@pafi-dev/issuer 0.20.0 → 0.22.0

package/dist/index.js

@@ -1391,6 +1391,10 @@ var DEFAULT_BATCH_SIZE2 = 2000n;
 var DEFAULT_POLL_INTERVAL_MS2 = 5e3;
 var BurnIndexer = class {
   provider;
+  /**
+   * The PointToken this indexer watches. Exposed so callers can key
+   * leader-election locks / cursor stores by token (audit H-04 fix).
+   */
   pointTokenAddress;
   ledger;
   cursorStore;
@@ -1550,6 +1554,45 @@ var BurnIndexer = class {
   }
 };
 
+// src/indexer/postgresSingletonLock.ts
+function makePostgresSingletonLock(runner) {
+  return {
+    async acquire(key) {
+      const lockId = hashKeyToInt64(key);
+      const rows = await runner.query(
+        "SELECT pg_try_advisory_lock($1::bigint) AS got",
+        [lockId]
+      );
+      const got = rows[0]?.got === true;
+      if (!got) return null;
+      return {
+        async release() {
+          try {
+            await runner.query("SELECT pg_advisory_unlock($1::bigint)", [
+              lockId
+            ]);
+          } catch {
+          }
+        }
+      };
+    }
+  };
+}
+function hashKeyToInt64(key) {
+  const FNV_OFFSET = 0xcbf29ce484222325n;
+  const FNV_PRIME = 0x100000001b3n;
+  const MASK_64 = (1n << 64n) - 1n;
+  let hash = FNV_OFFSET;
+  for (let i = 0; i < key.length; i++) {
+    hash ^= BigInt(key.charCodeAt(i));
+    hash = hash * FNV_PRIME & MASK_64;
+  }
+  const SIGNED_MAX = (1n << 63n) - 1n;
+  const TWO64 = 1n << 64n;
+  const signed = hash > SIGNED_MAX ? hash - TWO64 : hash;
+  return signed.toString();
+}
+
 // src/api/handlers.ts
 import { getAddress as getAddress5 } from "viem";
 import {
@@ -1915,8 +1958,59 @@ var IssuerApiHandlers = class _IssuerApiHandlers {
   }
 };
 
