@cedros/login-sidecar 0.0.1 → 0.0.2

package/.env.example

@@ -1,52 +1,58 @@
 # Privacy Cash Sidecar Configuration
 #
 # This sidecar handles Privacy Cash operations for SSS embedded wallets.
-# User keypairs are reconstructed from SSS shares and passed to endpoints.
+# Most settings are stored in the database and managed via admin UI.
 
-# Port to listen on (default: 3100)
-PORT=3100
+# =============================================================================
+# Required Environment Variables
+# =============================================================================
 
-# Host/interface to bind to (default: 127.0.0.1)
-# Use 0.0.0.0 if you need to accept connections from outside the machine/container.
-HOST=127.0.0.1
+# PostgreSQL connection string (same database as main server)
+DATABASE_URL=postgres://user:password@localhost:5432/cedros_login
 
-# API key for authentication (required)
+# API key for authenticating requests from the main server
 # Generate with: openssl rand -hex 32
 SIDECAR_API_KEY=your-secure-api-key-here
 
-# Solana network: 'devnet' or 'mainnet-beta' (default: devnet). 'mainnet' is accepted as an alias.
-SOLANA_NETWORK=devnet
+# =============================================================================
+# Optional Environment Variables (for local dev only)
+# =============================================================================
 
-# Solana RPC URL (optional, defaults based on network)
-# SOLANA_RPC_URL=https://api.devnet.solana.com
+# Port to listen on (default: 3100)
+PORT=3100
 
-# Privacy Cash program ID (required)
-# Mainnet: 9fhQBbumKEFuXtMBDw8AaQyAjCorLGJQiS3skWZdQyQD
-PRIVACY_CASH_PROGRAM_ID=9fhQBbumKEFuXtMBDw8AaQyAjCorLGJQiS3skWZdQyQD
+# Host/interface to bind to (default: 127.0.0.1)
+# Use 0.0.0.0 if you need to accept connections from outside the machine/container
+HOST=127.0.0.1
 
-# Company wallet address for withdrawals (required)
-# This is where funds are sent when withdrawing from user Privacy Cash accounts
-COMPANY_WALLET_ADDRESS=
+# =============================================================================
+# Settings Managed via Admin UI (stored in database)
+# =============================================================================
+#
+# The following settings are configured in the admin dashboard:
+#
+# Credit System > Deposits:
+#   - Solana RPC URL (solana_rpc_url)
+#   - Solana Network (solana_network)
+#
+# Credit System > Treasury:
+#   - Treasury Wallet Address (treasury_wallet_address)
+#
+# Login Server > Integrations:
+#   - Jupiter API Key (jupiter_api_key)
 
 # =============================================================================
-# Jupiter Ultra API (for gasless SPL token swaps)
+# Infrastructure Settings (hardcoded with optional env override)
 # =============================================================================
-# Jupiter API URL (default: https://api.jup.ag/ultra/v1)
-# JUPITER_API_URL=https://api.jup.ag/ultra/v1
+# These have sensible defaults and typically don't need changing.
+# Only set if you need to override the defaults.
 
-# Jupiter API key (REQUIRED - get free key at https://portal.jup.ag)
-JUPITER_API_KEY=
+# Privacy Cash Solana program ID (default: mainnet program)
+# PRIVACY_CASH_PROGRAM_ID=9fhQBbumKEFuXtMBDw8AaQyAjCorLGJQiS3skWZdQyQD
 
-# Minimum swap amount in USD for gasless swaps (default: 10)
-# Jupiter requires ~$10 minimum for gasless swaps
-JUPITER_MIN_SWAP_USD=10
+# Jupiter minimum swap amount in USD (default: 10, Jupiter's gasless minimum)
+# JUPITER_MIN_SWAP_USD=10
 
