@arcblock/payment-service 1.29.3-beta-frontend-serve.4 → 1.29.3

package/dist/index.js

@@ -1026,36 +1026,6 @@ var init_serve_static_arc = __esm({
   }
 });
 
-// ../../blocklets/core/api/src/libs/logger.ts
-function resolveLogger() {
-  if (resolved) return resolved;
-  try {
-    const createLogger = require("@blocklet/logger");
-    resolved = createLogger("app");
-  } catch {
-    resolved = {
-      debug: (...args) => console.debug(...args),
-      info: (...args) => console.info(...args),
-      error: (...args) => console.error(...args),
-      warn: (...args) => console.warn(...args)
-    };
-  }
-  return resolved;
-}
-var resolved, logger, logger_default;
-var init_logger = __esm({
-  "../../blocklets/core/api/src/libs/logger.ts"() {
-    "use strict";
-    logger = {
-      debug: (...args) => resolveLogger().debug(...args),
-      info: (...args) => resolveLogger().info(...args),
-      error: (...args) => resolveLogger().error(...args),
-      warn: (...args) => resolveLogger().warn(...args)
-    };
-    logger_default = logger;
-  }
-});
-
 // ../../blocklets/core/api/src/libs/context.ts
 var context_exports = {};
 __export(context_exports, {
@@ -1184,6 +1154,231 @@ var init_context = __esm({
   }
 });
 
+// ../../blocklets/core/api/src/libs/logger.ts
+function resolveLogger() {
+  if (resolved) return resolved;
+  try {
+    const createLogger = require("@blocklet/logger");
+    resolved = createLogger("app");
+  } catch {
+    resolved = {
+      debug: (...args) => console.debug(...args),
+      info: (...args) => console.info(...args),
+      error: (...args) => console.error(...args),
+      warn: (...args) => console.warn(...args)
+    };
+  }
+  return resolved;
+}
+var resolved, logger, logger_default;
+var init_logger = __esm({
+  "../../blocklets/core/api/src/libs/logger.ts"() {
+    "use strict";
+    logger = {
+      debug: (...args) => resolveLogger().debug(...args),
+      info: (...args) => resolveLogger().info(...args),
+      error: (...args) => resolveLogger().error(...args),
+      warn: (...args) => resolveLogger().warn(...args)
+    };
+    logger_default = logger;
+  }
+});
+
+// ../../blocklets/core/api/src/libs/did-connect/tenant-identity.ts
+var tenant_identity_exports = {};
+__export(tenant_identity_exports, {
+  clearTenantIdentityCache: () => clearTenantIdentityCache,
+  createEmbeddedIdentityServices: () => createEmbeddedIdentityServices,
+  getCachedTenantIdentity: () => getCachedTenantIdentity,
+  hasDynamicIdentity: () => hasDynamicIdentity,
+  resolveTenantIdentity: () => resolveTenantIdentity,
+  warmTenantIdentity: () => warmTenantIdentity
+});
+function cacheIdentity(instanceDid, value) {
+  identityCache.set(instanceDid, { value, expiry: Date.now() + IDENTITY_TTL_MS });
+  if (identityCache.size > IDENTITY_CACHE_MAX) {
+    const oldest = identityCache.keys().next().value;
+    if (oldest !== void 0) identityCache.delete(oldest);
+  }
+}
+function clearTenantIdentityCache(instanceDid) {
+  if (instanceDid) identityCache.delete(instanceDid);
+  else identityCache.clear();
+}
+function hasDynamicIdentity() {
+  return typeof getIdentityDriver().getInstanceAppIdentity === "function";
+}
+async function resolveTenantIdentity(instanceDidArg) {
+  const instanceDid = instanceDidArg ?? getInstanceDid();
+  const cached = identityCache.get(instanceDid);
+  if (cached && cached.expiry > Date.now()) return cached.value;
+  const driver = getIdentityDriver();
+  if (typeof driver.getInstanceAppIdentity !== "function") {
+    throw new Error(
+      "resolveTenantIdentity: the active IdentityDriver does not implement getInstanceAppIdentity \u2014 a non-blocklet-server DID-Connect runtime requires an AUTH_SERVICE-backed identity driver"
+    );
+  }
