npm - @pafi-dev/issuer - Versions diffs - 0.3.0-beta.0 → 0.3.0-beta.10 - Mend

@pafi-dev/issuer 0.3.0-beta.0 → 0.3.0-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.js CHANGED Viewed

@@ -582,209 +582,103 @@ var RelayError = class extends Error {
 };
 // src/relay/relayService.ts
-import { encodeFunctionData } from "viem";
 import {
-  relayAbi,
-  encodeMintAndSwap,
-  simulateMintAndSwap as coreSimulateMintAndSwap,
-  SimulationError,
-  RELAYER_V2_ABI,
+  encodeFunctionData,
+  erc20Abi
+} from "viem";
+import {
   POINT_TOKEN_V2_ABI,
-  buildPartialUserOperation
+  buildPartialUserOperation,
+  signMintRequest as signMintRequest2
 } from "@pafi-dev/core";
-var DEFAULT_CONFIRMATION_TIMEOUT_MS = 6e4;
 var RelayService = class {
-  relayAddress;
-  operatorWallet;
-  provider;
-  confirmationTimeoutMs;
-  simulateBeforeSubmit;
-  constructor(config) {
-    if (!config.relayAddress) {
-      throw new Error("RelayService: relayAddress is required");
-    }
-    if (!config.operatorWallet) {
-      throw new Error("RelayService: operatorWallet is required");
-    }
-    this.relayAddress = config.relayAddress;
-    this.operatorWallet = config.operatorWallet;
-    if (config.provider) this.provider = config.provider;
-    this.confirmationTimeoutMs = config.confirmationTimeoutMs ?? DEFAULT_CONFIRMATION_TIMEOUT_MS;
-    this.simulateBeforeSubmit = config.simulateBeforeSubmit ?? config.provider !== void 0;
-  }
-  /** Address the operator wallet is broadcasting from (for logging). */
-  operatorAddress() {
-    return this.operatorWallet.account?.address;
-  }
   /**
-   * Build calldata for the Relay `mintAndSwap` function. Kept public so
-   * callers (e.g. the MintingGateway) can log or persist the encoded call
-   * for audit before broadcasting.
+   * Build an unsigned UserOp for Scenario 1 (Mint) — sig-gated
+   * `PointToken.mint(to, amount, deadline, minterSig)`.
    */
-  encodeCall(params) {
-    try {
-      return encodeMintAndSwap(params.mint, params.swap);
-    } catch (err) {
+  async prepareMint(params) {
+    if (!params.batchExecutorAddress) {
       throw new RelayError(
         "ENCODE_FAILED",
-        `Failed to encode mintAndSwap calldata: ${errorMessage(err)}`,
-        err
+        "prepareMint: batchExecutorAddress required"
       );
     }
-  }
-  /**
-   * Submit a `mintAndSwap` transaction. Flow:
-   *
-   *   1. (optional) pre-flight simulate via provider
-   *   2. writeContract through the operator wallet
-   *   3. (optional) wait for the receipt and surface gasUsed / status
-   *
-   * Throws a typed `RelayError` on any failure so the MintingGateway can
-   * decide whether to release the ledger lock (`SUBMIT_FAILED` and
-   * `SIMULATION_FAILED` are safe to release; `TX_REVERTED` and `TIMEOUT`
-   * need manual review because the tx may still land).
-   *
-   * @deprecated Since 0.3.0 — will be replaced by `prepareMint()` +
-   * `prepareBurn()` in the v1.4 sponsored-UserOp flow. The SC team
-   * still needs to finalize Relayer v2 ABI before the replacements
-   * can ship (blocker B1). Kept for v0.2.x consumers. Removed in 2.0.
-   */
-  async submitMintAndSwap(params) {
-    if (this.simulateBeforeSubmit && this.provider) {
-      const operatorAddr = this.operatorWallet.account?.address;
-      if (operatorAddr) {
-        try {
-          await coreSimulateMintAndSwap(
-            this.provider,
-            this.relayAddress,
-            params.mint,
-            params.swap,
-            operatorAddr
-          );
-        } catch (err) {
-          const reason = err instanceof SimulationError ? err.reason : errorMessage(err);
-          throw new RelayError(
-            "SIMULATION_FAILED",
-            `mintAndSwap would revert: ${reason}`,
-            err
-          );
-        }
-      }
+    if (!params.userAddress) {
+      throw new RelayError("ENCODE_FAILED", "prepareMint: userAddress required");
     }
-    let txHash;
-    try {
-      txHash = await this.operatorWallet.writeContract({
-        address: this.relayAddress,
-        abi: relayAbi,
-        functionName: "mintAndSwap",
-        args: [params.mint, params.swap],
-        ...this.operatorWallet.account ? { account: this.operatorWallet.account } : {}
-      });
-    } catch (err) {
+    if (!params.pointTokenAddress) {
       throw new RelayError(
-        "SUBMIT_FAILED",
-        `Failed to broadcast mintAndSwap: ${errorMessage(err)}`,
-        err
+        "ENCODE_FAILED",
+        "prepareMint: pointTokenAddress required"
       );
     }
-    if (!this.provider) {
-      return { txHash };
+    if (params.amount <= 0n) {
+      throw new RelayError("ENCODE_FAILED", "prepareMint: amount must be positive");
     }
-    try {
-      const receipt = await this.provider.waitForTransactionReceipt({
-        hash: txHash,
-        timeout: this.confirmationTimeoutMs
-      });
-      if (receipt.status !== "success") {
-        throw new RelayError(
-          "TX_REVERTED",
-          `mintAndSwap reverted on-chain (tx=${txHash})`
-        );
-      }
-      return {
-        txHash,
-        blockNumber: receipt.blockNumber,
-        gasUsed: receipt.gasUsed,
-        status: receipt.status
-      };
-    } catch (err) {
-      if (err instanceof RelayError) throw err;
+    if (!params.issuerSignerWallet) {
       throw new RelayError(
-        "TIMEOUT",
-        `Timed out waiting for mintAndSwap receipt (tx=${txHash}): ${errorMessage(err)}`,
-        err
+        "ENCODE_FAILED",
+        "prepareMint: issuerSignerWallet required (for MintRequest EIP-712 signature)"
       );
     }
-  }
-  // ==========================================================================
-  // v1.4 — Sponsored UserOp preparation (beta with mocked SC contracts)
-  // ==========================================================================
-  //
-  // These two methods build unsigned `PartialUserOperation` payloads for
-  // the Frontend to sign (via Privy) and submit to the Bundler. The
-  // Issuer Backend no longer broadcasts — that's the Frontend's job.