-# Jupiter Ultra API rate limit (requests per 10 seconds)
-# Used for swap queue throttling. Ultra API uses dynamic rate limiting
-# that scales with your 24-hour swap volume:
-#   $0 volume:       50 requests / 10 seconds
-#   $10,000 volume:  51 requests / 10 seconds
-#   $100,000 volume: 61 requests / 10 seconds
-#   $1M volume:      165 requests / 10 seconds
-# Note: This is NOT tied to Pro plan tiers - it scales automatically
-JUPITER_RATE_LIMIT=50
+# Jupiter Ultra API rate limit - requests per 10 seconds (default: 50 = 5 RPS)
+# Ultra API scales dynamically based on your 24-hour swap volume
+# JUPITER_RATE_LIMIT=50

package/dist/config.d.ts

@@ -1,10 +1,14 @@
 /**
- * Sidecar configuration loaded from environment variables
+ * Sidecar configuration
+ *
+ * Minimal env vars (API key, port, host, database URL) plus database-sourced settings.
+ * All configurable settings are stored in the database and managed via admin UI.
  */
 export interface Config {
     port: number;
     host: string;
     apiKey: string;
+    databaseUrl: string;
     solanaRpcUrl: string;
     solanaNetwork: 'devnet' | 'mainnet-beta';
     privacyCashProgramId: string;
@@ -20,4 +24,18 @@ export interface Config {
         rateLimit: number;
     };
 }
-export declare function loadConfig(): Config;
+export declare function resolveJupiterRateLimit(): number;
+/**
+ * Load configuration from environment and database
+ *
+ * Required env vars:
+ *   - DATABASE_URL: PostgreSQL connection string
+ *   - SIDECAR_API_KEY: API key for authenticating requests to sidecar
+ *
+ * Optional env vars (for local dev/testing only):
+ *   - PORT: Listen port (default: 3100)
+ *   - HOST: Listen host (default: 127.0.0.1)
+ *
+ * All other settings are loaded from the database (system_settings table)
+ */
+export declare function loadConfig(): Promise<Config>;