+  const identity = await driver.getInstanceAppIdentity(instanceDid);
+  if (!identity || !identity.appSk) {
+    throw new Error(`resolveTenantIdentity: no app signing key for instance "${instanceDid}" (fail-closed)`);
+  }
+  if (identity.appSk.length < 66) {
+    throw new Error(
+      `resolveTenantIdentity: appSk for instance "${instanceDid}" is too short (${identity.appSk.length} chars) to derive a wallet (fail-closed)`
+    );
+  }
+  const wallet2 = (0, import_wallet.fromSecretKey)(identity.appSk, walletType);
+  const ethWallet2 = (0, import_wallet.fromSecretKey)(identity.appSk.slice(0, 66), ethWalletType);
+  const permanentWallet = identity.appPsk ? (0, import_wallet.fromSecretKey)(identity.appPsk, walletType) : wallet2;
+  const value = {
+    instanceDid,
+    wallet: wallet2,
+    ethWallet: ethWallet2,
+    permanentWallet,
+    appInfo: identity.appInfo ?? {}
+  };
+  cacheIdentity(instanceDid, value);
+  return value;
+}
+function getCachedTenantIdentity(instanceDidArg) {
+  const instanceDid = instanceDidArg ?? getInstanceDid();
+  const cached = identityCache.get(instanceDid);
+  if (!cached || cached.expiry <= Date.now()) {
+    throw new Error(
+      `tenant identity for "${instanceDid}" is not resolved (fail-closed) \u2014 warmTenantIdentity must run in the request/job scope before any wallet access`
+    );
+  }
+  return cached.value;
+}
+async function warmTenantIdentity(instanceDidArg) {
+  if (!hasDynamicIdentity()) return;
+  try {
+    await resolveTenantIdentity(instanceDidArg);
+  } catch (err) {
+    logger_default.warn("[tenant-identity] warm failed \u2014 wallet access will fail-closed", {
+      error: err instanceof Error ? err.message : String(err)
+    });
+  }
+}
+function createEmbeddedIdentityServices() {
+  return {
+    getBusinessWallet(chain) {
+      const identity = getCachedTenantIdentity();
+      return chain === "ethereum" ? identity.ethWallet : identity.wallet;
+    },
+    directory() {
+      return EMBEDDED_DIRECTORY;
+    }
+  };
+}
+var Mcrypto, import_wallet, walletType, ethWalletType, IDENTITY_TTL_MS, IDENTITY_CACHE_MAX, identityCache, EMBEDDED_DIRECTORY;
+var init_tenant_identity = __esm({
+  "../../blocklets/core/api/src/libs/did-connect/tenant-identity.ts"() {
+    "use strict";
+    Mcrypto = __toESM(require("@ocap/mcrypto"));
+    import_wallet = require("@ocap/wallet");
+    init_context();
+    init_drivers();
+    init_logger();
+    walletType = {
+      role: Mcrypto.types.RoleType.ROLE_APPLICATION,
+      pk: Mcrypto.types.KeyType.ED25519,
+      hash: Mcrypto.types.HashType.SHA3
+    };
+    ethWalletType = (0, import_wallet.WalletType)("ethereum");
+    IDENTITY_TTL_MS = 5 * 60 * 1e3;
+    IDENTITY_CACHE_MAX = 512;
+    identityCache = /* @__PURE__ */ new Map();
+    EMBEDDED_DIRECTORY = {
+      getUser(did) {
+        if (!did) return { user: null };
+        return {
+          user: { did, fullName: did, email: "", phone: "", remark: "", connectedAccounts: [{ provider: "wallet", did }] }
+        };
+      },
+      getUsers() {
+        return { users: [] };
+      },
+      getVault() {
+        return null;
+      },
+      getBlocklet() {
+        return { id: "", site: { id: "" } };
+      }
+    };
+  }
+});
+
+// ../../blocklets/core/api/src/libs/did-connect/runtime-did-connect-js.ts
+function createDidConnectJsRuntime(opts) {
+  const fallbackAppInfo = { ...DEFAULT_APP_INFO, ...opts.defaultAppInfo ?? {} };
+  return {
+    tokenStorage: opts.tokenStorage,
+    createAuthenticator() {
+      const { WalletAuthenticator } = require("@arcblock/did-connect-js");
+      const config4 = {
+        // Function-valued, per-tenant: resolve the signing wallet from the host
+        // IdentityDriver.getInstanceAppIdentity each time the authenticator signs.
