@odatano/core 0.3.1

package/srv/cardano-tx-service.js

@@ -0,0 +1,646 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const cds_1 = __importDefault(require("@sap/cds"));
+const backend_request_handler_1 = require("./utils/backend-request-handler");
+const errors_1 = require("./utils/errors");
+const validators_1 = require("./utils/validators");
+const tx_build_helper_1 = require("./utils/tx-build-helper");
+const server_1 = require("./server");
+const external_signer_1 = require("./blockchain/signing/external-signer");
+const signing_helper_1 = require("./utils/signing-helper");
+const { SELECT, UPDATE } = cds_1.default.ql;
+const logger = cds_1.default.log('CardanoTxService');
+/**
+ * Check if a signing request has expired and update its status.
+ * @returns true if expired, false otherwise
+ */
+async function checkAndExpireSigningRequest(db, signingRequest, SigningRequests) {
+    if (new Date(signingRequest.expiresAt) < new Date()) {
+        await db.run(UPDATE.entity(SigningRequests).set({ status: 'expired' }).where({ id: signingRequest.id }));
+        signingRequest.status = 'expired';
+        return true;
+    }
+    return false;
+}
+/**
+ * Cardano Transaction Service Implementation
+ * Handles transaction building and submission operations & some additional data queries.
+ */
+module.exports = (srv) => {
+    logger.info('[CardanoTxService] Module loaded - registering handlers');
+    const { TransactionBuilds, TransactionBuildInputs, TransactionBuildOutputs, TransactionSubmissions, TransactionSubmissionErrors, SigningRequests, SignatureVerifications, AddressSigningRequests, AddressTransactionBuilds } = require('#cds-models/CardanoTransactionService');
+    /**
+     * READ handler for TransactionBuilds entity
+     * @param req - The incoming request data
+     * @returns {TransactionBuilds} The transaction builds fitting the request query
+     */
+    srv.on('READ', TransactionBuilds, async (req) => {
+        logger.debug('TransactionBuilds READ handler called');
+        return (0, backend_request_handler_1.handleRequest)(req, (db) => db.run(req.query));
+    });
+    /**
+     * READ handler for TransactionBuildInputs entity
+     * @param req - The incoming request data
+     * @returns {TransactionBuildInputs} The transaction build inputs fitting the request query
+     */
+    srv.on('READ', TransactionBuildInputs, async (req) => {
+        logger.debug('TransactionBuildInputs READ handler called');
+        return (0, backend_request_handler_1.handleRequest)(req, (db) => db.run(req.query));
+    });
+    /**
+     * READ handler for TransactionBuildOutputs entity
+     * @param req - The incoming request data
+     * @returns {TransactionBuildOutputs} The transaction build outputs fitting the request query
+     */
+    srv.on('READ', TransactionBuildOutputs, async (req) => {
+        logger.debug('TransactionBuildOutputs READ handler called');
+        return (0, backend_request_handler_1.handleRequest)(req, (db) => db.run(req.query));
+    });
+    /**
+     * READ handler for TransactionSubmissions entity
+     * @param req - The incoming request data
+     * @returns {TransactionSubmissions} The transaction submissions fitting the request query
+     */
+    srv.on('READ', TransactionSubmissions, async (req) => {
+        logger.debug('TransactionSubmissions READ handler called');
+        return (0, backend_request_handler_1.handleRequest)(req, (db) => db.run(req.query));
+    });
+    /**
+     * READ handler for TransactionSubmissionErrors entity
+     * @param req - The incoming request data
+     * @returns {TransactionSubmissionErrors} The transaction submission errors fitting the request query
+     */
+    srv.on('READ', TransactionSubmissionErrors, async (req) => {
+        logger.debug('TransactionSubmissionErrors READ handler called');
+        return (0, backend_request_handler_1.handleRequest)(req, (db) => db.run(req.query));
+    });
+    /**
+     * Build a simple ADA-only transaction
+     * @param req - CDS request object (with senderAddress, recipientAddress, lovelaceAmount, changeAddress)
+     * @returns {TransactionBuild} Transaction build details
+     */
+    srv.on('BuildSimpleAdaTransaction', async (req) => {
+        const { senderAddress, recipientAddress, lovelaceAmount, outputDatumJson } = req.data;
+        // validate inputs
+        const errors = (0, validators_1.validateTransactionInputs)({ senderAddress, recipientAddress, lovelaceAmount }, ['senderAddress', 'recipientAddress', 'lovelaceAmount']);
+        (0, errors_1.throwIfValidationErrors)(req, 'BuildSimpleAdaTransaction', errors);
