@breeztech/breez-sdk-spark 0.15.0 → 0.16.1-dev1

package/nodejs/mysql-token-store/index.cjs

@@ -226,25 +226,27 @@ class MysqlTokenStore {
         );
 
         const [spentRows] = await conn.query(
-          "SELECT output_id FROM brz_token_spent_outputs WHERE user_id = ? AND spent_at >= ?",
+          "SELECT prev_tx_hash, prev_tx_vout FROM brz_token_spent_outputs WHERE user_id = ? AND spent_at >= ?",
           [this.identity, refreshTimestamp]
         );
-        const spentIds = new Set(spentRows.map((r) => r.output_id));
+        const spentOutpoints = new Set(
+          spentRows.map((r) => `${r.prev_tx_hash}:${r.prev_tx_vout}`)
+        );
 
         await conn.query(
           "DELETE FROM brz_token_outputs WHERE user_id = ? AND reservation_id IS NULL AND added_at < ?",
           [this.identity, refreshTimestamp]
         );
 
-        const incomingOutputIds = new Set();
+        const incomingOutpoints = new Set();
         for (const to of tokenOutputs) {
           for (const o of to.outputs) {
-            incomingOutputIds.add(o.output.id);
+            incomingOutpoints.add(`${o.prevTxHash}:${o.prevTxVout}`);
           }
         }
 
         const [reservedRows] = await conn.query(
-          `SELECT r.id, o.id AS output_id
+          `SELECT r.id, o.prev_tx_hash, o.prev_tx_vout
            FROM brz_token_reservations r
            JOIN brz_token_outputs o
              ON o.reservation_id = r.id AND o.user_id = r.user_id
@@ -257,21 +259,23 @@ class MysqlTokenStore {
           if (!reservationOutputs.has(row.id)) {
             reservationOutputs.set(row.id, []);
           }
-          reservationOutputs.get(row.id).push(row.output_id);
+          reservationOutputs.get(row.id).push([row.prev_tx_hash, row.prev_tx_vout]);
         }
 
         const reservationsToDelete = [];
-        const outputsToRemoveFromReservation = [];
-        for (const [reservationId, outputIds] of reservationOutputs) {
-          const validIds = outputIds.filter((id) => incomingOutputIds.has(id));
-          if (validIds.length === 0) {
-            reservationsToDelete.push(reservationId);
-          } else {
-            for (const id of outputIds) {
-              if (!incomingOutputIds.has(id)) {
-                outputsToRemoveFromReservation.push(id);
+        const outpointsToRemoveFromReservation = [];
+        for (const [reservationId, outpoints] of reservationOutputs) {
+          const hasValid = outpoints.some(([h, v]) =>
+            incomingOutpoints.has(`${h}:${v}`)
+          );
+          if (hasValid) {
+            for (const [h, v] of outpoints) {
+              if (!incomingOutpoints.has(`${h}:${v}`)) {
+                outpointsToRemoveFromReservation.push([h, v]);
               }
             }
+          } else {
+            reservationsToDelete.push(reservationId);
           }
         }
 
@@ -287,20 +291,25 @@ class MysqlTokenStore {
           );
         }
 
-        if (outputsToRemoveFromReservation.length > 0) {
-          const placeholders = buildPlaceholders(
-            outputsToRemoveFromReservation.length
-          );
+        if (outpointsToRemoveFromReservation.length > 0) {
+          const pairPlaceholders = outpointsToRemoveFromReservation
+            .map(() => "(?, ?)")
+            .join(", ");
+          const params = [this.identity];
+          for (const [h, v] of outpointsToRemoveFromReservation) {
+            params.push(h, v);
+          }
           await conn.query(
-            `DELETE FROM brz_token_outputs WHERE user_id = ? AND id IN (${placeholders})`,
-            [this.identity, ...outputsToRemoveFromReservation]
+            `DELETE FROM brz_token_outputs WHERE user_id = ?
+               AND (prev_tx_hash, prev_tx_vout) IN (${pairPlaceholders})`,
+            params
           );
 