-  //
-  // Uses mocked Relayer v2 + PointToken ABIs from `@pafi-dev/core/contracts`.
-  // When SC delivers real ABIs, the imports swap but these method bodies
-  // stay the same (calldata encoder is ABI-driven).
-  // ==========================================================================
-  /**
-   * Build an unsigned UserOp for Scenario 1 (Mint).
-   *
-   * Flow:
-   *   1. Encode `Relayer.mint(request, userSig, issuerSig)` as the inner call
-   *   2. Optionally append a PT fee transfer from user → feeRecipient
-   *      (fee recovery happens on-chain via BatchExecutor, not via an
-   *      operator wallet)
-   *   3. Wrap all inner calls into `BatchExecutor.execute(calls[])`
-   *   4. Return a `PartialUserOperation` ready for:
-   *        - gas estimation (Bundler)
-   *        - paymaster sponsorship (PAFI Backend)
-   *        - user signature (Privy)
-   */
-  prepareMint(params) {
-    if (!params.relayerAddress) {
-      throw new RelayError("ENCODE_FAILED", "prepareMint: relayerAddress required");
+    if (params.deadline <= 0n) {
+      throw new RelayError("ENCODE_FAILED", "prepareMint: deadline must be positive");
     }
-    if (!params.batchExecutorAddress) {
+    let minterSig;
+    try {
+      const sig = await signMintRequest2(
+        params.issuerSignerWallet,
+        params.domain,
+        {
+          to: params.userAddress,
+          amount: params.amount,
+          nonce: params.mintRequestNonce,
+          deadline: params.deadline
+        }
+      );
+      minterSig = sig.serialized;
+    } catch (err) {
       throw new RelayError(
         "ENCODE_FAILED",
-        "prepareMint: batchExecutorAddress required"
+        `prepareMint: failed to sign MintRequest: ${errorMessage(err)}`,
+        err
       );
     }
-    if (!params.userAddress) {
-      throw new RelayError("ENCODE_FAILED", "prepareMint: userAddress required");
-    }
     let mintCallData;
     try {
       mintCallData = encodeFunctionData({
-        abi: RELAYER_V2_ABI,
+        abi: POINT_TOKEN_V2_ABI,
         functionName: "mint",
-        args: [params.mintRequest, params.userSignature, params.issuerSignature]
+        args: [params.userAddress, params.amount, params.deadline, minterSig]
       });
     } catch (err) {
       throw new RelayError(
         "ENCODE_FAILED",
-        `prepareMint: failed to encode Relayer.mint: ${errorMessage(err)}`,
+        `prepareMint: failed to encode PointToken.mint: ${errorMessage(err)}`,
         err
       );
     }
     const operations = [
       {
-        target: params.relayerAddress,
+        target: params.pointTokenAddress,
         value: 0n,
         data: mintCallData
       }
     ];
-    if (params.mintRequest.feeAmount > 0n) {
+    if (params.feeAmount && params.feeAmount > 0n) {
+      if (!params.feeRecipient) {
+        throw new RelayError(
+          "ENCODE_FAILED",
+          "prepareMint: feeRecipient required when feeAmount > 0"
+        );
+      }
       operations.push({
         target: params.pointTokenAddress,
         value: 0n,
         data: encodeFunctionData({
-          abi: POINT_TOKEN_V2_ABI,
-          functionName: "balanceOf",
-          // placeholder — real impl uses transfer
-          args: [params.mintRequest.feeRecipient]
+          abi: erc20Abi,
+          functionName: "transfer",
+          args: [params.feeRecipient, params.feeAmount]
         })
       });
     }
@@ -793,7 +687,7 @@ var RelayService = class {
       nonce: params.aaNonce,
       operations,
       gasLimits: {
-        callGasLimit: params.callGasLimit ?? 500000n,
+        callGasLimit: params.callGasLimit ?? 300000n,
         verificationGasLimit: params.verificationGasLimit ?? 150000n,
         preVerificationGas: params.preVerificationGas ?? 50000n
       }
@@ -803,13 +697,12 @@ var RelayService = class {
    * Build an unsigned UserOp for Scenario 2 (Burn/Redeem).
