npm - @pafi-dev/issuer - Versions diffs - 0.20.0 → 0.22.0 - Mend

@pafi-dev/issuer 0.20.0 → 0.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.cjs CHANGED Viewed

@@ -57,6 +57,7 @@ __export(index_exports, {
   PerpDepositError: () => PerpDepositError,
   PerpDepositHandler: () => PerpDepositHandler,
   PointIndexer: () => PointIndexer,
+  PointTokenDomainResolver: () => PointTokenDomainResolver,
   PolicyProvider: () => PolicyProvider,
   REDEMPTION_HISTORY_WINDOW_SEC: () => REDEMPTION_HISTORY_WINDOW_SEC,
   RedemptionService: () => RedemptionService,
@@ -83,6 +84,7 @@ __export(index_exports, {
   handleMobilePrepare: () => handleMobilePrepare,
   handleMobileSubmit: () => handleMobileSubmit,
   handleRedeemStatus: () => handleRedeemStatus,
+  makePostgresSingletonLock: () => makePostgresSingletonLock,
   mergePaymasterFields: () => mergePaymasterFields,
   payloadFromGenericError: () => payloadFromGenericError,
   payloadFromHttpException: () => payloadFromHttpException,
@@ -1624,6 +1626,10 @@ var DEFAULT_BATCH_SIZE2 = 2000n;
 var DEFAULT_POLL_INTERVAL_MS2 = 5e3;
 var BurnIndexer = class {
   provider;
+  /**
+   * The PointToken this indexer watches. Exposed so callers can key
+   * leader-election locks / cursor stores by token (audit H-04 fix).
+   */
   pointTokenAddress;
   ledger;
   cursorStore;
@@ -1783,6 +1789,45 @@ var BurnIndexer = class {
   }
 };
+// src/indexer/postgresSingletonLock.ts
+function makePostgresSingletonLock(runner) {
+  return {
+    async acquire(key) {
+      const lockId = hashKeyToInt64(key);
+      const rows = await runner.query(
+        "SELECT pg_try_advisory_lock($1::bigint) AS got",
+        [lockId]
+      );
+      const got = rows[0]?.got === true;
+      if (!got) return null;
+      return {
+        async release() {
+          try {
+            await runner.query("SELECT pg_advisory_unlock($1::bigint)", [
+              lockId
+            ]);
+          } catch {
+          }
+        }
+      };
+    }
+  };
+}
+function hashKeyToInt64(key) {
+  const FNV_OFFSET = 0xcbf29ce484222325n;
+  const FNV_PRIME = 0x100000001b3n;
+  const MASK_64 = (1n << 64n) - 1n;
+  let hash = FNV_OFFSET;
+  for (let i = 0; i < key.length; i++) {
+    hash ^= BigInt(key.charCodeAt(i));
+    hash = hash * FNV_PRIME & MASK_64;
+  }
+  const SIGNED_MAX = (1n << 63n) - 1n;
+  const TWO64 = 1n << 64n;
+  const signed = hash > SIGNED_MAX ? hash - TWO64 : hash;
+  return signed.toString();
+}
 // src/api/handlers.ts
 var import_viem6 = require("viem");
 var import_core6 = require("@pafi-dev/core");
@@ -2143,8 +2188,59 @@ var IssuerApiHandlers = class _IssuerApiHandlers {
   }
 };
-// src/api/handlers/ptRedeemHandler.ts
+// src/api/pointTokenDomainResolver.ts
 var import_viem7 = require("viem");
+var NAME_ABI = [
+  {
+    type: "function",
+    name: "name",
+    stateMutability: "view",
+    inputs: [],
+    outputs: [{ type: "string" }]
+  }
+];
+var PointTokenDomainResolver = class {
+  provider;
+  overrides;
+  cache = /* @__PURE__ */ new Map();
+  constructor(config) {
+    this.provider = config.provider;
+    this.overrides = /* @__PURE__ */ new Map();
+    if (config.overrides) {
+      for (const [addr, name] of Object.entries(config.overrides)) {
+        this.overrides.set((0, import_viem7.getAddress)(addr).toLowerCase(), name);
+      }
+    }
+  }
+  async resolve(pointTokenAddress) {
+    const key = (0, import_viem7.getAddress)(pointTokenAddress).toLowerCase();
+    const cached = this.cache.get(key);
+    if (cached !== void 0) return cached;
+    const override = this.overrides.get(key);
+    if (override !== void 0) {
+      this.cache.set(key, override);