           const [emptyRows] = await conn.query(
             `SELECT r.id FROM brz_token_reservations r
              LEFT JOIN brz_token_outputs o
                ON o.reservation_id = r.id AND o.user_id = r.user_id
-             WHERE r.user_id = ? AND o.id IS NULL`,
+             WHERE r.user_id = ? AND o.prev_tx_hash IS NULL`,
             [this.identity]
           );
           const emptyIds = emptyRows.map((r) => r.id);
@@ -314,10 +323,12 @@ class MysqlTokenStore {
         }
 
         const [reservedOutputRows] = await conn.query(
-          "SELECT id FROM brz_token_outputs WHERE user_id = ? AND reservation_id IS NOT NULL",
+          "SELECT prev_tx_hash, prev_tx_vout FROM brz_token_outputs WHERE user_id = ? AND reservation_id IS NOT NULL",
           [this.identity]
         );
-        const reservedOutputIds = new Set(reservedOutputRows.map((r) => r.id));
+        const reservedOutpoints = new Set(
+          reservedOutputRows.map((r) => `${r.prev_tx_hash}:${r.prev_tx_vout}`)
+        );
 
         await conn.query(
           `DELETE FROM brz_token_metadata
@@ -332,10 +343,8 @@ class MysqlTokenStore {
           await this._upsertMetadata(conn, to.metadata);
 
           for (const output of to.outputs) {
-            if (
-              reservedOutputIds.has(output.output.id) ||
-              spentIds.has(output.output.id)
-            ) {
+            const outpoint = `${output.prevTxHash}:${output.prevTxVout}`;
+            if (reservedOutpoints.has(outpoint) || spentOutpoints.has(outpoint)) {
               continue;
             }
             await this._insertSingleOutput(
@@ -410,7 +419,7 @@ class MysqlTokenStore {
       const [rows] = await this.pool.query(
         `SELECT m.identifier, m.issuer_public_key, m.name, m.ticker, m.decimals,
                 m.max_supply, m.is_freezable, m.creation_entity_public_key,
-                o.id AS output_id, o.owner_public_key, o.revocation_commitment,
+                o.owner_public_key, o.revocation_commitment,
                 o.withdraw_bond_sats, o.withdraw_relative_block_locktime,
                 o.token_public_key, o.token_amount, o.token_identifier,
                 o.prev_tx_hash, o.prev_tx_vout, o.reservation_id,
@@ -439,7 +448,7 @@ class MysqlTokenStore {
 
         const entry = map.get(row.identifier);
 
-        if (!row.output_id) {
+        if (!row.prev_tx_hash) {
           continue;
         }
 
@@ -482,7 +491,7 @@ class MysqlTokenStore {
       const [rows] = await this.pool.query(
         `SELECT m.identifier, m.issuer_public_key, m.name, m.ticker, m.decimals,
                 m.max_supply, m.is_freezable, m.creation_entity_public_key,
-                o.id AS output_id, o.owner_public_key, o.revocation_commitment,
+                o.owner_public_key, o.revocation_commitment,
                 o.withdraw_bond_sats, o.withdraw_relative_block_locktime,
                 o.token_public_key, o.token_amount, o.token_identifier,
                 o.prev_tx_hash, o.prev_tx_vout, o.reservation_id,
@@ -510,7 +519,7 @@ class MysqlTokenStore {
       };
 
       for (const row of rows) {
-        if (!row.output_id) {
+        if (!row.prev_tx_hash) {
           continue;
         }
 