+        // `.toJSON()` matches the standalone worker (the SDK reconstructs the full
+        // wallet — incl. sk — via fromJSON before signing).
+        wallet: async () => {
+          const { wallet: wallet2 } = await resolveTenantIdentity();
+          return wallet2.toJSON();
+        },
+        appInfo: async ({ baseUrl } = {}) => {
+          const { appInfo } = await resolveTenantIdentity();
+          return {
+            name: appInfo.name || fallbackAppInfo.name,
+            description: appInfo.description || fallbackAppInfo.description,
+            icon: appInfo.icon || fallbackAppInfo.icon,
+            link: appInfo.link || baseUrl
+          };
+        },
+        timeout: opts.timeout ?? 3e4
+      };
+      if (opts.chainInfo) config4.chainInfo = opts.chainInfo;
+      if (opts.txEncoder) config4.txEncoder = opts.txEncoder;
+      return new WalletAuthenticator(config4);
+    },
+    createHandlers({ authenticator: authenticator2, tokenStorage }) {
+      const { WalletHandlers } = require("@arcblock/did-connect-js");
+      return new WalletHandlers({ authenticator: authenticator2, tokenStorage });
+    }
+  };
+}
+var DEFAULT_APP_INFO;
+var init_runtime_did_connect_js = __esm({
+  "../../blocklets/core/api/src/libs/did-connect/runtime-did-connect-js.ts"() {
+    "use strict";
+    init_tenant_identity();
+    DEFAULT_APP_INFO = {
+      name: "Payment Kit",
+      description: "Payment Kit",
+      icon: "https://www.arcblock.io/favicon.ico"
+    };
+  }
+});
+
+// ../../blocklets/core/api/src/host-node/did-connect-runtime-node.ts
+var did_connect_runtime_node_exports = {};
+__export(did_connect_runtime_node_exports, {
+  createNodeDidConnectRuntime: () => createNodeDidConnectRuntime
+});
+function createNodeDidConnectRuntime(opts) {
+  const { createTxEncoder } = require("@ocap/client/encode");
+  return createDidConnectJsRuntime({
+    tokenStorage: opts?.tokenStorage,
+    txEncoder: createTxEncoder(),
+    timeout: opts?.timeout ?? 3e4
+  });
+}
+var init_did_connect_runtime_node = __esm({
+  "../../blocklets/core/api/src/host-node/did-connect-runtime-node.ts"() {
+    "use strict";
+    init_runtime_did_connect_js();
+  }
+});
+
 // ../../blocklets/core/api/src/middlewares/hono/xss.ts
 function xss() {
   return async (c, next) => {
@@ -1398,89 +1593,6 @@ var init_dayjs = __esm({
   }
 });
 
-// ../../blocklets/core/api/src/libs/did-connect/tenant-identity.ts
-var tenant_identity_exports = {};
-__export(tenant_identity_exports, {
-  clearTenantIdentityCache: () => clearTenantIdentityCache,
-  getCachedTenantIdentity: () => getCachedTenantIdentity,
-  hasDynamicIdentity: () => hasDynamicIdentity,
-  resolveTenantIdentity: () => resolveTenantIdentity,
-  warmTenantIdentity: () => warmTenantIdentity
-});
-function clearTenantIdentityCache(instanceDid) {
-  if (instanceDid) identityCache.delete(instanceDid);
-  else identityCache.clear();
-}
-function hasDynamicIdentity() {
-  return typeof getIdentityDriver().getInstanceAppIdentity === "function";
-}
-async function resolveTenantIdentity(instanceDidArg) {
-  const instanceDid = instanceDidArg ?? getInstanceDid();
-  const cached = identityCache.get(instanceDid);
-  if (cached && cached.expiry > Date.now()) return cached.value;
-  const driver = getIdentityDriver();
-  if (typeof driver.getInstanceAppIdentity !== "function") {
-    throw new Error(
-      "resolveTenantIdentity: the active IdentityDriver does not implement getInstanceAppIdentity \u2014 a non-blocklet-server DID-Connect runtime requires an AUTH_SERVICE-backed identity driver"
-    );
-  }
-  const identity = await driver.getInstanceAppIdentity(instanceDid);
-  if (!identity || !identity.appSk) {