+      return override;
+    }
+    const name = await this.provider.readContract({
+      address: pointTokenAddress,
+      abi: NAME_ABI,
+      functionName: "name"
+    });
+    this.cache.set(key, name);
+    return name;
+  }
+  /** Invalidate one address (after deploy / proxy upgrade) or all. */
+  invalidate(pointTokenAddress) {
+    if (pointTokenAddress) {
+      this.cache.delete((0, import_viem7.getAddress)(pointTokenAddress).toLowerCase());
+    } else {
+      this.cache.clear();
+    }
+  }
+};
+// src/api/handlers/ptRedeemHandler.ts
+var import_viem8 = require("viem");
 var import_core7 = require("@pafi-dev/core");
 var DEFAULT_REDEEM_LOCK_MS = 15 * 60 * 1e3;
 var DEFAULT_SIG_DEADLINE_SEC = 15 * 60;
@@ -2165,10 +2261,9 @@ var PTRedeemHandler = class {
   relayService;
   provider;
   feeService;
-  pointTokenAddress;
   batchExecutorAddress;
   chainId;
-  domain;
+  domainResolver;
   burnerSignerWallet;
   redeemLockDurationMs;
   signatureDeadlineSeconds;
@@ -2205,10 +2300,9 @@ var PTRedeemHandler = class {
     this.relayService = config.relayService;
     this.provider = config.provider;
     this.feeService = config.feeService;
-    this.pointTokenAddress = (0, import_viem7.getAddress)(config.pointTokenAddress);
-    this.batchExecutorAddress = (0, import_viem7.getAddress)(config.batchExecutorAddress);
+    this.batchExecutorAddress = (0, import_viem8.getAddress)(config.batchExecutorAddress);
     this.chainId = config.chainId;
-    this.domain = config.domain;
+    this.domainResolver = config.domainResolver;
     this.burnerSignerWallet = config.burnerSignerWallet;
     if (this.burnerSignerWallet?.account?.type === "local") {
       console.warn("[PAFI] PTRedeemHandler: burnerSignerWallet uses a local (private key) account. Use a KMS-backed signer in production.");
@@ -2221,7 +2315,7 @@ var PTRedeemHandler = class {
     }
   }
   async handle(request) {
-    if ((0, import_viem7.getAddress)(request.authenticatedAddress) !== (0, import_viem7.getAddress)(request.userAddress)) {
+    if ((0, import_viem8.getAddress)(request.authenticatedAddress) !== (0, import_viem8.getAddress)(request.userAddress)) {
       throw new PTRedeemError(
         "UNAUTHORIZED",
         `userAddress (${request.userAddress}) does not match authenticated session (${request.authenticatedAddress})`
@@ -2230,11 +2324,12 @@ var PTRedeemHandler = class {
     if (request.amount <= 0n) {
       throw new PTRedeemError("INVALID_AMOUNT", "redeem amount must be positive");
     }
+    const pointTokenAddress = (0, import_viem8.getAddress)(request.pointTokenAddress);
     if (this.redemptionService) {
       const decision = await this.redemptionService.evaluate(
         request.userAddress,
         request.amount,
-        this.pointTokenAddress
+        pointTokenAddress
       );
       if (!decision.allowed) {
         const denial = decision.denial;
@@ -2248,7 +2343,7 @@ var PTRedeemHandler = class {
     let burnNonce;
     try {
       burnNonce = await this.provider.readContract({
-        address: this.pointTokenAddress,
+        address: pointTokenAddress,
         abi: import_core7.POINT_TOKEN_ABI,
         functionName: "burnRequestNonces",
         args: [request.userAddress]
@@ -2259,27 +2354,27 @@ var PTRedeemHandler = class {
         `failed to read burnRequestNonces(${request.userAddress}): ${err instanceof Error ? err.message : String(err)}`
       );
     }
-    const userKey = (0, import_viem7.getAddress)(request.userAddress).toLowerCase();
-    let userNonces = this.inFlightNonces.get(userKey);
+    const nonceKey = `${(0, import_viem8.getAddress)(request.userAddress).toLowerCase()}:${pointTokenAddress.toLowerCase()}`;