@@ -543,23 +552,20 @@ class MysqlTokenStore {
    */
   async updateTokenOutputs(outputsToRemove, outputsToAdd) {
     try {
-      await this._withTransaction(async (conn) => {
+      // Serialize against the other token-store mutators (refresh, reservation,
+      // finalization), which take the same per-user advisory lock.
+      await this._withWriteTransaction(async (conn) => {
         // 1. Remove spent outputs and mark as spent.
         if (outputsToRemove && outputsToRemove.length > 0) {
           for (const [txHash, vout] of outputsToRemove) {
-            const [rows] = await conn.query(
-              "SELECT id FROM brz_token_outputs WHERE user_id = ? AND prev_tx_hash = ? AND prev_tx_vout = ?",
+            const [result] = await conn.query(
+              "DELETE FROM brz_token_outputs WHERE user_id = ? AND prev_tx_hash = ? AND prev_tx_vout = ?",
               [this.identity, txHash, vout]
             );
-            if (rows.length > 0) {
-              const outputId = rows[0].id;
-              await conn.query(
-                "DELETE FROM brz_token_outputs WHERE user_id = ? AND id = ?",
-                [this.identity, outputId]
-              );
+            if (result.affectedRows > 0) {
               await conn.query(
-                "INSERT IGNORE INTO brz_token_spent_outputs (user_id, output_id, spent_at) VALUES (?, ?, NOW())",
-                [this.identity, outputId]
+                "INSERT IGNORE INTO brz_token_spent_outputs (user_id, prev_tx_hash, prev_tx_vout, spent_at) VALUES (?, ?, ?, UTC_TIMESTAMP(6))",
+                [this.identity, txHash, vout]
               );
             }
           }
@@ -569,12 +575,17 @@ class MysqlTokenStore {
         if (outputsToAdd) {
           await this._upsertMetadata(conn, outputsToAdd.metadata);
 
-          const outputIds = outputsToAdd.outputs.map((o) => o.output.id);
-          if (outputIds.length > 0) {
-            const placeholders = buildPlaceholders(outputIds.length);
+          if (outputsToAdd.outputs.length > 0) {
+            const pairPlaceholders = outputsToAdd.outputs
+              .map(() => "(?, ?)")
+              .join(", ");
+            const params = [this.identity];
+            for (const o of outputsToAdd.outputs) {
+              params.push(o.prevTxHash, o.prevTxVout);
+            }
             await conn.query(
-              `DELETE FROM brz_token_spent_outputs WHERE user_id = ? AND output_id IN (${placeholders})`,
-              [this.identity, ...outputIds]
+              `DELETE FROM brz_token_spent_outputs WHERE user_id = ? AND (prev_tx_hash, prev_tx_vout) IN (${pairPlaceholders})`,
+              params
             );
           }
 
@@ -636,7 +647,7 @@ class MysqlTokenStore {
         const metadata = this._metadataFromRow(metadataRows[0]);
 
         const [outputRows] = await conn.query(
-          `SELECT o.id AS output_id, o.owner_public_key, o.revocation_commitment,
+          `SELECT o.owner_public_key, o.revocation_commitment,
                   o.withdraw_bond_sats, o.withdraw_relative_block_locktime,
                   o.token_public_key, o.token_amount, o.token_identifier,
                   o.prev_tx_hash, o.prev_tx_vout
@@ -648,10 +659,12 @@ class MysqlTokenStore {
         let outputs = outputRows.map((row) => this._outputFromRow(row));
 
         if (preferredOutputs && preferredOutputs.length > 0) {
-          const preferredIds = new Set(
-            preferredOutputs.map((p) => p.output.id)
+          const preferredOutpoints = new Set(
+            preferredOutputs.map((p) => `${p.prevTxHash}:${p.prevTxVout}`)
+          );
+          outputs = outputs.filter((o) =>
+            preferredOutpoints.has(`${o.prevTxHash}:${o.prevTxVout}`)
           );
-          outputs = outputs.filter((o) => preferredIds.has(o.output.id));
         }
 
         let selectedOutputs;
@@ -727,16 +740,22 @@ class MysqlTokenStore {
         const reservationId = this._generateId();
 
         await conn.query(
-          "INSERT INTO brz_token_reservations (user_id, id, purpose) VALUES (?, ?, ?)",
+          "INSERT INTO brz_token_reservations (user_id, id, purpose, created_at) VALUES (?, ?, ?, UTC_TIMESTAMP(6))",
           [this.identity, reservationId, purpose]
         );
 