+        // parse optional output datum
+        const cleanData = { ...req.data };
+        if (outputDatumJson) {
+            try {
+                cleanData.outputDatum = JSON.parse(outputDatumJson);
+            }
+            catch {
+                return req.reject(400, 'Invalid outputDatumJson: must be valid JSON');
+            }
+        }
+        // handle the request / building the transaction / indexing the build result / returning build details
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            logger.info({ senderAddress, recipientAddress, lovelaceAmount, hasDatum: !!outputDatumJson }, 'Building simple ADA transaction');
+            return await (0, server_1.getCardanoIndexer)().indexSimpleBuildResult(db, cleanData);
+        });
+    });
+    /**
+     * Build a transaction with metadata
+     * @param req - CDS request object (with senderAddress, recipientAddress, lovelaceAmount, metadataJson, changeAddress)
+     * @returns {TransactionBuild} Transaction build details
+     */
+    srv.on('BuildTransactionWithMetadata', async (req) => {
+        const { senderAddress, recipientAddress, lovelaceAmount, metadataJson } = req.data;
+        // validate inputs (includes JSON parsing validation)
+        const errors = (0, validators_1.validateTransactionInputs)({ senderAddress, recipientAddress, lovelaceAmount, metadataJson }, ['senderAddress', 'recipientAddress', 'lovelaceAmount', 'metadataJson']);
+        (0, errors_1.throwIfValidationErrors)(req, 'BuildTransactionWithMetadata', errors);
+        // Parse metadataJson (already validated as valid JSON)
+        const parsedMetadata = JSON.parse(metadataJson);
+        // handle the request / building the transaction / indexing the build result / returning build details
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            logger.info({ senderAddress, recipientAddress, lovelaceAmount, metadataJson: parsedMetadata }, 'Building transaction with metadata');
+            return await (0, server_1.getCardanoIndexer)().indexMetadataBuildResult(db, { ...req.data, metadataJson: parsedMetadata });
+        });
+    });
+    /**
+     * Build a multi-asset transaction
+     * @param req - CDS request object (with senderAddress, recipientAddress, lovelaceAmount, assetsJson, changeAddress)
+     * @returns {TransactionBuild} Transaction build details
+     */
+    srv.on('BuildMultiAssetTransaction', async (req) => {
+        const { senderAddress, recipientAddress, lovelaceAmount, assetsJson } = req.data;
+        // validate inputs (includes JSON parsing validation)
+        const errors = (0, validators_1.validateTransactionInputs)({ senderAddress, recipientAddress, lovelaceAmount, assetsJson }, ['senderAddress', 'recipientAddress', 'lovelaceAmount', 'assetsJson']);
+        (0, errors_1.throwIfValidationErrors)(req, 'BuildMultiAssetTransaction', errors);
+        // Parse assetsJson (already validated as valid JSON by validateTransactionInputs)
+        const parsedAssets = JSON.parse(assetsJson);
+        if (!Array.isArray(parsedAssets)) {
+            (0, errors_1.rejectInvalid)(req, 'BuildMultiAssetTransaction', 'assetsJson must be a JSON array', 'assetsJson');
+        }
+        // handle the request / building the transaction / indexing the build result / returning build details
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            logger.info({ senderAddress, recipientAddress, lovelaceAmount, assets: parsedAssets }, 'Building multi-asset transaction');
+            // Create clean request object with parsed assets (remove assetsJson, add assets)
+            const cleanData = { ...req.data };
+            delete cleanData.assetsJson;
+            const result = await (0, server_1.getCardanoIndexer)().indexMultiAssetBuildResult(db, { ...cleanData, assets: parsedAssets });
+            logger.info({ result }, 'Multi-asset transaction build result');
+            return result;
+        });
+    });
+    /**
+     * Build a minting transaction
+     * @param req - CDS request object (with senderAddress, recipientAddress, lovelaceAmount, mintActionsJson, mintingPolicyScript, changeAddress)
+     * @returns {TransactionBuild} Transaction build details
+     */
+    srv.on('BuildMintTransaction', async (req) => {
+        const { senderAddress, recipientAddress, lovelaceAmount, mintActionsJson, mintingPolicyScript } = req.data;
+        // validate inputs (includes JSON and CBOR validation)