+    let userNonces = this.inFlightNonces.get(nonceKey);
     if (!userNonces) {
       userNonces = /* @__PURE__ */ new Set();
-      this.inFlightNonces.set(userKey, userNonces);
+      this.inFlightNonces.set(nonceKey, userNonces);
     }
     if (userNonces.has(burnNonce)) {
       throw new PTRedeemError(
         "NONCE_IN_FLIGHT",
-        `A burn request for nonce ${burnNonce} is already in progress for ${request.userAddress}. Retry after the current request completes.`
+        `A burn request for nonce ${burnNonce} is already in progress for ${request.userAddress} on ${pointTokenAddress}. Retry after the current request completes.`
       );
     }
     userNonces.add(burnNonce);
     try {
-      return await this._handleAfterNonceLock(request, burnNonce);
+      return await this._handleAfterNonceLock(request, burnNonce, pointTokenAddress);
     } finally {
       userNonces.delete(burnNonce);
-      if (userNonces.size === 0) this.inFlightNonces.delete(userKey);
+      if (userNonces.size === 0) this.inFlightNonces.delete(nonceKey);
     }
   }
-  async _handleAfterNonceLock(request, burnNonce) {
+  async _handleAfterNonceLock(request, burnNonce, pointTokenAddress) {
     const previewDeadline = BigInt(
       Math.floor(this.now() / 1e3) + this.signatureDeadlineSeconds
     );
@@ -2290,13 +2385,13 @@ var PTRedeemHandler = class {
       const previewUserOp = this.relayService.previewBurnUserOp({
         userAddress: request.userAddress,
         aaNonce: burnNonce,
-        pointTokenAddress: this.pointTokenAddress,
+        pointTokenAddress,
         amount: request.amount,
         deadline: previewDeadline
       });
       fee = await this.feeService.estimateGasFee({
         scenario: "burn",
-        contractAddress: this.pointTokenAddress,
+        contractAddress: pointTokenAddress,
         partialUserOp: {
           sender: previewUserOp.sender,
           nonce: previewUserOp.nonce,
@@ -2315,7 +2410,7 @@ var PTRedeemHandler = class {
     }
     const onChainBalance = await (0, import_core7.getPointTokenBalance)(
       this.provider,
-      this.pointTokenAddress,
+      pointTokenAddress,
       request.userAddress
     );
     if (onChainBalance < request.amount) {
@@ -2325,10 +2420,11 @@ var PTRedeemHandler = class {
       );
     }
     const deadline = previewDeadline;
+    const domainName = await this.domainResolver.resolve(pointTokenAddress);
     const domain = {
-      name: this.domain.name,
+      name: domainName,
       chainId: this.chainId,
-      verifyingContract: this.domain.verifyingContract ?? this.pointTokenAddress
+      verifyingContract: pointTokenAddress
     };
     const sponsoredBurnAmount = request.amount - fee;
     const sponsoredBurnRequest = {
@@ -2350,14 +2446,14 @@ var PTRedeemHandler = class {
       request.userAddress,
       sponsoredBurnAmount,
       this.redeemLockDurationMs,
-      this.pointTokenAddress
+      pointTokenAddress
     );
     try {
       const sponsoredUserOp = await this.relayService.prepareBurn({
         mode: "burnWithSig",
         userAddress: request.userAddress,
         aaNonce: request.aaNonce,
-        pointTokenAddress: this.pointTokenAddress,
+        pointTokenAddress,
         batchExecutorAddress: this.batchExecutorAddress,
         burnRequest: sponsoredBurnRequest,
         burnerSignature: sponsoredSig,
@@ -2385,7 +2481,7 @@ var PTRedeemHandler = class {
           request.userAddress,
           request.amount,
           this.redeemLockDurationMs,
-          this.pointTokenAddress
+          pointTokenAddress
         );
         let fallbackUserOp;