-        const selectedIds = selectedOutputs.map((o) => o.output.id);
-        if (selectedIds.length > 0) {
-          const placeholders = buildPlaceholders(selectedIds.length);
+        if (selectedOutputs.length > 0) {
+          const pairPlaceholders = selectedOutputs
+            .map(() => "(?, ?)")
+            .join(", ");
+          const params = [reservationId, this.identity];
+          for (const o of selectedOutputs) {
+            params.push(o.prevTxHash, o.prevTxVout);
+          }
           await conn.query(
-            `UPDATE brz_token_outputs SET reservation_id = ? WHERE user_id = ? AND id IN (${placeholders})`,
-            [reservationId, this.identity, ...selectedIds]
+            `UPDATE brz_token_outputs SET reservation_id = ? WHERE user_id = ?
+               AND (prev_tx_hash, prev_tx_vout) IN (${pairPlaceholders})`,
+            params
           );
         }
 
@@ -794,23 +813,22 @@ class MysqlTokenStore {
         const isSwap = reservationRows[0].purpose === "Swap";
 
         const [reservedRows] = await conn.query(
-          "SELECT id FROM brz_token_outputs WHERE user_id = ? AND reservation_id = ?",
+          "SELECT prev_tx_hash, prev_tx_vout FROM brz_token_outputs WHERE user_id = ? AND reservation_id = ?",
           [this.identity, id]
         );
-        const reservedOutputIds = reservedRows.map((r) => r.id);
 
-        if (reservedOutputIds.length > 0) {
-          const valueClauses = new Array(reservedOutputIds.length)
-            .fill("(?, ?)")
+        if (reservedRows.length > 0) {
+          const valueClauses = new Array(reservedRows.length)
+            .fill("(?, ?, ?, UTC_TIMESTAMP(6))")
             .join(", ");
           const params = [];
-          for (const outputId of reservedOutputIds) {
-            params.push(this.identity, outputId);
+          for (const row of reservedRows) {
+            params.push(this.identity, row.prev_tx_hash, row.prev_tx_vout);
           }
           // Suppress duplicate-PK errors only.
           await conn.query(
-            `INSERT INTO brz_token_spent_outputs (user_id, output_id) VALUES ${valueClauses}
-             ON DUPLICATE KEY UPDATE output_id = output_id`,
+            `INSERT INTO brz_token_spent_outputs (user_id, prev_tx_hash, prev_tx_vout, spent_at) VALUES ${valueClauses}
+             ON DUPLICATE KEY UPDATE prev_tx_hash = prev_tx_hash`,
             params
           );
         }
@@ -828,7 +846,7 @@ class MysqlTokenStore {
         // (and thus has no row) gets one created lazily.
         if (isSwap) {
           await conn.query(
-            `INSERT INTO brz_token_swap_status (user_id, last_completed_at) VALUES (?, NOW(6))
+            `INSERT INTO brz_token_swap_status (user_id, last_completed_at) VALUES (?, UTC_TIMESTAMP(6))
              ON DUPLICATE KEY UPDATE last_completed_at = VALUES(last_completed_at)`,
             [this.identity]
           );
@@ -854,7 +872,7 @@ class MysqlTokenStore {
 
   async now() {
     try {
-      const [rows] = await this.pool.query("SELECT NOW(6) AS now");
+      const [rows] = await this.pool.query("SELECT UTC_TIMESTAMP(6) AS now");
       const value = rows[0].now;
       if (value instanceof Date) return value.getTime();
       return new Date(value).getTime();
@@ -892,14 +910,14 @@ class MysqlTokenStore {
            SELECT id FROM (
              SELECT id FROM brz_token_reservations
              WHERE user_id = ?
-               AND created_at < DATE_SUB(NOW(6), INTERVAL ? SECOND)
+               AND created_at < DATE_SUB(UTC_TIMESTAMP(6), INTERVAL ? SECOND)
            ) AS stale
          )`,
       [this.identity, this.identity, RESERVATION_TIMEOUT_SECS]
     );
     await conn.query(
       `DELETE FROM brz_token_reservations
-       WHERE user_id = ? AND created_at < DATE_SUB(NOW(6), INTERVAL ? SECOND)`,
+       WHERE user_id = ? AND created_at < DATE_SUB(UTC_TIMESTAMP(6), INTERVAL ? SECOND)`,
       [this.identity, RESERVATION_TIMEOUT_SECS]
     );
   }
@@ -933,19 +951,18 @@ class MysqlTokenStore {
   }
 
