npm - @pafi-dev/issuer - Versions diffs - 0.3.0-beta.1 → 0.3.0-beta.11 - Mend

@pafi-dev/issuer 0.3.0-beta.1 → 0.3.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.js CHANGED Viewed

@@ -1,201 +1,3 @@
-// src/ledger/memoryLedger.ts
-import { getAddress } from "viem";
-var MemoryPointLedger = class {
-  balances = /* @__PURE__ */ new Map();
-  locks = /* @__PURE__ */ new Map();
-  nextLockId = 1;
-  now;
-  constructor(opts = {}) {
-    this.now = opts.now ?? (() => Date.now());
-  }
-  // -------------------------------------------------------------------------
-  // Read
-  // -------------------------------------------------------------------------
-  async getBalance(userAddress, tokenAddress) {
-    const user = getAddress(userAddress);
-    const token = normalizeToken(tokenAddress);
-    this.purgeExpired();
-    const total = this.balances.get(balanceKey(user, token)) ?? 0n;
-    const locked = this.lockedTotalFor(user, token);
-    return total - locked;
-  }
-  async getLockedRequests(userAddress, tokenAddress) {
-    const user = getAddress(userAddress);
-    const token = normalizeToken(tokenAddress);
-    this.purgeExpired();
-    const out = [];
-    for (const lock of this.locks.values()) {
-      if (lock.userAddress === user && lock.status === "PENDING" && (lock.tokenAddress ?? DEFAULT_TOKEN_KEY) === token) {
-        out.push({ ...lock });
-      }
-    }
-    return out;
-  }
-  // -------------------------------------------------------------------------
-  // Write
-  // -------------------------------------------------------------------------
-  async creditBalance(userAddress, amount, _reason, tokenAddress) {
-    if (amount <= 0n) {
-      throw new Error("MemoryPointLedger: credit amount must be positive");
-    }
-    const user = getAddress(userAddress);
-    const token = normalizeToken(tokenAddress);
-    const key = balanceKey(user, token);
-    const current = this.balances.get(key) ?? 0n;
-    this.balances.set(key, current + amount);
-  }
-  async lockForMinting(userAddress, amount, lockDurationMs, tokenAddress) {
-    if (amount <= 0n) {
-      throw new Error("MemoryPointLedger: lock amount must be positive");
-    }
-    if (lockDurationMs <= 0) {
-      throw new Error("MemoryPointLedger: lockDurationMs must be positive");
-    }
-    const user = getAddress(userAddress);
-    const token = normalizeToken(tokenAddress);
-    this.purgeExpired();
-    const total = this.balances.get(balanceKey(user, token)) ?? 0n;
-    const alreadyLocked = this.lockedTotalFor(user, token);
-    const available = total - alreadyLocked;
-    if (available < amount) {
-      throw new Error(
-        `MemoryPointLedger: insufficient balance \u2014 available=${available}, requested=${amount}`
-      );
-    }
-    const lockId = `lock-${this.nextLockId++}`;
-    const now = this.now();
-    const lock = {
-      lockId,
-      userAddress: user,
-      amount,
-      status: "PENDING",
-      createdAt: now,
-      expiresAt: now + lockDurationMs
-    };
-    if (tokenAddress !== void 0) {
-      lock.tokenAddress = getAddress(tokenAddress);
-    }
-    this.locks.set(lockId, lock);
-    return lockId;
-  }
-  async releaseLock(lockId) {
-    const lock = this.locks.get(lockId);
-    if (!lock) return;
-    if (lock.status === "PENDING") {
-      this.locks.delete(lockId);
-    }
-  }
-  async deductBalance(userAddress, amount, txHash, tokenAddress) {
-    if (amount <= 0n) {
-      throw new Error("MemoryPointLedger: deduct amount must be positive");
-    }
-    const user = getAddress(userAddress);
-    const token = normalizeToken(tokenAddress);
-    const key = balanceKey(user, token);
-    const current = this.balances.get(key) ?? 0n;
-    if (current < amount) {
-      throw new Error(
-        `MemoryPointLedger: cannot deduct ${amount} from balance ${current}`
-      );
-    }
-    this.balances.set(key, current - amount);
-    for (const lock of this.locks.values()) {
-      if (lock.userAddress === user && lock.status === "PENDING" && lock.amount === amount && (lock.tokenAddress ?? DEFAULT_TOKEN_KEY) === token) {
-        lock.status = "MINTED";
-        lock.txHash = txHash;
-        return;
-      }
-    }
-  }
-  async updateMintStatus(lockId, status, txHash) {
-    const lock = this.locks.get(lockId);
-    if (!lock) {
-      throw new Error(`MemoryPointLedger: unknown lockId ${lockId}`);
-    }
-    lock.status = status;
-    if (txHash) lock.txHash = txHash;
-  }
-  // -------------------------------------------------------------------------
-  // v1.4 — Reverse flow (PT burn → off-chain credit)
-  // -------------------------------------------------------------------------
-  pendingCredits = /* @__PURE__ */ new Map();