-    throw new Error(`resolveTenantIdentity: no app signing key for instance "${instanceDid}" (fail-closed)`);
-  }
-  const wallet3 = (0, import_wallet.fromSecretKey)(identity.appSk, walletType);
-  const ethWallet2 = (0, import_wallet.fromSecretKey)(identity.appSk.slice(0, 66), ethWalletType);
-  const permanentWallet = identity.appPsk ? (0, import_wallet.fromSecretKey)(identity.appPsk, walletType) : wallet3;
-  const value = {
-    instanceDid,
-    wallet: wallet3,
-    ethWallet: ethWallet2,
-    permanentWallet,
-    appInfo: identity.appInfo ?? {}
-  };
-  identityCache.set(instanceDid, { value, expiry: Date.now() + IDENTITY_TTL_MS });
-  return value;
-}
-function getCachedTenantIdentity(instanceDidArg) {
-  const instanceDid = instanceDidArg ?? getInstanceDid();
-  const cached = identityCache.get(instanceDid);
-  if (!cached || cached.expiry <= Date.now()) {
-    throw new Error(
-      `tenant identity for "${instanceDid}" is not resolved (fail-closed) \u2014 warmTenantIdentity must run in the request/job scope before any wallet access`
-    );
-  }
-  return cached.value;
-}
-async function warmTenantIdentity(instanceDidArg) {
-  if (!hasDynamicIdentity()) return;
-  try {
-    await resolveTenantIdentity(instanceDidArg);
-  } catch (err) {
-    logger_default.warn("[tenant-identity] warm failed \u2014 wallet access will fail-closed", {
-      error: err?.message || String(err)
-    });
-  }
-}
-var Mcrypto, import_wallet, walletType, ethWalletType, IDENTITY_TTL_MS, identityCache;
-var init_tenant_identity = __esm({
-  "../../blocklets/core/api/src/libs/did-connect/tenant-identity.ts"() {
-    "use strict";
-    Mcrypto = __toESM(require("@ocap/mcrypto"));
-    import_wallet = require("@ocap/wallet");
-    init_context();
-    init_drivers();
-    init_logger();
-    walletType = {
-      role: Mcrypto.types.RoleType.ROLE_APPLICATION,
-      pk: Mcrypto.types.KeyType.ED25519,
-      hash: Mcrypto.types.HashType.SHA3
-    };
-    ethWalletType = (0, import_wallet.WalletType)("ethereum");
-    IDENTITY_TTL_MS = 5 * 60 * 1e3;
-    identityCache = /* @__PURE__ */ new Map();
-  }
-});
-
 // ../../blocklets/core/api/src/libs/auth.ts
 var auth_exports = {};
 __export(auth_exports, {
@@ -1534,10 +1646,9 @@ function makeWallet(...args) {
   return getWallet(...args);
 }
 function activeBusinessWallet(chain) {
-  const { hasDynamicIdentity: hasDynamicIdentity2, getCachedTenantIdentity: getCachedTenantIdentity2 } = (init_tenant_identity(), __toCommonJS(tenant_identity_exports));
-  if (hasDynamicIdentity2()) {
-    const identity = getCachedTenantIdentity2();
-    return chain === "ethereum" ? identity.ethWallet : identity.wallet;
+  const driver = getIdentityDriver();
+  if (typeof driver.getBusinessWallet === "function") {
+    return driver.getBusinessWallet(chain);
   }
   return chain === "ethereum" ? envEthWallet : envWallet;
 }
@@ -1616,6 +1727,7 @@ var init_auth = __esm({
     import_os = __toESM(require("os"));
     import_path2 = __toESM(require("path"));
     init_env();
+    init_drivers();
     init_logger();
     notificationPatched = false;
     envWallet = lazyProxy(() => makeWallet());
@@ -1630,6 +1742,10 @@ var init_auth = __esm({
       return activeRuntime().createHandlers({ authenticator, tokenStorage });
     });
     blocklet = lazyProxy(() => {
+      const driver = getIdentityDriver();
+      if (typeof driver.directory === "function") {
+        return driver.directory();
+      }
       ensureNotificationPatch();
       const { BlockletService: BlockletService2 } = require("@blocklet/sdk/service/auth");
       return new BlockletService2();
@@ -6528,7 +6644,7 @@ function authenticate({
     if (embed && embedToken && embedId) {
       let embedOk = false;
       try {
-        const w = wallet2();