   async _insertSingleOutput(conn, tokenIdentifier, output) {
-    // ON DUPLICATE KEY UPDATE id = id no-ops on the (user_id, id) primary key
-    // conflict only — unlike INSERT IGNORE, FK / NOT NULL / type errors
-    // still propagate.
+    // ON DUPLICATE KEY UPDATE prev_tx_hash = prev_tx_hash no-ops on the
+    // (user_id, prev_tx_hash, prev_tx_vout) primary key conflict only — unlike
+    // INSERT IGNORE, FK / NOT NULL / type errors still propagate.
     await conn.query(
       `INSERT INTO brz_token_outputs
-        (user_id, id, token_identifier, owner_public_key, revocation_commitment,
+        (user_id, token_identifier, owner_public_key, revocation_commitment,
          withdraw_bond_sats, withdraw_relative_block_locktime,
          token_public_key, token_amount, prev_tx_hash, prev_tx_vout, added_at)
-       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW(6))
-       ON DUPLICATE KEY UPDATE id = id`,
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, UTC_TIMESTAMP(6))
+       ON DUPLICATE KEY UPDATE prev_tx_hash = prev_tx_hash`,
       [
         this.identity,
-        output.output.id,
         tokenIdentifier,
         output.output.ownerPublicKey,
         output.output.revocationCommitment,
@@ -975,7 +992,6 @@ class MysqlTokenStore {
   _outputFromRow(row) {
     return {
       output: {
-        id: row.output_id,
         ownerPublicKey: row.owner_public_key,
         revocationCommitment: row.revocation_commitment,
         withdrawBondSats: Number(row.withdraw_bond_sats),
@@ -999,6 +1015,10 @@ function createMysqlPool(config) {
     connectTimeout: (config.createTimeoutSecs || 0) * 1000 || 10000,
     idleTimeout: (config.recycleTimeoutSecs || 0) * 1000 || 10000,
     waitForConnections: true,
+    // Serialize JS `Date` parameters as UTC strings rather than host-local
+    // time. Paired with explicit `UTC_TIMESTAMP(6)` on the server side, this
+    // keeps timestamp comparisons consistent regardless of the host TZ.
+    timezone: "Z",
   });
 }
 

package/nodejs/mysql-token-store/migrations.cjs

@@ -109,7 +109,7 @@ class MysqlTokenStoreMigrationManager {
         await conn.query(`
           CREATE TABLE IF NOT EXISTS \`${TOKEN_MIGRATIONS_TABLE}\` (
             version INT PRIMARY KEY,
-            applied_at DATETIME(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6)
+            applied_at DATETIME(6) NOT NULL DEFAULT (UTC_TIMESTAMP(6))
           )
         `);
 
