@pafi-dev/core 0.7.6 → 0.7.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. package/dist/abi/index.cjs +4 -2
  2. package/dist/abi/index.cjs.map +1 -1
  3. package/dist/abi/index.js +4 -2
  4. package/dist/auth/index.cjs +6 -2
  5. package/dist/auth/index.cjs.map +1 -1
  6. package/dist/auth/index.d.cts +21 -9
  7. package/dist/auth/index.d.ts +21 -9
  8. package/dist/auth/index.js +5 -1
  9. package/dist/{chunk-6UX2IFA2.js → chunk-4EGXLYMM.js} +20 -2
  10. package/dist/chunk-4EGXLYMM.js.map +1 -0
  11. package/dist/{chunk-M5ULOZ3A.cjs → chunk-4QRHSZZQ.cjs} +55 -3
  12. package/dist/chunk-4QRHSZZQ.cjs.map +1 -0
  13. package/dist/chunk-6WWSKC3Z.cjs +1097 -0
  14. package/dist/chunk-6WWSKC3Z.cjs.map +1 -0
  15. package/dist/{chunk-5254AG3Z.cjs → chunk-75JWR5SA.cjs} +21 -3
  16. package/dist/chunk-75JWR5SA.cjs.map +1 -0
  17. package/dist/{chunk-YDLMVWDH.js → chunk-AEYEFV5G.js} +5 -3
  18. package/dist/{chunk-YDLMVWDH.js.map → chunk-AEYEFV5G.js.map} +1 -1
  19. package/dist/{chunk-5JZOJIBT.js → chunk-B2NDSIAI.js} +1 -1095
  20. package/dist/chunk-B2NDSIAI.js.map +1 -0
  21. package/dist/chunk-JEWSN7Q3.cjs +1059 -0
  22. package/dist/chunk-JEWSN7Q3.cjs.map +1 -0
  23. package/dist/{chunk-WJSIB5GF.js → chunk-QL5COJQI.js} +53 -1
  24. package/dist/chunk-QL5COJQI.js.map +1 -0
  25. package/dist/{chunk-CLPRSQT2.cjs → chunk-REUEMYWB.cjs} +14 -12
  26. package/dist/chunk-REUEMYWB.cjs.map +1 -0
  27. package/dist/chunk-SZMSKZHY.js +1097 -0
  28. package/dist/chunk-SZMSKZHY.js.map +1 -0
  29. package/dist/contract/index.cjs +4 -3
  30. package/dist/contract/index.cjs.map +1 -1
  31. package/dist/contract/index.d.cts +1 -1
  32. package/dist/contract/index.d.ts +1 -1
  33. package/dist/contract/index.js +3 -2
  34. package/dist/eip712/index.cjs +7 -2
  35. package/dist/eip712/index.cjs.map +1 -1
  36. package/dist/eip712/index.d.cts +39 -4
  37. package/dist/eip712/index.d.ts +39 -4
  38. package/dist/eip712/index.js +6 -1
  39. package/dist/index.cjs +98 -32
  40. package/dist/index.cjs.map +1 -1
  41. package/dist/index.d.cts +78 -31
  42. package/dist/index.d.ts +78 -31
  43. package/dist/index.js +87 -21
  44. package/dist/index.js.map +1 -1
  45. package/dist/types-CCvAk-ma.d.cts +159 -0
  46. package/dist/types-CCvAk-ma.d.ts +159 -0
  47. package/package.json +1 -1
  48. package/dist/chunk-5254AG3Z.cjs.map +0 -1
  49. package/dist/chunk-5JZOJIBT.js.map +0 -1
  50. package/dist/chunk-6UX2IFA2.js.map +0 -1
  51. package/dist/chunk-CLPRSQT2.cjs.map +0 -1
  52. package/dist/chunk-LRHY7GOR.cjs +0 -2153
  53. package/dist/chunk-LRHY7GOR.cjs.map +0 -1
  54. package/dist/chunk-M5ULOZ3A.cjs.map +0 -1
  55. package/dist/chunk-WJSIB5GF.js.map +0 -1
  56. package/dist/types-BAkmxgVo.d.cts +0 -99
  57. package/dist/types-BAkmxgVo.d.ts +0 -99
@@ -8,8 +8,10 @@ var _chunkQ6WCDZXIcjs = require('../chunk-Q6WCDZXI.cjs');
8
8
 
9
9
 
10
10
 
11
+ var _chunkJEWSN7Q3cjs = require('../chunk-JEWSN7Q3.cjs');
11
12
 
12
- var _chunkLRHY7GORcjs = require('../chunk-LRHY7GOR.cjs');
13
+
14
+ var _chunk6WWSKC3Zcjs = require('../chunk-6WWSKC3Z.cjs');
13
15
  require('../chunk-JEQ2X3Z6.cjs');
14
16
 
15
17
 
@@ -20,5 +22,5 @@ require('../chunk-JEQ2X3Z6.cjs');
20
22
 
21
23
 
22
24
 
23
- exports.erc20Abi = _chunkQ6WCDZXIcjs.erc20Abi; exports.issuerRegistryAbi = _chunkLRHY7GORcjs.issuerRegistryAbi; exports.mintingOracleAbi = _chunkLRHY7GORcjs.mintingOracleAbi; exports.permit2Abi = _chunkQ6WCDZXIcjs.permit2Abi; exports.pointTokenAbi = _chunkLRHY7GORcjs.pointTokenAbi; exports.pointTokenFactoryAbi = _chunkQ6WCDZXIcjs.pointTokenFactoryAbi; exports.universalRouterAbi = _chunkQ6WCDZXIcjs.universalRouterAbi; exports.v4QuoterAbi = _chunkQ6WCDZXIcjs.v4QuoterAbi;
25
+ exports.erc20Abi = _chunkQ6WCDZXIcjs.erc20Abi; exports.issuerRegistryAbi = _chunkJEWSN7Q3cjs.issuerRegistryAbi; exports.mintingOracleAbi = _chunkJEWSN7Q3cjs.mintingOracleAbi; exports.permit2Abi = _chunkQ6WCDZXIcjs.permit2Abi; exports.pointTokenAbi = _chunk6WWSKC3Zcjs.pointTokenAbi; exports.pointTokenFactoryAbi = _chunkQ6WCDZXIcjs.pointTokenFactoryAbi; exports.universalRouterAbi = _chunkQ6WCDZXIcjs.universalRouterAbi; exports.v4QuoterAbi = _chunkQ6WCDZXIcjs.v4QuoterAbi;
24
26
  //# sourceMappingURL=index.cjs.map
@@ -1 +1 @@
1
- {"version":3,"sources":["/Users/phitran/Pacific-Finance/pafi-backend/pafi-sdk/packages/core/dist/abi/index.cjs"],"names":[],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACF,yDAA8B;AAC9B;AACE;AACA;AACA;AACF,yDAA8B;AAC9B,iCAA8B;AAC9B;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,ydAAC","file":"/Users/phitran/Pacific-Finance/pafi-backend/pafi-sdk/packages/core/dist/abi/index.cjs"}
1
+ {"version":3,"sources":["/Users/phitran/Pacific-Finance/pafi-backend/pafi-sdk/packages/core/dist/abi/index.cjs"],"names":[],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACF,yDAA8B;AAC9B;AACE;AACA;AACF,yDAA8B;AAC9B;AACE;AACF,yDAA8B;AAC9B,iCAA8B;AAC9B;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,ydAAC","file":"/Users/phitran/Pacific-Finance/pafi-backend/pafi-sdk/packages/core/dist/abi/index.cjs"}
package/dist/abi/index.js CHANGED
@@ -7,9 +7,11 @@ import {
7
7
  } from "../chunk-6CXTFOIH.js";
8
8
  import {
9
9
  issuerRegistryAbi,
10
- mintingOracleAbi,
10
+ mintingOracleAbi
11
+ } from "../chunk-B2NDSIAI.js";
12
+ import {
11
13
  pointTokenAbi
12
- } from "../chunk-5JZOJIBT.js";
14
+ } from "../chunk-SZMSKZHY.js";
13
15
  import "../chunk-DGUM43GV.js";
14
16
  export {
15
17
  erc20Abi,
@@ -11,7 +11,9 @@
11
11
 
12
12
 
13
13
 
14
- var _chunk5254AG3Zcjs = require('../chunk-5254AG3Z.cjs');
14
+
15
+
16
+ var _chunk75JWR5SAcjs = require('../chunk-75JWR5SA.cjs');
15
17
  require('../chunk-JEQ2X3Z6.cjs');
16
18
 
17
19
 
@@ -26,5 +28,7 @@ require('../chunk-JEQ2X3Z6.cjs');
26
28
 
27
29
 
28
30
 
29
- exports.SPONSOR_AUTH_DOMAIN_NAME = _chunk5254AG3Zcjs.SPONSOR_AUTH_DOMAIN_NAME; exports.SPONSOR_AUTH_TYPES = _chunk5254AG3Zcjs.SPONSOR_AUTH_TYPES; exports.buildAndSignSponsorAuth = _chunk5254AG3Zcjs.buildAndSignSponsorAuth; exports.buildSponsorAuthDomain = _chunk5254AG3Zcjs.buildSponsorAuthDomain; exports.buildSponsorAuthTypedData = _chunk5254AG3Zcjs.buildSponsorAuthTypedData; exports.computeCallDataHash = _chunk5254AG3Zcjs.computeCallDataHash; exports.createLoginMessage = _chunk5254AG3Zcjs.createLoginMessage; exports.generateSponsorAuthNonce = _chunk5254AG3Zcjs.generateSponsorAuthNonce; exports.parseLoginMessage = _chunk5254AG3Zcjs.parseLoginMessage; exports.signSponsorAuth = _chunk5254AG3Zcjs.signSponsorAuth; exports.verifyLoginMessage = _chunk5254AG3Zcjs.verifyLoginMessage; exports.verifySponsorAuth = _chunk5254AG3Zcjs.verifySponsorAuth;
31
+
32
+
33
+ exports.SPONSOR_AUTH_DOMAIN_ANCHOR_BASE_MAINNET = _chunk75JWR5SAcjs.SPONSOR_AUTH_DOMAIN_ANCHOR_BASE_MAINNET; exports.SPONSOR_AUTH_DOMAIN_NAME = _chunk75JWR5SAcjs.SPONSOR_AUTH_DOMAIN_NAME; exports.SPONSOR_AUTH_TYPES = _chunk75JWR5SAcjs.SPONSOR_AUTH_TYPES; exports.buildAndSignSponsorAuth = _chunk75JWR5SAcjs.buildAndSignSponsorAuth; exports.buildSponsorAuthDomain = _chunk75JWR5SAcjs.buildSponsorAuthDomain; exports.buildSponsorAuthTypedData = _chunk75JWR5SAcjs.buildSponsorAuthTypedData; exports.computeCallDataHash = _chunk75JWR5SAcjs.computeCallDataHash; exports.createLoginMessage = _chunk75JWR5SAcjs.createLoginMessage; exports.generateSponsorAuthNonce = _chunk75JWR5SAcjs.generateSponsorAuthNonce; exports.getSponsorAuthDomainAnchor = _chunk75JWR5SAcjs.getSponsorAuthDomainAnchor; exports.parseLoginMessage = _chunk75JWR5SAcjs.parseLoginMessage; exports.signSponsorAuth = _chunk75JWR5SAcjs.signSponsorAuth; exports.verifyLoginMessage = _chunk75JWR5SAcjs.verifyLoginMessage; exports.verifySponsorAuth = _chunk75JWR5SAcjs.verifySponsorAuth;
30
34
  //# sourceMappingURL=index.cjs.map
@@ -1 +1 @@
1
- {"version":3,"sources":["/Users/phitran/Pacific-Finance/pafi-backend/pafi-sdk/packages/core/dist/auth/index.cjs"],"names":[],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,yDAA8B;AAC9B,iCAA8B;AAC9B;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,m1BAAC","file":"/Users/phitran/Pacific-Finance/pafi-backend/pafi-sdk/packages/core/dist/auth/index.cjs"}
1
+ {"version":3,"sources":["/Users/phitran/Pacific-Finance/pafi-backend/pafi-sdk/packages/core/dist/auth/index.cjs"],"names":[],"mappings":"AAAA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,yDAA8B;AAC9B,iCAA8B;AAC9B;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,mhCAAC","file":"/Users/phitran/Pacific-Finance/pafi-backend/pafi-sdk/packages/core/dist/auth/index.cjs"}
@@ -58,12 +58,10 @@ declare function parseLoginMessage(message: string): LoginMessageParams;
58
58
  declare function verifyLoginMessage(message: string, signature: Hex): Promise<VerifyLoginResult>;
59
59
 