         try {
@@ -2393,7 +2489,7 @@ var PTRedeemHandler = class {
             mode: "burnWithSig",
             userAddress: request.userAddress,
             aaNonce: request.aaNonce,
-            pointTokenAddress: this.pointTokenAddress,
+            pointTokenAddress,
             batchExecutorAddress: this.batchExecutorAddress,
             burnRequest: fallbackBurnRequest,
             burnerSignature: fallbackSig,
@@ -2418,7 +2514,7 @@ var PTRedeemHandler = class {
         await this.redemptionService.recordSuccessfulInitiate({
           user: request.userAddress,
           amountPt: request.amount,
-          pointTokenAddress: this.pointTokenAddress,
+          pointTokenAddress,
           reservationId: sponsoredLockId
         }).catch(() => {
         });
@@ -2541,7 +2637,7 @@ async function handleRedeemStatus(params) {
 }
 // src/api/mobileHandlers.ts
-var import_viem8 = require("viem");
+var import_viem9 = require("viem");
 var import_core10 = require("@pafi-dev/core");
 // src/userop-store/serialize.ts
@@ -2887,7 +2983,7 @@ async function handleMobileSubmit(params) {
   if (!entry) {
     throw new PendingUserOpNotFoundError(params.lockId);
   }
-  if ((0, import_viem8.getAddress)(entry.sender) !== (0, import_viem8.getAddress)(params.authenticatedAddress)) {
+  if ((0, import_viem9.getAddress)(entry.sender) !== (0, import_viem9.getAddress)(params.authenticatedAddress)) {
     throw new PendingUserOpForbiddenError(params.lockId);
   }
   const variant = params.variant ?? "sponsored";
@@ -2903,7 +2999,7 @@ async function handleMobileSubmit(params) {
 }
 // src/api/handlers/ptClaimHandler.ts
-var import_viem9 = require("viem");
+var import_viem10 = require("viem");
 var import_core11 = require("@pafi-dev/core");
 // src/issuer-state/types.ts
@@ -2949,7 +3045,7 @@ var PTClaimHandler = class {
     };
   }
   async handle(request) {
-    if ((0, import_viem9.getAddress)(request.authenticatedAddress) !== (0, import_viem9.getAddress)(request.userAddress)) {
+    if ((0, import_viem10.getAddress)(request.authenticatedAddress) !== (0, import_viem10.getAddress)(request.userAddress)) {
       throw new PTClaimError(
         "VALIDATION_FAILED",
         `userAddress (${request.userAddress}) does not match authenticated session (${request.authenticatedAddress})`
@@ -3004,8 +3100,11 @@ var PTClaimHandler = class {
           callData: previewUserOp.callData
         }
       }) : 0n;
+      const domainName = await this.cfg.domainResolver.resolve(
+        request.pointTokenAddress
+      );
       const domain = {
-        name: this.cfg.pointTokenDomainName,
+        name: domainName,
         chainId: request.chainId,
         verifyingContract: request.pointTokenAddress
       };
@@ -3021,8 +3120,16 @@ var PTClaimHandler = class {
           domain,
           mintRequestNonce: request.mintRequestNonce,
           deadline: signatureDeadline,
-          mintFeeWrapperAddress: resolvedWrapper
-          // No feeAmount/feeRecipient — RelayService auto-resolves.
+          mintFeeWrapperAddress: resolvedWrapper,
+          // Pass the bundler-estimated `feeAmount` explicitly so the
+          // RelayService skips its legacy `quoteOperatorFeePt` path
+          // (which uses the SDK's old 12_000 bps premium default).
+          // Without this, the response's `feeAmount` (from FeeManager,
+          // 100% premium on top of PAFI's 110% server-side estimate)
+          // would diverge from the actual PT.transfer amount in the
+          // UserOp batch (`quoteOperatorFeePt`'s 120%), and the user
+          // would see one value while the wallet transferred another.