package/dist/config.js

@@ -1,9 +1,14 @@
 "use strict";
 /**
- * Sidecar configuration loaded from environment variables
+ * Sidecar configuration
+ *
+ * Minimal env vars (API key, port, host, database URL) plus database-sourced settings.
+ * All configurable settings are stored in the database and managed via admin UI.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.resolveJupiterRateLimit = resolveJupiterRateLimit;
 exports.loadConfig = loadConfig;
+const settings_1 = require("./db/settings");
 function getEnvRequired(key) {
     const value = process.env[key];
     if (!value) {
@@ -14,27 +19,73 @@ function getEnvRequired(key) {
 function getEnvOptional(key, defaultValue) {
     return process.env[key] || defaultValue;
 }
-function loadConfig() {
-    const rawNetwork = getEnvOptional('SOLANA_NETWORK', 'devnet');
-    const network = rawNetwork === 'mainnet' ? 'mainnet-beta' : rawNetwork;
-    if (network !== 'devnet' && network !== 'mainnet-beta') {
-        throw new Error(`Invalid SOLANA_NETWORK: ${rawNetwork}. Must be 'devnet' or 'mainnet-beta' (or 'mainnet' alias)`);
+function resolveJupiterRateLimit() {
+    // Backward compatibility:
+    // - JUPITER_RATE_LIMIT is the canonical key used by runtime config
+    // - JUPITER_RPS is a legacy/docs alias supported for compatibility
+    const raw = process.env.JUPITER_RATE_LIMIT ||
+        process.env.JUPITER_RPS ||
+        '50';
+    const parsed = parseInt(raw, 10);
+    if (!Number.isFinite(parsed) || parsed <= 0) {
+        return 50;
     }
+    // Conservative upper bound to avoid accidental traffic spikes from bad config.
+    return Math.min(parsed, 500);
+}
+/**
+ * Load configuration from environment and database
+ *
+ * Required env vars:
+ *   - DATABASE_URL: PostgreSQL connection string
+ *   - SIDECAR_API_KEY: API key for authenticating requests to sidecar
+ *
+ * Optional env vars (for local dev/testing only):
+ *   - PORT: Listen port (default: 3100)
+ *   - HOST: Listen host (default: 127.0.0.1)
+ *
+ * All other settings are loaded from the database (system_settings table)
+ */
+async function loadConfig() {
+    const databaseUrl = getEnvRequired('DATABASE_URL');
+    const apiKey = getEnvRequired('SIDECAR_API_KEY');
+    const port = parseInt(getEnvOptional('PORT', '3100'), 10);
+    // SC-08: Validate port is a usable number
+    if (!Number.isFinite(port) || port < 1 || port > 65535) {
+        throw new Error(`Invalid PORT value: must be 1-65535`);
+    }
+    const host = getEnvOptional('HOST', '127.0.0.1');
+    // Fetch settings from database
+    const dbSettings = await (0, settings_1.fetchDbSettings)(databaseUrl);
+    // Always mainnet
+    const network = 'mainnet-beta';
+    // Validate required database settings
+    if (!dbSettings.companyWalletAddress) {
+        throw new Error('Missing required setting: treasury_wallet_address (set via admin UI)');
+    }
+    // Infrastructure settings with hardcoded defaults (env can override)
+    const privacyCashProgramId = getEnvOptional('PRIVACY_CASH_PROGRAM_ID', '9fhQBbumKEFuXtMBDw8AaQyAjCorLGJQiS3skWZdQyQD');
+    const _jupiterMinSwapUsdRaw = parseFloat(getEnvOptional('JUPITER_MIN_SWAP_USD', '10'));
+    // SC-13: Reject non-finite or non-positive values; fall back to safe default.
+    const jupiterMinSwapUsd = Number.isFinite(_jupiterMinSwapUsdRaw) && _jupiterMinSwapUsdRaw > 0
+        ? _jupiterMinSwapUsdRaw
+        : 10;
+    // Ultra API rate limit: starts at 5 RPS, scales with 24-hour swap volume
+    const jupiterRateLimit = resolveJupiterRateLimit();
     return {
-        port: parseInt(getEnvOptional('PORT', '3100'), 10),
-        host: getEnvOptional('HOST', '127.0.0.1'),
-        apiKey: getEnvRequired('SIDECAR_API_KEY'),
-        solanaRpcUrl: getEnvOptional('SOLANA_RPC_URL', network === 'devnet'
-            ? 'https://api.devnet.solana.com'
-            : 'https://api.mainnet-beta.solana.com'),
+        port,
+        host,
+        apiKey,
+        databaseUrl,
+        solanaRpcUrl: dbSettings.solanaRpcUrl || 'https://api.mainnet-beta.solana.com',
         solanaNetwork: network,
-        privacyCashProgramId: getEnvRequired('PRIVACY_CASH_PROGRAM_ID'),
-        companyWalletAddress: getEnvRequired('COMPANY_WALLET_ADDRESS'),
+        privacyCashProgramId,
+        companyWalletAddress: dbSettings.companyWalletAddress,
         jupiter: {
-            apiUrl: getEnvOptional('JUPITER_API_URL', 'https://api.jup.ag/ultra/v1'),
-            apiKey: process.env.JUPITER_API_KEY || null,
-            minSwapUsd: parseFloat(getEnvOptional('JUPITER_MIN_SWAP_USD', '10')),
-            rateLimit: parseInt(getEnvOptional('JUPITER_RATE_LIMIT', '50'), 10),
+            apiUrl: 'https://api.jup.ag/ultra/v1',
+            apiKey: dbSettings.jupiterApiKey,
+            minSwapUsd: jupiterMinSwapUsd,
+            rateLimit: jupiterRateLimit,
         },
     };
 }

package/dist/db/settings.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Database settings loader for sidecar configuration
+ *
+ * Fetches runtime settings from the system_settings table in the main database.
+ * Falls back to defaults if database is unavailable or settings are missing.
+ */
+export interface DbSettings {
+    solanaRpcUrl: string | null;
+    companyWalletAddress: string | null;
+    jupiterApiKey: string | null;
+}
+/**
+ * Fetch settings from the database
+ * Returns null values for any settings not found
+ */
+export declare function fetchDbSettings(databaseUrl: string): Promise<DbSettings>;