@@ -132,7 +132,7 @@ class MysqlTokenStoreMigrationManager {
             await runMigrationStep(conn, step);
           }
           await conn.query(
-            `INSERT INTO \`${TOKEN_MIGRATIONS_TABLE}\` (version) VALUES (?)`,
+            `INSERT INTO \`${TOKEN_MIGRATIONS_TABLE}\` (version, applied_at) VALUES (?, UTC_TIMESTAMP(6))`,
             [version]
           );
         }
@@ -447,6 +447,63 @@ class MysqlTokenStoreMigrationManager {
           `ALTER TABLE brz_token_swap_status ADD PRIMARY KEY (user_id)`,
         ],
       },
+      {
+        // Pin DATETIME defaults to UTC. Server-side INSERTs already pass
+        // `UTC_TIMESTAMP(6)` explicitly; this migration makes the column
+        // default match, so any future callsite that omits the column also
+        // gets a UTC value rather than a session-TZ-dependent one.
+        name: "Pin DATETIME defaults to UTC",
+        sql: [
+          `ALTER TABLE brz_token_outputs            MODIFY COLUMN added_at   DATETIME(6) NOT NULL DEFAULT (UTC_TIMESTAMP(6))`,
+          `ALTER TABLE brz_token_reservations       MODIFY COLUMN created_at DATETIME(6) NOT NULL DEFAULT (UTC_TIMESTAMP(6))`,
+          `ALTER TABLE brz_token_spent_outputs      MODIFY COLUMN spent_at   DATETIME(6) NOT NULL DEFAULT (UTC_TIMESTAMP(6))`,
+          `ALTER TABLE brz_token_schema_migrations  MODIFY COLUMN applied_at DATETIME(6) NOT NULL DEFAULT (UTC_TIMESTAMP(6))`,
+        ],
+      },
+      {
+        // Mirrors Rust migration 4 in spark-mysql/src/token_store.rs.
+        // Re-keys brz_token_spent_outputs by (prev_tx_hash, prev_tx_vout) instead
+        // of the operator-issued output id. v3 FinalTokenOutput carries no id
+        // field, so post-broadcast spent markers only have an outpoint to work
+        // with. Existing output_id-keyed rows can't be backfilled (no outpoint
+        // stored alongside them), so the table is wiped on upgrade — spent
+        // markers are short-lived (5 minute cleanup window) so wiping is
+        // equivalent to letting them age out.
+        name: "Re-key spent outputs by (prev_tx_hash, prev_tx_vout)",
+        sql: [
+          `DROP TABLE IF EXISTS brz_token_spent_outputs`,
+          `CREATE TABLE brz_token_spent_outputs (
+             user_id VARBINARY(33) NOT NULL,
+             prev_tx_hash VARCHAR(255) NOT NULL,
+             prev_tx_vout INT NOT NULL,
+             spent_at DATETIME(6) NOT NULL DEFAULT (UTC_TIMESTAMP(6)),
+             PRIMARY KEY (user_id, prev_tx_hash, prev_tx_vout)
+           )`,
+        ],
+      },
+      {
+        // Mirrors Rust migration 5 in spark-mysql/src/token_store.rs.
+        // Re-key brz_token_outputs by (prev_tx_hash, prev_tx_vout) and drop the
+        // legacy id column. id already held "{prev_tx_hash}:{vout}", so the
+        // outpoint is the natural key. Dedup any duplicate-outpoint rows
+        // (possible from pre-outpoint code) before adding the composite PK,
+        // preferring rows that hold a reservation.
+        name: "Re-key token outputs by (prev_tx_hash, prev_tx_vout), drop legacy id",
+        sql: [
+          `DELETE a FROM brz_token_outputs a
+           JOIN brz_token_outputs b
+             ON a.user_id = b.user_id
+            AND a.prev_tx_hash = b.prev_tx_hash
+            AND a.prev_tx_vout = b.prev_tx_vout
+            AND ((b.reservation_id IS NOT NULL) > (a.reservation_id IS NOT NULL)
+                 OR ((b.reservation_id IS NOT NULL) = (a.reservation_id IS NOT NULL)
+                     AND b.id > a.id))`,
+          `ALTER TABLE brz_token_outputs
+             DROP PRIMARY KEY,
+             ADD PRIMARY KEY (user_id, prev_tx_hash, prev_tx_vout)`,
+          `ALTER TABLE brz_token_outputs DROP COLUMN id`,
+        ],
+      },
     ];
   }
 }