+        const errors = (0, validators_1.validateTransactionInputs)({ senderAddress, recipientAddress, mintActionsJson, mintingPolicyScript }, ['senderAddress', 'recipientAddress', 'mintActionsJson', 'mintingPolicyScript']);
+        (0, errors_1.throwIfValidationErrors)(req, 'BuildMintTransaction', errors);
+        // Parse mintActionsJson and convert quantity strings to bigint
+        const parsedMintActionsRaw = JSON.parse(mintActionsJson);
+        if (!Array.isArray(parsedMintActionsRaw)) {
+            (0, errors_1.rejectInvalid)(req, 'BuildMintTransaction', 'mintActionsJson must be a JSON array', 'mintActionsJson');
+        }
+        const parsedMintActions = parsedMintActionsRaw.map((action) => ({
+            ...action,
+            quantity: BigInt(action.quantity)
+        }));
+        // handle the request / building the transaction / indexing the build result / returning build details
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            logger.info({ senderAddress, recipientAddress, lovelaceAmount, mintActions: parsedMintActions }, 'Building minting transaction');
+            // Create clean request object with parsed mintActions (remove mintActionsJson, add mintActions)
+            const cleanData = { ...req.data };
+            delete cleanData.mintActionsJson;
+            return await (0, server_1.getCardanoIndexer)().indexMintBuildResult(db, {
+                ...cleanData,
+                mintActions: parsedMintActions,
+                mintingPolicyScript
+            });
+        });
+    });
+    /**
+     * Build a Plutus spending transaction (consume UTxO at script address)
+     * @param req - CDS request object (with senderAddress, recipientAddress, lovelaceAmount, validatorScript, scriptTxHash, scriptOutputIndex, redeemerJson, datumJson, changeAddress)
+     * @returns {TransactionBuild} Transaction build details
+     */
+    srv.on('BuildPlutusSpendTransaction', async (req) => {
+        const { senderAddress, recipientAddress, lovelaceAmount, validatorScript, scriptTxHash, scriptOutputIndex, redeemerJson, datumJson } = req.data;
+        // Validate inputs
+        const errors = (0, validators_1.validateTransactionInputs)({ senderAddress, recipientAddress, validatorScript, scriptTxHash, scriptOutputIndex, redeemerJson }, ['senderAddress', 'recipientAddress', 'validatorScript', 'scriptTxHash', 'redeemerJson']);
+        (0, errors_1.throwIfValidationErrors)(req, 'BuildPlutusSpendTransaction', errors);
+        // Validate scriptOutputIndex separately (it's a number, not caught by required-fields check for empty string)
+        if (scriptOutputIndex === undefined || scriptOutputIndex === null) {
+            (0, errors_1.rejectMissing)(req, 'BuildPlutusSpendTransaction', 'scriptOutputIndex');
+        }
+        // Parse redeemer JSON
+        const parsedRedeemer = JSON.parse(redeemerJson);
+        // Parse optional datum JSON
+        const parsedDatum = datumJson ? JSON.parse(datumJson) : undefined;
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            logger.info({ senderAddress, recipientAddress, lovelaceAmount, scriptTxHash, scriptOutputIndex }, 'Building Plutus spending transaction');
+            const cleanData = {
+                ...req.data,
+                plutusScriptExecution: {
+                    validatorScript,
+                    scriptUtxo: {
+                        txHash: scriptTxHash,
+                        outputIndex: scriptOutputIndex,
+                    },
+                    redeemer: parsedRedeemer,
+                    datum: parsedDatum,
+                }
+            };
+            return await (0, server_1.getCardanoIndexer)().indexPlutusSpendBuildResult(db, cleanData);
+        });
+    });
+    /**
+     * Get build details for previously built transaction
+     * @param req - CDS request object (with buildId)
+     * @returns {TransactionBuild} Transaction build details
+     */
+    srv.on('GetBuildDetails', async (req) => {
+        const { buildId } = req.data;
+        // Validate inputs
+        const errors = (0, validators_1.validateTransactionInputs)({ buildId }, ['buildId']);
+        (0, errors_1.throwIfValidationErrors)(req, 'GetBuildDetails', errors);
+        // handle the request / fetching the build details
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            const existing = await db.run(SELECT.one.from(TransactionBuilds).where({ id: buildId }));
+            if (!existing)
+                (0, errors_1.rejectInvalid)(req, 'GetBuildDetails', 'Build not found', 'buildId');
+            return existing;
+        });
+    });
+    /**
+     * Set up a collateral UTxO for Plutus transactions.
