require("fs"));
-    import_path3 = __toESM(require("path"));
+    import_fs2 = __toESM(require("fs"));
+    import_path4 = __toESM(require("path"));
     import_util121 = require("@ocap/util");
     import_sequelize67 = require("sequelize");
     init_dayjs();
@@ -46289,7 +46643,7 @@ var init_customers = __esm({
     import_hono8 = require("hono");
     import_joi8 = __toESM(require("joi"));
     import_pick18 = __toESM(require("lodash/pick"));
-    import_isEmail = __toESM(require("validator/es/lib/isEmail"));
+    import_isEmail = __toESM(require("validator/lib/isEmail"));
     import_sequelize71 = require("sequelize");
     import_util126 = require("@ocap/util");
     init_stake();
@@ -47037,8 +47391,8 @@ var init_payment_methods = __esm({
         if (!raw.settings.app_store?.bundle_id) {
           return c.json({ error: "app_store bundle_id is required" }, 400);
         }
-        const env13 = raw.settings.app_store?.environment;
-        if (env13 !== "production" && env13 !== "sandbox") {
+        const env12 = raw.settings.app_store?.environment;
+        if (env12 !== "production" && env12 !== "sandbox") {
           return c.json({ error: "app_store environment must be production or sandbox" }, 400);
         }
         const hasAnyServerCred = !!(raw.settings.app_store?.issuer_id || raw.settings.app_store?.key_id || raw.settings.app_store?.private_key_pem);
@@ -56248,11 +56602,11 @@ var init_credit_transactions = __esm({
 });
 
 // ../../blocklets/core/api/src/libs/reference-cache.ts
-function evictExpired(cache3) {
-  if (cache3.size <= CACHE_MAX_SIZE) return;
+function evictExpired(cache2) {
+  if (cache2.size <= CACHE_MAX_SIZE) return;
   const now = Date.now();
-  for (const [k, v] of cache3) {
-    if (v.expires < now) cache3.delete(k);
+  for (const [k, v] of cache2) {
+    if (v.expires < now) cache2.delete(k);
   }
 }
 function ensureCacheHooks() {
@@ -60132,11 +60486,11 @@ function isSelf(userDid, customerDid) {
   const b = canonicalDid(customerDid);
   return !!a && a === b;
 }
-function parseLivemode(value, fallback2) {
+function parseLivemode(value, fallback) {
   if (typeof value === "boolean") return value;
   if (value === "true") return true;
   if (value === "false") return false;
-  return fallback2;
+  return fallback;
 }
 var import_hono26, import_joi25, app26, auth18, checkQuerySchema, listQuerySchema, entitlements_default;
 var init_entitlements = __esm({
@@ -61571,7 +61925,7 @@ async function processDirectTransfer({
   }
   throw new Error(`Unsupported chain type: ${chainType}`);
 }
-var import_client4, import_util158, import_ethers5, import_hono33, import_joi29, import_pick31, import_wallet3, import_sequelize91, app33, authAdmin5, auth23, paginationSchema9, searchSchema7, refundRequestSchema2, syncRefundRequestSchema, refunds_default;
+var import_client4, import_util158, import_ethers5, import_hono33, import_joi29, import_pick31, import_sequelize91, app33, authAdmin5, auth23, paginationSchema9, searchSchema7, refundRequestSchema2, syncRefundRequestSchema, refunds_default;
 var init_refunds = __esm({
   "../../blocklets/core/api/src/routes/hono/refunds.ts"() {
     "use strict";
@@ -61581,7 +61935,6 @@ var init_refunds = __esm({
     import_hono33 = require("hono");
     import_joi29 = __toESM(require("joi"));
     import_pick31 = __toESM(require("lodash/pick"));
-    import_wallet3 = require("@blocklet/sdk/lib/wallet");
     import_sequelize91 = require("sequelize");
     init_token();
     init_api();
@@ -61800,7 +62153,7 @@ var init_refunds = __esm({
             return c.json(existingRefund);
           }
         }
-        const systemDid = (0, import_wallet3.getWallet)().address;
+        const systemDid = wallet.address;
         const finalCustomerName = customerName || "Broker";
         let finalCustomer = await Customer.findOne({
           where: { did: systemDid }
@@ -65283,17 +65636,17 @@ var init_snapshot = __esm({
 // ../../blocklets/core/api/src/libs/archive/store.ts
 function getArchiveDir() {
   const dataDir = import_config4.default.env?.dataDir || "/tmp";
-  const archiveDir = import_path4.default.join(dataDir, "archive");
-  if (!import_fs2.default.existsSync(archiveDir)) {
-    import_fs2.default.mkdirSync(archiveDir, { recursive: true });
+  const archiveDir = import_path5.default.join(dataDir, "archive");
+  if (!import_fs3.default.existsSync(archiveDir)) {
+    import_fs3.default.mkdirSync(archiveDir, { recursive: true });
   }
   return archiveDir;
 }
 function getArchiveFilePath(fileName) {
-  return import_path4.default.join(getArchiveDir(), fileName);
+  return import_path5.default.join(getArchiveDir(), fileName);
 }
 function getArchiveFilePathForYear(year) {
-  return import_path4.default.join(getArchiveDir(), `archive-${year}.db`);
+  return import_path5.default.join(getArchiveDir(), `archive-${year}.db`);
 }
 function getRecordYear(record) {
   const createdAt = record?.created_at;
@@ -65380,13 +65733,13 @@ async function ensureArchiveTable(tableName, mainSequelize, archiveSequelize) {
 }
 function listArchiveFiles() {
   const archiveDir = getArchiveDir();
-  const files = import_fs2.default.readdirSync(archiveDir).filter((name) => name.endsWith(".db"));
+  const files = import_fs3.default.readdirSync(archiveDir).filter((name) => name.endsWith(".db"));
   files.sort();
-  return files.map((name) => import_path4.default.join(archiveDir, name));
+  return files.map((name) => import_path5.default.join(archiveDir, name));
 }
 function getFileSize(filePath) {
   try {
-    return import_fs2.default.statSync(filePath).size;
+    return import_fs3.default.statSync(filePath).size;
   } catch (error) {
     logger_default.warn("stat archive file failed", { filePath, error });
     return 0;
@@ -65401,8 +65754,8 @@ function cleanupOldArchiveFiles(maxFiles) {
   const removed = [];
   for (const filePath of toRemove) {
     try {
-      import_fs2.default.unlinkSync(filePath);
-      removed.push(import_path4.default.basename(filePath));
+      import_fs3.default.unlinkSync(filePath);
+      removed.push(import_path5.default.basename(filePath));
       logger_default.info("removed old archive file", { filePath });
     } catch (error) {
       logger_default.warn("failed to remove old archive file", { filePath, error });
@@ -65410,12 +65763,12 @@ function cleanupOldArchiveFiles(maxFiles) {
   }
   return removed;
 }
-var import_fs2, import_path4, import_config4, import_sequelize97;
+var import_fs3, import_path5, import_config4, import_sequelize97;
 var init_store2 = __esm({
   "../../blocklets/core/api/src/libs/archive/store.ts"() {
     "use strict";
-    import_fs2 = __toESM(require("fs"));
-    import_path4 = __toESM(require("path"));
+    import_fs3 = __toESM(require("fs"));
+    import_path5 = __toESM(require("path"));
     import_config4 = __toESM(require("@blocklet/sdk/lib/config"));
     import_sequelize97 = require("sequelize");
     init_logger();
@@ -65496,11 +65849,11 @@ function serializeJsonFields(record) {
   return result;
 }
 function checkDiskSpace(minFreeDiskMB) {