-// src/api/handlers/ptRedeemHandler.ts
+// src/api/pointTokenDomainResolver.ts
 import { getAddress as getAddress6 } from "viem";
+var NAME_ABI = [
+  {
+    type: "function",
+    name: "name",
+    stateMutability: "view",
+    inputs: [],
+    outputs: [{ type: "string" }]
+  }
+];
+var PointTokenDomainResolver = class {
+  provider;
+  overrides;
+  cache = /* @__PURE__ */ new Map();
+  constructor(config) {
+    this.provider = config.provider;
+    this.overrides = /* @__PURE__ */ new Map();
+    if (config.overrides) {
+      for (const [addr, name] of Object.entries(config.overrides)) {
+        this.overrides.set(getAddress6(addr).toLowerCase(), name);
+      }
+    }
+  }
+  async resolve(pointTokenAddress) {
+    const key = getAddress6(pointTokenAddress).toLowerCase();
+    const cached = this.cache.get(key);
+    if (cached !== void 0) return cached;
+    const override = this.overrides.get(key);
+    if (override !== void 0) {
+      this.cache.set(key, override);
+      return override;
+    }
+    const name = await this.provider.readContract({
+      address: pointTokenAddress,
+      abi: NAME_ABI,
+      functionName: "name"
+    });
+    this.cache.set(key, name);
+    return name;
+  }
+  /** Invalidate one address (after deploy / proxy upgrade) or all. */
+  invalidate(pointTokenAddress) {
+    if (pointTokenAddress) {
+      this.cache.delete(getAddress6(pointTokenAddress).toLowerCase());
+    } else {
+      this.cache.clear();
+    }
+  }
+};
+
+// src/api/handlers/ptRedeemHandler.ts
+import { getAddress as getAddress7 } from "viem";
 import {
   signBurnRequest,
   POINT_TOKEN_ABI as POINT_TOKEN_ABI2,
@@ -1942,10 +2036,9 @@ var PTRedeemHandler = class {
   relayService;
   provider;
   feeService;
-  pointTokenAddress;
   batchExecutorAddress;
   chainId;
-  domain;
+  domainResolver;
   burnerSignerWallet;
   redeemLockDurationMs;
   signatureDeadlineSeconds;
@@ -1982,10 +2075,9 @@ var PTRedeemHandler = class {
     this.relayService = config.relayService;
     this.provider = config.provider;
     this.feeService = config.feeService;
-    this.pointTokenAddress = getAddress6(config.pointTokenAddress);
-    this.batchExecutorAddress = getAddress6(config.batchExecutorAddress);
+    this.batchExecutorAddress = getAddress7(config.batchExecutorAddress);
     this.chainId = config.chainId;
-    this.domain = config.domain;
+    this.domainResolver = config.domainResolver;
     this.burnerSignerWallet = config.burnerSignerWallet;
     if (this.burnerSignerWallet?.account?.type === "local") {
       console.warn("[PAFI] PTRedeemHandler: burnerSignerWallet uses a local (private key) account. Use a KMS-backed signer in production.");
@@ -1998,7 +2090,7 @@ var PTRedeemHandler = class {
     }
   }
   async handle(request) {
-    if (getAddress6(request.authenticatedAddress) !== getAddress6(request.userAddress)) {
+    if (getAddress7(request.authenticatedAddress) !== getAddress7(request.userAddress)) {
       throw new PTRedeemError(
         "UNAUTHORIZED",
         `userAddress (${request.userAddress}) does not match authenticated session (${request.authenticatedAddress})`
@@ -2007,11 +2099,12 @@ var PTRedeemHandler = class {
     if (request.amount <= 0n) {
       throw new PTRedeemError("INVALID_AMOUNT", "redeem amount must be positive");
     }
+    const pointTokenAddress = getAddress7(request.pointTokenAddress);
     if (this.redemptionService) {
       const decision = await this.redemptionService.evaluate(
         request.userAddress,
         request.amount,
-        this.pointTokenAddress
+        pointTokenAddress
       );
       if (!decision.allowed) {
         const denial = decision.denial;
@@ -2025,7 +2118,7 @@ var PTRedeemHandler = class {
     let burnNonce;
     try {
       burnNonce = await this.provider.readContract({
-        address: this.pointTokenAddress,
+        address: pointTokenAddress,
         abi: POINT_TOKEN_ABI2,
         functionName: "burnRequestNonces",
         args: [request.userAddress]
@@ -2036,27 +2129,27 @@ var PTRedeemHandler = class {
         `failed to read burnRequestNonces(${request.userAddress}): ${err instanceof Error ? err.message : String(err)}`
       );
     }
-    const userKey = getAddress6(request.userAddress).toLowerCase();
-    let userNonces = this.inFlightNonces.get(userKey);
+    const nonceKey = `${getAddress7(request.userAddress).toLowerCase()}:${pointTokenAddress.toLowerCase()}`;