    *
    * Two modes:
-   *   - `mode: 'burn'` — direct `PointToken.burn(amount)`; `msg.sender`
-   *     via EIP-7702 delegation is the user, so no signature needed
-   *     on-chain (the BurnConsent was already verified off-chain by
-   *     the issuer backend before we got here)
-   *   - `mode: 'burnWithSig'` — `PointToken.burnWithSig(consent, sig)`;
-   *     used when the issuer hasn't verified the consent and the
-   *     contract has to do it on-chain
+   *   - `mode: 'burn'` — direct `PointToken.burn(from, amount)`; only
+   *     usable if the caller (via EIP-7702) is whitelisted as a burner.
+   *     Rare in v1.4; kept for admin/operator tools.
+   *   - `mode: 'burnWithSig'` — `PointToken.burn(from, amount, deadline,
+   *     burnerSig)`. Caller provides a pre-signed `BurnRequest` + sig
+   *     bytes (typically from `PTRedeemHandler`).
    */
   prepareBurn(params) {
     if (!params.pointTokenAddress) {
@@ -824,19 +717,24 @@ var RelayService = class {
     let burnCallData;
     try {
       if (params.mode === "burnWithSig") {
-        if (!params.burnConsent || !params.consentSignature) {
-          throw new Error("burnWithSig requires burnConsent + consentSignature");
+        if (!params.burnRequest || !params.burnerSignature) {
+          throw new Error("burnWithSig requires burnRequest + burnerSignature");
         }
         burnCallData = encodeFunctionData({
           abi: POINT_TOKEN_V2_ABI,
-          functionName: "burnWithSig",
-          args: [params.burnConsent, params.consentSignature]
+          functionName: "burn",
+          args: [
+            params.burnRequest.from,
+            params.burnRequest.amount,
+            params.burnRequest.deadline,
+            params.burnerSignature
+          ]
         });
       } else {
         burnCallData = encodeFunctionData({
           abi: POINT_TOKEN_V2_ABI,
           functionName: "burn",
-          args: [params.amount]
+          args: [params.userAddress, params.amount]
         });
       }
     } catch (err) {
@@ -906,255 +804,6 @@ var FeeManager = class {
   }
 };
-// src/gateway/types.ts
-var MintingGatewayError = class extends Error {
-  code;
-  /**
-   * True if the ledger lock was released before this error was thrown,
-   * meaning the user can safely retry. False means the funds are still
-   * locked (e.g. tx may still land on-chain) and retry would double-spend.
-   */
-  safeToRetry;
-  cause;
-  constructor(code, message, opts) {
-    super(message);
-    this.name = "MintingGatewayError";
-    this.code = code;
-    this.safeToRetry = opts.safeToRetry;
-    if (opts.cause !== void 0) this.cause = opts.cause;
-  }
-};
-// src/gateway/mintingGateway.ts
-import {
-  verifyReceiverConsent,
-  encodeExtData
-} from "@pafi-dev/core";
-var DEFAULT_LOCK_BUFFER_MS = 6e4;
-var MintingGateway = class {
-  ledger;
-  policy;
-  signer;
-  relayService;
-  now;
-  defaultLockBufferMs;
-  constructor(config) {
-    if (!config.ledger) throw new Error("MintingGateway: ledger required");
-    if (!config.policy) throw new Error("MintingGateway: policy required");
-    if (!config.signer) throw new Error("MintingGateway: signer required");
-    if (!config.relayService)
-      throw new Error("MintingGateway: relayService required");
-    this.ledger = config.ledger;
-    this.policy = config.policy;
-    this.signer = config.signer;
-    this.relayService = config.relayService;
-    this.now = config.now ?? (() => Date.now());
-    this.defaultLockBufferMs = config.defaultLockBufferMs ?? DEFAULT_LOCK_BUFFER_MS;
-  }
-  /**
-   * @deprecated Since 0.3.0 — will be renamed to `processMint()` once
-   * the SC team finalizes Relayer v2 ABI. The new flow drops the
-   * swap steps entirely (no more single-call mint+swap); users swap
-   * separately on PAFI Web. Kept here for v0.2.x consumers. Removed in 2.0.