+          feeAmount
         });
       } catch (err) {
         throw new PTClaimError(
@@ -3203,7 +3310,7 @@ var PerpDepositHandler = class {
 // src/api/delegateHandler.ts
 var import_core13 = require("@pafi-dev/core");
-var import_viem10 = require("viem");
+var import_viem11 = require("viem");
 var DEFAULT_DELEGATE_GAS = {
   callGasLimit: 100000n,
   verificationGasLimit: 150000n,
@@ -3290,7 +3397,7 @@ async function handleDelegateSubmit(params) {
   if (!entry) {
     throw new PendingUserOpNotFoundError(params.lockId);
   }
-  if ((0, import_viem10.getAddress)(entry.sender) !== (0, import_viem10.getAddress)(params.authenticatedAddress)) {
+  if ((0, import_viem11.getAddress)(entry.sender) !== (0, import_viem11.getAddress)(params.authenticatedAddress)) {
     throw new PendingUserOpForbiddenError(params.lockId);
   }
   if (!entry.eip7702Auth) {
@@ -3311,7 +3418,7 @@ async function handleDelegateSubmit(params) {
 // src/api/issuerApiAdapter.ts
 var import_node_crypto3 = require("crypto");
-var import_viem11 = require("viem");
+var import_viem12 = require("viem");
 var import_core14 = require("@pafi-dev/core");
 var AdapterMisconfiguredError = class extends Error {
   code = "ADAPTER_MISCONFIGURED";
@@ -3369,7 +3476,7 @@ var IssuerApiAdapter = class {
   async pools(authenticatedAddress, chainId, pointTokenAddress) {
     const result = await this.cfg.issuerService.api.handlePools(
       authenticatedAddress,
-      { chainId, pointTokenAddress: (0, import_viem11.getAddress)(pointTokenAddress) }
+      { chainId, pointTokenAddress: (0, import_viem12.getAddress)(pointTokenAddress) }
     );
     return { pools: result.pools };
   }
@@ -3378,8 +3485,8 @@ var IssuerApiAdapter = class {
       authenticatedAddress,
       {
         chainId,
-        userAddress: (0, import_viem11.getAddress)(userAddress),
-        pointTokenAddress: (0, import_viem11.getAddress)(pointTokenAddress)
+        userAddress: (0, import_viem12.getAddress)(userAddress),
+        pointTokenAddress: (0, import_viem12.getAddress)(pointTokenAddress)
       }
     );
     return {
@@ -3400,7 +3507,7 @@ var IssuerApiAdapter = class {
       "ptClaimHandler",
       "claim"
     );
-    const pointTokenAddress = (0, import_viem11.getAddress)(input.pointTokenAddress);
+    const pointTokenAddress = (0, import_viem12.getAddress)(input.pointTokenAddress);
     const result = await ptClaimHandler.handle({
       authenticatedAddress: input.authenticatedAddress,
       userAddress: input.authenticatedAddress,
@@ -3427,9 +3534,11 @@ var IssuerApiAdapter = class {
   }
   async redeem(input) {
     this.assertRedeemHandler();
+    const pointTokenAddress = (0, import_viem12.getAddress)(input.pointTokenAddress);
     const response = await this.cfg.ptRedeemHandler.handle({
       userAddress: input.authenticatedAddress,
       authenticatedAddress: input.authenticatedAddress,
+      pointTokenAddress,
       amount: input.amount,
       aaNonce: input.aaNonce,
       chainId: input.chainId
@@ -3495,7 +3604,7 @@ var IssuerApiAdapter = class {
       "ptClaimHandler",
       "claimPrepare"
     );
-    const pointTokenAddress = (0, import_viem11.getAddress)(input.pointTokenAddress);
+    const pointTokenAddress = (0, import_viem12.getAddress)(input.pointTokenAddress);
     const claimResult = await ptClaimHandler.handle({
       authenticatedAddress: input.authenticatedAddress,
       userAddress: input.authenticatedAddress,
@@ -3541,10 +3650,11 @@ var IssuerApiAdapter = class {
   }