+    let userNonces = this.inFlightNonces.get(nonceKey);
     if (!userNonces) {
       userNonces = /* @__PURE__ */ new Set();
-      this.inFlightNonces.set(userKey, userNonces);
+      this.inFlightNonces.set(nonceKey, userNonces);
     }
     if (userNonces.has(burnNonce)) {
       throw new PTRedeemError(
         "NONCE_IN_FLIGHT",
-        `A burn request for nonce ${burnNonce} is already in progress for ${request.userAddress}. Retry after the current request completes.`
+        `A burn request for nonce ${burnNonce} is already in progress for ${request.userAddress} on ${pointTokenAddress}. Retry after the current request completes.`
       );
     }
     userNonces.add(burnNonce);
     try {
-      return await this._handleAfterNonceLock(request, burnNonce);
+      return await this._handleAfterNonceLock(request, burnNonce, pointTokenAddress);
     } finally {
       userNonces.delete(burnNonce);
-      if (userNonces.size === 0) this.inFlightNonces.delete(userKey);
+      if (userNonces.size === 0) this.inFlightNonces.delete(nonceKey);
     }
   }
-  async _handleAfterNonceLock(request, burnNonce) {
+  async _handleAfterNonceLock(request, burnNonce, pointTokenAddress) {
     const previewDeadline = BigInt(
       Math.floor(this.now() / 1e3) + this.signatureDeadlineSeconds
     );
@@ -2067,13 +2160,13 @@ var PTRedeemHandler = class {
       const previewUserOp = this.relayService.previewBurnUserOp({
         userAddress: request.userAddress,
         aaNonce: burnNonce,
-        pointTokenAddress: this.pointTokenAddress,
+        pointTokenAddress,
         amount: request.amount,
         deadline: previewDeadline
       });
       fee = await this.feeService.estimateGasFee({
         scenario: "burn",
-        contractAddress: this.pointTokenAddress,
+        contractAddress: pointTokenAddress,
         partialUserOp: {
           sender: previewUserOp.sender,
           nonce: previewUserOp.nonce,
@@ -2092,7 +2185,7 @@ var PTRedeemHandler = class {
     }
     const onChainBalance = await getPointTokenBalance2(
       this.provider,
-      this.pointTokenAddress,
+      pointTokenAddress,
       request.userAddress
     );
     if (onChainBalance < request.amount) {
@@ -2102,10 +2195,11 @@ var PTRedeemHandler = class {
       );
     }
     const deadline = previewDeadline;
+    const domainName = await this.domainResolver.resolve(pointTokenAddress);
     const domain = {
-      name: this.domain.name,
+      name: domainName,
       chainId: this.chainId,
-      verifyingContract: this.domain.verifyingContract ?? this.pointTokenAddress
+      verifyingContract: pointTokenAddress
     };
     const sponsoredBurnAmount = request.amount - fee;
     const sponsoredBurnRequest = {
@@ -2127,14 +2221,14 @@ var PTRedeemHandler = class {
       request.userAddress,
       sponsoredBurnAmount,
       this.redeemLockDurationMs,
-      this.pointTokenAddress
+      pointTokenAddress
     );
     try {
       const sponsoredUserOp = await this.relayService.prepareBurn({
         mode: "burnWithSig",
         userAddress: request.userAddress,
         aaNonce: request.aaNonce,
-        pointTokenAddress: this.pointTokenAddress,
+        pointTokenAddress,
         batchExecutorAddress: this.batchExecutorAddress,
         burnRequest: sponsoredBurnRequest,
         burnerSignature: sponsoredSig,
@@ -2162,7 +2256,7 @@ var PTRedeemHandler = class {
           request.userAddress,
           request.amount,
           this.redeemLockDurationMs,
-          this.pointTokenAddress
+          pointTokenAddress
         );
         let fallbackUserOp;
         try {
@@ -2170,7 +2264,7 @@ var PTRedeemHandler = class {
             mode: "burnWithSig",
             userAddress: request.userAddress,
             aaNonce: request.aaNonce,
-            pointTokenAddress: this.pointTokenAddress,
+            pointTokenAddress,
             batchExecutorAddress: this.batchExecutorAddress,
             burnRequest: fallbackBurnRequest,
             burnerSignature: fallbackSig,
@@ -2195,7 +2289,7 @@ var PTRedeemHandler = class {
         await this.redemptionService.recordSuccessfulInitiate({
           user: request.userAddress,
           amountPt: request.amount,
-          pointTokenAddress: this.pointTokenAddress,
+          pointTokenAddress,
           reservationId: sponsoredLockId
         }).catch(() => {
         });
@@ -2318,7 +2412,7 @@ async function handleRedeemStatus(params) {
 }
 