-  if (typeof import_fs3.default.statfsSync !== "function") {
+  if (typeof import_fs4.default.statfsSync !== "function") {
     return;
   }
   const archiveDir = getArchiveDir();
-  const stats = import_fs3.default.statfsSync(archiveDir);
+  const stats = import_fs4.default.statfsSync(archiveDir);
   const freeBytes = stats.bavail * stats.bsize;
   const freeMB = Math.floor(freeBytes / (1024 * 1024));
   if (freeMB < minFreeDiskMB) {
@@ -65858,7 +66211,7 @@ async function runArchiveJob(options) {
       const filePath = getArchiveFilePath(fileName);
       totalFileSize += getFileSize(filePath);
       try {
-        const fileChecksum = import_crypto4.default.createHash("sha256").update(import_fs3.default.readFileSync(filePath)).digest("hex");
+        const fileChecksum = import_crypto4.default.createHash("sha256").update(import_fs4.default.readFileSync(filePath)).digest("hex");
         checksums.push(`${fileName}:${fileChecksum.substring(0, 8)}`);
       } catch {
         checksums.push(`${fileName}:error`);
@@ -65895,12 +66248,12 @@ async function runArchiveJob(options) {
     await releaseArchiveLock(instanceId);
   }
 }
-var import_crypto4, import_fs3, import_nanoid3, import_sequelize98, ACTIVE_SUBSCRIPTION_STATUSES, TABLE_MODELS;
+var import_crypto4, import_fs4, import_nanoid3, import_sequelize98, ACTIVE_SUBSCRIPTION_STATUSES, TABLE_MODELS;
 var init_executor = __esm({
   "../../blocklets/core/api/src/libs/archive/executor.ts"() {
     "use strict";
     import_crypto4 = __toESM(require("crypto"));
-    import_fs3 = __toESM(require("fs"));
+    import_fs4 = __toESM(require("fs"));
     import_nanoid3 = require("nanoid");
     import_sequelize98 = require("sequelize");
     init_dayjs();
@@ -66020,7 +66373,7 @@ async function queryArchive(params, actorId) {
       });
       if (Array.isArray(rows) && rows.length > 0) {
         results.push(...rows);
-        touchedFiles.push(import_path5.default.basename(filePath));
+        touchedFiles.push(import_path6.default.basename(filePath));
       }
     } catch (error) {
       logger_default.warn("archive query failed", { filePath, error });
@@ -66036,11 +66389,11 @@ async function queryArchive(params, actorId) {
   await recordArchiveQuery(touchedFiles, actorId);
   return { data, total, archiveFiles: touchedFiles };
 }
-var import_path5, import_sequelize100, TENANT_TABLE_SET2, VALID_TABLE_NAME;
+var import_path6, import_sequelize100, TENANT_TABLE_SET2, VALID_TABLE_NAME;
 var init_query = __esm({
   "../../blocklets/core/api/src/libs/archive/query.ts"() {
     "use strict";
-    import_path5 = __toESM(require("path"));
+    import_path6 = __toESM(require("path"));
     import_sequelize100 = require("sequelize");
     init_logger();
     init_context();
@@ -66537,12 +66890,12 @@ var collect_exports = {};
 __export(collect_exports, {
   default: () => collect_default
 });
-var import_util172, import_wallet4, collect_default;
+var import_util172, import_wallet3, collect_default;
 var init_collect = __esm({
   "../../blocklets/core/api/src/routes/connect/collect.ts"() {
     "use strict";
     import_util172 = require("@ocap/util");
-    import_wallet4 = require("@ocap/wallet");
+    import_wallet3 = require("@ocap/wallet");
     init_token();
     init_tx();
     init_auth();
@@ -66678,7 +67031,7 @@ var init_collect = __esm({
             const { buffer: buffer2 } = await client.encodeTransferV3Tx({ tx });
             const txHash = await client.sendTransferV3Tx(
               // @ts-ignore
-              { tx, wallet: (0, import_wallet4.fromAddress)(userDid) },
+              { tx, wallet: (0, import_wallet3.fromAddress)(userDid) },
               await getGasPayerExtra(buffer2, client.pickGasPayerHeaders(request))
             );
             await afterTxExecution({
@@ -66724,11 +67077,11 @@ var collect_batch_exports = {};
 __export(collect_batch_exports, {
   default: () => collect_batch_default
 });
-var import_wallet5, import_util174, collect_batch_default;
+var import_wallet4, import_util174, collect_batch_default;
 var init_collect_batch = __esm({
   "../../blocklets/core/api/src/routes/connect/collect-batch.ts"() {
     "use strict";
-    import_wallet5 = require("@ocap/wallet");
+    import_wallet4 = require("@ocap/wallet");
     import_util174 = require("@ocap/util");
     init_token();
     init_tx();
@@ -66845,7 +67198,7 @@ var init_collect_batch = __esm({
           const { buffer: buffer2 } = await client.encodeTransferV3Tx({ tx });
           const txHash = await client.sendTransferV3Tx(
             // @ts-ignore
-            { tx, wallet: (0, import_wallet5.fromAddress)(userDid) },
+            { tx, wallet: (0, import_wallet4.fromAddress)(userDid) },
             await getGasPayerExtra(buffer2, client.pickGasPayerHeaders(request))
           );
           await afterTxExecution({ tx_hash: txHash, payer: userDid, type: "transfer" });
@@ -66911,12 +67264,12 @@ var pay_exports = {};
 __export(pay_exports, {
   default: () => pay_default
 });
-var import_util176, import_wallet6, pay_default;
+var import_util176, import_wallet5, pay_default;
 var init_pay = __esm({
   "../../blocklets/core/api/src/routes/connect/pay.ts"() {
     "use strict";
     import_util176 = require("@ocap/util");
-    import_wallet6 = require("@ocap/wallet");
+    import_wallet5 = require("@ocap/wallet");
     init_token();
     init_tx();
     init_auth();
@@ -67039,7 +67392,7 @@ var init_pay = __esm({
             const { buffer: buffer2 } = await client.encodeTransferV3Tx({ tx });
             const txHash = await client.sendTransferV3Tx(
               // @ts-ignore
-              { tx, wallet: (0, import_wallet6.fromAddress)(userDid) },
+              { tx, wallet: (0, import_wallet5.fromAddress)(userDid) },
               await getGasPayerExtra(buffer2, client.pickGasPayerHeaders(request))
             );
             const quoteValidation = await validateQuoteForPayment({
@@ -68436,11 +68789,11 @@ var recharge_exports = {};
 __export(recharge_exports, {
   default: () => recharge_default
 });
-var import_wallet7, import_util182, recharge_default;
+var import_wallet6, import_util182, recharge_default;
 var init_recharge = __esm({
   "../../blocklets/core/api/src/routes/connect/recharge.ts"() {
     "use strict";
-    import_wallet7 = require("@ocap/wallet");
+    import_wallet6 = require("@ocap/wallet");
     import_util182 = require("@ocap/util");
     init_token();
     init_tx();
@@ -68555,7 +68908,7 @@ var init_recharge = __esm({
             const { buffer: buffer2 } = await client.encodeTransferV3Tx({ tx });
             const txHash = await client.sendTransferV3Tx(
               // @ts-ignore
-              { tx, wallet: (0, import_wallet7.fromAddress)(userDid) },
+              { tx, wallet: (0, import_wallet6.fromAddress)(userDid) },
               await getGasPayerExtra(buffer2, client.pickGasPayerHeaders(request))
             );
             logger_default.info("Recharge successful", {
@@ -69167,11 +69520,11 @@ async function triggerAutoRecharge(customer) {