+     * Checks if the address already has >= 2 UTxOs with >= 5 ADA each.
+     * If not, builds a self-send transaction to create a 5 ADA collateral UTxO.
+     * @param req - CDS request object (with address)
+     * @returns {TransactionBuild} Transaction build details for the collateral setup
+     */
+    srv.on('SetCollateral', async (req) => {
+        const { address } = req.data;
+        if (!address || !(0, validators_1.isValidBech32Address)(address)) {
+            return req.reject(400, 'SetCollateral: Invalid or missing Bech32 address');
+        }
+        const COLLATERAL_LOVELACE = 5000000n;
+        const FEE_BUFFER_LOVELACE = 1000000n;
+        // Fetch UTxOs and validate before entering handleRequest (req.reject inside handleRequest gets wrapped as 500)
+        const utxos = await (0, server_1.getCardanoClient)().getAddressUtxos(address);
+        if (utxos.length === 0) {
+            return req.reject(400, 'SetCollateral: No UTxOs found at address');
+        }
+        const qualifyingUtxos = utxos.filter(u => (0, tx_build_helper_1.getLovelace)(u) >= COLLATERAL_LOVELACE);
+        if (qualifyingUtxos.length >= 2) {
+            return req.reject(409, `SetCollateral: Collateral already available — found ${qualifyingUtxos.length} UTxOs with >= 5 ADA`);
+        }
+        const totalLovelace = utxos.reduce((sum, u) => sum + (0, tx_build_helper_1.getLovelace)(u), 0n);
+        if (totalLovelace < COLLATERAL_LOVELACE + FEE_BUFFER_LOVELACE) {
+            return req.reject(400, `SetCollateral: Insufficient funds — need at least ${Number(COLLATERAL_LOVELACE + FEE_BUFFER_LOVELACE) / 1_000_000} ADA, have ${Number(totalLovelace) / 1_000_000} ADA`);
+        }
+        // Build self-send transaction: address → address, 5 ADA
+        logger.info({ address, existingQualifying: qualifyingUtxos.length }, 'Building collateral setup transaction');
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            return await (0, server_1.getCardanoIndexer)().indexSimpleBuildResult(db, {
+                network: (0, server_1.getCardanoClient)().network,
+                senderAddress: address,
+                recipientAddress: address,
+                lovelaceAmount: Number(COLLATERAL_LOVELACE),
+                changeAddress: address,
+            });
+        });
+    });
+    /**
+     * Submit signed transaction built previously
+     * Handler validates, checks build exists, submits to blockchain, delegates persistence to indexer
+     * @param req - CDS request object (with buildId, signedTxCbor)
+     * @returns {TransactionSubmission} Transaction submission details
+     */
+    srv.on('SubmitTransaction', async (req) => {
+        logger.debug('SubmitTransaction Action handler called');
+        const { buildId, signedTxCbor } = req.data;
+        // Validate inputs (includes CBOR format validation)
+        const errors = (0, validators_1.validateTransactionInputs)({ buildId, signedTxCbor }, ['buildId', 'signedTxCbor']);
+        (0, errors_1.throwIfValidationErrors)(req, 'SubmitTransaction', errors);
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            logger.debug({ buildId }, 'Submitting signed transaction');
+            // Validate build exists
+            const existing = await db.run(SELECT.one.from(TransactionBuilds).where({ id: buildId }));
+            if (!existing)
+                (0, errors_1.rejectInvalid)(req, 'SubmitTransaction', 'Build not found', 'buildId');
+            // Use txBodyHash from build
+            const txHash = existing.txBodyHash;
+            // Two-phase submit: persist with 'pending', then submit to blockchain
+            const submissionRecord = await (0, server_1.getCardanoIndexer)().persistTransactionSubmission(db, {
+                signedTxCbor,
+                txHash,
+                buildId,
+            });
+            try {
+                await (0, server_1.getCardanoClient)().submitTransaction(signedTxCbor);
+                logger.info({ txHash }, 'Transaction submitted to blockchain');
+                await (0, server_1.getCardanoIndexer)().updateSubmissionStatus(db, submissionRecord.id, 'submitted');
+                submissionRecord.status = 'submitted';
+            }
+            catch (err) {
+                logger.error({ txHash, error: err.message }, 'Transaction submission failed');
+                await (0, server_1.getCardanoIndexer)().updateSubmissionStatus(db, submissionRecord.id, 'failed', err.message);
+                throw err;
+            }
+            return submissionRecord;
+        });
+    });
+    /**
+     * Submit signed transaction without prior build