60
60
  /**
61
- * Generate a high-entropy nonce for SponsorAuth. v0.7.1 replaced
62
- * `Date.now() * 1_000_000 + Math.floor(Math.random() * 1_000_000)` with
63
- * 64 bits from CSPRNG (`crypto.randomBytes` Node, `crypto.getRandomValues`
64
- * browser). Birthday collisions go from ~1180 ops to >2^32 ops at the same
65
- * timestamp — sponsor-relayer's single-use nonce gate stays clean even at
66
- * scale. See SDK_CORE_TRADING_AUDIT.md H5.
61
+ * Generate a high-entropy nonce for SponsorAuth. Uses 64 bits of CSPRNG
62
+ * (`crypto.randomBytes` Node, `crypto.getRandomValues` browser) in the low
63
+ * half plus a millisecond timestamp prefix in the high half — keeps
64
+ * sponsor-relayer's single-use nonce gate clean at scale.
67
65
  */
68
66
  declare function generateSponsorAuthNonce(): bigint;
69
67
  declare const SPONSOR_AUTH_DOMAIN_NAME = "PafiSponsorAuth";
@@ -105,18 +103,32 @@ interface SponsorAuthVerifyResult {
105
103
  recoveredAddress?: Address;
106
104
  reason?: "EXPIRED" | "INVALID_SIGNER" | "INVALID_SIGNATURE_FORMAT";
107
105
  }
106
+ /**
107
+ * Domain anchor for SponsorAuth EIP-712 signatures. The relayer service
108
+ * is off-chain (no on-chain SponsorRelayer contract), so we bind to a
109
+ * stable PAFI-controlled marker registered as `SPONSOR_AUTH_DOMAIN_ANCHOR`
110
+ * in the relayer config. This rules out cross-system replay (a sibling
111
+ * EIP-712 payload with the same field names cannot validate against
112
+ * this domain) and gives wallets a meaningful "verifying contract"
113
+ * preview instead of `0x0`.
114
+ *
115
+ * If you ever deploy an on-chain `SponsorRelayer` contract, switch this
116
+ * to its address.
117
+ */
118
+ declare const SPONSOR_AUTH_DOMAIN_ANCHOR_BASE_MAINNET: Address;
119
+ declare function getSponsorAuthDomainAnchor(chainId: number): Address;
108
120
  declare function buildSponsorAuthDomain(chainId: number): {
109
121
  name: string;
110
122
  version: string;
111
123
  chainId: number;
112
- verifyingContract: Address;
124
+ verifyingContract: `0x${string}`;
113
125
  };
114
126
  declare function buildSponsorAuthTypedData(payload: SponsorAuthPayload): {
115
127
  domain: {
116
128
  name: string;
117
129
  version: string;
118
130
  chainId: number;
119
- verifyingContract: Address;
131
+ verifyingContract: `0x${string}`;
120
132
  };
121
133
  types: {
122
134
  readonly SponsorAuth: readonly [{
@@ -214,4 +226,4 @@ interface BuildSponsorAuthParams {
214
226
  declare function buildAndSignSponsorAuth(params: BuildSponsorAuthParams): Promise<BuiltSponsorAuth>;
215
227
  declare function verifySponsorAuth(payload: SponsorAuthPayload, signature: Hex, expectedSigner: Address): Promise<SponsorAuthVerifyResult>;
216
228
 
217
- export { type BuildSponsorAuthParams, type BuiltSponsorAuth, type LoginMessageParams, SPONSOR_AUTH_DOMAIN_NAME, SPONSOR_AUTH_TYPES, type SponsorAuthPayload, type SponsorAuthVerifyResult, type VerifyLoginResult, buildAndSignSponsorAuth, buildSponsorAuthDomain, buildSponsorAuthTypedData, computeCallDataHash, createLoginMessage, generateSponsorAuthNonce, parseLoginMessage, signSponsorAuth, verifyLoginMessage, verifySponsorAuth };
229
+ export { type BuildSponsorAuthParams, type BuiltSponsorAuth, type LoginMessageParams, SPONSOR_AUTH_DOMAIN_ANCHOR_BASE_MAINNET, SPONSOR_AUTH_DOMAIN_NAME, SPONSOR_AUTH_TYPES, type SponsorAuthPayload, type SponsorAuthVerifyResult, type VerifyLoginResult, buildAndSignSponsorAuth, buildSponsorAuthDomain, buildSponsorAuthTypedData, computeCallDataHash, createLoginMessage, generateSponsorAuthNonce, getSponsorAuthDomainAnchor, parseLoginMessage, signSponsorAuth, verifyLoginMessage, verifySponsorAuth };
@@ -58,12 +58,10 @@ declare function parseLoginMessage(message: string): LoginMessageParams;
58
58
  declare function verifyLoginMessage(message: string, signature: Hex): Promise<VerifyLoginResult>;
59
59
 
60
60
  /**
61
- * Generate a high-entropy nonce for SponsorAuth. v0.7.1 replaced
62
- * `Date.now() * 1_000_000 + Math.floor(Math.random() * 1_000_000)` with
63
- * 64 bits from CSPRNG (`crypto.randomBytes` Node, `crypto.getRandomValues`
64
- * browser). Birthday collisions go from ~1180 ops to >2^32 ops at the same
65
- * timestamp — sponsor-relayer's single-use nonce gate stays clean even at
66
- * scale. See SDK_CORE_TRADING_AUDIT.md H5.
61
+ * Generate a high-entropy nonce for SponsorAuth. Uses 64 bits of CSPRNG
62
+ * (`crypto.randomBytes` Node, `crypto.getRandomValues` browser) in the low
63
+ * half plus a millisecond timestamp prefix in the high half — keeps
64
+ * sponsor-relayer's single-use nonce gate clean at scale.
67
65
  */
68
66
  declare function generateSponsorAuthNonce(): bigint;
69
67
  declare const SPONSOR_AUTH_DOMAIN_NAME = "PafiSponsorAuth";
@@ -105,18 +103,32 @@ interface SponsorAuthVerifyResult {
105
103
  recoveredAddress?: Address;
106
104
  reason?: "EXPIRED" | "INVALID_SIGNER" | "INVALID_SIGNATURE_FORMAT";
107
105
  }
106
+ /**
107
+ * Domain anchor for SponsorAuth EIP-712 signatures. The relayer service
108
+ * is off-chain (no on-chain SponsorRelayer contract), so we bind to a
109
+ * stable PAFI-controlled marker registered as `SPONSOR_AUTH_DOMAIN_ANCHOR`
110
+ * in the relayer config. This rules out cross-system replay (a sibling
111
+ * EIP-712 payload with the same field names cannot validate against
112
+ * this domain) and gives wallets a meaningful "verifying contract"
113
+ * preview instead of `0x0`.
114
+ *
115
+ * If you ever deploy an on-chain `SponsorRelayer` contract, switch this
116
+ * to its address.
117
+ */
118
+ declare const SPONSOR_AUTH_DOMAIN_ANCHOR_BASE_MAINNET: Address;
119
+ declare function getSponsorAuthDomainAnchor(chainId: number): Address;
108
120
  declare function buildSponsorAuthDomain(chainId: number): {
109
121
  name: string;
110
122
  version: string;
111
123
  chainId: number;
112
- verifyingContract: Address;
124
+ verifyingContract: `0x${string}`;
113
125
  };
114
126
  declare function buildSponsorAuthTypedData(payload: SponsorAuthPayload): {
115
127
  domain: {
116
128
  name: string;
117
129
  version: string;
118
130
  chainId: number;
119
- verifyingContract: Address;
131
+ verifyingContract: `0x${string}`;
120
132
  };
121
133
  types: {
122
134
  readonly SponsorAuth: readonly [{
@@ -214,4 +226,4 @@ interface BuildSponsorAuthParams {
214
226
  declare function buildAndSignSponsorAuth(params: BuildSponsorAuthParams): Promise<BuiltSponsorAuth>;
215
227
  declare function verifySponsorAuth(payload: SponsorAuthPayload, signature: Hex, expectedSigner: Address): Promise<SponsorAuthVerifyResult>;
216
228
 