+        const w = wallet;
         const verified = await w.verify(embedId, embedToken);
         if (!verified) {
           return c.json({ error: `Invalid signature for embed: ${embedId}` }, 401);
@@ -6595,7 +6711,7 @@ function authenticate({
     return c.json({ error: "Not authorized to perform this action" }, 403);
   };
 }
-var import_verify_sign, import_verify_session, wallet2;
+var import_verify_sign, import_verify_session;
 var init_security = __esm({
   "../../blocklets/core/api/src/middlewares/hono/security.ts"() {
     "use strict";
@@ -6604,7 +6720,6 @@ var init_security = __esm({
     init_env();
     init_auth();
     init_customer();
-    wallet2 = () => wallet;
   }
 });
 
@@ -15072,9 +15187,9 @@ var init_remote_signer = __esm({
     "use strict";
     import_ethers = require("ethers");
     RemoteSigner = class _RemoteSigner extends import_ethers.ethers.AbstractSigner {
-      constructor(wallet3, provider) {
+      constructor(wallet2, provider) {
         super(provider);
-        this.wallet = wallet3;
+        this.wallet = wallet2;
       }
       /**
        * Returns the address of the signer
@@ -29246,7 +29361,10 @@ function injectJobTenant(job) {
   return { ...job, instance_did: context.getInstanceDid() };
 }
 async function warmThenRun(onJob, job) {
-  const { warmTenantIdentity: warmTenantIdentity2 } = (init_tenant_identity(), __toCommonJS(tenant_identity_exports));
+  const { warmTenantIdentity: warmTenantIdentity2 } = (
+    // eslint-disable-next-line global-require
+    (init_tenant_identity(), __toCommonJS(tenant_identity_exports))
+  );
   await warmTenantIdentity2();
   return onJob(job);
 }
@@ -39962,6 +40080,7 @@ var init_payment2 = __esm({
     init_token();
     init_audit();
     init_auth();
+    init_context();
     init_dayjs();
     init_error();
     init_event2();
@@ -40905,16 +41024,23 @@ var init_payment2 = __esm({
           capture_method: "automatic"
         }
       });
-      payments.forEach(async (x) => {
-        const supportAutoCharge = await PaymentMethod.supportAutoCharge(x.payment_method_id);
-        if (supportAutoCharge === false) {
-          return;
-        }
-        const exist = await paymentQueue.get(x.id);
-        if (!exist) {
-          paymentQueue.push({ id: x.id, job: { paymentIntentId: x.id } });
+      for (const x of payments) {
+        const dispatch = async () => {
+          const supportAutoCharge = await PaymentMethod.supportAutoCharge(x.payment_method_id);
+          if (supportAutoCharge === false) {
+            return;
+          }
+          const exist = await paymentQueue.get(x.id);
+          if (!exist) {
+            paymentQueue.push({ id: x.id, job: { paymentIntentId: x.id } });
+          }
+        };
+        try {
+          await (x.instance_did ? withTenant(x.instance_did, dispatch) : dispatch());
+        } catch (error) {
+          logger_default.error("startPaymentQueue: re-queue failed", { id: x.id, error });
         }
-      });
+      }
     };
     paymentQueue.on("failed", ({ id, job, error }) => {
       logger_default.error("Payment job failed", { id, job, error });
@@ -72444,6 +72570,7 @@ var init_refund3 = __esm({
     init_subscription2();
     init_token();
     init_auth();
+    init_context();
     init_error();
     init_event2();
     init_logger();
@@ -72821,13 +72948,20 @@ var init_refund3 = __esm({
     });
     startRefundQueue = async () => {
       const refunds = await systemFindAll(Refund, { where: { status: ["pending"] } });
-      refunds.forEach(async (x) => {
-        const exist = await refundQueue.get(x.id);
-        if (!exist) {
-          refundQueue.push({ id: x.id, job: { refundId: x.id } });