     });
   }
 }
-var import_wallet8, import_util185, import_p_all6, recharge_account_default;
+var import_wallet7, import_util185, import_p_all6, recharge_account_default;
 var init_recharge_account = __esm({
   "../../blocklets/core/api/src/routes/connect/recharge-account.ts"() {
     "use strict";
-    import_wallet8 = require("@ocap/wallet");
+    import_wallet7 = require("@ocap/wallet");
     import_util185 = require("@ocap/util");
     import_p_all6 = __toESM(require("p-all"));
     init_token();
@@ -69334,7 +69687,7 @@ var init_recharge_account = __esm({
             const { buffer: buffer2 } = await client.encodeTransferV3Tx({ tx });
             const txHash = await client.sendTransferV3Tx(
               // @ts-ignore
-              { tx, wallet: (0, import_wallet8.fromAddress)(userDid) },
+              { tx, wallet: (0, import_wallet7.fromAddress)(userDid) },
               await getGasPayerExtra(buffer2, client.pickGasPayerHeaders(request))
             );
             await afterTxExecution({
@@ -69985,137 +70338,6 @@ var init_change_payer = __esm({
   }
 });
 
-// ../../blocklets/core/api/src/middlewares/hono/fallback.ts
-var fallback_exports = {};
-__export(fallback_exports, {
-  default: () => fallback_default,
-  fallback: () => fallback
-});
-function acceptsHtml(accept) {
-  if (!accept) return true;
-  return accept.includes("text/html") || accept.includes("application/xhtml+xml") || accept.includes("*/*");
-}
-function fallback(file, options = {}) {
-  const filePath = options.root ? (0, import_path6.join)(options.root, file) : file;
-  if (!import_fs4.default.existsSync(filePath)) {
-    throw new Error(`Fallback file not found at: ${filePath}`);
-  }
-  return async (c, next) => {
-    const method = c.req.method.toUpperCase();
-    if (method !== "GET" && method !== "HEAD" || !acceptsHtml(c.req.header("accept") || "") || import_constant.RESOURCE_PATTERN.test(c.req.path)) {
-      return next();
-    }
-    const pageGroup = c.req.header("x-page-group") || "";
-    const pathPrefix = c.req.header("x-path-prefix") || "";
-    const cacheKey = getCacheKey(c.req.path, filePath, pageGroup, pathPrefix);
-    const { theme } = (0, import_config7.getBlockletSettings)();
-    if (cacheEnabled) {
-      const cached = cache2.get(cacheKey);
-      const cacheTtl = options.cacheTtl || DEFAULT_CACHE_TTL;
-      if (cached && Date.now() - cached.timestamp < cacheTtl && cached.pageGroup === pageGroup && cached.pathPrefix === pathPrefix) {
-        c.header("X-Cache", "HIT");
-        c.header("ETag", cached.etag);
-        return c.html(cached.html);
-      }
-    }
-    const pageData = await tryWithTimeout2(
-      options.getPageData ? () => options.getPageData(c) : () => Promise.resolve({}),
-      options.timeout || 5e3
-    );
-    validatePageData(pageData, options.maxLength || 1e3);
-    const title = (0, import_escape.default)(pageData.title || import_config7.env.appName);
-    const description = (0, import_escape.default)(pageData.description || import_config7.env.appDescription);
-    const ogImage = pageData.ogImage || (0, import_ufo15.joinURL)(import_config7.env.appUrl || "/", import_constants24.SERVICE_PREFIX, "/blocklet/og.png");
-    let source = await import_fs4.default.promises.readFile(filePath, "utf8");
-    if (title) {
-      source = source.includes("<title>") ? source.replace(TITLE_TAG_REGEX, `<title>${title}</title>`) : source.replace(HEAD_END_TAG, `<title>${title}</title>${HEAD_END_TAG}`);
-    }
-    if (description && !source.includes('<meta name="description"')) {
-      source = source.replace(
-        HEAD_END_TAG,
-        `<meta name="description" content="${description}" data-react-helmet="true" />${HEAD_END_TAG}`
-      );
-    }
-    if (!source.includes('meta property="og:image"')) {
-      source = source.replace(
-        HEAD_END_TAG,
-        `${buildOpenGraph({ title, description, ogImage }, import_config7.env.appUrl || "/")}
-${HEAD_END_TAG}`
-      );
-    }
-    if (pageData.embed) {
-      source = source.replace(
-        HEAD_END_TAG,
-        `<link rel="blocklet-open-embed" type="application/json" href="${pageData.embed}" />${HEAD_END_TAG}`
-      );
-    }
-    const blockletJs = (0, import_config7.getBlockletJs)(pageGroup, pathPrefix);
-    if (blockletJs && options.injectBlockletJs !== false) {
-      source = source.replace('<script src="__blocklet__.js"></script>', `<script>${blockletJs}</script>`).replace('<script src="__meta__.js"></script>', `<script>${blockletJs}</script>`);
-    }
-    const themeStyles = (0, import_theme.buildThemeStyles)(theme);
-    const themeScript = (0, import_theme.buildThemeScript)(theme);
-    if (!source.includes('<style id="blocklet-theme">')) {
-      source = source.replace(HEAD_END_TAG, `${themeStyles}${HEAD_END_TAG}`);
-    }
-    if (!source.includes('<script id="blocklet-theme-script">')) {
-      source = source.replace(HEAD_END_TAG, `${themeScript}${HEAD_END_TAG}`);
-    }
-    const etag = generateETag(source);
-    cache2.set(cacheKey, { html: source, timestamp: Date.now(), etag, pageGroup, pathPrefix });
-    if (options.cacheTtl) {
-      c.header("Cache-Control", `public, max-age=${options.cacheTtl}`);
-    } else {
-      c.header("Surrogate-Control", "no-store");
-      c.header("Cache-Control", "no-store, no-cache, must-revalidate, proxy-revalidate");
-      c.header("Expires", "0");
-    }
-    c.header("X-Cache", "MISS");
-    c.header("ETag", etag);
-    return c.html(source);
-  };
-}
-var import_fs4, import_path6, import_crypto5, import_ufo15, import_escape, import_constant, import_theme, import_config7, import_constants24, DEFAULT_CACHE_TTL, cache2, cacheEnabled, TITLE_TAG_REGEX, HEAD_END_TAG, buildOpenGraph, validatePageData, generateETag, getCacheKey, tryWithTimeout2, fallback_default;
-var init_fallback = __esm({
-  "../../blocklets/core/api/src/middlewares/hono/fallback.ts"() {
-    "use strict";
-    import_fs4 = __toESM(require("fs"));
-    import_path6 = require("path");
-    import_crypto5 = __toESM(require("crypto"));
-    import_ufo15 = require("ufo");
-    import_escape = __toESM(require("lodash/escape"));
-    import_constant = require("@blocklet/constant");
-    import_theme = require("@blocklet/theme");
-    import_config7 = require("@blocklet/sdk/lib/config");
-    import_constants24 = require("@blocklet/sdk/lib/util/constants");
-    init_env();
-    DEFAULT_CACHE_TTL = 60 * 1e3;
-    cache2 = /* @__PURE__ */ new Map();
-    cacheEnabled = readConfig("FALLBACK_CACHE_ENABLED") === "true" || isTestEnv();
-    TITLE_TAG_REGEX = /<title>(.+)<\/title>/;
-    HEAD_END_TAG = "</head>";
-    buildOpenGraph = (pageData, appUrl) => [
-      `<meta property="og:title" content="${pageData.title}" data-react-helmet="true" />`,
-      `<meta property="og:description" content="${pageData.description}" data-react-helmet="true" />`,
-      '<meta property="og:type" content="website" data-react-helmet="true" />',
-      `<meta property="og:url" content="${appUrl}" data-react-helmet="true" />`,