-   */
-  async processMintAndCashOut(request) {
-    const { receiverConsent, receiverSignature } = request;
-    if (!receiverConsent || !receiverSignature) {
-      throw new MintingGatewayError(
-        "INVALID_REQUEST",
-        "receiverConsent and receiverSignature are required",
-        { safeToRetry: true }
-      );
-    }
-    if (receiverConsent.amount <= 0n) {
-      throw new MintingGatewayError(
-        "INVALID_REQUEST",
-        "consent amount must be positive",
-        { safeToRetry: true }
-      );
-    }
-    if (receiverConsent.originalReceiver !== request.userAddress) {
-      throw new MintingGatewayError(
-        "INVALID_REQUEST",
-        "consent.originalReceiver must equal request.userAddress",
-        { safeToRetry: true }
-      );
-    }
-    const nowSec = BigInt(Math.floor(this.now() / 1e3));
-    if (receiverConsent.deadline <= nowSec) {
-      throw new MintingGatewayError(
-        "CONSENT_EXPIRED",
-        "ReceiverConsent deadline has already passed",
-        { safeToRetry: true }
-      );
-    }
-    const consentResult = await verifyReceiverConsent(
-      request.domain,
-      receiverConsent,
-      receiverSignature,
-      request.userAddress
-    );
-    if (!consentResult.isValid) {
-      throw new MintingGatewayError(
-        "INVALID_CONSENT_SIGNATURE",
-        `ReceiverConsent signature did not recover to ${request.userAddress}`,
-        { safeToRetry: true }
-      );
-    }
-    const policyDecision = await this.policy.evaluate({
-      userAddress: request.userAddress,
-      amount: receiverConsent.amount,
-      pointTokenAddress: request.pointTokenAddress,
-      chainId: request.chainId
-    });
-    if (!policyDecision.approved) {
-      const code = policyDecision.reason?.toLowerCase().includes("insufficient") ? "INSUFFICIENT_BALANCE" : "POLICY_REJECTED";
-      throw new MintingGatewayError(
-        code,
-        policyDecision.reason ?? "Minting request rejected by policy engine",
-        { safeToRetry: true }
-      );
-    }
-    const lockDurationMs = request.lockDurationMs ?? this.computeLockDurationMs(receiverConsent.deadline);
-    let lockId;
-    try {
-      lockId = await this.ledger.lockForMinting(
-        request.userAddress,
-        receiverConsent.amount,
-        lockDurationMs,
-        request.pointTokenAddress
-      );
-    } catch (err) {
-      throw new MintingGatewayError(
-        "INSUFFICIENT_BALANCE",
-        `Failed to lock ledger balance: ${errorMessage2(err)}`,
-        { safeToRetry: true, cause: err }
-      );
-    }
-    try {
-      let minterSignature;
-      try {
-        minterSignature = await this.signer.signMintRequest(request.domain, {
-          to: request.userAddress,
-          amount: receiverConsent.amount,
-          nonce: receiverConsent.nonce,
-          deadline: receiverConsent.deadline
-        });
-      } catch (err) {
-        await this.releaseLockSafely(lockId);
-        throw new MintingGatewayError(
-          "SIGNER_FAILED",
-          `Issuer signer failed: ${errorMessage2(err)}`,
-          { safeToRetry: true, cause: err }
-        );
-      }
-      const mintParams = {
-        pointToken: request.pointTokenAddress,
-        receiver: request.userAddress,
-        amount: receiverConsent.amount,
-        deadline: receiverConsent.deadline,
-        minterSig: minterSignature.serialized,
-        receiverSig: receiverSignature,
-        extData: receiverConsent.extData
-      };
-      const swapParams = {
-        path: request.swapPath,
-        deadline: request.swapDeadline
-      };
-      let relayResult;
-      try {
-        relayResult = await this.relayService.submitMintAndSwap({
-          mint: mintParams,
-          swap: swapParams
-        });
-      } catch (err) {
-        await this.handleRelayFailure(err, lockId);
-      }
-      const result = {
-        txHash: relayResult.txHash,
-        lockId
-      };
-      if (relayResult.blockNumber !== void 0) {
-        result.blockNumber = relayResult.blockNumber;
-      }
-      if (relayResult.gasUsed !== void 0) {
-        result.gasUsed = relayResult.gasUsed;
-      }
-      return result;
-    } catch (err) {
-      if (err instanceof MintingGatewayError) throw err;
-      await this.releaseLockSafely(lockId);
-      throw new MintingGatewayError(
-        "RELAY_SUBMIT_FAILED",
-        `Unexpected error: ${errorMessage2(err)}`,
-        { safeToRetry: true, cause: err }
-      );
-    }
-  }
-  // ---------------------------------------------------------------------------
-  // Internals
-  // ---------------------------------------------------------------------------
-  computeLockDurationMs(consentDeadlineSec) {
-    const nowMs = this.now();
-    const deadlineMs = Number(consentDeadlineSec) * 1e3;
-    const remaining = Math.max(0, deadlineMs - nowMs);
-    return remaining + this.defaultLockBufferMs;
-  }
-  /**
-   * Map a RelayError to a MintingGatewayError, releasing the lock only
-   * when the tx definitely did not land. `TX_REVERTED` and `TIMEOUT`
-   * leave the lock in place because the tx may still be in the mempool
-   * or already mined — releasing would enable a double-spend on retry.
-   * Always throws.
-   */
-  async handleRelayFailure(err, lockId) {
-    if (err instanceof RelayError) {
-      switch (err.code) {
-        case "ENCODE_FAILED":
-        case "SIMULATION_FAILED":
-        case "SUBMIT_FAILED":
-        case "NOT_CONFIGURED":
-          await this.releaseLockSafely(lockId);
-          throw new MintingGatewayError(
-            err.code === "SIMULATION_FAILED" ? "RELAY_SIMULATION_FAILED" : "RELAY_SUBMIT_FAILED",
-            err.message,
-            { safeToRetry: true, cause: err }
-          );
-        case "TX_REVERTED":
-          throw new MintingGatewayError("RELAY_REVERTED", err.message, {
-            safeToRetry: false,
-            cause: err
-          });
-        case "TIMEOUT":
-          throw new MintingGatewayError("RELAY_TIMEOUT", err.message, {
-            safeToRetry: false,
-            cause: err
-          });
-      }
-    }
-    await this.releaseLockSafely(lockId);
-    throw new MintingGatewayError(
-      "RELAY_SUBMIT_FAILED",
-      `Unexpected relay error: ${errorMessage2(err)}`,
-      { safeToRetry: true, cause: err }
-    );
-  }
-  /**
-   * Release a lock, swallowing any secondary error. We never want a lock
-   * release failure to mask the original error — the lock will auto-expire
-   * via TTL anyway.