package/dist/db/settings.js

@@ -0,0 +1,47 @@
+"use strict";
+/**
+ * Database settings loader for sidecar configuration
+ *
+ * Fetches runtime settings from the system_settings table in the main database.
+ * Falls back to defaults if database is unavailable or settings are missing.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchDbSettings = fetchDbSettings;
+const pg_1 = require("pg");
+/**
+ * Fetch settings from the database
+ * Returns null values for any settings not found
+ */
+async function fetchDbSettings(databaseUrl) {
+    const pool = new pg_1.Pool({
+        connectionString: databaseUrl,
+        max: 1,
+        connectionTimeoutMillis: 5_000,
+    });
+    try {
+        const result = await pool.query(`SELECT key, value FROM system_settings
+       WHERE key IN (
+         'solana_rpc_url',
+         'treasury_wallet_address',
+         'jupiter_api_key'
+       )`);
+        const settings = {};
+        for (const row of result.rows) {
+            settings[row.key] = row.value;
+        }
+        return {
+            solanaRpcUrl: settings['solana_rpc_url'] || null,
+            companyWalletAddress: settings['treasury_wallet_address'] || null,
+            jupiterApiKey: settings['jupiter_api_key'] || null,
+        };
+    }
+    finally {
+        // CI-05: Wrap pool cleanup in try/catch to prevent unhandled rejection
+        try {
+            await pool.end();
+        }
+        catch (cleanupErr) {
+            console.warn('Failed to close settings pool:', cleanupErr);
+        }
+    }
+}

package/dist/index.js

@@ -22,6 +22,7 @@ const express_1 = __importDefault(require("express"));
 const config_js_1 = require("./config.js");
 const auth_js_1 = require("./middleware/auth.js");
 const rateLimit_js_1 = require("./middleware/rateLimit.js");
+const requestId_js_1 = require("./middleware/requestId.js");
 const solana_js_1 = require("./services/solana.js");
 const privacy_cash_js_1 = require("./services/privacy-cash.js");
 const jupiter_js_1 = require("./services/jupiter.js");
@@ -29,12 +30,13 @@ const health_js_1 = require("./routes/health.js");
 const deposit_js_1 = require("./routes/deposit.js");
 const withdraw_js_1 = require("./routes/withdraw.js");
 const batch_js_1 = require("./routes/batch.js");
+const transfer_js_1 = require("./routes/transfer.js");
 const verify_js_1 = require("./routes/verify.js");
 const redactRpcUrl_js_1 = require("./utils/redactRpcUrl.js");
 async function main() {
     console.log('[Sidecar] Starting Cedros login sidecar...');
-    // Load configuration
-    const config = (0, config_js_1.loadConfig)();
+    // Load configuration from env + database
+    const config = await (0, config_js_1.loadConfig)();
     console.log(`[Sidecar] Network: ${config.solanaNetwork}`);
     console.log(`[Sidecar] RPC: ${(0, redactRpcUrl_js_1.redactRpcUrl)(config.solanaRpcUrl)}`);
     console.log(`[Sidecar] Host: ${config.host}`);
@@ -54,6 +56,7 @@ async function main() {
     // Create Express app
     const app = (0, express_1.default)();
     // Middleware
+    app.use((0, requestId_js_1.createRequestIdMiddleware)());
     app.use(express_1.default.json({ limit: '1mb' }));
     // SIDE-02: Basic in-memory rate limiting (protects sidecar from accidental overload)
     app.use((0, rateLimit_js_1.createRateLimitMiddleware)({ windowMs: 10_000, maxRequests: 200 }));
@@ -67,17 +70,19 @@ async function main() {
         next();
     });
     app.use((0, auth_js_1.createAuthMiddleware)(config.apiKey));
-    // Request logging (simple, non-blocking)
+    // Request logging with correlation ID (simple, non-blocking)
     app.use((req, _res, next) => {
-        console.log(`[${new Date().toISOString()}] ${req.method} ${req.path}`);
+        const rid = req.headers['x-request-id'] || '-';
+        console.log(`[${new Date().toISOString()}] [${rid}] ${req.method} ${req.path}`);
         next();
     });
     // Routes
     app.use((0, health_js_1.createHealthRoutes)(solanaService, privacyCashService));
     app.use((0, deposit_js_1.createDepositRoutes)(privacyCashService, jupiterService));
-    app.use((0, withdraw_js_1.createWithdrawRoutes)(privacyCashService, jupiterService));
+    app.use((0, withdraw_js_1.createWithdrawRoutes)(privacyCashService));
     app.use((0, verify_js_1.createVerifyRoutes)(solanaService));
-    app.use('/batch', (0, batch_js_1.createBatchRouter)(config));
+    app.use((0, transfer_js_1.createTransferRoutes)(solanaService));
+    app.use('/batch', (0, batch_js_1.createBatchRouter)(jupiterService));
     // 404 handler
     app.use((_req, res) => {
         res.status(404).json({ error: 'Not found' });
@@ -96,6 +101,23 @@ async function main() {
     server.keepAliveTimeout = 5_000;
     server.headersTimeout = 15_000;
     server.requestTimeout = 30_000;
+    // SC-03: Graceful shutdown — drain active connections before exiting
+    const SHUTDOWN_TIMEOUT_MS = 30_000;
+    for (const signal of ['SIGTERM', 'SIGINT']) {
+        process.on(signal, () => {
+            console.log(`[Sidecar] Received ${signal}, shutting down gracefully...`);
+            server.close(() => {
+                console.log('[Sidecar] All connections drained. Exiting.');
+                process.exit(0);
+            });
+            // SC-19: unref() so the timer doesn't keep the event loop alive if everything
+            // else has already exited cleanly before the timeout fires.
+            setTimeout(() => {
+                console.error('[Sidecar] Forced shutdown after timeout');
+                process.exit(1);
+            }, SHUTDOWN_TIMEOUT_MS).unref();
+        });
+    }
 }
 main().catch((error) => {
     console.error('[Sidecar] Fatal error:', error);