package/nodejs/mysql-tree-store/index.cjs

@@ -430,7 +430,7 @@ class MysqlTreeStore {
         // (and thus has no row) gets one created lazily.
         if (isSwap && newLeaves && newLeaves.length > 0) {
           await conn.query(
-            `INSERT INTO brz_tree_swap_status (user_id, last_completed_at) VALUES (?, NOW(6))
+            `INSERT INTO brz_tree_swap_status (user_id, last_completed_at) VALUES (?, UTC_TIMESTAMP(6))
              ON DUPLICATE KEY UPDATE last_completed_at = VALUES(last_completed_at)`,
             [this.identity]
           );
@@ -581,7 +581,7 @@ class MysqlTreeStore {
 
   async now() {
     try {
-      const [rows] = await this.pool.query("SELECT NOW(6) AS now");
+      const [rows] = await this.pool.query("SELECT UTC_TIMESTAMP(6) AS now");
       const value = rows[0].now;
       // mysql2 typically returns DATETIME as a JS Date when dateStrings is false (default).
       if (value instanceof Date) return value.getTime();
@@ -809,7 +809,7 @@ class MysqlTreeStore {
 
   async _createReservation(conn, reservationId, leaves, purpose, pendingChange) {
     await conn.query(
-      "INSERT INTO brz_tree_reservations (user_id, id, purpose, pending_change_amount) VALUES (?, ?, ?, ?)",
+      "INSERT INTO brz_tree_reservations (user_id, id, purpose, pending_change_amount, created_at) VALUES (?, ?, ?, ?, UTC_TIMESTAMP(6))",
       [this.identity, reservationId, purpose, pendingChange]
     );
 
@@ -827,7 +827,7 @@ class MysqlTreeStore {
     if (filtered.length === 0) return;
 
     const valueClauses = new Array(filtered.length)
-      .fill("(?, ?, ?, ?, ?, ?, NOW(6))")
+      .fill("(?, ?, ?, ?, ?, ?, UTC_TIMESTAMP(6))")
       .join(", ");
     const params = [];
     for (const leaf of filtered) {
@@ -849,7 +849,7 @@ class MysqlTreeStore {
          is_missing_from_operators = VALUES(is_missing_from_operators),
          data = VALUES(data),
          value = VALUES(value),
-         added_at = NOW(6)`,
+         added_at = UTC_TIMESTAMP(6)`,
       params
     );
   }
@@ -867,7 +867,9 @@ class MysqlTreeStore {
   async _batchInsertSpentLeaves(conn, leafIds) {
     if (leafIds.length === 0) return;
 
-    const valueClauses = new Array(leafIds.length).fill("(?, ?)").join(", ");
+    const valueClauses = new Array(leafIds.length)
+      .fill("(?, ?, UTC_TIMESTAMP(6))")
+      .join(", ");
     const params = [];
     for (const id of leafIds) {
       params.push(this.identity, id);
@@ -876,7 +878,7 @@ class MysqlTreeStore {
     // problems (FK violations, NOT NULL violations, type errors) still
     // propagate.
     await conn.query(
-      `INSERT INTO brz_tree_spent_leaves (user_id, leaf_id) VALUES ${valueClauses}
+      `INSERT INTO brz_tree_spent_leaves (user_id, leaf_id, spent_at) VALUES ${valueClauses}
        ON DUPLICATE KEY UPDATE leaf_id = leaf_id`,
       params
     );
@@ -904,14 +906,14 @@ class MysqlTreeStore {
            SELECT id FROM (
              SELECT id FROM brz_tree_reservations
              WHERE user_id = ?
-               AND created_at < DATE_SUB(NOW(6), INTERVAL ? SECOND)
+               AND created_at < DATE_SUB(UTC_TIMESTAMP(6), INTERVAL ? SECOND)
            ) AS stale
          )`,
       [this.identity, this.identity, RESERVATION_TIMEOUT_SECS]
     );
     await conn.query(
       `DELETE FROM brz_tree_reservations
-       WHERE user_id = ? AND created_at < DATE_SUB(NOW(6), INTERVAL ? SECOND)`,
+       WHERE user_id = ? AND created_at < DATE_SUB(UTC_TIMESTAMP(6), INTERVAL ? SECOND)`,
       [this.identity, RESERVATION_TIMEOUT_SECS]
     );
   }
@@ -936,6 +938,10 @@ function createMysqlPool(config) {
     connectTimeout: (config.createTimeoutSecs || 0) * 1000 || 10000,
     idleTimeout: (config.recycleTimeoutSecs || 0) * 1000 || 10000,
     waitForConnections: true,
+    // Serialize JS `Date` parameters as UTC strings rather than host-local
+    // time. Paired with explicit `UTC_TIMESTAMP(6)` on the server side, this
+    // keeps timestamp comparisons consistent regardless of the host TZ.
+    timezone: "Z",
   });
 }
 