217
- export { type BuildSponsorAuthParams, type BuiltSponsorAuth, type LoginMessageParams, SPONSOR_AUTH_DOMAIN_NAME, SPONSOR_AUTH_TYPES, type SponsorAuthPayload, type SponsorAuthVerifyResult, type VerifyLoginResult, buildAndSignSponsorAuth, buildSponsorAuthDomain, buildSponsorAuthTypedData, computeCallDataHash, createLoginMessage, generateSponsorAuthNonce, parseLoginMessage, signSponsorAuth, verifyLoginMessage, verifySponsorAuth };
229
+ export { type BuildSponsorAuthParams, type BuiltSponsorAuth, type LoginMessageParams, SPONSOR_AUTH_DOMAIN_ANCHOR_BASE_MAINNET, SPONSOR_AUTH_DOMAIN_NAME, SPONSOR_AUTH_TYPES, type SponsorAuthPayload, type SponsorAuthVerifyResult, type VerifyLoginResult, buildAndSignSponsorAuth, buildSponsorAuthDomain, buildSponsorAuthTypedData, computeCallDataHash, createLoginMessage, generateSponsorAuthNonce, getSponsorAuthDomainAnchor, parseLoginMessage, signSponsorAuth, verifyLoginMessage, verifySponsorAuth };
@@ -1,4 +1,5 @@
1
1
  import {
2
+ SPONSOR_AUTH_DOMAIN_ANCHOR_BASE_MAINNET,
2
3
  SPONSOR_AUTH_DOMAIN_NAME,
3
4
  SPONSOR_AUTH_TYPES,
4
5
  buildAndSignSponsorAuth,
@@ -7,13 +8,15 @@ import {
7
8
  computeCallDataHash,
8
9
  createLoginMessage,
9
10
  generateSponsorAuthNonce,
11
+ getSponsorAuthDomainAnchor,
10
12
  parseLoginMessage,
11
13
  signSponsorAuth,
12
14
  verifyLoginMessage,
13
15
  verifySponsorAuth
14
- } from "../chunk-6UX2IFA2.js";
16
+ } from "../chunk-4EGXLYMM.js";
15
17
  import "../chunk-DGUM43GV.js";
16
18
  export {
19
+ SPONSOR_AUTH_DOMAIN_ANCHOR_BASE_MAINNET,
17
20
  SPONSOR_AUTH_DOMAIN_NAME,
18
21
  SPONSOR_AUTH_TYPES,
19
22
  buildAndSignSponsorAuth,
@@ -22,6 +25,7 @@ export {
22
25
  computeCallDataHash,
23
26
  createLoginMessage,
24
27
  generateSponsorAuthNonce,
28
+ getSponsorAuthDomainAnchor,
25
29
  parseLoginMessage,
26
30
  signSponsorAuth,
27
31
  verifyLoginMessage,
@@ -199,12 +199,28 @@ var SPONSOR_AUTH_TYPES = {
199
199
  { name: "issuerId", type: "string" }
200
200
  ]
201
201
  };
202
+ var SPONSOR_AUTH_DOMAIN_ANCHOR_BASE_MAINNET = "0x5041464953504F4E534F525F0000000000000001";
203
+ var SPONSOR_AUTH_DOMAIN_ANCHORS = {
204
+ // Base mainnet — uses the literal-tag anchor above. To migrate to a
205
+ // real EOA / contract, replace this entry and bump `version` to "2"
206
+ // so existing sigs become invalid.
207
+ 8453: SPONSOR_AUTH_DOMAIN_ANCHOR_BASE_MAINNET
208
+ };
209
+ function getSponsorAuthDomainAnchor(chainId) {
210
+ const anchor = SPONSOR_AUTH_DOMAIN_ANCHORS[chainId];
211
+ if (!anchor) {
212
+ throw new Error(
213
+ `buildSponsorAuthDomain: no SponsorAuth domain anchor configured for chainId ${chainId}. Add an entry to SPONSOR_AUTH_DOMAIN_ANCHORS in @pafi-dev/core/auth/sponsorAuth.ts.`
214
+ );
215
+ }
216
+ return anchor;
217
+ }
202
218
  function buildSponsorAuthDomain(chainId) {
203
219
  return {
204
220
  name: SPONSOR_AUTH_DOMAIN_NAME,
205
221
  version: "1",
206
222
  chainId,
207
- verifyingContract: "0x0000000000000000000000000000000000000000"
223
+ verifyingContract: getSponsorAuthDomainAnchor(chainId)
208
224
  };
209
225
  }
210
226
  function buildMessage(payload) {
@@ -297,6 +313,8 @@ export {
297
313
  generateSponsorAuthNonce,
298
314
  SPONSOR_AUTH_DOMAIN_NAME,
299
315
  SPONSOR_AUTH_TYPES,
316
+ SPONSOR_AUTH_DOMAIN_ANCHOR_BASE_MAINNET,
317
+ getSponsorAuthDomainAnchor,
300
318
  buildSponsorAuthDomain,
301
319
  buildSponsorAuthTypedData,
302
320
  computeCallDataHash,
@@ -304,4 +322,4 @@ export {
304
322
  buildAndSignSponsorAuth,
305
323
  verifySponsorAuth
306
324
  };
307
- //# sourceMappingURL=chunk-6UX2IFA2.js.map
325
+ //# sourceMappingURL=chunk-4EGXLYMM.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/auth/loginMessage.ts","../src/auth/sponsorAuth.ts"],"sourcesContent":["import { getAddress, verifyMessage, recoverMessageAddress } from \"viem\";\nimport type { Address, Hex } from \"viem\";\nimport type { LoginMessageParams, VerifyLoginResult } from \"./types\";\n\nconst DEFAULT_VERSION = \"1\";\nconst DEFAULT_STATEMENT = \"Sign in with Ethereum to PAFI.\";\n\n/**\n * Build an EIP-4361 login message string.\n *\n * The output is a deterministic plain-text message that the wallet signs via\n * `personal_sign`. The same message can be parsed back with\n * {@link parseLoginMessage} and verified with {@link verifyLoginMessage}.\n */\nexport function createLoginMessage(params: LoginMessageParams): string {\n const {\n domain,\n address,\n chainId,\n nonce,\n uri,\n statement = DEFAULT_STATEMENT,\n version = DEFAULT_VERSION,\n issuedAt = new Date(),\n expirationTime,\n notBefore,\n requestId,\n } = params;\n\n if (!domain) throw new Error(\"createLoginMessage: domain required\");\n if (!nonce) throw new Error(\"createLoginMessage: nonce required\");\n if (!uri) throw new Error(\"createLoginMessage: uri required\");\n\n const checksummed = getAddress(address);\n\n const lines: string[] = [];\n lines.push(`${domain} wants you to sign in with your Ethereum account:`);\n lines.push(checksummed);\n lines.push(\"\");\n if (statement) {\n lines.push(statement);\n lines.push(\"\");\n }\n lines.push(`URI: ${uri}`);\n lines.push(`Version: ${version}`);\n lines.push(`Chain ID: ${chainId}`);\n lines.push(`Nonce: ${nonce}`);\n lines.push(`Issued At: ${issuedAt.toISOString()}`);\n if (expirationTime) {\n lines.push(`Expiration Time: ${expirationTime.toISOString()}`);\n }\n if (notBefore) {\n lines.push(`Not Before: ${notBefore.toISOString()}`);\n }\n if (requestId) {\n lines.push(`Request ID: ${requestId}`);\n }\n\n return lines.join(\"\\n\");\n}\n\n/**\n * Parse a login message string built by {@link createLoginMessage} back into\n * its structured fields. Throws if the message does not match the expected\n * EIP-4361 layout.\n */\nexport function parseLoginMessage(message: string): LoginMessageParams {\n const lines = message.split(\"\\n\");\n if (lines.length < 7) {\n throw new Error(\"parseLoginMessage: message too short\");\n }\n\n const headerLine = lines[0] ?? \"\";\n const headerMatch = headerLine.match(\n /^(?<domain>.+) wants you to sign in with your Ethereum account:$/,\n );\n if (!headerMatch || !headerMatch.groups) {\n throw new Error(\"parseLoginMessage: invalid header line\");\n }\n const domain = headerMatch.groups[\"domain\"]!;\n\n const addressLine = lines[1] ?? \"\";\n if (!/^0x[0-9a-fA-F]{40}$/.test(addressLine)) {\n throw new Error(\"parseLoginMessage: invalid address line\");\n }\n const address = getAddress(addressLine);\n\n // After address: blank line, optional statement + blank line, then key:value lines.\n let cursor = 2;\n if (lines[cursor] !== \"\") {\n throw new Error(\"parseLoginMessage: missing blank line after address\");\n }\n cursor++;\n\n let statement: string | undefined;\n // Statement is present if the next line is not a known key.\n if (cursor < lines.length && !looksLikeKeyValue(lines[cursor]!)) {\n statement = lines[cursor];\n cursor++;\n if (lines[cursor] !== \"\") {\n throw new Error(\"parseLoginMessage: missing blank line after statement\");\n }\n cursor++;\n }\n\n const fields = new Map<string, string>();\n for (; cursor < lines.length; cursor++) {\n const line = lines[cursor]!;\n if (line === \"\") continue;\n const idx = line.indexOf(\": \");\n if (idx === -1) {\n throw new Error(`parseLoginMessage: malformed field line: \"${line}\"`);\n }\n const key = line.slice(0, idx);\n const value = line.slice(idx + 2);\n fields.set(key, value);\n }\n\n const uri = requireField(fields, \"URI\");\n const version = requireField(fields, \"Version\");\n const chainId = Number(requireField(fields, \"Chain ID\"));\n if (!Number.isInteger(chainId)) {\n throw new Error(\"parseLoginMessage: Chain ID is not an integer\");\n }\n const nonce = requireField(fields, \"Nonce\");\n const issuedAt = new Date(requireField(fields, \"Issued At\"));\n const expirationTime = optionalDate(fields, \"Expiration Time\");\n const notBefore = optionalDate(fields, \"Not Before\");\n const requestId = fields.get(\"Request ID\");\n\n const result: LoginMessageParams = {\n domain,\n address,\n chainId,\n nonce,\n uri,\n version,\n issuedAt,\n };\n if (statement !== undefined) result.statement = statement;\n if (expirationTime !== undefined) result.expirationTime = expirationTime;\n if (notBefore !== undefined) result.notBefore = notBefore;\n if (requestId !== undefined) result.requestId = requestId;\n return result;\n}\n\n/**\n * Verify that a login message was signed by the address embedded in the\n * message. Returns `{ valid, address }` where `address` is the recovered\n * signer (checksummed). Does NOT check expiration / not-before / nonce\n * consumption — those are the AuthService's responsibility.\n */\nexport async function verifyLoginMessage(\n message: string,\n signature: Hex,\n): Promise<VerifyLoginResult> {\n const parsed = parseLoginMessage(message);\n const valid = await verifyMessage({\n address: parsed.address,\n message,\n signature,\n });\n if (valid) {\n return { valid: true, address: parsed.address };\n }\n // Recover anyway so callers can log the mismatch.