package/dist/middleware/auth.d.ts

@@ -6,6 +6,10 @@
  */
 import { Request, Response, NextFunction } from 'express';
 /**
- * Create auth middleware with the given API key
+ * Create auth middleware with the given API key.
+ *
+ * Both keys are SHA-256 hashed before comparison. This eliminates
+ * the length-leak timing side-channel (S-03r) while keeping
+ * constant-time equality via timingSafeEqual on fixed 32-byte digests.
  */
 export declare function createAuthMiddleware(apiKey: string): (req: Request, res: Response, next: NextFunction) => void;

package/dist/middleware/auth.js

@@ -8,14 +8,23 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createAuthMiddleware = createAuthMiddleware;
 const crypto_1 = require("crypto");
+const paths_js_1 = require("./paths.js");
+/** Hash a key with SHA-256 so all comparisons use fixed-length buffers */
+function hashKey(key) {
+    return (0, crypto_1.createHash)('sha256').update(key).digest();
+}
 /**
- * Create auth middleware with the given API key
+ * Create auth middleware with the given API key.
+ *
+ * Both keys are SHA-256 hashed before comparison. This eliminates
+ * the length-leak timing side-channel (S-03r) while keeping
+ * constant-time equality via timingSafeEqual on fixed 32-byte digests.
  */
 function createAuthMiddleware(apiKey) {
-    const apiKeyBuffer = Buffer.from(apiKey);
+    const apiKeyHash = hashKey(apiKey);
     return (req, res, next) => {
         // Skip auth for health check
-        if (req.path === '/health') {
+        if (req.path === paths_js_1.HEALTH_PATH) {
             return next();
         }
         const authHeader = req.headers.authorization;
@@ -28,11 +37,9 @@ function createAuthMiddleware(apiKey) {
             res.status(401).json({ error: 'Invalid Authorization header format. Expected: Bearer <token>' });
             return;
         }
-        const providedKey = match[1];
-        const providedBuffer = Buffer.from(providedKey);
-        // Timing-safe comparison to prevent timing attacks
-        if (providedBuffer.length !== apiKeyBuffer.length ||
-            !(0, crypto_1.timingSafeEqual)(providedBuffer, apiKeyBuffer)) {
+        const providedHash = hashKey(match[1]);
+        // Constant-time comparison on fixed-length SHA-256 digests
+        if (!(0, crypto_1.timingSafeEqual)(providedHash, apiKeyHash)) {
             res.status(401).json({ error: 'Invalid API key' });
             return;
         }

