npm - @pafi-dev/issuer - Versions diffs - 0.21.0 → 0.22.0 - Mend

@pafi-dev/issuer 0.21.0 → 0.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -14,6 +14,42 @@ interfaces. Don't bundle into a browser app — use
 ---
+## v0.20.x — Bundler-driven gas estimate
+**v0.20.0** — operator fee gasUnits now come from a Pimlico bundler
+estimate cached server-side at PAFI's sponsor-relayer
+(`POST /v1/estimate-gas-fee`). Eliminates the hardcoded
+`SCENARIO_GAS_UNITS` table at the consumer layer.
+- **New**: `FeeManagerConfig.bundlerClient?: BundlerEstimatorClient`. When
+  set, `feeManager.estimateGasFee({ partialUserOp, scenario,
+  contractAddress })` fetches gas units from the wired estimator
+  instead of running the legacy `gasUnits × premium` math.
+  Backwards-compatible — omit `bundlerClient` and the legacy hardcoded
+  path runs.
+- **New**: `createPafiEstimatorClient({ baseUrl, apiKey, issuerId })`
+  HTTP adapter — POSTs to PAFI sponsor-relayer's
+  `/v1/estimate-gas-fee`. Pimlico key never touches issuer infra; the
+  bundler call happens server-side at PAFI.
+- **New**: `RelayService.previewMintUserOp` / `previewBurnUserOp` —
+  build a dummy partial UserOp (placeholder 65-byte sig, no HSM call)
+  for the bundler estimate. `PTClaimHandler` / `PTRedeemHandler` wire
+  these automatically.
+- **Changed**: `DEFAULT_PREMIUM_BPS` 12_000 → 10_000 (100%, no
+  double-pad). PAFI sponsor-relayer applies its own 110% premium
+  upstream; adding another SDK-side pad would over-charge users by
+  ~21% vs. actual gas.
+- **Changed**: `PTClaimHandler` now passes the FeeManager-computed
+  `feeAmount` explicitly into `RelayService.prepareMint`, so the
+  in-batch PT transfer matches the value returned in the response.
+  Pre-v0.20 the handler relied on `RelayService.resolveFee` falling
+  back to `quoteOperatorFeePt` (which uses the legacy 120% premium) —
+  causing a ~20% mismatch between displayed fee and actual transfer.
+**v0.21.0** — bug fix follow-up to v0.20: closes the resolveFee
+mismatch in `PTClaimHandler` (above). Strongly recommended over
+v0.20.0 for any new consumer wiring.
 ## v0.15.x — Uniswap V3 migration (breaking)
 **v0.15.0** — initial V3 migration:

package/dist/index.cjs CHANGED Viewed

@@ -84,6 +84,7 @@ __export(index_exports, {
   handleMobilePrepare: () => handleMobilePrepare,
   handleMobileSubmit: () => handleMobileSubmit,
   handleRedeemStatus: () => handleRedeemStatus,
+  makePostgresSingletonLock: () => makePostgresSingletonLock,
   mergePaymasterFields: () => mergePaymasterFields,
   payloadFromGenericError: () => payloadFromGenericError,
   payloadFromHttpException: () => payloadFromHttpException,
@@ -1625,6 +1626,10 @@ var DEFAULT_BATCH_SIZE2 = 2000n;
 var DEFAULT_POLL_INTERVAL_MS2 = 5e3;
 var BurnIndexer = class {
   provider;
+  /**
+   * The PointToken this indexer watches. Exposed so callers can key
+   * leader-election locks / cursor stores by token (audit H-04 fix).
+   */
   pointTokenAddress;
   ledger;
   cursorStore;
@@ -1784,6 +1789,45 @@ var BurnIndexer = class {
   }
 };
+// src/indexer/postgresSingletonLock.ts
+function makePostgresSingletonLock(runner) {
+  return {
+    async acquire(key) {
+      const lockId = hashKeyToInt64(key);
+      const rows = await runner.query(
+        "SELECT pg_try_advisory_lock($1::bigint) AS got",
+        [lockId]
+      );
+      const got = rows[0]?.got === true;
+      if (!got) return null;
+      return {
+        async release() {
+          try {
+            await runner.query("SELECT pg_advisory_unlock($1::bigint)", [
+              lockId
+            ]);
+          } catch {
+          }
+        }
+      };
+    }
+  };
+}
+function hashKeyToInt64(key) {
+  const FNV_OFFSET = 0xcbf29ce484222325n;
+  const FNV_PRIME = 0x100000001b3n;
+  const MASK_64 = (1n << 64n) - 1n;
+  let hash = FNV_OFFSET;
+  for (let i = 0; i < key.length; i++) {
+    hash ^= BigInt(key.charCodeAt(i));
+    hash = hash * FNV_PRIME & MASK_64;
+  }
+  const SIGNED_MAX = (1n << 63n) - 1n;
+  const TWO64 = 1n << 64n;
+  const signed = hash > SIGNED_MAX ? hash - TWO64 : hash;
+  return signed.toString();
+}
 // src/api/handlers.ts
 var import_viem6 = require("viem");
 var import_core6 = require("@pafi-dev/core");
@@ -3076,8 +3120,16 @@ var PTClaimHandler = class {
           domain,
           mintRequestNonce: request.mintRequestNonce,
           deadline: signatureDeadline,
-          mintFeeWrapperAddress: resolvedWrapper
-          // No feeAmount/feeRecipient — RelayService auto-resolves.
+          mintFeeWrapperAddress: resolvedWrapper,
+          // Pass the bundler-estimated `feeAmount` explicitly so the
+          // RelayService skips its legacy `quoteOperatorFeePt` path
+          // (which uses the SDK's old 12_000 bps premium default).
+          // Without this, the response's `feeAmount` (from FeeManager,
+          // 100% premium on top of PAFI's 110% server-side estimate)
+          // would diverge from the actual PT.transfer amount in the
+          // UserOp batch (`quoteOperatorFeePt`'s 120%), and the user
+          // would see one value while the wallet transferred another.
+          feeAmount
         });
       } catch (err) {
         throw new PTClaimError(
@@ -4658,7 +4710,7 @@ var RedemptionService = class {
 };
 // src/config.ts
-function createIssuerService(config) {
+async function createIssuerService(config) {
   if (!config.provider) {
     throw new Error("createIssuerService: provider is required");
   }
@@ -4777,9 +4829,26 @@ function createIssuerService(config) {
     handlersConfig.mintFeeWrapperAddress = resolvedWrapperAddress;
   }
   const handlers = new IssuerApiHandlers(handlersConfig);
+  const indexerLeaderLocks = [];
   if (config.indexer?.autoStart) {
-    for (const idx of indexers.values()) {
-      idx.start();
+    const lock = config.indexer.singletonLock;
+    if (!lock) {
+      console.warn(
+        "[@pafi-dev/issuer] indexer.autoStart=true without singletonLock \u2014 this is UNSAFE in multi-replica deployments (audit finding H-04). Either set replicas=1 + INDEXER_AUTOSTART=false on non-leader pods, or pass `singletonLock: makePostgresSingletonLock(dataSource)`. This permissive path will be removed in a future major release."
+      );
+      for (const idx of indexers.values()) {
+        idx.start();
+      }
+    } else {
+      for (const [tokenAddr, idx] of indexers.entries()) {
+        const key = `pafi-issuer:point-indexer:${tokenAddr.toLowerCase()}`;
+        const handle = await lock.acquire(key);
+        if (!handle) {
+          continue;
+        }
+        idx.start();
+        indexerLeaderLocks.push(handle);
+      }
     }
   }
   return {
@@ -4790,6 +4859,7 @@ function createIssuerService(config) {
     relay: relayService,
     fee: feeManager,
     indexers,
+    indexerLeaderLocks,
     api: handlers,
     redemption
   };
@@ -4997,7 +5067,7 @@ var MemoryRedemptionHistoryStore = class {
 };
 // src/index.ts
-var PAFI_ISSUER_SDK_VERSION = true ? "0.21.0" : "dev";
+var PAFI_ISSUER_SDK_VERSION = true ? "0.22.0" : "dev";
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   AdapterMisconfiguredError,
@@ -5064,6 +5134,7 @@ var PAFI_ISSUER_SDK_VERSION = true ? "0.21.0" : "dev";
   handleMobilePrepare,
   handleMobileSubmit,
   handleRedeemStatus,
+  makePostgresSingletonLock,
   mergePaymasterFields,
   payloadFromGenericError,
   payloadFromHttpException,