-  nextCreditId = 1;
-  async reservePendingCredit(userAddress, amount, durationMs, tokenAddress) {
-    if (amount <= 0n) {
-      throw new Error(
-        "MemoryPointLedger: pending credit amount must be positive"
-      );
-    }
-    if (durationMs <= 0) {
-      throw new Error("MemoryPointLedger: durationMs must be positive");
-    }
-    const user = getAddress(userAddress);
-    const lockId = `credit-${this.nextCreditId++}`;
-    const now = this.now();
-    this.pendingCredits.set(lockId, {
-      lockId,
-      userAddress: user,
-      amount,
-      tokenAddress: tokenAddress !== void 0 ? getAddress(tokenAddress) : void 0,
-      createdAt: now,
-      expiresAt: now + durationMs,
-      status: "PENDING"
-    });
-    return lockId;
-  }
-  async resolveCreditByBurnTx(lockId, txHash) {
-    const credit = this.pendingCredits.get(lockId);
-    if (!credit) {
-      throw new Error(
-        `MemoryPointLedger: unknown pending credit lockId ${lockId}`
-      );
-    }
-    if (credit.status === "RESOLVED") {
-      if (credit.txHash === txHash) return;
-      throw new Error(
-        `MemoryPointLedger: credit ${lockId} already resolved with a different txHash`
-      );
-    }
-    const token = normalizeToken(credit.tokenAddress);
-    const key = balanceKey(credit.userAddress, token);
-    const current = this.balances.get(key) ?? 0n;
-    this.balances.set(key, current + credit.amount);
-    credit.status = "RESOLVED";
-    credit.txHash = txHash;
-  }
-  // -------------------------------------------------------------------------
-  // Internal helpers
-  // -------------------------------------------------------------------------
-  /**
-   * Auto-expire any PENDING lock past its expiry. Called lazily on every
-   * read/write so the in-memory state stays self-cleaning without a timer.
-   */
-  purgeExpired() {
-    const now = this.now();
-    for (const lock of this.locks.values()) {
-      if (lock.status === "PENDING" && lock.expiresAt <= now) {
-        lock.status = "EXPIRED";
-      }
-    }
-  }
-  lockedTotalFor(userAddress, tokenKey) {
-    let total = 0n;
-    for (const lock of this.locks.values()) {
-      if (lock.userAddress === userAddress && lock.status === "PENDING" && (lock.tokenAddress ?? DEFAULT_TOKEN_KEY) === tokenKey) {
-        total += lock.amount;
-      }
-    }
-    return total;
-  }
-};
-var DEFAULT_TOKEN_KEY = "default";
-function normalizeToken(tokenAddress) {
-  return tokenAddress === void 0 ? DEFAULT_TOKEN_KEY : getAddress(tokenAddress);
-}
-function balanceKey(user, tokenKey) {
-  return `${user}|${tokenKey}`;
-}
 // src/policy/defaultPolicy.ts
 var DefaultPolicyEngine = class {
   ledger;
@@ -211,6 +13,13 @@ var DefaultPolicyEngine = class {
     }
     if (opts.verifyMintCap) this.verifyMintCap = opts.verifyMintCap;
     if (opts.resolveIssuer) this.resolveIssuer = opts.resolveIssuer;
+    if (!opts.mintingOracleAddress || !opts.provider || !opts.verifyMintCap || !opts.resolveIssuer) {
+      if (process.env.NODE_ENV === "production") {
+        throw new Error(
+          "[PAFI] DefaultPolicyEngine: on-chain MintingOracle cap check is required in production. Configure mintingOracleAddress, provider, verifyMintCap, and resolveIssuer."
+        );
+      }
+    }
   }
   async evaluate(request) {
     if (request.amount <= 0n) {
@@ -247,34 +56,9 @@ var DefaultPolicyEngine = class {
   }
 };
-// src/signer/privateKeySigner.ts
-import { createWalletClient, http } from "viem";
-import { privateKeyToAccount } from "viem/accounts";
-import {
-  signMintRequest
-} from "@pafi-dev/core";
-var PrivateKeySigner = class {
-  account;
-  walletClient;
-  constructor(opts) {
-    this.account = privateKeyToAccount(opts.privateKey);
-    this.walletClient = createWalletClient({
-      account: this.account,
-      chain: opts.chain,
-      transport: http(opts.rpcUrl)
-    });
-  }
-  async signMintRequest(domain, message) {
-    return signMintRequest(this.walletClient, domain, message);
-  }
-  async getAddress() {
-    return this.account.address;
-  }
-};
 // src/auth/memorySessionStore.ts
 import { randomBytes } from "crypto";
-import { getAddress as getAddress2 } from "viem";
+import { getAddress } from "viem";
 var DEFAULT_NONCE_TTL_MS = 5 * 60 * 1e3;
 var MemorySessionStore = class {
   nonces = /* @__PURE__ */ new Map();
@@ -284,6 +68,11 @@ var MemorySessionStore = class {
   nonceTtlMs;
   now;
   constructor(opts = {}) {
+    if (process.env.NODE_ENV === "production") {
+      console.error(
+        "[PAFI] MemorySessionStore is not safe for multi-process/K8s deployments. Session revocations are NOT propagated across pods. Use a Redis-backed session store in production."