 // src/api/mobileHandlers.ts
-import { getAddress as getAddress7 } from "viem";
+import { getAddress as getAddress8 } from "viem";
 import {
   ENTRY_POINT_V08,
   parseEip7702DelegatedAddress
@@ -2670,7 +2764,7 @@ async function handleMobileSubmit(params) {
   if (!entry) {
     throw new PendingUserOpNotFoundError(params.lockId);
   }
-  if (getAddress7(entry.sender) !== getAddress7(params.authenticatedAddress)) {
+  if (getAddress8(entry.sender) !== getAddress8(params.authenticatedAddress)) {
     throw new PendingUserOpForbiddenError(params.lockId);
   }
   const variant = params.variant ?? "sponsored";
@@ -2686,7 +2780,7 @@ async function handleMobileSubmit(params) {
 }
 
 // src/api/handlers/ptClaimHandler.ts
-import { getAddress as getAddress8 } from "viem";
+import { getAddress as getAddress9 } from "viem";
 import {
   decodeBatchExecuteCalls,
   getContractAddresses as getContractAddresses3
@@ -2735,7 +2829,7 @@ var PTClaimHandler = class {
     };
   }
   async handle(request) {
-    if (getAddress8(request.authenticatedAddress) !== getAddress8(request.userAddress)) {
+    if (getAddress9(request.authenticatedAddress) !== getAddress9(request.userAddress)) {
       throw new PTClaimError(
         "VALIDATION_FAILED",
         `userAddress (${request.userAddress}) does not match authenticated session (${request.authenticatedAddress})`
@@ -2790,8 +2884,11 @@ var PTClaimHandler = class {
           callData: previewUserOp.callData
         }
       }) : 0n;
+      const domainName = await this.cfg.domainResolver.resolve(
+        request.pointTokenAddress
+      );
       const domain = {
-        name: this.cfg.pointTokenDomainName,
+        name: domainName,
         chainId: request.chainId,
         verifyingContract: request.pointTokenAddress
       };
@@ -2807,8 +2904,16 @@ var PTClaimHandler = class {
           domain,
           mintRequestNonce: request.mintRequestNonce,
           deadline: signatureDeadline,
-          mintFeeWrapperAddress: resolvedWrapper
-          // No feeAmount/feeRecipient — RelayService auto-resolves.
+          mintFeeWrapperAddress: resolvedWrapper,
+          // Pass the bundler-estimated `feeAmount` explicitly so the
+          // RelayService skips its legacy `quoteOperatorFeePt` path
+          // (which uses the SDK's old 12_000 bps premium default).
+          // Without this, the response's `feeAmount` (from FeeManager,
+          // 100% premium on top of PAFI's 110% server-side estimate)
+          // would diverge from the actual PT.transfer amount in the
+          // UserOp batch (`quoteOperatorFeePt`'s 120%), and the user
+          // would see one value while the wallet transferred another.
+          feeAmount
         });
       } catch (err) {
         throw new PTClaimError(
@@ -3006,7 +3111,7 @@ import {
   getContractAddresses as getContractAddresses5,
   serializeUserOpToJsonRpc as serializeUserOpToJsonRpc2
 } from "@pafi-dev/core";
-import { getAddress as getAddress9 } from "viem";
+import { getAddress as getAddress10 } from "viem";
 var DEFAULT_DELEGATE_GAS = {
   callGasLimit: 100000n,
   verificationGasLimit: 150000n,
@@ -3093,7 +3198,7 @@ async function handleDelegateSubmit(params) {
   if (!entry) {
     throw new PendingUserOpNotFoundError(params.lockId);
   }
-  if (getAddress9(entry.sender) !== getAddress9(params.authenticatedAddress)) {
+  if (getAddress10(entry.sender) !== getAddress10(params.authenticatedAddress)) {
     throw new PendingUserOpForbiddenError(params.lockId);
   }
   if (!entry.eip7702Auth) {
@@ -3114,7 +3219,7 @@ async function handleDelegateSubmit(params) {
 