-   */
-  async releaseLockSafely(lockId) {
-    try {
-      await this.ledger.releaseLock(lockId);
-    } catch {
-    }
-  }
-};
-function errorMessage2(err) {
-  return err instanceof Error ? err.message : String(err);
-}
 // src/indexer/types.ts
 var InMemoryCursorStore = class {
   cursor;
@@ -1509,7 +1158,6 @@ import {
 } from "@pafi-dev/core";
 var IssuerApiHandlers = class {
   authService;
-  gateway;
   ledger;
   provider;
   /**
@@ -1528,7 +1176,6 @@ var IssuerApiHandlers = class {
   poolsProvider;
   constructor(config) {
     this.authService = config.authService;
-    this.gateway = config.gateway;
     this.ledger = config.ledger;
     this.provider = config.provider;
     const raw = config.pointTokenAddresses && config.pointTokenAddresses.length > 0 ? config.pointTokenAddresses : config.pointTokenAddress ? [config.pointTokenAddress] : [];
@@ -1710,55 +1357,13 @@ var IssuerApiHandlers = class {
       }
     };
   }
-  /**
-   * `POST /claim-and-swap`
-   *
-   * @deprecated Since 0.3.0 — the single-call mint-then-swap flow is
-   * retired in v1.4. Use the new `handleClaim()` (mint only) and let
-   * the user swap separately on PAFI Web. See
-   * [V1.4_V1.5_OVERVIEW.md §4] for the new scenario model. Will be
-   * removed in 2.0.
-   *
-   * Legacy behavior: the terminal handler forwards the verified
-   * consent to the MintingGateway, which runs the 11-step flow.
-   */
-  async handleClaimAndSwap(userAddress, request) {
-    if (request.chainId !== this.chainId) {
-      throw new Error(
-        `handleClaimAndSwap: unsupported chainId ${request.chainId}`
-      );
-    }
-    const pointToken = getAddress6(request.pointTokenAddress);
-    if (!this.supportedTokens.has(pointToken)) {
-      throw new Error(
-        `handleClaimAndSwap: unsupported pointToken ${pointToken}`
-      );
-    }
-    const result = await this.gateway.processMintAndCashOut({
-      userAddress: getAddress6(userAddress),
-      pointTokenAddress: pointToken,
-      chainId: request.chainId,
-      domain: request.domain,
-      receiverConsent: request.receiverConsent,
-      receiverSignature: request.receiverSignature,
-      swapPath: request.swapPath,
-      swapDeadline: request.swapDeadline
-    });
-    const response = {
-      txHash: result.txHash,
-      lockId: result.lockId
-    };
-    if (result.blockNumber !== void 0)
-      response.blockNumber = result.blockNumber;
-    if (result.gasUsed !== void 0) response.gasUsed = result.gasUsed;
-    return response;
-  }
 };
 // src/api/handlers/ptRedeemHandler.ts
 import { getAddress as getAddress7 } from "viem";
-import { verifyBurnConsent } from "@pafi-dev/core";
+import { signBurnRequest, POINT_TOKEN_V2_ABI as POINT_TOKEN_V2_ABI2 } from "@pafi-dev/core";
 var DEFAULT_REDEEM_LOCK_MS = 15 * 60 * 1e3;
+var DEFAULT_SIG_DEADLINE_SEC = 15 * 60;
 var PTRedeemError = class extends Error {
   constructor(code, message) {
     super(message);
@@ -1770,11 +1375,14 @@ var PTRedeemError = class extends Error {
 var PTRedeemHandler = class {
   ledger;
   relayService;
+  provider;
   pointTokenAddress;
   batchExecutorAddress;
   chainId;
   domain;
+  burnerSignerWallet;
   redeemLockDurationMs;
+  signatureDeadlineSeconds;
   now;
   constructor(config) {
     if (!config.ledger.reservePendingCredit) {
@@ -1783,46 +1391,68 @@ var PTRedeemHandler = class {
         "PTRedeemHandler requires a ledger that implements reservePendingCredit() (v0.3.0+)"
       );
     }
+    if (!config.burnerSignerWallet) {
+      throw new PTRedeemError(
+        "SIGNING_FAILED",
+        "PTRedeemHandler requires burnerSignerWallet (issuer burner signer)"
+      );
+    }
     this.ledger = config.ledger;
     this.relayService = config.relayService;
+    this.provider = config.provider;
     this.pointTokenAddress = getAddress7(config.pointTokenAddress);
     this.batchExecutorAddress = getAddress7(config.batchExecutorAddress);
     this.chainId = config.chainId;
     this.domain = config.domain;
+    this.burnerSignerWallet = config.burnerSignerWallet;
     this.redeemLockDurationMs = config.redeemLockDurationMs ?? DEFAULT_REDEEM_LOCK_MS;
+    this.signatureDeadlineSeconds = config.signatureDeadlineSeconds ?? DEFAULT_SIG_DEADLINE_SEC;
     this.now = config.now ?? (() => Date.now());
   }
   async handle(request) {
     if (request.amount <= 0n) {
-      throw new PTRedeemError("INVALID_CONSENT", "redeem amount must be positive");
-    }
-    if (request.consent.amount !== request.amount) {
-      throw new PTRedeemError(
-        "AMOUNT_MISMATCH",
-        `consent.amount (${request.consent.amount}) must match request.amount (${request.amount})`
-      );
+      throw new PTRedeemError("INVALID_AMOUNT", "redeem amount must be positive");
     }