-      `<meta property="og:image" content="${pageData.ogImage}" data-react-helmet="true" />`,
-      '<meta name="twitter:card" content="summary_large_image" data-react-helmet="true" />'
-    ].join("\n");
-    validatePageData = (data, maxLength) => {
-      if (data.title && data.title.length > maxLength) throw new Error("Title too long");
-      if (data.description && data.description.length > maxLength) throw new Error("Description too long");
-    };
-    generateETag = (content) => `W/"${import_crypto5.default.createHash("sha1").update(content).digest("base64")}"`;
-    getCacheKey = (pathname, filePath, pageGroup, pathPrefix) => import_crypto5.default.createHash("sha1").update(`${pathname}:${filePath}:${pageGroup}:${pathPrefix}`).digest("base64");
-    tryWithTimeout2 = (asyncFn, timeout) => new Promise((resolve, reject) => {
-      const timer = setTimeout(() => reject(new Error(`Operation timed out after ${timeout} ms`)), timeout);
-      Promise.resolve().then(asyncFn).then((result) => resolve(result)).catch((err) => reject(err)).finally(() => clearTimeout(timer));
-    });
-    fallback_default = fallback;
-  }
-});
-
 // ../../blocklets/core/api/src/crons/currency.ts
 var currency_exports = {};
 __export(currency_exports, {
@@ -72348,6 +72570,7 @@ var init_refund3 = __esm({
     init_subscription2();
     init_token();
     init_auth();
+    init_context();
     init_error();
     init_event2();
     init_logger();
@@ -72725,13 +72948,20 @@ var init_refund3 = __esm({
     });
     startRefundQueue = async () => {
       const refunds = await systemFindAll(Refund, { where: { status: ["pending"] } });
-      refunds.forEach(async (x) => {
-        const exist = await refundQueue.get(x.id);
-        if (!exist) {
-          refundQueue.push({ id: x.id, job: { refundId: x.id } });
-          logger_default.info("Re-queued pending refund", { id: x.id });
+      for (const x of refunds) {
+        const dispatch = async () => {
+          const exist = await refundQueue.get(x.id);
+          if (!exist) {
+            refundQueue.push({ id: x.id, job: { refundId: x.id } });
+            logger_default.info("Re-queued pending refund", { id: x.id });
+          }
+        };
+        try {
+          await (x.instance_did ? withTenant(x.instance_did, dispatch) : dispatch());
+        } catch (error) {
+          logger_default.error("startRefundQueue: re-queue failed", { id: x.id, error });
         }
-      });
+      }
     };
     refundQueue.on("failed", ({ id, job, error }) => {
       logger_default.error("refund job failed", { id, job, error });
@@ -73491,11 +73721,11 @@ var init_fulfillment_coordinator = __esm({
 });
 
 // ../../blocklets/core/api/src/queues/vendors/status-check.ts
-var import_ufo16, import_payment_vendor4, startVendorStatusCheckSchedule, handleVendorStatusCheck, vendorStatusCheckQueue;
+var import_ufo15, import_payment_vendor4, startVendorStatusCheckSchedule, handleVendorStatusCheck, vendorStatusCheckQueue;
 var init_status_check = __esm({
   "../../blocklets/core/api/src/queues/vendors/status-check.ts"() {
     "use strict";
-    import_ufo16 = require("ufo");
+    import_ufo15 = require("ufo");
     import_payment_vendor4 = require("@blocklet/payment-vendor");
     init_queue2();
     init_checkout_session();
@@ -73580,7 +73810,7 @@ var init_status_check = __esm({
           const url = productVendor?.app_url;
           logger_default.info("found vendor url", { url, productVendor });
           if (url) {
-            const serverStatusUrl = (0, import_ufo16.joinURL)(
+            const serverStatusUrl = (0, import_ufo15.joinURL)(
               url,
               productVendor?.metadata?.mountPoint,
               "/api/vendor/status",
@@ -73652,7 +73882,7 @@ var init_status_check = __esm({
 
 // ../../blocklets/core/api/src/crons/overdue-detection.ts
 function getAppName() {
-  return import_config8.env.appName;
+  return import_config7.env.appName;
 }
 async function createOverdueDetection() {
   logger_default.info("Start health report generation");
@@ -73672,16 +73902,16 @@ async function createOverdueDetection() {
     logger_default.error("Failed to create health report", error);
   }
 }
-var import_notification29, import_component18, import_config8, import_util196, import_sequelize107, import_ufo17, HealthReportTemplate;
+var import_notification29, import_component18, import_config7, import_util196, import_sequelize107, import_ufo16, HealthReportTemplate;
 var init_overdue_detection = __esm({
   "../../blocklets/core/api/src/crons/overdue-detection.ts"() {
     "use strict";
     import_notification29 = __toESM(require("@blocklet/sdk/service/notification"));
     import_component18 = require("@blocklet/sdk/lib/component");
-    import_config8 = require("@blocklet/sdk/lib/config");
+    import_config7 = require("@blocklet/sdk/lib/config");
     import_util196 = require("@ocap/util");
     import_sequelize107 = require("sequelize");
-    import_ufo17 = require("ufo");
+    import_ufo16 = require("ufo");
     init_notification2();
     init_dayjs();
     init_env();
@@ -74007,9 +74237,9 @@ var init_overdue_detection = __esm({
           throw new Error("get owner did failed");
         }
         const locale = await getUserLocale(userDid);
-        const viewDataOverviewUrl = (0, import_component18.getUrl)((0, import_ufo17.withQuery)("admin/billing", { locale }));
-        const viewSubscriptionsUrl = (0, import_component18.getUrl)((0, import_ufo17.withQuery)("admin/billing/subscriptions", { locale }));
-        const viewOverdueUrl = (0, import_component18.getUrl)((0, import_ufo17.withQuery)("admin/billing/overdue", { locale }));
+        const viewDataOverviewUrl = (0, import_component18.getUrl)((0, import_ufo16.withQuery)("admin/billing", { locale }));
+        const viewSubscriptionsUrl = (0, import_component18.getUrl)((0, import_ufo16.withQuery)("admin/billing/subscriptions", { locale }));
+        const viewOverdueUrl = (0, import_component18.getUrl)((0, import_ufo16.withQuery)("admin/billing/overdue", { locale }));
         return {
           locale,
           userDid,
@@ -74222,6 +74452,7 @@ var init_event3 = __esm({
     import_sequelize108 = require("sequelize");
     init_env();
     init_scoped();
+    init_context();
     init_event2();
     init_logger();
     init_queue2();
@@ -74278,16 +74509,26 @@ var init_event3 = __esm({
         where: {
           pending_webhooks: { [import_sequelize108.Op.gt]: 0 }
         },
-        attributes: ["id"]
+        attributes: ["id", "instance_did"]
       });
       logger_default.info(`Found ${docs.length} events with pending webhooks`);
-      docs.forEach(async (x) => {
-        const exist = await eventQueue.get(x.id);
-        if (!exist) {
-          logger_default.info(`Pushing event ${x.id} to queue`);
-          eventQueue.push({ id: x.id, job: { eventId: x.id }, persist: false });
+      for (const x of docs) {
+        if (!x.instance_did) {
+          logger_default.warn("skip pending-webhook event with no tenant", { id: x.id });
+        } else {