 // src/api/issuerApiAdapter.ts
 import { randomUUID } from "crypto";
-import { getAddress as getAddress10 } from "viem";
+import { getAddress as getAddress11 } from "viem";
 import {
   buildAndSignSponsorAuth,
   decodeBatchExecuteCalls as decodeBatchExecuteCalls3,
@@ -3179,7 +3284,7 @@ var IssuerApiAdapter = class {
   async pools(authenticatedAddress, chainId, pointTokenAddress) {
     const result = await this.cfg.issuerService.api.handlePools(
       authenticatedAddress,
-      { chainId, pointTokenAddress: getAddress10(pointTokenAddress) }
+      { chainId, pointTokenAddress: getAddress11(pointTokenAddress) }
     );
     return { pools: result.pools };
   }
@@ -3188,8 +3293,8 @@ var IssuerApiAdapter = class {
       authenticatedAddress,
       {
         chainId,
-        userAddress: getAddress10(userAddress),
-        pointTokenAddress: getAddress10(pointTokenAddress)
+        userAddress: getAddress11(userAddress),
+        pointTokenAddress: getAddress11(pointTokenAddress)
       }
     );
     return {
@@ -3210,7 +3315,7 @@ var IssuerApiAdapter = class {
       "ptClaimHandler",
       "claim"
     );
-    const pointTokenAddress = getAddress10(input.pointTokenAddress);
+    const pointTokenAddress = getAddress11(input.pointTokenAddress);
     const result = await ptClaimHandler.handle({
       authenticatedAddress: input.authenticatedAddress,
       userAddress: input.authenticatedAddress,
@@ -3237,9 +3342,11 @@ var IssuerApiAdapter = class {
   }
   async redeem(input) {
     this.assertRedeemHandler();
+    const pointTokenAddress = getAddress11(input.pointTokenAddress);
     const response = await this.cfg.ptRedeemHandler.handle({
       userAddress: input.authenticatedAddress,
       authenticatedAddress: input.authenticatedAddress,
+      pointTokenAddress,
       amount: input.amount,
       aaNonce: input.aaNonce,
       chainId: input.chainId
@@ -3305,7 +3412,7 @@ var IssuerApiAdapter = class {
       "ptClaimHandler",
       "claimPrepare"
     );
-    const pointTokenAddress = getAddress10(input.pointTokenAddress);
+    const pointTokenAddress = getAddress11(input.pointTokenAddress);
     const claimResult = await ptClaimHandler.handle({
       authenticatedAddress: input.authenticatedAddress,
       userAddress: input.authenticatedAddress,
@@ -3351,10 +3458,11 @@ var IssuerApiAdapter = class {
   }
   async redeemPrepare(input) {
     this.assertRedeemHandler();
-    const pointTokenAddress = getAddress10(input.pointTokenAddress);
+    const pointTokenAddress = getAddress11(input.pointTokenAddress);
     const redeemResponse = await this.cfg.ptRedeemHandler.handle({
       userAddress: input.authenticatedAddress,
       authenticatedAddress: input.authenticatedAddress,
+      pointTokenAddress,
       amount: input.amount,
       aaNonce: input.aaNonce,
       chainId: input.chainId
@@ -4102,7 +4210,7 @@ var PafiBackendClient = class {
 };
 
 // src/config.ts
-import { getAddress as getAddress11 } from "viem";
+import { getAddress as getAddress12 } from "viem";
 import { getContractAddresses as getContractAddresses7 } from "@pafi-dev/core";
 
 // src/redemption/evaluator.ts
@@ -4412,7 +4520,7 @@ var RedemptionService = class {
 };
 