package/dist/middleware/paths.d.ts

@@ -0,0 +1,5 @@
+/**
+ * SC-18: Shared path constants for middleware to avoid duplication.
+ */
+/** Health check path — exempt from auth and rate limiting. */
+export declare const HEALTH_PATH = "/health";

package/dist/middleware/paths.js

@@ -0,0 +1,8 @@
+"use strict";
+/**
+ * SC-18: Shared path constants for middleware to avoid duplication.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HEALTH_PATH = void 0;
+/** Health check path — exempt from auth and rate limiting. */
+exports.HEALTH_PATH = '/health';

package/dist/middleware/rateLimit.js

@@ -1,16 +1,53 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createRateLimitMiddleware = createRateLimitMiddleware;
+const paths_js_1 = require("./paths.js");
+/** Run deterministic cleanup at most once per interval. */
+const CLEANUP_INTERVAL_MS = 30_000;
+/** Hard cap to prevent unbounded memory growth under high-cardinality traffic. */
+const MAX_BUCKETS = 10_000;
 function createRateLimitMiddleware({ windowMs, maxRequests }) {
     const buckets = new Map();
+    let lastCleanupMs = 0;
+    function cleanupExpired(now) {
+        for (const [ip, entry] of buckets) {
+            if (entry.resetAtMs <= now) {
+                buckets.delete(ip);
+            }
+        }
+    }
+    function evictOldestBucket() {
+        let oldestKey = null;
+        let oldestResetAt = Number.POSITIVE_INFINITY;
+        for (const [ip, entry] of buckets) {
+            if (entry.resetAtMs < oldestResetAt) {
+                oldestResetAt = entry.resetAtMs;
+                oldestKey = ip;
+            }
+        }
+        if (oldestKey) {
+            buckets.delete(oldestKey);
+        }
+    }
     return (req, res, next) => {
-        if (req.path === '/health') {
+        if (req.path === paths_js_1.HEALTH_PATH) {
             next();
             return;
         }
         const now = Date.now();
-        const ip = req.ip || req.socket.remoteAddress || 'unknown';
+        // Deterministic cleanup to keep memory bounded.
+        if (now - lastCleanupMs >= CLEANUP_INTERVAL_MS || buckets.size >= MAX_BUCKETS) {
+            cleanupExpired(now);
+            lastCleanupMs = now;
+        }
+        // SC-02: Always use socket address for rate limiting. req.ip trusts
+        // X-Forwarded-For when trust-proxy is enabled, allowing bypass.
+        const ip = req.socket.remoteAddress || 'unknown';
         const existing = buckets.get(ip);
+        // If we're at capacity and this is a new key, evict the oldest bucket.
+        if (!existing && buckets.size >= MAX_BUCKETS) {
+            evictOldestBucket();
+        }
         if (!existing || existing.resetAtMs <= now) {
             buckets.set(ip, { count: 1, resetAtMs: now + windowMs });
             next();

package/dist/middleware/requestId.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Request correlation ID middleware.
+ *
+ * Propagates incoming X-Request-ID header from the Rust server,
+ * or generates a new one if absent. Sets it on the response
+ * and makes it available via `req.headers['x-request-id']`.
+ */
+import { Request, Response, NextFunction } from 'express';
+export declare function createRequestIdMiddleware(): (req: Request, res: Response, next: NextFunction) => void;