+          try {
+            await withTenant(x.instance_did, async () => {
+              const exist = await eventQueue.get(x.id);
+              if (!exist) {
+                logger_default.info(`Pushing event ${x.id} to queue`);
+                eventQueue.push({ id: x.id, job: { eventId: x.id }, persist: false });
+              }
+            });
+          } catch (error) {
+            logger_default.error("failed to recover pending-webhook event", { id: x.id, error });
+          }
         }
-      });
+      }
       logger_default.info("Finished starting event queue");
     };
     eventQueue.on("failed", ({ id, job, error }) => {
@@ -74342,6 +74583,45 @@ var init_retry_pending_events = __esm({
   }
 });
 
+// ../../blocklets/core/api/src/crons/tenant-fanout.ts
+async function listProvisionedTenants() {
+  const { PaymentMethod: PaymentMethod3 } = (init_models(), __toCommonJS(models_exports));
+  const rows = await systemFindAll(PaymentMethod3, {
+    attributes: ["instance_did"],
+    raw: true
+  });
+  const dids = /* @__PURE__ */ new Set();
+  for (const row of rows) {
+    if (row?.instance_did) dids.add(row.instance_did);
+  }
+  return [...dids];
+}
+function perTenant(name, fn3, listTenants = listProvisionedTenants) {
+  return async () => {
+    if (getTenantMode() === "single") {
+      await fn3();
+      return;
+    }
+    const dids = await listTenants();
+    if (dids.length === 0) return;
+    logger_default.info("cron.tenant.fanout", { cron: name, tenantCount: dids.length });
+    for (const instanceDid of dids) {
+      await withTenant(instanceDid, async () => fn3()).catch(
+        (error) => logger_default.error("cron tenant pass failed", { cron: name, instanceDid, error })
+      );
+    }
+  };
+}
+var init_tenant_fanout = __esm({
+  "../../blocklets/core/api/src/crons/tenant-fanout.ts"() {
+    "use strict";
+    init_context();
+    init_logger();
+    init_tenant();
+    init_scoped();
+  }
+});
+
 // ../../blocklets/core/api/src/crons/subscription-trial-will-end.ts
 var import_dayjs45, import_sequelize110, SubscriptionTrialWillEndSchedule;
 var init_subscription_trial_will_end2 = __esm({
@@ -74633,6 +74913,7 @@ var init_payout3 = __esm({
     init_payment();
     init_queue2();
     init_auth();
+    init_context();
     init_token();
     init_payment_method();
     init_payment_currency();
@@ -74679,23 +74960,30 @@ var init_payout3 = __esm({
           status: "pending"
         }
       });
-      payouts.forEach(async (payout) => {
-        const exist = await payoutQueue.get(payout.id);
-        if (!exist) {
-          if (payout.next_attempt && payout.next_attempt > dayjs_default().unix()) {
-            payoutQueue.push({
-              id: payout.id,
-              job: { payoutId: payout.id, retryOnError: true },
-              runAt: payout.next_attempt
-            });
-          } else {
-            payoutQueue.push({
-              id: payout.id,
-              job: { payoutId: payout.id, retryOnError: true }
-            });
+      for (const payout of payouts) {
+        const dispatch = async () => {
+          const exist = await payoutQueue.get(payout.id);
+          if (!exist) {
+            if (payout.next_attempt && payout.next_attempt > dayjs_default().unix()) {
+              payoutQueue.push({
+                id: payout.id,
+                job: { payoutId: payout.id, retryOnError: true },
+                runAt: payout.next_attempt
+              });
+            } else {
+              payoutQueue.push({
+                id: payout.id,
+                job: { payoutId: payout.id, retryOnError: true }
+              });
+            }
           }
+        };
+        try {
+          await (payout.instance_did ? withTenant(payout.instance_did, dispatch) : dispatch());
+        } catch (error) {
+          logger_default.error("startPayoutQueue: re-queue failed", { id: payout.id, error });
         }
-      });
+      }
     };
     events.on("payout.created", async (payout) => {
       if (payout.status === "pending") {
@@ -75121,19 +75409,19 @@ function init() {
       {
         name: "subscription.will.renew",
         time: notificationCronTime(),
-        fn: () => new SubscriptionWillRenewSchedule().run(),
+        fn: perTenant("subscription.will.renew", () => new SubscriptionWillRenewSchedule().run()),
         options: { runOnInit: true }
       },
       {
         name: "subscription.trial.will.end",
         time: notificationCronTime(),
-        fn: () => new SubscriptionTrialWillEndSchedule().run(),
+        fn: perTenant("subscription.trial.will.end", () => new SubscriptionTrialWillEndSchedule().run()),
         options: { runOnInit: true }
       },
       {
         name: "customer.subscription.will_canceled",
         time: notificationCronTime(),
-        fn: () => new SubscriptionWillCanceledSchedule().run(),
+        fn: perTenant("customer.subscription.will_canceled", () => new SubscriptionWillCanceledSchedule().run()),
         options: { runOnInit: true }
       },
       {
@@ -75154,34 +75442,34 @@ function init() {
       {
         name: "checkoutSession.cleanup.expired",
         time: expiredSessionCleanupCronTime(),
-        fn: async () => {
+        fn: perTenant("checkoutSession.cleanup.expired", async () => {
           const removedCount = await CheckoutSession.cleanupExpiredSessions();
           logger_default.info("CheckoutSession.cleanupExpiredSessions", { removedCount });
-        },
+        }),
         options: { runOnInit: true }
       },
       {
         name: "stripe.invoice.sync",
         time: stripeInvoiceCronTime(),
-        fn: batchHandleStripeInvoices,
+        fn: perTenant("stripe.invoice.sync", batchHandleStripeInvoices),
         options: { runOnInit: false }
       },
       {
         name: "stripe.payment.sync",
         time: stripePaymentCronTime(),
-        fn: batchHandleStripePayments,
+        fn: perTenant("stripe.payment.sync", batchHandleStripePayments),
         options: { runOnInit: false }
       },
       {
         name: "stripe.subscription.sync",
         time: stripeSubscriptionCronTime(),
-        fn: batchHandleStripeSubscriptions,
+        fn: perTenant("stripe.subscription.sync", batchHandleStripeSubscriptions),
         options: { runOnInit: false }
       },
       {
         name: "customer.stake.revoked",
         time: revokeStakeCronTime(),
-        fn: checkStakeRevokeTx,
+        fn: perTenant("customer.stake.revoked", checkStakeRevokeTx),
         options: { runOnInit: false }
       },
       {
@@ -75190,7 +75478,7 @@ function init() {
         // webhook missed). See blocklets/core/api/src/integrations/iap-reconcile.ts.
         name: "iap.reconcile",
         time: iapReconcileCronTime(),
-        fn: () => runIapReconcile(),
+        fn: perTenant("iap.reconcile", () => runIapReconcile()),
         options: { runOnInit: false }
       },
       {
@@ -75199,19 +75487,19 @@ function init() {
         // See blocklets/core/api/src/crons/retry-pending-events.ts.