\n const recovered = await recoverMessageAddress({ message, signature });\n return { valid: false, address: getAddress(recovered) as Address };\n}\n\n// -------------------------------------------------------------------------\n// helpers\n// -------------------------------------------------------------------------\n\nconst KNOWN_KEYS = new Set([\n \"URI\",\n \"Version\",\n \"Chain ID\",\n \"Nonce\",\n \"Issued At\",\n \"Expiration Time\",\n \"Not Before\",\n \"Request ID\",\n]);\n\nfunction looksLikeKeyValue(line: string): boolean {\n const idx = line.indexOf(\": \");\n if (idx === -1) return false;\n return KNOWN_KEYS.has(line.slice(0, idx));\n}\n\nfunction requireField(fields: Map<string, string>, key: string): string {\n const value = fields.get(key);\n if (value === undefined) {\n throw new Error(`parseLoginMessage: missing required field \"${key}\"`);\n }\n return value;\n}\n\nfunction optionalDate(\n fields: Map<string, string>,\n key: string,\n): Date | undefined {\n const raw = fields.get(key);\n if (raw === undefined) return undefined;\n return new Date(raw);\n}\n","import { keccak256, recoverTypedDataAddress } from \"viem\";\nimport type { Address, Hex, WalletClient } from \"viem\";\n\n/**\n * Generate a high-entropy nonce for SponsorAuth. Uses 64 bits of CSPRNG\n * (`crypto.randomBytes` Node, `crypto.getRandomValues` browser) in the low\n * half plus a millisecond timestamp prefix in the high half — keeps\n * sponsor-relayer's single-use nonce gate clean at scale.\n */\nexport function generateSponsorAuthNonce(): bigint {\n // Per-spec timestamp prefix (high 64 bits, ms precision) so server-side\n // freshness checks can derive an approx age from the nonce alone.\n const tsMs = BigInt(Date.now());\n\n // 64 bits of CSPRNG entropy in the low half. Try Web Crypto first (browser\n // + modern Node), fall back to node:crypto.\n let randHigh: number;\n let randLow: number;\n const g = globalThis as unknown as {\n crypto?: { getRandomValues?: (a: Uint32Array) => Uint32Array };\n };\n if (g.crypto?.getRandomValues) {\n const buf = new Uint32Array(2);\n g.crypto.getRandomValues(buf);\n randHigh = buf[0]!;\n randLow = buf[1]!;\n } else {\n // Node fallback — require lazily so browser bundlers can tree-shake.\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n const nodeCrypto = require(\"node:crypto\") as {\n randomBytes: (n: number) => Buffer;\n };\n const b = nodeCrypto.randomBytes(8);\n randHigh = b.readUInt32BE(0);\n randLow = b.readUInt32BE(4);\n }\n\n const rand =\n (BigInt(randHigh) << 32n) | BigInt(randLow);\n return (tsMs << 64n) | rand;\n}\n\n/**\n * Validate hex-encoded signature shape: starts with `0x`, even length\n * AFTER the prefix, and 65 bytes (`0x` + 130 hex) minimum. Allows\n * larger sizes for EIP-1271 contract signatures.\n */\nfunction isValidHexSignature(sig: string): boolean {\n if (!sig.startsWith(\"0x\")) return false;\n const hex = sig.slice(2);\n // Must be even length (each byte = 2 hex chars).\n if (hex.length % 2 !== 0) return false;\n // ECDSA = 65 bytes = 130 hex chars. EIP-1271 may be longer; reject\n // shorter lengths.\n if (hex.length < 130) return false;\n // Hex regex (0–9, a–f, A–F).\n return /^[0-9a-fA-F]+$/.test(hex);\n}\n\nexport const SPONSOR_AUTH_DOMAIN_NAME = \"PafiSponsorAuth\";\n\nexport const SPONSOR_AUTH_TYPES = {\n SponsorAuth: [\n { name: \"chainId\", type: \"uint256\" },\n { name: \"sender\", type: \"address\" },\n { name: \"callDataHash\", type: \"bytes32\" },\n { name: \"nonce\", type: \"uint256\" },\n { name: \"expiresAt\", type: \"uint256\" },\n { name: \"scenario\", type: \"string\" },\n { name: \"issuerId\", type: \"string\" },\n ],\n} as const;\n\nexport interface SponsorAuthPayload {\n chainId: number;\n sender: Address;\n callDataHash: Hex;\n nonce: bigint;\n expiresAt: number;\n scenario: string;\n issuerId: string;\n}\n\nexport interface SponsorAuthVerifyResult {\n ok: boolean;\n recoveredAddress?: Address;\n reason?: \"EXPIRED\" | \"INVALID_SIGNER\" | \"INVALID_SIGNATURE_FORMAT\";\n}\n\n/**\n * Domain anchor for SponsorAuth EIP-712 signatures. The relayer service\n * is off-chain (no on-chain SponsorRelayer contract), so we bind to a\n * stable PAFI-controlled marker registered as `SPONSOR_AUTH_DOMAIN_ANCHOR`\n * in the relayer config. This rules out cross-system replay (a sibling\n * EIP-712 payload with the same field names cannot validate against\n * this domain) and gives wallets a meaningful \"verifying contract\"\n * preview instead of `0x0`.\n *\n * If you ever deploy an on-chain `SponsorRelayer` contract, switch this\n * to its address.\n */\n// Bytes 1-4 = \"PAFI\" (0x50414649); bytes 5-12 = \"SPONSOR_\" (0x53504F4E534F525F);\n// bytes 13-19 = padding; byte 20 = version tag (0x01). Total = 20 bytes.\n// Stable, system-specific marker. To migrate to a real EOA / on-chain\n// SponsorRelayer contract, replace this constant and bump `version` to \"2\".\nexport const SPONSOR_AUTH_DOMAIN_ANCHOR_BASE_MAINNET: Address =\n \"0x5041464953504F4E534F525F0000000000000001\" as Address;\n\nconst SPONSOR_AUTH_DOMAIN_ANCHORS: Record<number, Address> = {\n // Base mainnet — uses the literal-tag anchor above. To migrate to a\n // real EOA / contract, replace this entry and bump `version` to \"2\"\n // so existing sigs become invalid.\n 8453: SPONSOR_AUTH_DOMAIN_ANCHOR_BASE_MAINNET,\n};\n\nexport function getSponsorAuthDomainAnchor(chainId: number): Address {\n const anchor = SPONSOR_AUTH_DOMAIN_ANCHORS[chainId];\n if (!anchor) {\n throw new Error(\n `buildSponsorAuthDomain: no SponsorAuth domain anchor configured for chainId ${chainId}. ` +\n `Add an entry to SPONSOR_AUTH_DOMAIN_ANCHORS in @pafi-dev/core/auth/sponsorAuth.ts.`,\n );\n }\n return anchor;\n}\n\nexport function buildSponsorAuthDomain(chainId: number) {\n return {\n name: SPONSOR_AUTH_DOMAIN_NAME,\n version: \"1\",\n chainId,\n verifyingContract: getSponsorAuthDomainAnchor(chainId),\n };\n}\n\nfunction buildMessage(payload: SponsorAuthPayload) {\n return {\n chainId: BigInt(payload.chainId),\n sender: payload.sender,\n callDataHash: payload.callDataHash,\n nonce: payload.nonce,\n expiresAt: BigInt(payload.expiresAt),\n scenario: payload.scenario,\n issuerId: payload.issuerId,\n };\n}\n\nexport function buildSponsorAuthTypedData(payload: SponsorAuthPayload) {\n return {\n domain: buildSponsorAuthDomain(payload.chainId),\n types: SPONSOR_AUTH_TYPES,\n primaryType: \"SponsorAuth\" as const,\n message: buildMessage(payload),\n };\n}\n\nexport function computeCallDataHash(callData: Hex): Hex {\n return keccak256(callData);\n}\n\nexport async function signSponsorAuth(\n wallet: WalletClient,\n payload: SponsorAuthPayload,\n): Promise<Hex> {\n const { domain, types, primaryType, message } =\n buildSponsorAuthTypedData(payload);\n return wallet.signTypedData({\n account: wallet.account!,\n domain,\n types,\n primaryType,\n message,\n });\n}\n\nexport interface BuiltSponsorAuth {\n sig: Hex;\n chainId: number;\n sender: Address;\n callDataHash: Hex;\n /** Decimal-string for JSON transport (bigint not safely serializable). */\n nonce: string;\n expiresAt: number;\n scenario: string;\n issuerId: string;\n}\n\nexport interface BuildSponsorAuthParams {\n /** User EOA the sponsorship is for. */\n userAddress: Address;\n /** UserOp `callData` to bind the auth to (hashed via keccak256). */\n callData: Hex;\n /** Chain id the UserOp will execute on. */\n chainId: number;\n /** Scenario tag for audit / rate-limiter (`mint` / `burn` / `swap` / etc.). */\n scenario: string;\n /** Issuer id (matches `pafi_issuers` row in PAFI's sponsor-relayer). */\n issuerId: string;\n /** Issuer signer wallet (HSM/KMS-backed in production). */\n issuerSignerWallet: WalletClient;\n /** Validity window in seconds. Default 600 (10 min). */\n expiresInSeconds?: number;\n /**\n * Optional explicit nonce. When omitted, defaults to a unique\n * `Date.now() * 1e6 + random` — matches the gg56 reference impl.\n * Override for test fixtures or when chaining replay-protection.\n */\n nonce?: bigint;\n}\n\n/**\n * Build, sign, and serialize a `SponsorAuth` payload in one call.\n * Replaces the ~30 LoC private `buildSponsorAuth` helper that every\n * issuer would otherwise reimplement on each sponsored endpoint.\n *\n * Output is JSON-safe (`nonce` as decimal string) and matches the\n * shape sponsor-relayer's `/paymaster/sponsor` accepts as the\n * `sponsorAuth` field.\n *\n * Issuer typically calls this from each sponsored controller route:\n *\n * ```ts\n * const sponsorAuth = await buildAndSignSponsorAuth({\n * userAddress: user.userAddress,\n * callData: userOp.callData,\n * chainId,\n * scenario: 'mint',\n * issuerId: this.config.get('PAFI_ISSUER_ID'),\n * issuerSignerWallet: this.issuerSignerWallet,\n * });\n * return { ...response, sponsorAuth };\n * ```\n */\nexport async function buildAndSignSponsorAuth(\n params: BuildSponsorAuthParams,\n): Promise<BuiltSponsorAuth> {\n const expiresAt =\n Math.floor(Date.now() / 1000) + (params.expiresInSeconds ?? 600);\n\n const nonce = params.nonce ?? generateSponsorAuthNonce();\n\n const payload: SponsorAuthPayload = {\n chainId: params.chainId,\n sender: params.userAddress,\n callDataHash: computeCallDataHash(params.callData),\n nonce,\n expiresAt,\n scenario: params.scenario,\n issuerId: params.issuerId,\n };\n\n const sig = await signSponsorAuth(params.issuerSignerWallet, payload);\n\n return {\n sig,\n chainId: payload.chainId,\n sender: payload.sender,\n callDataHash: payload.callDataHash,\n nonce: payload.nonce.toString(),\n expiresAt: payload.expiresAt,\n scenario: payload.scenario,\n issuerId: payload.issuerId,\n };\n}\n\nexport async function verifySponsorAuth(\n payload: SponsorAuthPayload,\n signature: Hex,\n expectedSigner: Address,\n): Promise<SponsorAuthVerifyResult> {\n const nowSec = Math.floor(Date.now() / 1000);\n if (payload.expiresAt < nowSec) {\n return { ok: false, reason: \"EXPIRED\" };\n }\n\n // v0.7.1 — strict hex format check before deferring to viem. Previous\n // length-only `< 132` accepted arbitrary 132+ char strings even when\n // not valid hex; recoverTypedDataAddress would throw and the catch\n // collapsed both cases to INVALID_SIGNATURE_FORMAT. Verify hex shape\n // up front + accept ECDSA (65 byte = 132 hex char) AND EIP-1271\n // (variable-length, must still be valid hex).