+     * Handler validates, submits to blockchain, delegates persistence to indexer
+     * Two-phase: persist with 'pending' first, then update to 'submitted' or 'failed'
+     * @param req - CDS request object (with signedTxCbor, network)
+     * @returns {TransactionSubmission} Transaction submission details
+     */
+    srv.on('SubmitSignedTransaction', async (req) => {
+        logger.info('SubmitSignedTransaction Action handler called');
+        const { signedTxCbor } = req.data;
+        // Validate inputs (includes CBOR format validation)
+        const errors = (0, validators_1.validateTransactionInputs)({ signedTxCbor }, ['signedTxCbor']);
+        (0, errors_1.throwIfValidationErrors)(req, 'SubmitSignedTransaction', errors);
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            // Extract txHash from signed CBOR
+            const txHash = (0, tx_build_helper_1.getTxHashFromCbor)(signedTxCbor);
+            // Two-phase submit: persist with 'pending', then submit to blockchain
+            const submissionRecord = await (0, server_1.getCardanoIndexer)().persistTransactionSubmission(db, {
+                signedTxCbor,
+                txHash,
+                buildId: null,
+            });
+            try {
+                await (0, server_1.getCardanoClient)().submitTransaction(signedTxCbor);
+                logger.info({ txHash }, 'External transaction submitted');
+                await (0, server_1.getCardanoIndexer)().updateSubmissionStatus(db, submissionRecord.id, 'submitted');
+                submissionRecord.status = 'submitted';
+            }
+            catch (err) {
+                logger.error({ txHash, error: err.message }, 'External transaction submission failed');
+                await (0, server_1.getCardanoIndexer)().updateSubmissionStatus(db, submissionRecord.id, 'failed', err.message);
+                throw err;
+            }
+            return submissionRecord;
+        });
+    });
+    /**
+     * Check submission status (bound action on TransactionSubmissions)
+     * @flow.status validates @from: [#submitted] automatically (409 if wrong state)
+     * Queries blockchain for transaction confirmation and updates status accordingly
+     * @param req - CDS request with entity key in params
+     * @returns {TransactionSubmission} The updated transaction submission status
+     */
+    srv.on('CheckSubmissionStatus', async (req) => {
+        logger.debug('CheckSubmissionStatus Action handler called');
+        const { id: submissionId } = req.params[0];
+        // @from: [#submitted] validated by framework — no manual status check needed
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            const submission = await db.run(SELECT.one.from(TransactionSubmissions).where({ id: submissionId }));
+            if (!submission)
+                (0, errors_1.rejectInvalid)(req, 'CheckSubmissionStatus', 'Submission not found', 'submissionId');
+            // Query blockchain for confirmation
+            try {
+                const txDetails = await (0, server_1.getCardanoClient)().getTransaction(submission.txHash);
+                if (txDetails) {
+                    await db.run(UPDATE.entity(TransactionSubmissions)
+                        .set({ status: 'confirmed' })
+                        .where({ id: submissionId }));
+                    submission.status = 'confirmed';
+                    logger.info({ submissionId, txHash: submission.txHash }, 'Transaction confirmed on chain');
+                }
+            }
+            catch {
+                // Transaction not yet confirmed on chain — status stays 'submitted'
+                logger.debug({ submissionId, txHash: submission.txHash }, 'Transaction not yet confirmed on chain');
+            }
+            return submission;
+        });
+    });
+    // ---------------------------------------------------------------------------
+    // M3 - External Signing Workflow Actions
+    // ---------------------------------------------------------------------------
+    /**
+     * before-READ handler for SigningRequests: lazy expiration check
+     * Updates status to 'expired' if expiresAt has passed (for pending requests)
+     */
+    srv.before('READ', SigningRequests, async (req) => {
+        // Expiration check runs on single-entity reads (where ID is provided)
+        if (req.params && req.params.length > 0) {
+            const { id } = req.params[0];
+            if (id) {
+                const db = await cds_1.default.connect.to('db');
+                const signingRequest = await db.run(SELECT.one.from(SigningRequests).where({ id }));
+                if (signingRequest && signingRequest.status === 'pending') {