package/nodejs/mysql-tree-store/migrations.cjs

@@ -98,7 +98,7 @@ class MysqlTreeStoreMigrationManager {
         await conn.query(`
           CREATE TABLE IF NOT EXISTS \`${TREE_MIGRATIONS_TABLE}\` (
             version INT PRIMARY KEY,
-            applied_at DATETIME(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6)
+            applied_at DATETIME(6) NOT NULL DEFAULT (UTC_TIMESTAMP(6))
           )
         `);
 
@@ -121,7 +121,7 @@ class MysqlTreeStoreMigrationManager {
             await runMigrationStep(conn, step);
           }
           await conn.query(
-            `INSERT INTO \`${TREE_MIGRATIONS_TABLE}\` (version) VALUES (?)`,
+            `INSERT INTO \`${TREE_MIGRATIONS_TABLE}\` (version, applied_at) VALUES (?, UTC_TIMESTAMP(6))`,
             [version]
           );
         }
@@ -367,6 +367,20 @@ class MysqlTreeStoreMigrationManager {
           `ALTER TABLE brz_tree_swap_status ADD PRIMARY KEY (user_id)`,
         ],
       },
+      {
+        // Pin DATETIME defaults to UTC. Server-side INSERTs already pass
+        // `UTC_TIMESTAMP(6)` explicitly; this migration makes the column
+        // default match, so any future callsite that omits the column also
+        // gets a UTC value rather than a session-TZ-dependent one.
+        name: "Pin DATETIME defaults to UTC",
+        sql: [
+          `ALTER TABLE brz_tree_reservations      MODIFY COLUMN created_at DATETIME(6) NOT NULL DEFAULT (UTC_TIMESTAMP(6))`,
+          `ALTER TABLE brz_tree_leaves            MODIFY COLUMN created_at DATETIME(6) NOT NULL DEFAULT (UTC_TIMESTAMP(6))`,
+          `ALTER TABLE brz_tree_leaves            MODIFY COLUMN added_at   DATETIME(6) NOT NULL DEFAULT (UTC_TIMESTAMP(6))`,
+          `ALTER TABLE brz_tree_spent_leaves      MODIFY COLUMN spent_at   DATETIME(6) NOT NULL DEFAULT (UTC_TIMESTAMP(6))`,
+          `ALTER TABLE brz_tree_schema_migrations MODIFY COLUMN applied_at DATETIME(6) NOT NULL DEFAULT (UTC_TIMESTAMP(6))`,
+        ],
+      },
     ];
   }
 }

package/nodejs/package.json

@@ -7,11 +7,11 @@
     "postgres-storage/",
     "postgres-tree-store/",
     "postgres-token-store/",
-    "postgres-session-manager/",
+    "postgres-session-store/",
     "mysql-storage/",
     "mysql-tree-store/",
     "mysql-token-store/",
-    "mysql-session-manager/",
+    "mysql-session-store/",
     "index.js",
     "index.mjs"
   ],

package/nodejs/postgres-session-store/errors.cjs

@@ -0,0 +1,13 @@
+// errors.cjs - Session store error wrapper with cause chain support
+class SessionStoreError extends Error {
+    constructor(message, cause = null) {
+        super(message);
+        this.name = 'SessionStoreError';
+        this.cause = cause;
+        if (Error.captureStackTrace) {
+            Error.captureStackTrace(this, SessionStoreError);
+        }
+    }
+}
+
+module.exports = { SessionStoreError };