-    const nowSeconds = BigInt(Math.floor(this.now() / 1e3));
-    if (request.consent.deadline <= nowSeconds) {
+    let burnNonce;
+    try {
+      burnNonce = await this.provider.readContract({
+        address: this.pointTokenAddress,
+        abi: POINT_TOKEN_V2_ABI2,
+        functionName: "burnRequestNonces",
+        args: [request.userAddress]
+      });
+    } catch (err) {
       throw new PTRedeemError(
-        "EXPIRED_CONSENT",
-        `consent deadline (${request.consent.deadline}) already passed`
+        "NONCE_READ_FAILED",
+        `failed to read burnRequestNonces(${request.userAddress}): ${err instanceof Error ? err.message : String(err)}`
       );
     }
-    const verification = await verifyBurnConsent(
-      {
-        name: this.domain.name,
-        chainId: this.chainId,
-        verifyingContract: this.domain.verifyingContract ?? this.pointTokenAddress
-      },
-      request.consent,
-      request.consentSignature,
-      request.userAddress
+    const deadline = BigInt(
+      Math.floor(this.now() / 1e3) + this.signatureDeadlineSeconds
     );
-    if (!verification.isValid) {
+    const domain = {
+      name: this.domain.name,
+      chainId: this.chainId,
+      verifyingContract: this.domain.verifyingContract ?? this.pointTokenAddress
+    };
+    const burnRequest = {
+      from: request.userAddress,
+      amount: request.amount,
+      nonce: burnNonce,
+      deadline
+    };
+    let burnerSignature;
+    try {
+      const sig = await signBurnRequest(
+        this.burnerSignerWallet,
+        domain,
+        burnRequest
+      );
+      burnerSignature = sig.serialized;
+    } catch (err) {
       throw new PTRedeemError(
-        "SIGNATURE_MISMATCH",
-        `signer mismatch \u2014 expected ${request.userAddress}, got ${verification.recoveredAddress}`
+        "SIGNING_FAILED",
+        `failed to sign BurnRequest: ${err instanceof Error ? err.message : String(err)}`
       );
     }
     const lockId = await this.ledger.reservePendingCredit(
@@ -1837,29 +1467,17 @@ var PTRedeemHandler = class {
       aaNonce: request.aaNonce,
       pointTokenAddress: this.pointTokenAddress,
       batchExecutorAddress: this.batchExecutorAddress,
-      burnConsent: request.consent,
-      consentSignature: parseSigStruct(request.consentSignature)
+      burnRequest,
+      burnerSignature
     });
     return {
       lockId,
       userOp,
-      expiresInSeconds: Math.floor(this.redeemLockDurationMs / 1e3)
+      expiresInSeconds: Math.floor(this.redeemLockDurationMs / 1e3),
+      signatureDeadline: deadline
     };
   }
 };
-function parseSigStruct(serialized) {
-  const raw = serialized.slice(2);
-  if (raw.length !== 130) {
-    throw new PTRedeemError(
-      "INVALID_CONSENT",
-      `signature must be 65 bytes, got ${raw.length / 2}`
-    );
-  }
-  const r = `0x${raw.slice(0, 64)}`;
-  const s = `0x${raw.slice(64, 128)}`;
-  const v = parseInt(raw.slice(128, 130), 16);
-  return { v, r, s };
-}
 // src/api/handlers/topUpRedemptionHandler.ts
 import { getAddress as getAddress8 } from "viem";
@@ -1905,24 +1523,10 @@ var TopUpRedemptionHandler = class {
         shortfall
       };
     }
-    if (request.redeemRequest.consent.amount < shortfall) {
-      throw new TopUpRedemptionError(
-        "CONSENT_AMOUNT_TOO_LOW",
-        `consent.amount (${request.redeemRequest.consent.amount}) must cover shortfall (${shortfall})`
-      );
-    }
-    if (request.redeemRequest.consent.amount !== shortfall) {
-      throw new TopUpRedemptionError(
-        "CONSENT_AMOUNT_TOO_LOW",
-        `consent.amount (${request.redeemRequest.consent.amount}) must equal shortfall (${shortfall}) exactly \u2014 re-sign with correct amount`
-      );
-    }
     const redeem = await this.ptRedeemHandler.handle({
       userAddress: request.userAddress,
       amount: shortfall,
-      consent: request.redeemRequest.consent,
-      consentSignature: request.redeemRequest.consentSignature,
-      aaNonce: request.redeemRequest.aaNonce
+      aaNonce: request.aaNonce
     });
     return {
       action: "TOP_UP_STARTED",
@@ -2203,28 +1807,11 @@ var PafiBackendError = class extends Error {
   code;
   httpStatus;
   details;
-  /**
-   * Seconds to wait before retry. Populated from the server body
-   * (e.g. rate limit returns the number of seconds until UTC midnight).
-   */
   retryAfter;
-  /**
-   * `safeToRetry` as reported by the server body. Prefer this over the
-   * code-based heuristic when available — the server knows more about
-   * whether the same request will succeed on retry.
-   */
   serverSafeToRetry;
-  /**
-   * Whether the caller can safely retry the same request.
-   *
-   * If the server provided `safeToRetry` in the body, trust that.