\n if (!isValidHexSignature(signature)) {\n return { ok: false, reason: \"INVALID_SIGNATURE_FORMAT\" };\n }\n\n let recovered: Address;\n try {\n const { domain, types, primaryType, message } =\n buildSponsorAuthTypedData(payload);\n recovered = await recoverTypedDataAddress({\n domain,\n types,\n primaryType,\n message,\n signature,\n });\n } catch {\n return { ok: false, reason: \"INVALID_SIGNATURE_FORMAT\" };\n }\n\n if (recovered.toLowerCase() !== expectedSigner.toLowerCase()) {\n return { ok: false, reason: \"INVALID_SIGNER\", recoveredAddress: recovered };\n }\n\n return { ok: true, recoveredAddress: recovered };\n}\n"],"mappings":";;;;;AAAA,SAAS,YAAY,eAAe,6BAA6B;AAIjE,IAAM,kBAAkB;AACxB,IAAM,oBAAoB;AASnB,SAAS,mBAAmB,QAAoC;AACrE,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,YAAY;AAAA,IACZ,UAAU;AAAA,IACV,WAAW,oBAAI,KAAK;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI;AAEJ,MAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,qCAAqC;AAClE,MAAI,CAAC,MAAO,OAAM,IAAI,MAAM,oCAAoC;AAChE,MAAI,CAAC,IAAK,OAAM,IAAI,MAAM,kCAAkC;AAE5D,QAAM,cAAc,WAAW,OAAO;AAEtC,QAAM,QAAkB,CAAC;AACzB,QAAM,KAAK,GAAG,MAAM,mDAAmD;AACvE,QAAM,KAAK,WAAW;AACtB,QAAM,KAAK,EAAE;AACb,MAAI,WAAW;AACb,UAAM,KAAK,SAAS;AACpB,UAAM,KAAK,EAAE;AAAA,EACf;AACA,QAAM,KAAK,QAAQ,GAAG,EAAE;AACxB,QAAM,KAAK,YAAY,OAAO,EAAE;AAChC,QAAM,KAAK,aAAa,OAAO,EAAE;AACjC,QAAM,KAAK,UAAU,KAAK,EAAE;AAC5B,QAAM,KAAK,cAAc,SAAS,YAAY,CAAC,EAAE;AACjD,MAAI,gBAAgB;AAClB,UAAM,KAAK,oBAAoB,eAAe,YAAY,CAAC,EAAE;AAAA,EAC/D;AACA,MAAI,WAAW;AACb,UAAM,KAAK,eAAe,UAAU,YAAY,CAAC,EAAE;AAAA,EACrD;AACA,MAAI,WAAW;AACb,UAAM,KAAK,eAAe,SAAS,EAAE;AAAA,EACvC;AAEA,SAAO,MAAM,KAAK,IAAI;AACxB;AAOO,SAAS,kBAAkB,SAAqC;AACrE,QAAM,QAAQ,QAAQ,MAAM,IAAI;AAChC,MAAI,MAAM,SAAS,GAAG;AACpB,UAAM,IAAI,MAAM,sCAAsC;AAAA,EACxD;AAEA,QAAM,aAAa,MAAM,CAAC,KAAK;AAC/B,QAAM,cAAc,WAAW;AAAA,IAC7B;AAAA,EACF;AACA,MAAI,CAAC,eAAe,CAAC,YAAY,QAAQ;AACvC,UAAM,IAAI,MAAM,wCAAwC;AAAA,EAC1D;AACA,QAAM,SAAS,YAAY,OAAO,QAAQ;AAE1C,QAAM,cAAc,MAAM,CAAC,KAAK;AAChC,MAAI,CAAC,sBAAsB,KAAK,WAAW,GAAG;AAC5C,UAAM,IAAI,MAAM,yCAAyC;AAAA,EAC3D;AACA,QAAM,UAAU,WAAW,WAAW;AAGtC,MAAI,SAAS;AACb,MAAI,MAAM,MAAM,MAAM,IAAI;AACxB,UAAM,IAAI,MAAM,qDAAqD;AAAA,EACvE;AACA;AAEA,MAAI;AAEJ,MAAI,SAAS,MAAM,UAAU,CAAC,kBAAkB,MAAM,MAAM,CAAE,GAAG;AAC/D,gBAAY,MAAM,MAAM;AACxB;AACA,QAAI,MAAM,MAAM,MAAM,IAAI;AACxB,YAAM,IAAI,MAAM,uDAAuD;AAAA,IACzE;AACA;AAAA,EACF;AAEA,QAAM,SAAS,oBAAI,IAAoB;AACvC,SAAO,SAAS,MAAM,QAAQ,UAAU;AACtC,UAAM,OAAO,MAAM,MAAM;AACzB,QAAI,SAAS,GAAI;AACjB,UAAM,MAAM,KAAK,QAAQ,IAAI;AAC7B,QAAI,QAAQ,IAAI;AACd,YAAM,IAAI,MAAM,6CAA6C,IAAI,GAAG;AAAA,IACtE;AACA,UAAM,MAAM,KAAK,MAAM,GAAG,GAAG;AAC7B,UAAM,QAAQ,KAAK,MAAM,MAAM,CAAC;AAChC,WAAO,IAAI,KAAK,KAAK;AAAA,EACvB;AAEA,QAAM,MAAM,aAAa,QAAQ,KAAK;AACtC,QAAM,UAAU,aAAa,QAAQ,SAAS;AAC9C,QAAM,UAAU,OAAO,aAAa,QAAQ,UAAU,CAAC;AACvD,MAAI,CAAC,OAAO,UAAU,OAAO,GAAG;AAC9B,UAAM,IAAI,MAAM,+CAA+C;AAAA,EACjE;AACA,QAAM,QAAQ,aAAa,QAAQ,OAAO;AAC1C,QAAM,WAAW,IAAI,KAAK,aAAa,QAAQ,WAAW,CAAC;AAC3D,QAAM,iBAAiB,aAAa,QAAQ,iBAAiB;AAC7D,QAAM,YAAY,aAAa,QAAQ,YAAY;AACnD,QAAM,YAAY,OAAO,IAAI,YAAY;AAEzC,QAAM,SAA6B;AAAA,IACjC;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,MAAI,cAAc,OAAW,QAAO,YAAY;AAChD,MAAI,mBAAmB,OAAW,QAAO,iBAAiB;AAC1D,MAAI,cAAc,OAAW,QAAO,YAAY;AAChD,MAAI,cAAc,OAAW,QAAO,YAAY;AAChD,SAAO;AACT;AAQA,eAAsB,mBACpB,SACA,WAC4B;AAC5B,QAAM,SAAS,kBAAkB,OAAO;AACxC,QAAM,QAAQ,MAAM,cAAc;AAAA,IAChC,SAAS,OAAO;AAAA,IAChB;AAAA,IACA;AAAA,EACF,CAAC;AACD,MAAI,OAAO;AACT,WAAO,EAAE,OAAO,MAAM,SAAS,OAAO,QAAQ;AAAA,EAChD;AAEA,QAAM,YAAY,MAAM,sBAAsB,EAAE,SAAS,UAAU,CAAC;AACpE,SAAO,EAAE,OAAO,OAAO,SAAS,WAAW,SAAS,EAAa;AACnE;AAMA,IAAM,aAAa,oBAAI,IAAI;AAAA,EACzB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,SAAS,kBAAkB,MAAuB;AAChD,QAAM,MAAM,KAAK,QAAQ,IAAI;AAC7B,MAAI,QAAQ,GAAI,QAAO;AACvB,SAAO,WAAW,IAAI,KAAK,MAAM,GAAG,GAAG,CAAC;AAC1C;AAEA,SAAS,aAAa,QAA6B,KAAqB;AACtE,QAAM,QAAQ,OAAO,IAAI,GAAG;AAC5B,MAAI,UAAU,QAAW;AACvB,UAAM,IAAI,MAAM,8CAA8C,GAAG,GAAG;AAAA,EACtE;AACA,SAAO;AACT;AAEA,SAAS,aACP,QACA,KACkB;AAClB,QAAM,MAAM,OAAO,IAAI,GAAG;AAC1B,MAAI,QAAQ,OAAW,QAAO;AAC9B,SAAO,IAAI,KAAK,GAAG;AACrB;;;AC9MA,SAAS,WAAW,+BAA+B;AAS5C,SAAS,2BAAmC;AAGjD,QAAM,OAAO,OAAO,KAAK,IAAI,CAAC;AAI9B,MAAI;AACJ,MAAI;AACJ,QAAM,IAAI;AAGV,MAAI,EAAE,QAAQ,iBAAiB;AAC7B,UAAM,MAAM,IAAI,YAAY,CAAC;AAC7B,MAAE,OAAO,gBAAgB,GAAG;AAC5B,eAAW,IAAI,CAAC;AAChB,cAAU,IAAI,CAAC;AAAA,EACjB,OAAO;AAGL,UAAM,aAAa,UAAQ,QAAa;AAGxC,UAAM,IAAI,WAAW,YAAY,CAAC;AAClC,eAAW,EAAE,aAAa,CAAC;AAC3B,cAAU,EAAE,aAAa,CAAC;AAAA,EAC5B;AAEA,QAAM,OACH,OAAO,QAAQ,KAAK,MAAO,OAAO,OAAO;AAC5C,SAAQ,QAAQ,MAAO;AACzB;AAOA,SAAS,oBAAoB,KAAsB;AACjD,MAAI,CAAC,IAAI,WAAW,IAAI,EAAG,QAAO;AAClC,QAAM,MAAM,IAAI,MAAM,CAAC;AAEvB,MAAI,IAAI,SAAS,MAAM,EAAG,QAAO;AAGjC,MAAI,IAAI,SAAS,IAAK,QAAO;AAE7B,SAAO,iBAAiB,KAAK,GAAG;AAClC;AAEO,IAAM,2BAA2B;AAEjC,IAAM,qBAAqB;AAAA,EAChC,aAAa;AAAA,IACX,EAAE,MAAM,WAAW,MAAM,UAAU;AAAA,IACnC,EAAE,MAAM,UAAU,MAAM,UAAU;AAAA,IAClC,EAAE,MAAM,gBAAgB,MAAM,UAAU;AAAA,IACxC,EAAE,MAAM,SAAS,MAAM,UAAU;AAAA,IACjC,EAAE,MAAM,aAAa,MAAM,UAAU;AAAA,IACrC,EAAE,MAAM,YAAY,MAAM,SAAS;AAAA,IACnC,EAAE,MAAM,YAAY,MAAM,SAAS;AAAA,EACrC;AACF;AAkCO,IAAM,0CACX;AAEF,IAAM,8BAAuD;AAAA;AAAA;AAAA;AAAA,EAI3D,MAAM;AACR;AAEO,SAAS,2BAA2B,SAA0B;AACnE,QAAM,SAAS,4BAA4B,OAAO;AAClD,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI;AAAA,MACR,+EAA+E,OAAO;AAAA,IAExF;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,uBAAuB,SAAiB;AACtD,SAAO;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,IACT;AAAA,IACA,mBAAmB,2BAA2B,OAAO;AAAA,EACvD;AACF;AAEA,SAAS,aAAa,SAA6B;AACjD,SAAO;AAAA,IACL,SAAS,OAAO,QAAQ,OAAO;AAAA,IAC/B,QAAQ,QAAQ;AAAA,IAChB,cAAc,QAAQ;AAAA,IACtB,OAAO,QAAQ;AAAA,IACf,WAAW,OAAO,QAAQ,SAAS;AAAA,IACnC,UAAU,QAAQ;AAAA,IAClB,UAAU,QAAQ;AAAA,EACpB;AACF;AAEO,SAAS,0BAA0B,SAA6B;AACrE,SAAO;AAAA,IACL,QAAQ,uBAAuB,QAAQ,OAAO;AAAA,IAC9C,OAAO;AAAA,IACP,aAAa;AAAA,IACb,SAAS,aAAa,OAAO;AAAA,EAC/B;AACF;AAEO,SAAS,oBAAoB,UAAoB;AACtD,SAAO,UAAU,QAAQ;AAC3B;AAEA,eAAsB,gBACpB,QACA,SACc;AACd,QAAM,EAAE,QAAQ,OAAO,aAAa,QAAQ,IAC1C,0BAA0B,OAAO;AACnC,SAAO,OAAO,cAAc;AAAA,IAC1B,SAAS,OAAO;AAAA,IAChB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACH;AA4DA,eAAsB,wBACpB,QAC2B;AAC3B,QAAM,YACJ,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,KAAK,OAAO,oBAAoB;AAE9D,QAAM,QAAQ,OAAO,SAAS,yBAAyB;AAEvD,QAAM,UAA8B;AAAA,IAClC,SAAS,OAAO;AAAA,IAChB,QAAQ,OAAO;AAAA,IACf,cAAc,oBAAoB,OAAO,QAAQ;AAAA,IACjD;AAAA,IACA;AAAA,IACA,UAAU,OAAO;AAAA,IACjB,UAAU,OAAO;AAAA,EACnB;AAEA,QAAM,MAAM,MAAM,gBAAgB,OAAO,oBAAoB,OAAO;AAEpE,SAAO;AAAA,IACL;AAAA,IACA,SAAS,QAAQ;AAAA,IACjB,QAAQ,QAAQ;AAAA,IAChB,cAAc,QAAQ;AAAA,IACtB,OAAO,QAAQ,MAAM,SAAS;AAAA,IAC9B,WAAW,QAAQ;AAAA,IACnB,UAAU,QAAQ;AAAA,IAClB,UAAU,QAAQ;AAAA,EACpB;AACF;AAEA,eAAsB,kBACpB,SACA,WACA,gBACkC;AAClC,QAAM,SAAS,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAC3C,MAAI,QAAQ,YAAY,QAAQ;AAC9B,WAAO,EAAE,IAAI,OAAO,QAAQ,UAAU;AAAA,EACxC;AAQA,MAAI,CAAC,oBAAoB,SAAS,GAAG;AACnC,WAAO,EAAE,IAAI,OAAO,QAAQ,2BAA2B;AAAA,EACzD;AAEA,MAAI;AACJ,MAAI;AACF,UAAM,EAAE,QAAQ,OAAO,aAAa,QAAQ,IAC1C,0BAA0B,OAAO;AACnC,gBAAY,MAAM,wBAAwB;AAAA,MACxC;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH,QAAQ;AACN,WAAO,EAAE,IAAI,OAAO,QAAQ,2BAA2B;AAAA,EACzD;AAEA,MAAI,UAAU,YAAY,MAAM,eAAe,YAAY,GAAG;AAC5D,WAAO,EAAE,IAAI,OAAO,QAAQ,kBAAkB,kBAAkB,UAAU;AAAA,EAC5E;AAEA,SAAO,EAAE,IAAI,MAAM,kBAAkB,UAAU;AACjD;","names":[]}
@@ -1,4 +1,8 @@
1
- "use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } }// src/eip712/domain.ts
1
+ "use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _nullishCoalesce(lhs, rhsFn) { if (lhs != null) { return lhs; } else { return rhsFn(); } }
2
+
3
+ var _chunk6WWSKC3Zcjs = require('./chunk-6WWSKC3Z.cjs');
4
+
5
+ // src/eip712/domain.ts
2
6
  function buildDomain(config) {
3
7
  return {
4
8
  name: config.name,
@@ -7,6 +11,52 @@ function buildDomain(config) {
7
11
  verifyingContract: config.verifyingContract
8
12
  };
9
13
  }
14
+ var Eip712DomainMismatchError = class extends Error {
15
+ constructor(field, expected, actual) {
16
+ super(
17
+ `EIP-712 domain mismatch on field "${field}": expected ${expected}, got ${actual}. Local SDK config is out of sync with deployed PointToken \u2014 signatures will be rejected on-chain. Update SDK config or contract before producing more signatures.`
18
+ );
19
+ this.field = field;
20
+ this.expected = expected;
21
+ this.actual = actual;
22
+ this.name = "Eip712DomainMismatchError";
23
+ }
24
+
25
+
26
+
27
+ };
28
+ async function assertDomainMatchesContract(client, expected) {
29
+ const onChain = await client.readContract({
30
+ address: expected.verifyingContract,
31
+ abi: _chunk6WWSKC3Zcjs.pointTokenAbi,
32
+ functionName: "eip712Domain"
33
+ });
34
+ const [, name, version, chainId, verifyingContract] = onChain;
35
+ if (name !== expected.name) {
36
+ throw new Eip712DomainMismatchError("name", expected.name, name);
37
+ }
38
+ if (version !== expected.version) {
39
+ throw new Eip712DomainMismatchError(
40
+ "version",
41
+ expected.version,
42
+ version
43
+ );
44
+ }
45
+ if (chainId !== BigInt(expected.chainId)) {
46
+ throw new Eip712DomainMismatchError(
47
+ "chainId",
48
+ String(expected.chainId),
49
+ chainId.toString()
50
+ );
51
+ }
52
+ if (verifyingContract.toLowerCase() !== expected.verifyingContract.toLowerCase()) {
53
+ throw new Eip712DomainMismatchError(
54
+ "verifyingContract",
55
+ expected.verifyingContract,
56
+ verifyingContract
57
+ );
58
+ }
59
+ }
10
60
 