 // src/config.ts
-function createIssuerService(config) {
+async function createIssuerService(config) {
   if (!config.provider) {
     throw new Error("createIssuerService: provider is required");
   }
@@ -4431,7 +4539,7 @@ function createIssuerService(config) {
       "createIssuerService: at least one of pointTokenAddress / pointTokenAddresses is required"
     );
   }
-  const tokenAddresses = rawAddresses.map((a) => getAddress11(a));
+  const tokenAddresses = rawAddresses.map((a) => getAddress12(a));
   const ledger = config.ledger;
   const sessionStore = config.sessionStore ?? new MemorySessionStore();
   const policy = config.policy ?? new DefaultPolicyEngine({ ledger });
@@ -4531,9 +4639,26 @@ function createIssuerService(config) {
     handlersConfig.mintFeeWrapperAddress = resolvedWrapperAddress;
   }
   const handlers = new IssuerApiHandlers(handlersConfig);
+  const indexerLeaderLocks = [];
   if (config.indexer?.autoStart) {
-    for (const idx of indexers.values()) {
-      idx.start();
+    const lock = config.indexer.singletonLock;
+    if (!lock) {
+      console.warn(
+        "[@pafi-dev/issuer] indexer.autoStart=true without singletonLock \u2014 this is UNSAFE in multi-replica deployments (audit finding H-04). Either set replicas=1 + INDEXER_AUTOSTART=false on non-leader pods, or pass `singletonLock: makePostgresSingletonLock(dataSource)`. This permissive path will be removed in a future major release."
+      );
+      for (const idx of indexers.values()) {
+        idx.start();
+      }
+    } else {
+      for (const [tokenAddr, idx] of indexers.entries()) {
+        const key = `pafi-issuer:point-indexer:${tokenAddr.toLowerCase()}`;
+        const handle = await lock.acquire(key);
+        if (!handle) {
+          continue;
+        }
+        idx.start();
+        indexerLeaderLocks.push(handle);
+      }
     }
   }
   return {
@@ -4544,13 +4669,14 @@ function createIssuerService(config) {
     relay: relayService,
     fee: feeManager,
     indexers,
+    indexerLeaderLocks,
     api: handlers,
     redemption
   };
 }
 
 // src/issuer-state/validator.ts
-import { getAddress as getAddress12 } from "viem";
+import { getAddress as getAddress13 } from "viem";
 import {
   POINT_TOKEN_ABI as POINT_TOKEN_ABI3,
   issuerRegistryAbi,
@@ -4582,7 +4708,7 @@ var IssuerStateValidator = class _IssuerStateValidator {
    */
   invalidate(pointToken) {
     if (pointToken) {
-      const key = getAddress12(pointToken);
+      const key = getAddress13(pointToken);
       this.pointTokenIssuerCache.delete(key);
       this.stateCache.delete(key);
       this.inflight.delete(key);
@@ -4597,7 +4723,7 @@ var IssuerStateValidator = class _IssuerStateValidator {
    * The issuer field is set at `initialize()` and never changes.
    */
   async getIssuerAddressForPointToken(pointToken) {
-    const key = getAddress12(pointToken);
+    const key = getAddress13(pointToken);
     const cached = this.pointTokenIssuerCache.get(key);
     if (cached) return cached;
     const issuer = await this.provider.readContract({
@@ -4605,15 +4731,15 @@ var IssuerStateValidator = class _IssuerStateValidator {
       abi: POINT_TOKEN_ABI3,
       functionName: "issuer"
     });
-    this.pointTokenIssuerCache.set(key, getAddress12(issuer));
-    return getAddress12(issuer);
+    this.pointTokenIssuerCache.set(key, getAddress13(issuer));
+    return getAddress13(issuer);
   }
   /**
    * Read registry record + totalSupply, with 30s cache and in-flight
    * deduplication. Does NOT throw on inactive/missing — returns raw state.
    */
   async getIssuerState(pointToken) {
-    const tokenAddr = getAddress12(pointToken);
+    const tokenAddr = getAddress13(pointToken);
     const now = Date.now();
     const cached = this.stateCache.get(tokenAddr);
     if (cached && cached.expiresAt > now) return cached.value;
@@ -4756,7 +4882,7 @@ var MemoryRedemptionHistoryStore = class {
 };
 
 // src/index.ts
-var PAFI_ISSUER_SDK_VERSION = true ? "0.20.0" : "dev";
+var PAFI_ISSUER_SDK_VERSION = true ? "0.22.0" : "dev";
 export {
   AdapterMisconfiguredError,
   AuthError,
@@ -4795,6 +4921,7 @@ export {
   PerpDepositError,
   PerpDepositHandler,
   PointIndexer,
+  PointTokenDomainResolver,
   PolicyProvider,
   REDEMPTION_HISTORY_WINDOW_SEC,
   RedemptionService,
@@ -4821,6 +4948,7 @@ export {
   handleMobilePrepare,
   handleMobileSubmit,
   handleRedeemStatus,
+  makePostgresSingletonLock,
   mergePaymasterFields,
   payloadFromGenericError,
   payloadFromHttpException,