-   * Otherwise fall back to a code-based heuristic.
-   */
   get safeToRetry() {
     if (this.serverSafeToRetry !== void 0) return this.serverSafeToRetry;
     switch (this.code) {
-      case "PAYMASTER_UNAVAILABLE":
-      case "PAYMASTER_TIMEOUT":
       case "RATE_LIMITER_UNAVAILABLE":
       case "INTERNAL_ERROR":
       case "TIMEOUT":
@@ -2233,197 +1820,20 @@ var PafiBackendError = class extends Error {
       case "RATE_LIMIT_EXCEEDED":
       case "RATE_LIMIT_EXCEEDED_DAILY":
       case "RATE_LIMIT_EXCEEDED_PER_USER":
+      case "ISSUER_BUDGET_EXCEEDED":
         return true;
-      // after retryAfter
       default:
         return false;
     }
   }
 };
-// src/pafi-backend/pafiBackendClient.ts
-var DEFAULT_TIMEOUT_MS = 1e4;
-var RETRY_DEFAULTS = {
-  maxAttempts: 1,
-  initialDelayMs: 500,
-  maxDelayMs: 1e4,
-  maxRetryAfterMs: 3e4
-};
-var PafiBackendClient = class {
-  url;
-  issuerId;
-  apiKey;
-  fetchImpl;
-  timeoutMs;
-  retry;
-  constructor(config) {
-    if (!config.url) {
-      throw new Error("PafiBackendClient: url is required");
-    }
-    if (!config.issuerId) {
-      throw new Error("PafiBackendClient: issuerId is required");
-    }
-    if (!config.apiKey) {
-      throw new Error("PafiBackendClient: apiKey is required");
-    }
-    this.url = config.url.replace(/\/+$/, "");
-    this.issuerId = config.issuerId;
-    this.apiKey = config.apiKey;
-    this.fetchImpl = config.fetchImpl ?? globalThis.fetch;
-    this.timeoutMs = config.timeoutMs ?? DEFAULT_TIMEOUT_MS;
-    this.retry = { ...RETRY_DEFAULTS, ...config.retry ?? {} };
-    if (!this.fetchImpl) {
-      throw new Error(
-        "PafiBackendClient: no fetch implementation available \u2014 pass `fetchImpl` or run on Node 18+"
-      );
-    }
-    if (this.retry.maxAttempts < 1) {
-      throw new Error("PafiBackendClient: retry.maxAttempts must be >= 1");
-    }
-  }
-  /**
-   * Request paymaster sponsorship for a pre-built UserOperation.
-   * See [SPONSORED_PATH_FLOW.md §4.1] for the API contract.
-   *
-   * Retries automatically on transient failures (5xx, timeouts, network
-   * errors, and errors the server flags with `safeToRetry: true`) up to
-   * `retry.maxAttempts`. 4xx errors that are not `safeToRetry` fail fast.
-   *
-   * @throws PafiBackendError on final failure after exhausting retries
-   */
-  async requestSponsorship(req) {
-    return this.postWithRetry(
-      "/paymaster/sponsor",
-      req
-    );
-  }
-  // -------------------------------------------------------------------------
-  // Internals
-  // -------------------------------------------------------------------------
-  async postWithRetry(path, body) {
-    let lastError;
-    for (let attempt = 1; attempt <= this.retry.maxAttempts; attempt++) {
-      try {
-        return await this.post(path, body);
-      } catch (err) {
-        if (!(err instanceof PafiBackendError)) throw err;
-        lastError = err;
-        const isLastAttempt = attempt >= this.retry.maxAttempts;
-        if (isLastAttempt || !err.safeToRetry) throw err;
-        const delay = this.computeBackoff(attempt, err.retryAfter);
-        if (delay === null) throw err;
-        await this.sleep(delay);
-      }
-    }
-    throw lastError;
-  }
-  /**
-   * Pick the delay before the next retry.
-   * - If the server sent `retryAfter` (seconds), honor it (capped by
-   *   `maxRetryAfterMs`) — returns null if the server wait exceeds the
-   *   cap, signalling the caller should give up.
-   * - Otherwise: exponential backoff with ±20% jitter, capped at
-   *   `maxDelayMs`.