         name: "event.retry",
         time: eventRetryCronTime(),
-        fn: () => retryPendingEvents(),
+        fn: perTenant("event.retry", () => retryPendingEvents()),
         options: { runOnInit: false }
       },
       {
         name: "payment.stat",
         time: paymentStatCronTime(),
-        fn: () => createPaymentStat(),
+        fn: perTenant("payment.stat", () => createPaymentStat()),
         options: { runOnInit: false }
       },
       {
         name: "payment.daily.report",
         time: overdueDetectionCronTime(),
-        fn: () => createOverdueDetection(),
+        fn: perTenant("payment.daily.report", () => createOverdueDetection()),
         options: { runOnInit: false }
       },
       {
@@ -75264,6 +75552,7 @@ var init_crons = __esm({
     init_overdue_detection();
     init_payment_stat2();
     init_retry_pending_events();
+    init_tenant_fanout();
     init_subscription_trial_will_end2();
     init_subscription_will_canceled2();
     init_subscription_will_renew2();
@@ -75283,7 +75572,7 @@ async function getPackResource(type) {
     const resources = await (0, import_component19.getPackResources)({
       types: [
         {
-          did: import_config10.env.componentDid,
+          did: import_config9.env.componentDid,
           type
         }
       ]
@@ -75293,17 +75582,17 @@ async function getPackResource(type) {
     }
     return null;
   } catch (error) {
-    console.error(`failed to get ${type} pack resource from ${import_config10.env.componentDid}`, error);
+    console.error(`failed to get ${type} pack resource from ${import_config9.env.componentDid}`, error);
     return null;
   }
 }
 async function getResourcesByType(type) {
   try {
     const pack = await getPackResource(type);
-    const resources = await (0, import_component19.getResources)({ types: [{ did: import_config10.env.componentDid, type }], skipRunningCheck: true });
+    const resources = await (0, import_component19.getResources)({ types: [{ did: import_config9.env.componentDid, type }], skipRunningCheck: true });
     return pack ? [pack, ...resources] : resources;
   } catch (error) {
-    console.error(`failed to get ${type} resources from ${import_config10.env.componentDid}`, error);
+    console.error(`failed to get ${type} resources from ${import_config9.env.componentDid}`, error);
     return [];
   }
 }
@@ -75319,7 +75608,7 @@ async function initPaywallResources() {
       console.info("try import paywall resource", resource);
       const config4 = JSON.parse(
         replace(import_fs5.default.readFileSync(import_path7.default.join(configPath, "config.json"), "utf8"), {
-          ...import_config10.env,
+          ...import_config9.env,
           monthPrice: resource.env?.MONTH_PRICE || "5",
           yearPrice: resource.env?.YEAR_PRICE || "30",
           passport: resource.env?.PASSPORT_NAME || "discussionSubscriber"
@@ -75509,14 +75798,14 @@ async function initPaywallResources() {
     }
   }
 }
-var import_fs5, import_path7, import_component19, import_config10, import_util199;
+var import_fs5, import_path7, import_component19, import_config9, import_util199;
 var init_resource3 = __esm({
   "../../blocklets/core/api/src/libs/resource.ts"() {
     "use strict";
     import_fs5 = __toESM(require("fs"));
     import_path7 = __toESM(require("path"));
     import_component19 = require("@blocklet/sdk/lib/component");
-    import_config10 = require("@blocklet/sdk/lib/config");
+    import_config9 = require("@blocklet/sdk/lib/config");
     import_util199 = require("@ocap/util");
     init_passport();
     init_locales();
@@ -75533,15 +75822,15 @@ __export(resource_exports2, {
   initResourceHandler: () => initResourceHandler
 });
 function initResourceHandler() {
-  import_config11.events.on(import_config11.Events.componentAdded, handlePaywallResources);
-  import_config11.events.on(import_config11.Events.componentStarted, handlePaywallResources);
-  import_config11.events.on(import_config11.Events.envUpdate, handlePaywallResources);
+  import_config10.events.on(import_config10.Events.componentAdded, handlePaywallResources);
+  import_config10.events.on(import_config10.Events.componentStarted, handlePaywallResources);
+  import_config10.events.on(import_config10.Events.envUpdate, handlePaywallResources);
 }
-var import_config11, handlePaywallResources;
+var import_config10, handlePaywallResources;
 var init_resource4 = __esm({
   "../../blocklets/core/api/src/integrations/blocklet/resource.ts"() {
     "use strict";
-    import_config11 = require("@blocklet/sdk/lib/config");
+    import_config10 = require("@blocklet/sdk/lib/config");
     init_logger();
     init_resource3();
     handlePaywallResources = () => {
@@ -76036,16 +76325,23 @@ async function startCheckoutSessionQueue() {
       expires_at: { [import_sequelize113.Op.lte]: now }
     }
   });
-  checkoutSessions.forEach(async (checkoutSession) => {
-    const exist = await checkoutSessionQueue.get(checkoutSession.id);
-    if (!exist) {
-      checkoutSessionQueue.push({
-        id: checkoutSession.id,
-        job: { id: checkoutSession.id, action: "expire" },
-        runAt: checkoutSession.expires_at
-      });
+  for (const checkoutSession of checkoutSessions) {
+    const dispatch = async () => {
+      const exist = await checkoutSessionQueue.get(checkoutSession.id);
+      if (!exist) {
+        checkoutSessionQueue.push({
+          id: checkoutSession.id,
+          job: { id: checkoutSession.id, action: "expire" },
+          runAt: checkoutSession.expires_at
+        });
+      }
+    };
+    try {
+      await (checkoutSession.instance_did ? withTenant(checkoutSession.instance_did, dispatch) : dispatch());
+    } catch (error) {
+      logger_default.error("startCheckoutSessionQueue: re-queue failed", { id: checkoutSession.id, error });
     }
-  });
+  }
 }
 var import_sequelize113, checkoutSessionQueue;
 var init_checkout_session2 = __esm({
@@ -76056,6 +76352,7 @@ var init_checkout_session2 = __esm({
     init_nft();
     init_passport();
     init_shared();
+    init_context();
     init_dayjs();
     init_event2();
     init_logger();
@@ -76621,6 +76918,9 @@ var init_discount_status = __esm({
 });
 
 // ../../blocklets/core/api/src/middlewares/hono/csrf.ts
+function csrfSecret() {
+  return readConfig("PAYMENT_CSRF_SECRET") || (0, import_csrf.getCsrfSecret)();
+}
 function csrf() {
   return async (c, next) => {
     const method = c.req.method.toUpperCase();
@@ -76628,7 +76928,7 @@ function csrf() {
     const existingCsrf = (0, import_cookie.getCookie)(c, "x-csrf-token");
     if (method === "GET") {
       if (loginToken) {
-        const newCsrf = (0, import_csrf.sign)((0, import_csrf.getCsrfSecret)(), loginToken);
+        const newCsrf = (0, import_csrf.sign)(csrfSecret(), loginToken);
         if (newCsrf !== existingCsrf) {
           (0, import_cookie.setCookie)(c, "x-csrf-token", newCsrf, { sameSite: "Strict", secure: true });
         }
@@ -76639,9 +76939,9 @@ function csrf() {
       if (c.req.path.includes("/mcp")) return next();