11
61
  // src/eip712/mintRequest.ts
12
62
  var _viem = require('viem');
@@ -219,5 +269,7 @@ async function verifyReceiverConsent(domain, message, signature, expectedReceive
219
269
 
220
270
 
221
271
 
222
- exports.mintRequestTypes = mintRequestTypes; exports.burnRequestTypes = burnRequestTypes; exports.receiverConsentTypes = receiverConsentTypes; exports.SUPPORTED_CHAINS = SUPPORTED_CHAINS; exports.V4_QUOTER_ADDRESSES = V4_QUOTER_ADDRESSES; exports.UNIVERSAL_ROUTER_ADDRESSES = UNIVERSAL_ROUTER_ADDRESSES; exports.COMMON_TOKENS = COMMON_TOKENS; exports.COMMON_POOLS = COMMON_POOLS; exports.POINT_TOKEN_POOLS = POINT_TOKEN_POOLS; exports.ENTRY_POINT_V07 = ENTRY_POINT_V07; exports.ENTRY_POINT_V08 = ENTRY_POINT_V08; exports.PERMIT2_ADDRESS = PERMIT2_ADDRESS; exports.buildDomain = buildDomain; exports.buildMintRequestTypedData = buildMintRequestTypedData; exports.signMintRequest = signMintRequest; exports.verifyMintRequest = verifyMintRequest; exports.buildBurnRequestTypedData = buildBurnRequestTypedData; exports.signBurnRequest = signBurnRequest; exports.verifyBurnRequest = verifyBurnRequest; exports.buildReceiverConsentTypedData = buildReceiverConsentTypedData; exports.signReceiverConsent = signReceiverConsent; exports.verifyReceiverConsent = verifyReceiverConsent;
223
- //# sourceMappingURL=chunk-M5ULOZ3A.cjs.map
272
+
273
+
274
+ exports.mintRequestTypes = mintRequestTypes; exports.burnRequestTypes = burnRequestTypes; exports.receiverConsentTypes = receiverConsentTypes; exports.SUPPORTED_CHAINS = SUPPORTED_CHAINS; exports.V4_QUOTER_ADDRESSES = V4_QUOTER_ADDRESSES; exports.UNIVERSAL_ROUTER_ADDRESSES = UNIVERSAL_ROUTER_ADDRESSES; exports.COMMON_TOKENS = COMMON_TOKENS; exports.COMMON_POOLS = COMMON_POOLS; exports.POINT_TOKEN_POOLS = POINT_TOKEN_POOLS; exports.ENTRY_POINT_V07 = ENTRY_POINT_V07; exports.ENTRY_POINT_V08 = ENTRY_POINT_V08; exports.PERMIT2_ADDRESS = PERMIT2_ADDRESS; exports.buildDomain = buildDomain; exports.Eip712DomainMismatchError = Eip712DomainMismatchError; exports.assertDomainMatchesContract = assertDomainMatchesContract; exports.buildMintRequestTypedData = buildMintRequestTypedData; exports.signMintRequest = signMintRequest; exports.verifyMintRequest = verifyMintRequest; exports.buildBurnRequestTypedData = buildBurnRequestTypedData; exports.signBurnRequest = signBurnRequest; exports.verifyBurnRequest = verifyBurnRequest; exports.buildReceiverConsentTypedData = buildReceiverConsentTypedData; exports.signReceiverConsent = signReceiverConsent; exports.verifyReceiverConsent = verifyReceiverConsent;
275
+ //# sourceMappingURL=chunk-4QRHSZZQ.cjs.map
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["/Users/phitran/Pacific-Finance/pafi-backend/pafi-sdk/packages/core/dist/chunk-4QRHSZZQ.cjs","../src/eip712/domain.ts","../src/eip712/mintRequest.ts","../src/constants.ts","../src/eip712/burnRequest.ts","../src/eip712/receiverConsent.ts"],"names":["parseSignature","recoverTypedDataAddress","getAddress"],"mappings":"AAAA;AACE;AACF,wDAA6B;AAC7B;AACA;ACIO,SAAS,WAAA,CAAY,MAAA,EAAgC;AAC1D,EAAA,OAAO;AAAA,IACL,IAAA,EAAM,MAAA,CAAO,IAAA;AAAA,IACb,OAAA,mBAAS,MAAA,CAAO,OAAA,UAAW,KAAA;AAAA,IAC3B,OAAA,EAAS,MAAA,CAAO,OAAA;AAAA,IAChB,iBAAA,EAAmB,MAAA,CAAO;AAAA,EAC5B,CAAA;AACF;AAKO,IAAM,0BAAA,EAAN,MAAA,QAAwC,MAAM;AAAA,EACnD,WAAA,CACkB,KAAA,EACA,QAAA,EACA,MAAA,EAChB;AACA,IAAA,KAAA;AAAA,MACE,CAAA,kCAAA,EAAqC,KAAK,CAAA,YAAA,EAAe,QAAQ,CAAA,MAAA,EAAS,MAAM,CAAA,uKAAA;AAAA,IAGlF,CAAA;AARgB,IAAA,IAAA,CAAA,MAAA,EAAA,KAAA;AACA,IAAA,IAAA,CAAA,SAAA,EAAA,QAAA;AACA,IAAA,IAAA,CAAA,OAAA,EAAA,MAAA;AAOhB,IAAA,IAAA,CAAK,KAAA,EAAO,2BAAA;AAAA,EACd;AAAA,EAVkB;AAAA,EACA;AAAA,EACA;AASpB,CAAA;AA4BA,MAAA,SAAsB,2BAAA,CACpB,MAAA,EACA,QAAA,EACe;AACf,EAAA,MAAM,QAAA,EAAW,MAAM,MAAA,CAAO,YAAA,CAAa;AAAA,IACzC,OAAA,EAAS,QAAA,CAAS,iBAAA;AAAA,IAClB,GAAA,EAAK,+BAAA;AAAA,IACL,YAAA,EAAc;AAAA,EAChB,CAAC,CAAA;AAUD,EAAA,MAAM,CAAC,EAAE,IAAA,EAAM,OAAA,EAAS,OAAA,EAAS,iBAAiB,EAAA,EAAI,OAAA;AAEtD,EAAA,GAAA,CAAI,KAAA,IAAS,QAAA,CAAS,IAAA,EAAM;AAC1B,IAAA,MAAM,IAAI,yBAAA,CAA0B,MAAA,EAAQ,QAAA,CAAS,IAAA,EAAM,IAAI,CAAA;AAAA,EACjE;AACA,EAAA,GAAA,CAAI,QAAA,IAAY,QAAA,CAAS,OAAA,EAAS;AAChC,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,SAAA;AAAA,MACA,QAAA,CAAS,OAAA;AAAA,MACT;AAAA,IACF,CAAA;AAAA,EACF;AACA,EAAA,GAAA,CAAI,QAAA,IAAY,MAAA,CAAO,QAAA,CAAS,OAAO,CAAA,EAAG;AACxC,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,SAAA;AAAA,MACA,MAAA,CAAO,QAAA,CAAS,OAAO,CAAA;AAAA,MACvB,OAAA,CAAQ,QAAA,CAAS;AAAA,IACnB,CAAA;AAAA,EACF;AACA,EAAA,GAAA,CACE,iBAAA,CAAkB,WAAA,CAAY,EAAA,IAC9B,QAAA,CAAS,iBAAA,CAAkB,WAAA,CAAY,CAAA,EACvC;AACA,IAAA,MAAM,IAAI,yBAAA;AAAA,MACR,mBAAA;AAAA,MACA,QAAA,CAAS,iBAAA;AAAA,MACT;AAAA,IACF,CAAA;AAAA,EACF;AACF;ADjDA;AACA;AE5DA,4BAAoE;AF8DpE;AACA;AGxDO,IAAM,iBAAA,EAAmB;AAAA,EAC9B,WAAA,EAAa;AAAA,IACX,EAAE,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,UAAU,CAAA;AAAA,IAC9B,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,UAAU,CAAA;AAAA,IAClC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,UAAU,CAAA;AAAA,IACjC,EAAE,IAAA,EAAM,UAAA,EAAY,IAAA,EAAM,UAAU;AAAA,EACtC;AACF,CAAA;AAEO,IAAM,iBAAA,EAAmB;AAAA,EAC9B,WAAA,EAAa;AAAA,IACX,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,UAAU,CAAA;AAAA,IAChC,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,UAAU,CAAA;AAAA,IAClC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,UAAU,CAAA;AAAA,IACjC,EAAE,IAAA,EAAM,UAAA,EAAY,IAAA,EAAM,UAAU;AAAA,EACtC;AACF,CAAA;AAEO,IAAM,qBAAA,EAAuB;AAAA,EAClC,eAAA,EAAiB;AAAA,IACf,EAAE,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,UAAU,CAAA;AAAA,IACtC,EAAE,IAAA,EAAM,kBAAA,EAAoB,IAAA,EAAM,UAAU,CAAA;AAAA,IAC5C,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,UAAU,CAAA;AAAA,IAClC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,UAAU,CAAA;AAAA,IACjC,EAAE,IAAA,EAAM,UAAA,EAAY,IAAA,EAAM,UAAU,CAAA;AAAA,IACpC,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,QAAQ;AAAA,EACnC;AACF,CAAA;AAMO,IAAM,iBAAA,EAAgD;AAAA,EAC3D,IAAA,EAAM,EAAE,IAAA,EAAM,OAAO;AACvB,CAAA;AAEO,IAAM,oBAAA,EAA+C;AAAA,EAC1D,IAAA,EAAM;AACR,CAAA;AAEO,IAAM,2BAAA,EAAsD;AAAA,EACjE,IAAA,EAAM;AACR,CAAA;AAEO,IAAM,cAAA,EAAyD;AAAA;AAAA,EAEpE,IAAA,EAAM;AAAA,IACJ,IAAA,EAAM,4CAAA;AAAA,IACN,IAAA,EAAM,4CAAA;AAAA,IACN,IAAA,EAAM;AAAA,EACR;AACF,CAAA;AAEO,IAAM,aAAA,EAA0C;AAAA;AAAA,EAErD,IAAA,EAAM;AAAA;AAAA,IAEJ;AAAA,MACE,SAAA,EAAW,4CAAA;AAAA,MACX,SAAA,EAAW,4CAAA;AAAA,MACX,GAAA,EAAK,GAAA;AAAA,MACL,WAAA,EAAa,EAAA;AAAA,MACb,KAAA,EAAO;AAAA,IACT,CAAA;AAAA;AAAA,IAEA;AAAA,MACE,SAAA,EAAW,4CAAA;AAAA,MACX,SAAA,EAAW,4CAAA;AAAA,MACX,GAAA,EAAK,GAAA;AAAA,MACL,WAAA,EAAa,EAAA;AAAA,MACb,KAAA,EAAO;AAAA,IACT;AAAA,EACF;AACF,CAAA;AAEO,IAAM,kBAAA,EAAgE;AAAA;AAE7E,CAAA;AAOO,IAAM,gBAAA,EAA2B,4CAAA;AAcjC,IAAM,gBAAA,EAA2B,4CAAA;AAGjC,IAAM,gBAAA,EAA2B,4CAAA;AHyBxC;AACA;AE5HO,SAAS,yBAAA,CACd,MAAA,EACA,OAAA,EACA;AACA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,WAAA,CAAY,MAAM,CAAA;AAAA,IAC1B,KAAA,EAAO,gBAAA;AAAA,IACP,WAAA,EAAa,aAAA;AAAA,IACb;AAAA,EACF,CAAA;AACF;AAEA,MAAA,SAAsB,eAAA,CACpB,YAAA,EACA,MAAA,EACA,OAAA,EAC0B;AAC1B,EAAA,MAAM,WAAA,EAAa,MAAM,YAAA,CAAa,aAAA,CAAc;AAAA,IAClD,OAAA,EAAS,YAAA,CAAa,OAAA;AAAA,IACtB,MAAA,EAAQ,WAAA,CAAY,MAAM,CAAA;AAAA,IAC1B,KAAA,EAAO,gBAAA;AAAA,IACP,WAAA,EAAa,aAAA;AAAA,IACb;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAM,EAAE,CAAA,EAAG,CAAA,EAAG,EAAE,EAAA,EAAI,kCAAA,UAAyB,CAAA;AAE7C,EAAA,OAAO;AAAA,IACL,CAAA,EAAG,MAAA,CAAO,CAAC,CAAA;AAAA,IACX,CAAA;AAAA,IACA,CAAA;AAAA,IACA;AAAA,EACF,CAAA;AACF;AAEA,MAAA,SAAsB,iBAAA,CACpB,MAAA,EACA,OAAA,EACA,SAAA,EACA,cAAA,EACgC;AAChC,EAAA,MAAM,iBAAA,EAAmB,MAAM,2CAAA;AAAwB,IACrD,MAAA,EAAQ,WAAA,CAAY,MAAM,CAAA;AAAA,IAC1B,KAAA,EAAO,gBAAA;AAAA,IACP,WAAA,EAAa,aAAA;AAAA,IACb,OAAA;AAAA,IACA;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAM,QAAA,EAAU,8BAAA,gBAA2B,EAAA,IAAM,8BAAA,cAAyB,CAAA;AAE1E,EAAA,OAAO,EAAE,OAAA,EAAS,iBAAiB,CAAA;AACrC;AF4GA;AACA;AI5KA;AAyBO,SAAS,yBAAA,CACd,MAAA,EACA,OAAA,EACA;AACA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,WAAA,CAAY,MAAM,CAAA;AAAA,IAC1B,KAAA,EAAO,gBAAA;AAAA,IACP,WAAA,EAAa,aAAA;AAAA,IACb;AAAA,EACF,CAAA;AACF;AAEA,MAAA,SAAsB,eAAA,CACpB,YAAA,EACA,MAAA,EACA,OAAA,EAC0B;AAC1B,EAAA,MAAM,WAAA,EAAa,MAAM,YAAA,CAAa,aAAA,CAAc;AAAA,IAClD,OAAA,EAAS,YAAA,CAAa,OAAA;AAAA,IACtB,MAAA,EAAQ,WAAA,CAAY,MAAM,CAAA;AAAA,IAC1B,KAAA,EAAO,gBAAA;AAAA,IACP,WAAA,EAAa,aAAA;AAAA,IACb;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAM,EAAE,CAAA,EAAG,CAAA,EAAG,EAAE,EAAA,EAAIA,kCAAAA,UAAyB,CAAA;AAE7C,EAAA,OAAO;AAAA,IACL,CAAA,EAAG,MAAA,CAAO,CAAC,CAAA;AAAA,IACX,CAAA;AAAA,IACA,CAAA;AAAA,IACA;AAAA,EACF,CAAA;AACF;AAEA,MAAA,SAAsB,iBAAA,CACpB,MAAA,EACA,OAAA,EACA,SAAA,EACA,cAAA,EACgC;AAChC,EAAA,MAAM,iBAAA,EAAmB,MAAMC,2CAAAA;AAAwB,IACrD,MAAA,EAAQ,WAAA,CAAY,MAAM,CAAA;AAAA,IAC1B,KAAA,EAAO,gBAAA;AAAA,IACP,WAAA,EAAa,aAAA;AAAA,IACb,OAAA;AAAA,IACA;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAM,QAAA,EAAUC,8BAAAA,gBAA2B,EAAA,IAAMA,8BAAAA,cAAyB,CAAA;AAE1E,EAAA,OAAO,EAAE,OAAA,EAAS,iBAAiB,CAAA;AACrC;AJoIA;AACA;AKlNA;AAWO,SAAS,6BAAA,CACd,MAAA,EACA,OAAA,EACA;AACA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQ,WAAA,CAAY,MAAM,CAAA;AAAA,IAC1B,KAAA,EAAO,oBAAA;AAAA,IACP,WAAA,EAAa,iBAAA;AAAA,IACb;AAAA,EACF,CAAA;AACF;AAEA,MAAA,SAAsB,mBAAA,CACpB,YAAA,EACA,MAAA,EACA,OAAA,EAC0B;AAC1B,EAAA,MAAM,WAAA,EAAa,MAAM,YAAA,CAAa,aAAA,CAAc;AAAA,IAClD,OAAA,EAAS,YAAA,CAAa,OAAA;AAAA,IACtB,MAAA,EAAQ,WAAA,CAAY,MAAM,CAAA;AAAA,IAC1B,KAAA,EAAO,oBAAA;AAAA,IACP,WAAA,EAAa,iBAAA;AAAA,IACb;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAM,EAAE,CAAA,EAAG,CAAA,EAAG,EAAE,EAAA,EAAIF,kCAAAA,UAAyB,CAAA;AAE7C,EAAA,OAAO;AAAA,IACL,CAAA,EAAG,MAAA,CAAO,CAAC,CAAA;AAAA,IACX,CAAA;AAAA,IACA,CAAA;AAAA,IACA;AAAA,EACF,CAAA;AACF;AAEA,MAAA,SAAsB,qBAAA,CACpB,MAAA,EACA,OAAA,EACA,SAAA,EACA,gBAAA,EACgC;AAChC,EAAA,MAAM,iBAAA,EAAmB,MAAMC,2CAAAA;AAAwB,IACrD,MAAA,EAAQ,WAAA,CAAY,MAAM,CAAA;AAAA,IAC1B,KAAA,EAAO,oBAAA;AAAA,IACP,WAAA,EAAa,iBAAA;AAAA,IACb,OAAA;AAAA,IACA;AAAA,EACF,CAAC,CAAA;AAED,EAAA,MAAM,QAAA,EAAUC,8BAAAA,gBAA2B,EAAA,IAAMA,8BAAAA,gBAA2B,CAAA;AAE5E,EAAA,OAAO,EAAE,OAAA,EAAS,iBAAiB,CAAA;AACrC;ALwLA;AACA;AACE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACF,mrCAAC","file":"/Users/phitran/Pacific-Finance/pafi-backend/pafi-sdk/packages/core/dist/chunk-4QRHSZZQ.cjs","sourcesContent":[null,"import type { Address, PublicClient } from \"viem\";\nimport type { PointTokenDomainConfig } from \"../types\";\nimport { pointTokenAbi } from \"../abi/pointToken\";\n\n/**\n * Build the EIP-712 domain struct from a PointToken config. Uses\n * `config.version` when supplied; defaults to `\"1\"` for back-compat.\n */\nexport function buildDomain(config: PointTokenDomainConfig) {\n return {\n name: config.name,\n version: config.version ?? \"1\",\n chainId: config.chainId,\n verifyingContract: config.verifyingContract,\n };\n}\n\n/**\n * Domain mismatch error thrown by `assertDomainMatchesContract`.\n */\nexport class Eip712DomainMismatchError extends Error {\n constructor(\n public readonly field: \"name\" | \"version\" | \"chainId\" | \"verifyingContract\",\n public readonly expected: string,\n public readonly actual: string,\n ) {\n super(\n `EIP-712 domain mismatch on field \"${field}\": expected ${expected}, got ${actual}. ` +\n `Local SDK config is out of sync with deployed PointToken — signatures will be rejected on-chain. ` +\n `Update SDK config or contract before producing more signatures.`,\n );\n this.name = \"Eip712DomainMismatchError\";\n }\n}\n\n/**\n * One-RPC health check that the local EIP-712 domain config matches\n * what the deployed `PointToken` reports via `eip712Domain()`. If the\n * contract has bumped `version` from `\"1\"` to `\"2\"` (or any field\n * differs), every signature produced with the stale config will be\n * silently rejected on-chain (`ECDSA: invalid signature` — opaque to\n * the user).\n *\n * Recommended: call once at issuer-startup health check, not on every\n * mint. Throws `Eip712DomainMismatchError` describing the diverged\n * field.\n *\n * @example\n * ```ts\n * import { assertDomainMatchesContract, buildDomain } from \"@pafi-dev/core\";\n *\n * const expected = buildDomain({\n * name: \"PointToken\",\n * chainId: 8453,\n * verifyingContract: \"0x7d25E7156E51F865D522fd3ef257a6B5DD41b97e\",\n * });\n *\n * await assertDomainMatchesContract(publicClient, expected);\n * // → throws Eip712DomainMismatchError if version on-chain has bumped\n * ```\n */\nexport async function assertDomainMatchesContract(\n client: PublicClient,\n expected: ReturnType<typeof buildDomain>,\n): Promise<void> {\n const onChain = (await client.readContract({\n address: expected.verifyingContract as Address,\n abi: pointTokenAbi,\n functionName: \"eip712Domain\",\n })) as readonly [\n `0x${string}`, // fields (bytes1)\n string, // name\n string, // version\n bigint, // chainId\n Address, // verifyingContract\n `0x${string}`, // salt\n readonly bigint[], // extensions\n ];\n\n const [, name, version, chainId, verifyingContract] = onChain;\n\n if (name !== expected.name) {\n throw new Eip712DomainMismatchError(\"name\", expected.name, name);\n }\n if (version !== expected.version) {\n throw new Eip712DomainMismatchError(\n \"version\",\n expected.version,\n version,\n );\n }\n if (chainId !== BigInt(expected.chainId)) {\n throw new Eip712DomainMismatchError(\n \"chainId\",\n String(expected.chainId),\n chainId.toString(),\n );\n }\n if (\n verifyingContract.toLowerCase() !==\n expected.verifyingContract.toLowerCase()\n ) {\n throw new Eip712DomainMismatchError(\n \"verifyingContract\",\n expected.verifyingContract,\n verifyingContract,\n );\n }\n}\n","import { getAddress, parseSignature, recoverTypedDataAddress } from \"viem\";\nimport type { Address, Hex, WalletClient } from \"viem\";\nimport { mintRequestTypes } from \"../constants\";\nimport type { EIP712Signature, MintRequest, PointTokenDomainConfig, SignatureVerification } from \"../types\";\nimport { buildDomain } from \"./domain\";\n\n/**\n * Build the EIP-712 typed data object for a MintRequest.\n * Returns the standard `{ domain, types, primaryType, message }` structure\n * that any EIP-712 signer (viem, ethers, Privy, WalletConnect) can consume.\n */\nexport function buildMintRequestTypedData(\n domain: PointTokenDomainConfig,\n message: MintRequest,\n) {\n return {\n domain: buildDomain(domain),\n types: mintRequestTypes,\n primaryType: \"MintRequest\" as const,\n message,\n };\n}\n\nexport async function signMintRequest(\n walletClient: WalletClient,\n domain: PointTokenDomainConfig,\n message: MintRequest,\n): Promise<EIP712Signature> {\n const serialized = await walletClient.signTypedData({\n account: walletClient.account!,\n domain: buildDomain(domain),\n types: mintRequestTypes,\n primaryType: \"MintRequest\",\n message,\n });\n\n const { v, r, s } = parseSignature(serialized);\n\n return {\n v: Number(v),\n r,\n s,\n serialized,\n };\n}\n\nexport async function verifyMintRequest(\n domain: PointTokenDomainConfig,\n message: MintRequest,\n signature: Hex,\n expectedMinter: Address,\n): Promise<SignatureVerification> {\n const recoveredAddress = await recoverTypedDataAddress({\n domain: buildDomain(domain),\n types: mintRequestTypes,\n primaryType: \"MintRequest\",\n message,\n signature,\n });\n\n const isValid = getAddress(recoveredAddress) === getAddress(expectedMinter);\n\n return { isValid, recoveredAddress };\n}\n","import type { Address } from \"viem\";\nimport type { ChainConfig, PoolKey } from \"./types\";\n\n// -------------------------------------------------------------------------\n// EIP-712 type definitions for