+                    await checkAndExpireSigningRequest(db, signingRequest, SigningRequests);
+                }
+            }
+        }
+    });
+    /**
+     * READ handler for SigningRequests entity
+     * @param req - The incoming request data
+     * @returns {SigningRequest} The signing requests fitting the request query
+     */
+    srv.on('READ', SigningRequests, async (req) => {
+        logger.debug('SigningRequests READ handler called');
+        return (0, backend_request_handler_1.handleRequest)(req, (db) => db.run(req.query));
+    });
+    /**
+     * READ handler for SignatureVerifications entity
+     * @param req - The incoming request data
+     * @returns {SignatureVerification} The signature verifications fitting the request query
+     */
+    srv.on('READ', SignatureVerifications, async (req) => {
+        logger.debug('SignatureVerifications READ handler called');
+        return (0, backend_request_handler_1.handleRequest)(req, (db) => db.run(req.query));
+    });
+    /**
+     * READ handler for AddressSigningRequests entity
+     * @param req - The incoming request data
+     * @returns {AddressSigningRequest} The address signing requests fitting the request query
+     */
+    srv.on('READ', AddressSigningRequests, async (req) => {
+        logger.debug('AddressSigningRequests READ handler called');
+        return (0, backend_request_handler_1.handleRequest)(req, (db) => db.run(req.query));
+    });
+    /**
+     * READ handler for AddressTransactionBuilds entity
+     * @param req - The incoming request data
+     * @returns {AddressTransactionBuild} The address transaction builds fitting the request query
+     */
+    srv.on('READ', AddressTransactionBuilds, async (req) => {
+        logger.debug('AddressTransactionBuilds READ handler called');
+        return (0, backend_request_handler_1.handleRequest)(req, (db) => db.run(req.query));
+    });
+    /**
+     * Create a new signing request for external signing
+     * Persists the request for audit trail and workflow tracking
+     * @param req - CDS request object (with buildId)
+     * @returns {SigningRequest} Signing request entity
+     */
+    srv.on('CreateSigningRequest', async (req) => {
+        logger.debug('CreateSigningRequest Action handler called');
+        const { buildId, message } = req.data;
+        // Validate inputs
+        const errors = (0, validators_1.validateTransactionInputs)({ buildId }, ['buildId']);
+        (0, errors_1.throwIfValidationErrors)(req, 'CreateSigningRequest', errors);
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            // Fetch the build
+            const build = await db.run(SELECT.one.from(TransactionBuilds).where({ id: buildId }));
+            if (!build)
+                (0, errors_1.rejectInvalid)(req, 'CreateSigningRequest', 'Build not found', 'buildId');
+            // Check if signing request already exists for this build
+            const existingRequest = await db.run(SELECT.one.from(SigningRequests).where({ build_id: buildId, status: 'pending' }));
+            if (existingRequest) {
+                logger.info({ buildId, signingRequestId: existingRequest.id }, 'Returning existing signing request');
+                return existingRequest;
+            }
+            // Create signing request using external signer module
+            const signerModule = (0, external_signer_1.getExternalSignerModule)();
+            const signingPayload = signerModule.createSigningRequest(build.id, build.unsignedTxCbor, build.txBodyHash, build.network, message);
+            // Delegate persistence to indexer
+            const signingRequestRecord = await (0, server_1.getCardanoIndexer)().persistSigningRequest(db, {
+                buildId,
+                signingPayload,
+            });
+            logger.info({ buildId, signingRequestId: signingRequestRecord.id }, 'Created signing request');
+            return signingRequestRecord;
+        });
+    });
+    /**
+     * Get an existing signing request by ID
+     * @param req - CDS request object (with signingRequestId)
+     * @returns {SigningRequest} signing request entity
+     */
+    srv.on('GetSigningRequest', async (req) => {
+        logger.debug('GetSigningRequest Action handler called');
+        const { signingRequestId } = req.data;
+        // Validate inputs
+        const errors = (0, validators_1.validateTransactionInputs)({ signingRequestId }, ['signingRequestId']);
+        (0, errors_1.throwIfValidationErrors)(req, 'GetSigningRequest', errors);
+        // Fetch the signing request within transaction context