       if (isEmpty9(loginToken)) return next();
       if (isEmpty9(existingCsrf)) return next();
-      if ((0, import_wallet9.isDidWalletConnect)(c.req.header())) return next();
+      if ((0, import_wallet8.isDidWalletConnect)(c.req.header())) return next();
       const headerCsrf = c.req.header("x-csrf-token");
-      if (existingCsrf === headerCsrf && (0, import_csrf.verify)((0, import_csrf.getCsrfSecret)(), existingCsrf, loginToken)) {
+      if (existingCsrf === headerCsrf && (0, import_csrf.verify)(csrfSecret(), existingCsrf, loginToken)) {
         return next();
       }
       return c.text("Invalid request: csrf token mismatch, please refresh the page try again", 403);
@@ -76649,13 +76949,14 @@ function csrf() {
     return next();
   };
 }
-var import_cookie, import_csrf, import_wallet9, isEmpty9, MUTATING;
+var import_cookie, import_csrf, import_wallet8, isEmpty9, MUTATING;
 var init_csrf = __esm({
   "../../blocklets/core/api/src/middlewares/hono/csrf.ts"() {
     "use strict";
     import_cookie = require("hono/cookie");
     import_csrf = require("@blocklet/sdk/lib/util/csrf");
-    import_wallet9 = require("@blocklet/sdk/lib/util/wallet");
+    import_wallet8 = require("@blocklet/sdk/lib/util/wallet");
+    init_env();
     isEmpty9 = (v) => v === void 0 || v === null || v === "";
     MUTATING = ["POST", "PUT", "PATCH", "DELETE"];
   }
@@ -76680,8 +76981,8 @@ function cdn() {
   let transformer;
   return async (c, next) => {
     await next();
-    const assetHost = import_config12.env.assetCdnHost;
-    const did = import_config12.env.componentDid;
+    const assetHost = import_config11.env.assetCdnHost;
+    const did = import_config11.env.componentDid;
     if (!assetHost || !did) return;
     if (!shouldProcess(c.req.method.toUpperCase(), c.req.path, c.req.header("accept") || "")) return;
     const contentType = c.res.headers.get("content-type") || "";
@@ -76694,12 +76995,12 @@ function cdn() {
     c.res = rebuilt;
   };
 }
-var import_asset_host_transformer, import_config12, import_constant2, import_constant3;
+var import_asset_host_transformer, import_config11, import_constant2, import_constant3;
 var init_cdn = __esm({
   "../../blocklets/core/api/src/middlewares/hono/cdn.ts"() {
     "use strict";
     import_asset_host_transformer = require("@blocklet/sdk/lib/util/asset-host-transformer");
-    import_config12 = require("@blocklet/sdk/lib/config");
+    import_config11 = require("@blocklet/sdk/lib/config");
     import_constant2 = require("@abtnode/constant");
     import_constant3 = require("@blocklet/constant");
     init_env();
@@ -76745,6 +77046,7 @@ function contextMiddleware() {
       throw err;
     }
     return context.run({ requestId, requestedBy, instanceDid }, async () => {
+      await warmTenantIdentity(instanceDid);
       await next();
     });
   };
@@ -76758,6 +77060,7 @@ var init_context2 = __esm({
     init_context();
     init_tenant();
     init_identity();
+    init_tenant_identity();
   }
 });
 
@@ -76821,7 +77124,9 @@ function createFetchHandler(app42) {
       const method = request.method.toUpperCase();
       const hasBody = method !== "GET" && method !== "HEAD";
       const body = hasBody ? await request.arrayBuffer() : void 0;
-      return app42.fetch(new Request(url.toString(), { method, headers: request.headers, body }));
+      const headers = new Headers(request.headers);
+      if (!headers.has("x-path-prefix")) headers.set("x-path-prefix", basePath);
+      return app42.fetch(new Request(url.toString(), { method, headers, body }));
     }
     return app42.fetch(request);
   });
@@ -76872,10 +77177,17 @@ function connectHandlerModules() {
 function buildConnectRoutesHono() {
   const { handlers: handlers2 } = (init_auth(), __toCommonJS(auth_exports));
   const connectApp = new import_hono42.Hono();
+  connectApp.use("*", async (c, next) => {
+    const { context: requestCtx } = (init_context(), __toCommonJS(context_exports));
+    if (requestCtx.peekInstanceDid()) return next();
+    const { resolveTenantForHost: resolveTenantForHost2 } = (init_identity(), __toCommonJS(identity_exports));
+    const instanceDid = await resolveTenantForHost2(c.req.header("host"));
+    return requestCtx.withTenant(instanceDid, () => next());
+  });
   for (const h of connectHandlerModules()) handlers2.attach(Object.assign({ app: connectApp }, h));
   return connectApp;
 }
-function buildHonoApp(configureNative, getConnectApp) {
+function buildHonoApp(configureNative, getConnectApp, attachStatic) {
   const app42 = new import_hono42.Hono();
   app42.onError((err, c) => {
     logger_default.error("handle router error", err);
@@ -76891,14 +77203,7 @@ function buildHonoApp(configureNative, getConnectApp) {
   if (getConnectApp) {
     app42.route("/", getConnectApp());
   }
-  if (isProduction()) {
-    const { serveStatic } = require("@hono/node-server/serve-static");
-    const { fallback: fallback2 } = (init_fallback(), __toCommonJS(fallback_exports));
-    const staticDir = import_path8.default.resolve(blockletAppDir(), "dist");
-    const staticRoot = import_path8.default.relative(process.cwd(), staticDir) || ".";
-    app42.use("*", fallback2("index.html", { root: staticDir }));
-    app42.use("*", serveStatic({ root: staticRoot }));
-  }
+  attachStatic?.(app42);
   return app42;
 }
 function requireTenant() {
@@ -76942,7 +77247,9 @@ async function bootstrapTenant(instanceDid) {
   const { ensureWebhookRegistered: ensureWebhookRegistered2 } = (init_setup(), __toCommonJS(setup_exports));
   const { ensureCreateOverdraftProtectionPrices: ensureCreateOverdraftProtectionPrices2 } = (init_overdraft_protection(), __toCommonJS(overdraft_protection_exports));
   const { scheduleHealthChecks: scheduleHealthChecks2 } = (init_exchange_rate_health(), __toCommonJS(exchange_rate_health_exports));
+  const { warmTenantIdentity: warmTenantIdentity2 } = (init_tenant_identity(), __toCommonJS(tenant_identity_exports));
   await context.withTenant(instanceDid, async () => {
+    await warmTenantIdentity2(instanceDid);
     await Promise.resolve(syncCurrencyLogo2()).catch(
       (error) => logger_default.error("bootstrapTenant: syncCurrencyLogo failed", { instanceDid, error })
     );
@@ -76960,6 +77267,65 @@ async function bootstrapTenant(instanceDid) {
     );
   });
 }
+async function provisionTenant(instanceDid) {
+  if (!instanceDid || typeof instanceDid !== "string") {
+    throw new TenantError(TENANT_CONTEXT_MISSING, "provisionTenant requires an instanceDid");
+  }
+  const { fromTokenToUnit: fromTokenToUnit31 } = require("@ocap/util");
+  const { PaymentMethod: PaymentMethod3, PaymentCurrency: PaymentCurrency3 } = (init_models(), __toCommonJS(models_exports));
+  const CHAINS = [
+    { chainId: "main", livemode: true, symbol: "ABT", label: "ArcBlock Main", contract: "z35nNRvYxBoHitx9yZ5ATS88psfShzPPBLxYD" },
+    { chainId: "beta", livemode: false, symbol: "TBA", label: "ArcBlock Beta", contract: "z35n6UoHSi9MED4uaQy6ozFgKPaZj2UKrurBG" }
+  ];
+  await context.withTenant(instanceDid, async () => {