-          logger_default.info("Re-queued pending refund", { id: x.id });
+      for (const x of refunds) {
+        const dispatch = async () => {
+          const exist = await refundQueue.get(x.id);
+          if (!exist) {
+            refundQueue.push({ id: x.id, job: { refundId: x.id } });
+            logger_default.info("Re-queued pending refund", { id: x.id });
+          }
+        };
+        try {
+          await (x.instance_did ? withTenant(x.instance_did, dispatch) : dispatch());
+        } catch (error) {
+          logger_default.error("startRefundQueue: re-queue failed", { id: x.id, error });
         }
-      });
+      }
     };
     refundQueue.on("failed", ({ id, job, error }) => {
       logger_default.error("refund job failed", { id, job, error });
@@ -74779,6 +74913,7 @@ var init_payout3 = __esm({
     init_payment();
     init_queue2();
     init_auth();
+    init_context();
     init_token();
     init_payment_method();
     init_payment_currency();
@@ -74825,23 +74960,30 @@ var init_payout3 = __esm({
           status: "pending"
         }
       });
-      payouts.forEach(async (payout) => {
-        const exist = await payoutQueue.get(payout.id);
-        if (!exist) {
-          if (payout.next_attempt && payout.next_attempt > dayjs_default().unix()) {
-            payoutQueue.push({
-              id: payout.id,
-              job: { payoutId: payout.id, retryOnError: true },
-              runAt: payout.next_attempt
-            });
-          } else {
-            payoutQueue.push({
-              id: payout.id,
-              job: { payoutId: payout.id, retryOnError: true }
-            });
+      for (const payout of payouts) {
+        const dispatch = async () => {
+          const exist = await payoutQueue.get(payout.id);
+          if (!exist) {
+            if (payout.next_attempt && payout.next_attempt > dayjs_default().unix()) {
+              payoutQueue.push({
+                id: payout.id,
+                job: { payoutId: payout.id, retryOnError: true },
+                runAt: payout.next_attempt
+              });
+            } else {
+              payoutQueue.push({
+                id: payout.id,
+                job: { payoutId: payout.id, retryOnError: true }
+              });
+            }
           }
+        };
+        try {
+          await (payout.instance_did ? withTenant(payout.instance_did, dispatch) : dispatch());
+        } catch (error) {
+          logger_default.error("startPayoutQueue: re-queue failed", { id: payout.id, error });
         }
-      });
+      }
     };
     events.on("payout.created", async (payout) => {
       if (payout.status === "pending") {
@@ -76183,16 +76325,23 @@ async function startCheckoutSessionQueue() {
       expires_at: { [import_sequelize113.Op.lte]: now }
     }
   });
-  checkoutSessions.forEach(async (checkoutSession) => {
-    const exist = await checkoutSessionQueue.get(checkoutSession.id);
-    if (!exist) {
-      checkoutSessionQueue.push({
-        id: checkoutSession.id,
-        job: { id: checkoutSession.id, action: "expire" },
-        runAt: checkoutSession.expires_at
-      });
+  for (const checkoutSession of checkoutSessions) {
+    const dispatch = async () => {
+      const exist = await checkoutSessionQueue.get(checkoutSession.id);
+      if (!exist) {
+        checkoutSessionQueue.push({
+          id: checkoutSession.id,
+          job: { id: checkoutSession.id, action: "expire" },
+          runAt: checkoutSession.expires_at
+        });
+      }
+    };
+    try {
+      await (checkoutSession.instance_did ? withTenant(checkoutSession.instance_did, dispatch) : dispatch());
+    } catch (error) {
+      logger_default.error("startCheckoutSessionQueue: re-queue failed", { id: checkoutSession.id, error });