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            const signingRequest = await db.run(SELECT.one.from(SigningRequests).where({ id: signingRequestId }));
+            if (!signingRequest)
+                (0, errors_1.rejectInvalid)(req, 'GetSigningRequest', 'Signing request not found', 'signingRequestId');
+            // Check if expired and update status if needed
+            if (signingRequest.status === 'pending') {
+                await checkAndExpireSigningRequest(db, signingRequest, SigningRequests);
+            }
+            return signingRequest;
+        });
+    });
+    /**
+     * Verify signature of a signed transaction (bound action on SigningRequests)
+     * @flow.status validates @from: [#pending] automatically (409 if wrong state)
+     * @param req - CDS request with entity key in params, action data in data
+     * @returns {SignatureVerification} Persisted signature verification entity
+     */
+    srv.on('VerifySignature', async (req) => {
+        logger.debug('VerifySignature Action handler called');
+        const { id: signingRequestId } = req.params[0];
+        const { signedTxCbor, signerType, signerInfo } = req.data;
+        // Validate inputs (signingRequestId no longer needed — comes from URL)
+        const errors = (0, validators_1.validateTransactionInputs)({ signedTxCbor }, ['signedTxCbor']);
+        (0, errors_1.throwIfValidationErrors)(req, 'VerifySignature', errors);
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            // Fetch the signing request (@from already validated by framework)
+            const signingRequest = await db.run(SELECT.one.from(SigningRequests).where({ id: signingRequestId }));
+            if (!signingRequest)
+                (0, errors_1.rejectInvalid)(req, 'VerifySignature', 'Signing request not found', 'signingRequestId');
+            // Check if expired (time-based, not covered by @flow.status)
+            if (await checkAndExpireSigningRequest(db, signingRequest, SigningRequests)) {
+                (0, errors_1.rejectInvalid)(req, 'VerifySignature', 'Signing request has expired', 'signingRequestId');
+            }
+            // Verify the signature
+            const signerModule = (0, external_signer_1.getExternalSignerModule)();
+            const result = signerModule.verifySignedTransaction(signedTxCbor, signingRequest.txBodyHash);
+            // Delegate persistence to indexer
+            const verificationRecord = await (0, server_1.getCardanoIndexer)().persistSignatureVerification(db, {
+                signingRequestId,
+                signedTxCbor,
+                verificationResult: result,
+                signerType,
+                signerInfo,
+            });
+            logger.info({
+                signingRequestId,
+                verificationId: verificationRecord.id,
+                isValid: result.isValid,
+                witnessCount: result.witnessCount,
+            }, 'Signature verification completed');
+            return verificationRecord;
+        });
+    });
+    /**
+     * Verify and submit a signed transaction in one step (bound action on SigningRequests)
+     * @flow.status validates @from: [#pending, #verified] and sets @to: #submitted automatically
+     * @param req - CDS request with entity key in params, action data in data
+     * @returns {TransactionSubmission} Transaction submission details
+     */
+    srv.on('SubmitVerifiedTransaction', async (req) => {
+        logger.debug('SubmitVerifiedTransaction Action handler called');
+        const { id: signingRequestId } = req.params[0];
+        const { signedTxCbor, signerType, signerInfo } = req.data;
+        // Validate inputs (signingRequestId no longer needed — comes from URL)
+        const errors = (0, validators_1.validateTransactionInputs)({ signedTxCbor }, ['signedTxCbor']);
+        (0, errors_1.throwIfValidationErrors)(req, 'SubmitVerifiedTransaction', errors);
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            // Fetch the signing request (@from already validated by framework)
+            const signingRequest = await db.run(SELECT.one.from(SigningRequests).where({ id: signingRequestId }));
+            if (!signingRequest)
+                (0, errors_1.rejectInvalid)(req, 'SubmitVerifiedTransaction', 'Signing request not found', 'signingRequestId');
+            // Check if expired (time-based, not covered by @flow.status)
+            if (await checkAndExpireSigningRequest(db, signingRequest, SigningRequests)) {
+                (0, errors_1.rejectInvalid)(req, 'SubmitVerifiedTransaction', 'Signing request has expired', 'signingRequestId');
+            }