   async redeemPrepare(input) {
     this.assertRedeemHandler();
-    const pointTokenAddress = (0, import_viem11.getAddress)(input.pointTokenAddress);
+    const pointTokenAddress = (0, import_viem12.getAddress)(input.pointTokenAddress);
     const redeemResponse = await this.cfg.ptRedeemHandler.handle({
       userAddress: input.authenticatedAddress,
       authenticatedAddress: input.authenticatedAddress,
+      pointTokenAddress,
       amount: input.amount,
       aaNonce: input.aaNonce,
       chainId: input.chainId
@@ -3731,7 +3841,7 @@ var IssuerApiAdapter = class {
 };
 // src/pools/subgraphPoolsProvider.ts
-var import_viem12 = require("viem");
+var import_viem13 = require("viem");
 var import_core15 = require("@pafi-dev/core");
 var DEFAULT_CACHE_TTL_MS = 3e4;
 var MAX_REASONABLE_FEE_TIER = 1e6;
@@ -3854,7 +3964,7 @@ async function fetchPoolsFromSubgraph(fetchImpl, subgraphUrl, pointTokenAddress,
     return [];
   }
   const { pool } = token;
-  if (!(0, import_viem12.isAddress)(pool.token0.id) || !(0, import_viem12.isAddress)(pool.token1.id)) {
+  if (!(0, import_viem13.isAddress)(pool.token0.id) || !(0, import_viem13.isAddress)(pool.token1.id)) {
     const error = new Error(
       "[PAFI] SubgraphPoolsProvider: invalid token address in response"
     );
@@ -4007,8 +4117,8 @@ function toUsdtPerNative(priceFloat, usdtDecimals) {
 }
 // src/pools/nativePtQuoter.ts
-var import_viem13 = require("viem");
-var CHAINLINK_ABI = (0, import_viem13.parseAbi)([
+var import_viem14 = require("viem");
+var CHAINLINK_ABI = (0, import_viem14.parseAbi)([
   "function latestRoundData() external view returns (uint80 roundId, int256 answer, uint256 startedAt, uint256 updatedAt, uint80 answeredInRound)"
 ]);
 var CHAINLINK_MAX_AGE_S = 3600n;
@@ -4292,7 +4402,7 @@ var PafiBackendClient = class {
 };
 // src/config.ts
-var import_viem14 = require("viem");
+var import_viem15 = require("viem");
 var import_core18 = require("@pafi-dev/core");
 // src/redemption/evaluator.ts
@@ -4600,7 +4710,7 @@ var RedemptionService = class {
 };
 // src/config.ts
-function createIssuerService(config) {
+async function createIssuerService(config) {
   if (!config.provider) {
     throw new Error("createIssuerService: provider is required");
   }
@@ -4619,7 +4729,7 @@ function createIssuerService(config) {
       "createIssuerService: at least one of pointTokenAddress / pointTokenAddresses is required"
     );
   }
-  const tokenAddresses = rawAddresses.map((a) => (0, import_viem14.getAddress)(a));
+  const tokenAddresses = rawAddresses.map((a) => (0, import_viem15.getAddress)(a));
   const ledger = config.ledger;
   const sessionStore = config.sessionStore ?? new MemorySessionStore();
   const policy = config.policy ?? new DefaultPolicyEngine({ ledger });
@@ -4719,9 +4829,26 @@ function createIssuerService(config) {
     handlersConfig.mintFeeWrapperAddress = resolvedWrapperAddress;
   }
   const handlers = new IssuerApiHandlers(handlersConfig);
+  const indexerLeaderLocks = [];
   if (config.indexer?.autoStart) {
-    for (const idx of indexers.values()) {
-      idx.start();
+    const lock = config.indexer.singletonLock;
+    if (!lock) {
+      console.warn(
+        "[@pafi-dev/issuer] indexer.autoStart=true without singletonLock \u2014 this is UNSAFE in multi-replica deployments (audit finding H-04). Either set replicas=1 + INDEXER_AUTOSTART=false on non-leader pods, or pass `singletonLock: makePostgresSingletonLock(dataSource)`. This permissive path will be removed in a future major release."