     }
-  });
+  }
 }
 var import_sequelize113, checkoutSessionQueue;
 var init_checkout_session2 = __esm({
@@ -76203,6 +76352,7 @@ var init_checkout_session2 = __esm({
     init_nft();
     init_passport();
     init_shared();
+    init_context();
     init_dayjs();
     init_event2();
     init_logger();
@@ -76974,7 +77124,9 @@ function createFetchHandler(app42) {
       const method = request.method.toUpperCase();
       const hasBody = method !== "GET" && method !== "HEAD";
       const body = hasBody ? await request.arrayBuffer() : void 0;
-      return app42.fetch(new Request(url.toString(), { method, headers: request.headers, body }));
+      const headers = new Headers(request.headers);
+      if (!headers.has("x-path-prefix")) headers.set("x-path-prefix", basePath);
+      return app42.fetch(new Request(url.toString(), { method, headers, body }));
     }
     return app42.fetch(request);
   });
@@ -77095,7 +77247,9 @@ async function bootstrapTenant(instanceDid) {
   const { ensureWebhookRegistered: ensureWebhookRegistered2 } = (init_setup(), __toCommonJS(setup_exports));
   const { ensureCreateOverdraftProtectionPrices: ensureCreateOverdraftProtectionPrices2 } = (init_overdraft_protection(), __toCommonJS(overdraft_protection_exports));
   const { scheduleHealthChecks: scheduleHealthChecks2 } = (init_exchange_rate_health(), __toCommonJS(exchange_rate_health_exports));
+  const { warmTenantIdentity: warmTenantIdentity2 } = (init_tenant_identity(), __toCommonJS(tenant_identity_exports));
   await context.withTenant(instanceDid, async () => {
+    await warmTenantIdentity2(instanceDid);
     await Promise.resolve(syncCurrencyLogo2()).catch(
       (error) => logger_default.error("bootstrapTenant: syncCurrencyLogo failed", { instanceDid, error })
     );
@@ -77407,10 +77561,12 @@ __export(src_exports, {
   createD1LocksDriver: () => createD1LocksDriver2,
   createDefaultIdentityDriver: () => createDefaultIdentityDriver2,
   createDefaultSecretsDriver: () => createDefaultSecretsDriver2,
+  createEmbeddedIdentityServices: () => createEmbeddedIdentityServices2,
   createEmbeddedPaymentService: () => createEmbeddedPaymentService2,
   createKeyringSecretsDriver: () => createKeyringSecretsDriver2,
   createMemoryLocksDriver: () => createMemoryLocksDriver2,
   createNodeDbDriver: () => createNodeDbDriver2,
+  createNodeDidConnectRuntime: () => createNodeDidConnectRuntime2,
   createNodeStaticHandler: () => createNodeStaticHandler2,
   getCronDriver: () => getCronDriver2,
   getIdentityDriver: () => getIdentityDriver2,
@@ -77511,6 +77667,14 @@ function createNodeStaticHandler2(webRoot) {
   const mod = (init_serve_static_arc(), __toCommonJS(serve_static_arc_exports));
   return mod.createNodeStaticHandler(webRoot);
 }
+function createNodeDidConnectRuntime2(opts) {
+  const mod = (init_did_connect_runtime_node(), __toCommonJS(did_connect_runtime_node_exports));
+  return mod.createNodeDidConnectRuntime(opts);
+}
+function createEmbeddedIdentityServices2() {
+  const mod = (init_tenant_identity(), __toCommonJS(tenant_identity_exports));
+  return mod.createEmbeddedIdentityServices();
+}
 function createEmbeddedPaymentService2(slots) {
   const core = (init_service2(), __toCommonJS(service_exports));
   return core.createEmbeddedPaymentService(slots);
@@ -77525,10 +77689,12 @@ function createEmbeddedPaymentService2(slots) {
   createD1LocksDriver,
   createDefaultIdentityDriver,
   createDefaultSecretsDriver,
+  createEmbeddedIdentityServices,
   createEmbeddedPaymentService,
   createKeyringSecretsDriver,
   createMemoryLocksDriver,
   createNodeDbDriver,
+  createNodeDidConnectRuntime,
   createNodeStaticHandler,
   getCronDriver,
   getIdentityDriver,