package/dist/middleware/requestId.js

@@ -0,0 +1,27 @@
+"use strict";
+/**
+ * Request correlation ID middleware.
+ *
+ * Propagates incoming X-Request-ID header from the Rust server,
+ * or generates a new one if absent. Sets it on the response
+ * and makes it available via `req.headers['x-request-id']`.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createRequestIdMiddleware = createRequestIdMiddleware;
+const node_crypto_1 = require("node:crypto");
+// F-25: UUID v4 format validation to prevent request ID spoofing
+const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+function createRequestIdMiddleware() {
+    return (req, res, next) => {
+        const existing = req.headers['x-request-id'];
+        // F-25: Only accept well-formed UUIDs; reject arbitrary strings
+        const requestId = (typeof existing === 'string' && UUID_RE.test(existing))
+            ? existing
+            : (0, node_crypto_1.randomUUID)();
+        // Ensure downstream code can read it from the request
+        req.headers['x-request-id'] = requestId;
+        // Echo back so callers can correlate
+        res.setHeader('X-Request-ID', requestId);
+        next();
+    };
+}

package/dist/routes/batch.d.ts

@@ -7,5 +7,5 @@
  * into the company's preferred currency (USDC/USDT).
  */
 import { Router } from 'express';
-import { Config } from '../config.js';
-export declare function createBatchRouter(config: Config): Router;
+import { JupiterService } from '../services/jupiter.js';
+export declare function createBatchRouter(jupiterService: JupiterService): Router;

package/dist/routes/batch.js

@@ -11,9 +11,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createBatchRouter = createBatchRouter;
 const express_1 = require("express");
 const jupiter_js_1 = require("../services/jupiter.js");
-function createBatchRouter(config) {
+function createBatchRouter(jupiterService) {
     const router = (0, express_1.Router)();
-    const jupiterService = new jupiter_js_1.JupiterService(config);
     /**
      * POST /batch/swap
      *
@@ -30,7 +29,14 @@ function createBatchRouter(config) {
                     error: 'Missing or invalid privateKey',
                 });
             }
-            if (!body.amountLamports || typeof body.amountLamports !== 'number' || body.amountLamports <= 0) {
+            // SC-02: Use safe integer for max lamports (SOL total supply ~585M = 5.85e17 lamports)
+            const MAX_LAMPORTS = 585_000_000_000_000_000;
+            if (!body.amountLamports ||
+                typeof body.amountLamports !== 'number' ||
+                !Number.isFinite(body.amountLamports) ||
+                !Number.isInteger(body.amountLamports) ||
+                body.amountLamports <= 0 ||
+                body.amountLamports > MAX_LAMPORTS) {
                 return res.status(400).json({
                     success: false,
                     error: 'Missing or invalid amountLamports',
@@ -55,16 +61,22 @@ function createBatchRouter(config) {
             try {
                 keypair = jupiter_js_1.JupiterService.parseKeypair(body.privateKey);
             }
-            catch (e) {
-                console.error('[Batch] Failed to parse private key:', e);
+            catch {
+                console.error('[Batch] Failed to parse private key');
                 return res.status(400).json({
                     success: false,
                     error: 'Invalid private key format',
                 });
             }
             console.log(`[Batch] Executing swap: ${body.amountLamports} lamports SOL -> ${body.outputCurrency}`);
-            // Execute the swap
-            const result = await jupiterService.swapFromSol(outputMint, body.amountLamports.toString(), keypair);
+            // Execute the swap — zero treasury key material immediately after use
+            let result;
+            try {
+                result = await jupiterService.swapFromSol(outputMint, body.amountLamports.toString(), keypair);
+            }
+            finally {
+                keypair.secretKey.fill(0);
+            }
             if (!result.success) {
                 console.error(`[Batch] Swap failed: ${result.error}`);
                 return res.status(500).json({
@@ -90,7 +102,7 @@ function createBatchRouter(config) {
             console.error('[Batch] Unexpected error:', error);
             return res.status(500).json({
                 success: false,
-                error: error instanceof Error ? error.message : 'Internal server error',
+                error: 'Internal server error',
             });
         }
     });