-   */
-  computeBackoff(attempt, retryAfter) {
-    if (retryAfter !== void 0) {
-      const serverMs = retryAfter * 1e3;
-      if (serverMs > this.retry.maxRetryAfterMs) return null;
-      return serverMs;
-    }
-    const exp = this.retry.initialDelayMs * 2 ** (attempt - 1);
-    const capped = Math.min(exp, this.retry.maxDelayMs);
-    const jitter = capped * (0.8 + Math.random() * 0.4);
-    return Math.round(jitter);
-  }
-  sleep(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
-  }
-  async post(path, body) {
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);
-    let response;
-    try {
-      response = await this.fetchImpl(`${this.url}${path}`, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          "Authorization": `Bearer ${this.apiKey}`,
-          "X-Issuer-Id": this.issuerId
-        },
-        body: JSON.stringify(body, this.bigintReplacer),
-        signal: controller.signal
-      });
-    } catch (err) {
-      if (err.name === "AbortError") {
-        throw new PafiBackendError(
-          "TIMEOUT",
-          `PAFI Backend request timed out after ${this.timeoutMs}ms`,
-          0
-        );
-      }
-      throw new PafiBackendError(
-        "NETWORK_ERROR",
-        `PAFI Backend unreachable: ${err.message}`,
-        0
-      );
-    } finally {
-      clearTimeout(timeoutId);
-    }
-    const text = await response.text();
-    if (!response.ok) {
-      let code = "INTERNAL_ERROR";
-      let message = text || response.statusText;
-      let details;
-      let retryAfter;
-      let serverSafeToRetry;
-      try {
-        const parsed = JSON.parse(text);
-        code = parsed.code ?? code;
-        message = parsed.message ?? message;
-        details = parsed.details;
-        if (typeof parsed.retryAfter === "number") retryAfter = parsed.retryAfter;
-        if (typeof parsed.safeToRetry === "boolean") serverSafeToRetry = parsed.safeToRetry;
-      } catch {
-      }
-      throw new PafiBackendError(code, message, response.status, details, {
-        ...retryAfter !== void 0 ? { retryAfter } : {},
-        ...serverSafeToRetry !== void 0 ? { safeToRetry: serverSafeToRetry } : {}
-      });
-    }
-    return JSON.parse(text, this.bigintReviver);
-  }
-  /** JSON replacer that stringifies bigints. Paired with bigintReviver. */
-  bigintReplacer = (_key, value) => {
-    return typeof value === "bigint" ? value.toString() : value;
-  };
-  /**
-   * JSON reviver that coerces specific numeric-string fields back to
-   * bigint. The server must send these fields as decimal strings.
-   */
-  bigintReviver = (key, value) => {
-    if (typeof value === "string" && (key.endsWith("GasLimit") || key === "nonce" || key === "callGasLimit" || key === "verificationGasLimit" || key === "preVerificationGas" || key === "maxFeePerGas" || key === "maxPriorityFeePerGas" || key === "paymasterVerificationGasLimit" || key === "paymasterPostOpGasLimit") && /^\d+$/.test(value)) {
-      return BigInt(value);
-    }
-    return value;
-  };
-};
 // src/config.ts
 import { getAddress as getAddress9 } from "viem";
 function createIssuerService(config) {
   if (!config.provider) {
     throw new Error("createIssuerService: provider is required");
   }
-  if (!config.operatorWallet) {
-    throw new Error("createIssuerService: operatorWallet is required");
-  }
-  if (!config.signer) {
-    throw new Error("createIssuerService: signer is required");
-  }
-  if (!config.relayAddress) {
-    throw new Error("createIssuerService: relayAddress is required");
-  }
   if (!config.auth?.jwtSecret) {
     throw new Error("createIssuerService: auth.jwtSecret is required");
   }
@@ -2450,18 +1860,7 @@ function createIssuerService(config) {
     authServiceConfig.jwtExpiresIn = config.auth.jwtExpiresIn;
   }
   const authService = new AuthService(authServiceConfig);
-  const relayServiceConfig = {
-    relayAddress: config.relayAddress,
-    operatorWallet: config.operatorWallet,
-    provider: config.provider
-  };
-  if (config.relay?.simulateBeforeSubmit !== void 0) {
-    relayServiceConfig.simulateBeforeSubmit = config.relay.simulateBeforeSubmit;
-  }
-  if (config.relay?.confirmationTimeoutMs !== void 0) {
-    relayServiceConfig.confirmationTimeoutMs = config.relay.confirmationTimeoutMs;
-  }
-  const relayService = new RelayService(relayServiceConfig);
+  const relayService = new RelayService();
   let feeManager;
   if (config.fee) {
     feeManager = new FeeManager({
@@ -2469,16 +1868,6 @@ function createIssuerService(config) {
       provider: config.provider
     });
   }
-  const gatewayConfig = {
-    ledger,
-    policy,
-    signer: config.signer,
-    relayService
-  };
-  if (config.gateway?.defaultLockBufferMs !== void 0) {
-    gatewayConfig.defaultLockBufferMs = config.gateway.defaultLockBufferMs;
-  }
-  const gateway = new MintingGateway(gatewayConfig);
   const indexers = /* @__PURE__ */ new Map();
   for (const tokenAddress of tokenAddresses) {
     const indexerConfig = {
@@ -2506,7 +1895,6 @@ function createIssuerService(config) {
   const firstIndexer = indexers.get(tokenAddresses[0]);
   const handlersConfig = {
     authService,
-    gateway,
     ledger,
     provider: config.provider,
     pointTokenAddresses: tokenAddresses,
@@ -2526,10 +1914,8 @@ function createIssuerService(config) {
     sessionStore,
     ledger,
     policy,
-    signer: config.signer,
     relayService,
     feeManager,
-    gateway,
     indexers,
     indexer: firstIndexer,
     handlers
@@ -2549,13 +1935,10 @@ export {
   IssuerApiHandlers,
   MemoryPointLedger,
   MemorySessionStore,
-  MintingGateway,
-  MintingGatewayError,
   NonceManager,
   PAFI_ISSUER_SDK_VERSION,
   PTRedeemError,
   PTRedeemHandler,
-  PafiBackendClient,
   PafiBackendError,
   PointIndexer,
   PrivateKeySigner,
@@ -2566,7 +1949,6 @@ export {
   authenticateRequest,
   createIssuerService,
   createSubgraphNativeUsdtQuoter,
-  createSubgraphPoolsProvider,
-  encodeExtData
+  createSubgraphPoolsProvider
 };
 //# sourceMappingURL=index.js.map