+      );
+      for (const idx of indexers.values()) {
+        idx.start();
+      }
+    } else {
+      for (const [tokenAddr, idx] of indexers.entries()) {
+        const key = `pafi-issuer:point-indexer:${tokenAddr.toLowerCase()}`;
+        const handle = await lock.acquire(key);
+        if (!handle) {
+          continue;
+        }
+        idx.start();
+        indexerLeaderLocks.push(handle);
+      }
     }
   }
   return {
@@ -4732,13 +4859,14 @@ function createIssuerService(config) {
     relay: relayService,
     fee: feeManager,
     indexers,
+    indexerLeaderLocks,
     api: handlers,
     redemption
   };
 }
 // src/issuer-state/validator.ts
-var import_viem15 = require("viem");
+var import_viem16 = require("viem");
 var import_core19 = require("@pafi-dev/core");
 var ISSUER_RECORD_TTL_MS = 3e4;
 var IssuerStateValidator = class _IssuerStateValidator {
@@ -4765,7 +4893,7 @@ var IssuerStateValidator = class _IssuerStateValidator {
    */
   invalidate(pointToken) {
     if (pointToken) {
-      const key = (0, import_viem15.getAddress)(pointToken);
+      const key = (0, import_viem16.getAddress)(pointToken);
       this.pointTokenIssuerCache.delete(key);
       this.stateCache.delete(key);
       this.inflight.delete(key);
@@ -4780,7 +4908,7 @@ var IssuerStateValidator = class _IssuerStateValidator {
    * The issuer field is set at `initialize()` and never changes.
    */
   async getIssuerAddressForPointToken(pointToken) {
-    const key = (0, import_viem15.getAddress)(pointToken);
+    const key = (0, import_viem16.getAddress)(pointToken);
     const cached = this.pointTokenIssuerCache.get(key);
     if (cached) return cached;
     const issuer = await this.provider.readContract({
@@ -4788,15 +4916,15 @@ var IssuerStateValidator = class _IssuerStateValidator {
       abi: import_core19.POINT_TOKEN_ABI,
       functionName: "issuer"
     });
-    this.pointTokenIssuerCache.set(key, (0, import_viem15.getAddress)(issuer));
-    return (0, import_viem15.getAddress)(issuer);
+    this.pointTokenIssuerCache.set(key, (0, import_viem16.getAddress)(issuer));
+    return (0, import_viem16.getAddress)(issuer);
   }
   /**
    * Read registry record + totalSupply, with 30s cache and in-flight
    * deduplication. Does NOT throw on inactive/missing — returns raw state.
    */
   async getIssuerState(pointToken) {
-    const tokenAddr = (0, import_viem15.getAddress)(pointToken);
+    const tokenAddr = (0, import_viem16.getAddress)(pointToken);
     const now = Date.now();
     const cached = this.stateCache.get(tokenAddr);
     if (cached && cached.expiresAt > now) return cached.value;
@@ -4939,7 +5067,7 @@ var MemoryRedemptionHistoryStore = class {
 };
 // src/index.ts
-var PAFI_ISSUER_SDK_VERSION = true ? "0.20.0" : "dev";
+var PAFI_ISSUER_SDK_VERSION = true ? "0.22.0" : "dev";
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   AdapterMisconfiguredError,
@@ -4979,6 +5107,7 @@ var PAFI_ISSUER_SDK_VERSION = true ? "0.20.0" : "dev";
   PerpDepositError,
   PerpDepositHandler,
   PointIndexer,
+  PointTokenDomainResolver,
   PolicyProvider,
   REDEMPTION_HISTORY_WINDOW_SEC,
   RedemptionService,
@@ -5005,6 +5134,7 @@ var PAFI_ISSUER_SDK_VERSION = true ? "0.20.0" : "dev";
   handleMobilePrepare,
   handleMobileSubmit,
   handleRedeemStatus,
+  makePostgresSingletonLock,
   mergePaymasterFields,
   payloadFromGenericError,
   payloadFromHttpException,