+    const existing = await PaymentMethod3.findOne({ where: { type: "arcblock" } });
+    if (existing) return;
+    for (const chain of CHAINS) {
+      const logo = "/methods/arcblock.png";
+      const method = await PaymentMethod3.create({
+        instance_did: instanceDid,
+        active: true,
+        livemode: chain.livemode,
+        locked: true,
+        type: "arcblock",
+        name: chain.label,
+        description: `Process payments with tokens on ArcBlock ${chain.chainId} chain`,
+        logo,
+        confirmation: { type: "immediate" },
+        settings: {
+          arcblock: {
+            chain_id: chain.chainId,
+            api_host: `https://${chain.chainId}.abtnetwork.io/api/`,
+            explorer_host: `https://${chain.chainId}.abtnetwork.io/explorer/`
+          }
+        },
+        features: { recurring: true, refund: true, dispute: false },
+        metadata: {}
+      });
+      const currency = await PaymentCurrency3.create({
+        instance_did: instanceDid,
+        active: true,
+        livemode: chain.livemode,
+        locked: true,
+        is_base_currency: true,
+        payment_method_id: method.id,
+        type: "standard",
+        name: chain.symbol,
+        description: chain.symbol,
+        logo,
+        symbol: chain.symbol,
+        decimal: 18,
+        minimum_payment_amount: fromTokenToUnit31(0.1, 18).toString(),
+        maximum_precision: 6,
+        maximum_payment_amount: fromTokenToUnit31(1e8, 18).toString(),
+        contract: chain.contract,
+        metadata: {}
+      });
+      await method.update({ default_currency_id: currency.id });
+    }
+    logger_default.info("provisionTenant: seeded arcblock payment methods + currencies", { instanceDid });
+  });
+}
 async function startBackgroundServices() {
   if (servicesStarted) {
     logger_default.info("payment core background services already started, skipping");
@@ -77059,6 +77425,8 @@ function createEmbeddedPaymentService(slots) {
     throw new MissingConfigError("BLOCKLET_APP_PID");
   }
   const { initialize: initialize2 } = (init_models(), __toCommonJS(models_exports));
+  const { setDefaultSequelize: setDefaultSequelize2 } = (init_sequelize(), __toCommonJS(sequelize_exports));
+  setDefaultSequelize2(slots.db.sequelize);
   initialize2(slots.db.sequelize);
   if (slots.locks) {
     const { setLocksDriver: setLocksDriver2 } = (init_lock(), __toCommonJS(lock_exports));
@@ -77068,6 +77436,11 @@ function createEmbeddedPaymentService(slots) {
   if (slots.queue) setQueueHostHooks3(slots.queue);
   if (slots.cron) setCronDriver3(slots.cron);
   if (slots.secrets) setSecretsDriver3(slots.secrets);
+  if (slots.didConnectRuntime || slots.storage) {
+    const { setDidConnectRuntime: setDidConnectRuntime2, setDidConnectTokenStorage: setDidConnectTokenStorage2 } = (init_auth(), __toCommonJS(auth_exports));
+    if (slots.didConnectRuntime) setDidConnectRuntime2(slots.didConnectRuntime);
+    if (slots.storage) setDidConnectTokenStorage2(slots.storage);
+  }
   if (slots.identity) setIdentityDriver3(slots.identity);
   if (slots.tenancy && slots.tenancy.mode === "single" && slots.tenancy.instanceDid) {
     const { setDefaultInstanceDid: setDefaultInstanceDid2 } = (init_tenant(), __toCommonJS(tenant_exports));
@@ -77086,10 +77459,15 @@ function createEmbeddedPaymentService(slots) {
   const getHonoApp = memo(() => {
     const { configureNativePipeline: configureNativePipeline2, fullPipeline: fullPipeline2 } = (init_pipeline(), __toCommonJS(pipeline_exports));
     const { mountMigratedResources: mountMigratedResources2 } = (init_hono(), __toCommonJS(hono_exports));
-    return buildHonoApp((native) => {
-      configureNativePipeline2(native);
-      mountMigratedResources2(native, { appShell: fullPipeline2() });
-    }, getConnectRoutesHono);
+    return buildHonoApp(
+      (native) => {
+        configureNativePipeline2(native);
+        mountMigratedResources2(native, { appShell: fullPipeline2() });
+      },
+      getConnectRoutesHono,
+      // S3-CF Phase 1 ①: host-provided static/SPA shell (node injects it; CF omits).
+      slots.staticHandler
+    );
   });
   let fetchHandler = null;
   const getFetchHandler = () => {
@@ -77130,14 +77508,14 @@ function createEmbeddedPaymentService(slots) {
     },
     rpc,
     lifecycle,
-    bootstrapTenant
+    bootstrapTenant,
+    provisionTenant
   };
 }
-var import_path8, import_error12, import_hono42, PaymentCoreSlotError, MissingConfigError, TenancySlotError, VALID_TENANT_MODES, servicesStarted, listInstanceDidsHook;
+var import_error12, import_hono42, PaymentCoreSlotError, MissingConfigError, TenancySlotError, VALID_TENANT_MODES, servicesStarted, listInstanceDidsHook;
 var init_service2 = __esm({
   "../../blocklets/core/api/src/service.ts"() {
     "use strict";
-    import_path8 = __toESM(require("path"));
     import_error12 = require("@blocklet/error");
     import_hono42 = require("hono");
     init_env();
@@ -77183,10 +77561,13 @@ __export(src_exports, {
   createD1LocksDriver: () => createD1LocksDriver2,
   createDefaultIdentityDriver: () => createDefaultIdentityDriver2,
   createDefaultSecretsDriver: () => createDefaultSecretsDriver2,
+  createEmbeddedIdentityServices: () => createEmbeddedIdentityServices2,
   createEmbeddedPaymentService: () => createEmbeddedPaymentService2,
   createKeyringSecretsDriver: () => createKeyringSecretsDriver2,
   createMemoryLocksDriver: () => createMemoryLocksDriver2,
   createNodeDbDriver: () => createNodeDbDriver2,
+  createNodeDidConnectRuntime: () => createNodeDidConnectRuntime2,
+  createNodeStaticHandler: () => createNodeStaticHandler2,
   getCronDriver: () => getCronDriver2,
   getIdentityDriver: () => getIdentityDriver2,
   getPaymentCoreSqlMigrations: () => getPaymentCoreSqlMigrations,
@@ -77282,6 +77663,18 @@ function shouldRunInWindow2(expr, date) {
 }
 
 // src/index.ts
+function createNodeStaticHandler2(webRoot) {
+  const mod = (init_serve_static_arc(), __toCommonJS(serve_static_arc_exports));
+  return mod.createNodeStaticHandler(webRoot);
+}
+function createNodeDidConnectRuntime2(opts) {
+  const mod = (init_did_connect_runtime_node(), __toCommonJS(did_connect_runtime_node_exports));
+  return mod.createNodeDidConnectRuntime(opts);
+}
+function createEmbeddedIdentityServices2() {
+  const mod = (init_tenant_identity(), __toCommonJS(tenant_identity_exports));
+  return mod.createEmbeddedIdentityServices();
+}
 function createEmbeddedPaymentService2(slots) {
   const core = (init_service2(), __toCommonJS(service_exports));
   return core.createEmbeddedPaymentService(slots);
@@ -77296,10 +77689,13 @@ function createEmbeddedPaymentService2(slots) {
   createD1LocksDriver,
   createDefaultIdentityDriver,
   createDefaultSecretsDriver,
+  createEmbeddedIdentityServices,
   createEmbeddedPaymentService,
   createKeyringSecretsDriver,
   createMemoryLocksDriver,
   createNodeDbDriver,
+  createNodeDidConnectRuntime,
+  createNodeStaticHandler,
   getCronDriver,
   getIdentityDriver,
   getPaymentCoreSqlMigrations,