+            // STATUS CHECKS REMOVED — @flow.status handles @from: [#pending, #verified]
+            // Previously: manual checks for 'submitted', 'expired', 'failed' states
+            // Check if build association exists
+            if (!signingRequest.build_id) {
+                (0, errors_1.rejectInvalid)(req, 'SubmitVerifiedTransaction', 'Signing request has no associated build', 'signingRequestId');
+            }
+            // Detect if signedTxCbor is a witness set (CIP-30) or a full signed transaction (cardano-cli)
+            let fullSignedTxCbor;
+            if ((0, signing_helper_1.isWitnessSetCbor)(signedTxCbor)) {
+                // CIP-30 wallet returns only witness set - combine with unsigned tx
+                fullSignedTxCbor = (0, signing_helper_1.combineTransactionWithWitnesses)(signingRequest.unsignedTxCbor, signedTxCbor);
+                logger.debug({ signingRequestId }, 'Combined witness set with unsigned transaction');
+            }
+            else {
+                // Full signed transaction provided (e.g., from cardano-cli)
+                fullSignedTxCbor = signedTxCbor;
+                logger.debug({ signingRequestId }, 'Using full signed transaction directly');
+            }
+            // Verify signature (throws on failure)
+            const signerModule = (0, external_signer_1.getExternalSignerModule)();
+            const verificationResult = signerModule.verifyOrThrow(fullSignedTxCbor, signingRequest.txBodyHash);
+            logger.info({
+                signingRequestId,
+                witnessCount: verificationResult.witnessCount,
+                signers: verificationResult.signerKeyHashes,
+            }, 'Signature verified, proceeding with submission');
+            // Submit to blockchain
+            const txHash = signingRequest.txBodyHash;
+            await (0, server_1.getCardanoClient)().submitTransaction(fullSignedTxCbor);
+            logger.info({ txHash }, 'Verified transaction submitted to blockchain');
+            // Delegate all persistence to indexer
+            const submissionRecord = await (0, server_1.getCardanoIndexer)().indexVerifiedTransactionSubmission(db, {
+                signingRequestId,
+                buildId: signingRequest.build_id,
+                fullSignedTxCbor,
+                txHash,
+                verificationResult,
+                signerType,
+                signerInfo,
+            });
+            logger.info({
+                signingRequestId,
+                submissionId: submissionRecord.id,
+                txHash,
+            }, 'Transaction submitted and all records updated');
+            return submissionRecord;
+        });
+    });
+    /**
+     * Get all existing signing requests by address
+     * @param req - CDS request object (with address)
+     * @returns {AddressSigningRequests} Address signing request associations
+     */
+    srv.on('GetSigningRequestsByAddress', async (req) => {
+        logger.debug('GetSigningRequestsByAddress Action handler called');
+        const { address } = req.data;
+        // Validate input before business logic
+        if (!address)
+            (0, errors_1.rejectMissing)(req, 'GetSigningRequestsByAddress', 'address');
+        if (!(0, validators_1.isValidBech32Address)(address))
+            (0, errors_1.rejectInvalid)(req, 'GetSigningRequestsByAddress', 'Invalid bech32 address format', 'address');
+        // Fetch the address-signing request associations
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            return db.run(SELECT.from(AddressSigningRequests).where({ address_address: address }));
+        });
+    });
+    /**
+     * Get all existing transaction builds by address
+     * @param req - CDS request object (with address)
+     * @returns {AddressTransactionBuilds} Address transaction build associations
+     */
+    srv.on('GetTransactionBuildsByAddress', async (req) => {
+        logger.debug('GetTransactionBuildsByAddress Action handler called');
+        const { address } = req.data;
+        // Validate inputs
+        if (!address)
+            (0, errors_1.rejectMissing)(req, 'GetTransactionBuildsByAddress', 'address');
+        if (!(0, validators_1.isValidBech32Address)(address))
+            (0, errors_1.rejectInvalid)(req, 'GetTransactionBuildsByAddress', 'Invalid bech32 address format', 'address');
+        // Fetch the address-build associations
+        return (0, backend_request_handler_1.handleRequest)(req, async (db) => {
+            return db.run(SELECT.from(AddressTransactionBuilds).where({ address_address: address }));
+        });
+    });
+};
+//# sourceMappingURL=cardano-tx-service.js.map