@pafi-dev/issuer 0.28.1 → 0.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.cjs CHANGED
@@ -2332,6 +2332,7 @@ var PTRedeemHandler = class {
2332
2332
  chainId;
2333
2333
  domainResolver;
2334
2334
  burnerSignerWallet;
2335
+ supportedTokens;
2335
2336
  redeemLockDurationMs;
2336
2337
  signatureDeadlineSeconds;
2337
2338
  now;
@@ -2371,6 +2372,13 @@ var PTRedeemHandler = class {
2371
2372
  this.chainId = config.chainId;
2372
2373
  this.domainResolver = config.domainResolver;
2373
2374
  this.burnerSignerWallet = config.burnerSignerWallet;
2375
+ if (!config.supportedTokens) {
2376
+ throw new PTRedeemError(
2377
+ "UNSUPPORTED_POINT_TOKEN",
2378
+ "PTRedeemHandler requires `supportedTokens` (issuer's allow-listed PointToken contracts). See audit PACI5-18."
2379
+ );
2380
+ }
2381
+ this.supportedTokens = config.supportedTokens;
2374
2382
  if (this.burnerSignerWallet?.account?.type === "local") {
2375
2383
  console.warn("[PAFI] PTRedeemHandler: burnerSignerWallet uses a local (private key) account. Use a KMS-backed signer in production.");
2376
2384
  }
@@ -2399,6 +2407,12 @@ var PTRedeemHandler = class {
2399
2407
  throw new PTRedeemError("INVALID_AMOUNT", "redeem amount must be positive");
2400
2408
  }
2401
2409
  const pointTokenAddress = (0, import_viem8.getAddress)(request.pointTokenAddress);
2410
+ if (!this.supportedTokens.has(pointTokenAddress)) {
2411
+ throw new PTRedeemError(
2412
+ "UNSUPPORTED_POINT_TOKEN",
2413
+ `redeem: pointTokenAddress ${pointTokenAddress} is not in the issuer's supported-token allowlist. Check IssuerApiHandlers.supportedTokens and PTRedeemHandler.config.supportedTokens point at the same set.`
2414
+ );
2415
+ }
2402
2416
  if (this.redemptionService) {
2403
2417
  const decision = await this.redemptionService.evaluate(
2404
2418
  request.userAddress,
@@ -2648,13 +2662,43 @@ async function handleClaimStatus(params) {
2648
2662
  lock.userOpHash
2649
2663
  );
2650
2664
  if (receipt) {
2651
- status = receipt.success ? "MINTED" : "FAILED";
2652
- txHash = receipt.txHash;
2653
- await params.ledger.updateMintStatus(lock.lockId, status, receipt.txHash).catch((err) => {
2654
- params.onWarning?.(
2655
- `handleClaimStatus: ledger updateMintStatus failed for lock ${lock.lockId}: ${err}`
2656
- );
2657
- });
2665
+ if (receipt.success && receipt.txHash) {
2666
+ if (!lock.tokenAddress) {
2667
+ params.onWarning?.(
2668
+ `handleClaimStatus: lock ${lock.lockId} has no tokenAddress; falling back to status-only flip (PACI5-24 defence degraded). Migrate the ledger to the multi-token schema.`
2669
+ );
2670
+ await params.ledger.updateMintStatus(lock.lockId, "MINTED", receipt.txHash).catch((err) => {
2671
+ params.onWarning?.(
2672
+ `handleClaimStatus: ledger updateMintStatus failed for lock ${lock.lockId}: ${err}`
2673
+ );
2674
+ });
2675
+ status = "MINTED";
2676
+ txHash = receipt.txHash;
2677
+ } else {
2678
+ try {
2679
+ await params.ledger.deductBalance(
2680
+ lock.userAddress,
2681
+ lock.amount,
2682
+ receipt.txHash,
2683
+ lock.tokenAddress
2684
+ );
2685
+ status = "MINTED";
2686
+ txHash = receipt.txHash;
2687
+ } catch (deductErr) {
2688
+ params.onWarning?.(
2689
+ `handleClaimStatus: deductBalance failed for lock ${lock.lockId}: ${deductErr}`
2690
+ );
2691
+ }
2692
+ }
2693
+ } else {
2694
+ await params.ledger.updateMintStatus(lock.lockId, "FAILED", receipt.txHash).catch((err) => {
2695
+ params.onWarning?.(
2696
+ `handleClaimStatus: ledger updateMintStatus failed for lock ${lock.lockId}: ${err}`
2697
+ );
2698
+ });
2699
+ status = "FAILED";
2700
+ txHash = receipt.txHash;
2701
+ }
2658
2702
  }
2659
2703
  } catch (err) {
2660
2704
  params.onWarning?.(
@@ -3126,6 +3170,12 @@ var PTClaimHandler = class {
3126
3170
  cfg;
3127
3171
  inFlightNonces = /* @__PURE__ */ new Map();
3128
3172
  constructor(config) {
3173
+ if (!config.supportedTokens) {
3174
+ throw new PTClaimError(
3175
+ "UNSUPPORTED_POINT_TOKEN",
3176
+ "PTClaimHandler requires `supportedTokens` (issuer's allow-listed PointToken contracts). See audit PACI5-18."
3177
+ );
3178
+ }
3129
3179
  const lockDurationMs = config.lockDurationMs ?? DEFAULT_LOCK_MS;
3130
3180
  const signatureDeadlineSeconds = config.signatureDeadlineSeconds ?? DEFAULT_SIG_DEADLINE_SEC2;
3131
3181
  const maxAllowedSignatureMs = lockDurationMs - M11_SAFETY_MARGIN_MS2;
@@ -3157,6 +3207,14 @@ var PTClaimHandler = class {
3157
3207
  if (request.amount <= 0n) {
3158
3208
  throw new PTClaimError("INVALID_AMOUNT", "claim amount must be positive");
3159
3209
  }
3210
+ const pointTokenAddress = (0, import_viem10.getAddress)(request.pointTokenAddress);
3211
+ if (!this.cfg.supportedTokens.has(pointTokenAddress)) {
3212
+ throw new PTClaimError(
3213
+ "UNSUPPORTED_POINT_TOKEN",
3214
+ `claim: pointTokenAddress ${pointTokenAddress} is not in the issuer's supported-token allowlist. Check IssuerApiHandlers.supportedTokens and PTClaimHandler.config.supportedTokens point at the same set.`,
3215
+ { requested: pointTokenAddress }
3216
+ );
3217
+ }
3160
3218
  if (this.cfg.issuerStateValidator) {
3161
3219
  try {
3162
3220
  await this.cfg.issuerStateValidator.preValidateMint(
@@ -5213,7 +5271,7 @@ var MemoryRedemptionHistoryStore = class {
5213
5271
  };
5214
5272
 
5215
5273
  // src/index.ts
5216
- var PAFI_ISSUER_SDK_VERSION = true ? "0.28.1" : "dev";
5274
+ var PAFI_ISSUER_SDK_VERSION = true ? "0.30.0" : "dev";
5217
5275
  // Annotate the CommonJS export names for ESM import in node:
5218
5276
  0 && (module.exports = {
5219
5277
  AdapterMisconfiguredError,