viem\n// -------------------------------------------------------------------------\n\nexport const mintRequestTypes = {\n MintRequest: [\n { name: \"to\", type: \"address\" },\n { name: \"amount\", type: \"uint256\" },\n { name: \"nonce\", type: \"uint256\" },\n { name: \"deadline\", type: \"uint256\" },\n ],\n} as const;\n\nexport const burnRequestTypes = {\n BurnRequest: [\n { name: \"from\", type: \"address\" },\n { name: \"amount\", type: \"uint256\" },\n { name: \"nonce\", type: \"uint256\" },\n { name: \"deadline\", type: \"uint256\" },\n ],\n} as const;\n\nexport const receiverConsentTypes = {\n ReceiverConsent: [\n { name: \"onBehalfOf\", type: \"address\" },\n { name: \"originalReceiver\", type: \"address\" },\n { name: \"amount\", type: \"uint256\" },\n { name: \"nonce\", type: \"uint256\" },\n { name: \"deadline\", type: \"uint256\" },\n { name: \"extData\", type: \"bytes\" },\n ],\n} as const;\n\n// -------------------------------------------------------------------------\n// Chain-indexed constants — add entries here as new chains are supported\n// -------------------------------------------------------------------------\n\nexport const SUPPORTED_CHAINS: Record<number, ChainConfig> = {\n 8453: { name: \"Base\" },\n};\n\nexport const V4_QUOTER_ADDRESSES: Record<number, Address> = {\n 8453: \"0x0d5e0f971ed27fbff6c2837bf31316121532048d\",\n};\n\nexport const UNIVERSAL_ROUTER_ADDRESSES: Record<number, Address> = {\n 8453: \"0x6ff5693b99212da76ad316178a184ab56d299b43\",\n};\n\nexport const COMMON_TOKENS: Record<number, Record<string, Address>> = {\n // Base\n 8453: {\n WETH: \"0x4200000000000000000000000000000000000006\",\n USDC: \"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913\",\n USDT: \"0xfde4C96c8593536E31F229EA8f37b2ADa2699bb2\",\n },\n};\n\nexport const COMMON_POOLS: Record<number, PoolKey[]> = {\n // Base — existing Uniswap V4 pools\n 8453: [\n // WETH/USDC 0.3%\n {\n currency0: \"0x4200000000000000000000000000000000000006\",\n currency1: \"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913\",\n fee: 3000,\n tickSpacing: 60,\n hooks: \"0x0000000000000000000000000000000000000000\",\n },\n // WETH/USDC 0.05%\n {\n currency0: \"0x4200000000000000000000000000000000000006\",\n currency1: \"0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913\",\n fee: 500,\n tickSpacing: 10,\n hooks: \"0x0000000000000000000000000000000000000000\",\n },\n ],\n};\n\nexport const POINT_TOKEN_POOLS: Record<number, Record<Address, PoolKey[]>> = {\n // chainId → pointTokenAddress → PoolKey[]\n};\n\n// -------------------------------------------------------------------------\n// Protocol constants — chain-agnostic (same address on every EVM chain)\n// -------------------------------------------------------------------------\n\n/** ERC-4337 v0.7 EntryPoint — deployed deterministically across all EVM chains. */\nexport const ENTRY_POINT_V07: Address = \"0x0000000071727De22E5E9d8BAf0edAc6f37da032\";\n\n/**\n * ERC-4337 v0.8 EntryPoint — used by Pimlico's `Simple7702Account` impl\n * (`0xe6Cae83BdE06E4c305530e199D7217f42808555B`) and by permissionless's\n * `to7702SimpleSmartAccount`. EIP-7702 delegated EOAs in PAFI's flow\n * point at this EntryPoint, NOT v0.7.\n *\n * Why this matters: account.validateUserOp does\n * `require(msg.sender == entryPoint(), \"account: not from EntryPoint\")`.\n * If the bundler/paymaster sim runs against a different EntryPoint than\n * what the account's `entryPoint()` returns, the require fails and you\n * see `AA23 reverted account: not from EntryPoint`.\n */\nexport const ENTRY_POINT_V08: Address = \"0x4337084d9e255ff0702461cf8895ce9e3b5ff108\";\n\n/** Permit2 — Uniswap's universal approval contract, same address on all EVM chains. */\nexport const PERMIT2_ADDRESS: Address = \"0x000000000022D473030F116dDEE9F6B43aC78BA3\";\n","import { getAddress, parseSignature, recoverTypedDataAddress } from \"viem\";\nimport type { Address, Hex, WalletClient } from \"viem\";\nimport { burnRequestTypes } from \"../constants\";\nimport type {\n BurnRequest,\n EIP712Signature,\n PointTokenDomainConfig,\n SignatureVerification,\n} from \"../types\";\nimport { buildDomain } from \"./domain\";\n\n/**\n * EIP-712 helpers for `BurnRequest` — consumed by the sig-gated burn\n * path on `PointToken`:\n *\n * burn(address from, uint256 amount, uint256 deadline, bytes burnerSig)\n *\n * Solidity type hash:\n * BurnRequest(address from,uint256 amount,uint256 nonce,uint256 deadline)\n *\n * Issuer backend signs with its burner signer (HSM/KMS). On-chain\n * `msg.sender` must equal `from`, and the recovered signer must be in\n * `burners[]`. Nonce comes from `burnRequestNonces[from]` and is\n * auto-incremented on success.\n */\nexport function buildBurnRequestTypedData(\n domain: PointTokenDomainConfig,\n message: BurnRequest,\n) {\n return {\n domain: buildDomain(domain),\n types: burnRequestTypes,\n primaryType: \"BurnRequest\" as const,\n message,\n };\n}\n\nexport async function signBurnRequest(\n walletClient: WalletClient,\n domain: PointTokenDomainConfig,\n message: BurnRequest,\n): Promise<EIP712Signature> {\n const serialized = await walletClient.signTypedData({\n account: walletClient.account!,\n domain: buildDomain(domain),\n types: burnRequestTypes,\n primaryType: \"BurnRequest\",\n message,\n });\n\n const { v, r, s } = parseSignature(serialized);\n\n return {\n v: Number(v),\n r,\n s,\n serialized,\n };\n}\n\nexport async function verifyBurnRequest(\n domain: PointTokenDomainConfig,\n message: BurnRequest,\n signature: Hex,\n expectedBurner: Address,\n): Promise<SignatureVerification> {\n const recoveredAddress = await recoverTypedDataAddress({\n domain: buildDomain(domain),\n types: burnRequestTypes,\n primaryType: \"BurnRequest\",\n message,\n signature,\n });\n\n const isValid = getAddress(recoveredAddress) === getAddress(expectedBurner);\n\n return { isValid, recoveredAddress };\n}\n","import { getAddress, parseSignature, recoverTypedDataAddress } from \"viem\";\nimport type { Address, Hex, WalletClient } from \"viem\";\nimport { receiverConsentTypes } from \"../constants\";\nimport type { EIP712Signature, PointTokenDomainConfig, ReceiverConsent, SignatureVerification } from \"../types\";\nimport { buildDomain } from \"./domain\";\n\n/**\n * Build the EIP-712 typed data object for a ReceiverConsent.\n * Returns the standard `{ domain, types, primaryType, message }` structure\n * that any EIP-712 signer (viem, ethers, Privy, WalletConnect) can consume.\n */\nexport function buildReceiverConsentTypedData(\n domain: PointTokenDomainConfig,\n message: ReceiverConsent,\n) {\n return {\n domain: buildDomain(domain),\n types: receiverConsentTypes,\n primaryType: \"ReceiverConsent\" as const,\n message,\n };\n}\n\nexport async function signReceiverConsent(\n walletClient: WalletClient,\n domain: PointTokenDomainConfig,\n message: ReceiverConsent,\n): Promise<EIP712Signature> {\n const serialized = await walletClient.signTypedData({\n account: walletClient.account!,\n domain: buildDomain(domain),\n types: receiverConsentTypes,\n primaryType: \"ReceiverConsent\",\n message,\n });\n\n const { v, r, s } = parseSignature(serialized);\n\n return {\n v: Number(v),\n r,\n s,\n serialized,\n };\n}\n\nexport async function verifyReceiverConsent(\n domain: PointTokenDomainConfig,\n message: ReceiverConsent,\n signature: Hex,\n expectedReceiver: Address,\n): Promise<SignatureVerification> {\n const recoveredAddress = await recoverTypedDataAddress({\n domain: buildDomain(domain),\n types: receiverConsentTypes,\n primaryType: \"ReceiverConsent\",\n message,\n signature,\n });\n\n const isValid = getAddress(recoveredAddress) === getAddress(expectedReceiver);\n\n return { isValid, recoveredAddress };\n}\n"]}