+      );
+    }
     this.nonceTtlMs = opts.nonceTtlMs ?? DEFAULT_NONCE_TTL_MS;
     this.now = opts.now ?? (() => Date.now());
   }
@@ -310,7 +99,7 @@ var MemorySessionStore = class {
     this.purgeExpiredSessions();
     const normalized = {
       ...session,
-      userAddress: getAddress2(session.userAddress)
+      userAddress: getAddress(session.userAddress)
     };
     this.sessions.set(session.tokenId, normalized);
   }
@@ -328,7 +117,7 @@ var MemorySessionStore = class {
     this.sessions.delete(tokenId);
   }
   async revokeAllSessions(userAddress) {
-    const key = getAddress2(userAddress);
+    const key = getAddress(userAddress);
     for (const [tokenId, session] of this.sessions.entries()) {
       if (session.userAddress === key) {
         this.sessions.delete(tokenId);
@@ -374,7 +163,7 @@ var NonceManager = class {
 // src/auth/loginVerifier.ts
 import { randomBytes as randomBytes2 } from "crypto";
 import { SignJWT, jwtVerify, errors as joseErrors } from "jose";
-import { getAddress as getAddress3 } from "viem";
+import { getAddress as getAddress2 } from "viem";
 import { parseLoginMessage, verifyLoginMessage } from "@pafi-dev/core";
 // src/auth/errors.ts
@@ -398,8 +187,8 @@ var AuthService = class {
   nonceManager;
   now;
   constructor(config) {
-    if (!config.jwtSecret || config.jwtSecret.length < 16) {
-      throw new Error("AuthService: jwtSecret must be at least 16 chars");
+    if (!config.jwtSecret || config.jwtSecret.length < 32) {
+      throw new Error("AuthService: jwtSecret must be at least 32 characters for HS256 security");
     }
     this.sessionStore = config.sessionStore;
     this.jwtSecret = new TextEncoder().encode(config.jwtSecret);
@@ -428,6 +217,12 @@ var AuthService = class {
       const msg = err instanceof Error ? err.message : String(err);
       throw new AuthError("INVALID_MESSAGE", `Could not parse login message: ${msg}`);
     }
+    if (parsed.expirationTime == null) {
+      throw new AuthError(
+        "INVALID_MESSAGE",
+        "login message must include expirationTime"
+      );
+    }
     if (parsed.domain !== this.domain) {
       throw new AuthError(
         "DOMAIN_MISMATCH",
@@ -464,7 +259,7 @@ var AuthService = class {
         "Nonce is unknown, expired, or already used"
       );
     }
-    const userAddress = getAddress3(verifyResult.address);
+    const userAddress = getAddress2(verifyResult.address);
     const tokenId = randomBytes2(16).toString("hex");
     const issuedAt = now;
     const expiresAt = parseExpiry(issuedAt, this.jwtExpiresIn);
@@ -492,7 +287,11 @@ var AuthService = class {
       if (payload.jti) {
         await this.sessionStore.revokeSession(payload.jti);
       }
-    } catch {
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      if (!msg.includes("not found") && !msg.includes("expired")) {
+        console.error("[PAFI] AuthService logout: session store error", err);
+      }
     }
   }
   /**
@@ -531,7 +330,7 @@ var AuthService = class {
       throw new AuthError("TOKEN_INVALID", "JWT payload is malformed");
     }
     return {
-      userAddress: getAddress3(userAddress),
+      userAddress: getAddress2(userAddress),
       chainId,
       tokenId
     };
@@ -582,209 +381,120 @@ var RelayError = class extends Error {
 };
 // src/relay/relayService.ts
-import { encodeFunctionData } from "viem";
 import {
-  relayAbi,
-  encodeMintAndSwap,
-  simulateMintAndSwap as coreSimulateMintAndSwap,
-  SimulationError,
-  RELAYER_V2_ABI,
+  encodeFunctionData,
+  erc20Abi
+} from "viem";
+import {
   POINT_TOKEN_V2_ABI,
-  buildPartialUserOperation
+  buildPartialUserOperation,
+  signMintRequest
 } from "@pafi-dev/core";
-var DEFAULT_CONFIRMATION_TIMEOUT_MS = 6e4;
 var RelayService = class {
-  relayAddress;
-  operatorWallet;
-  provider;
-  confirmationTimeoutMs;
-  simulateBeforeSubmit;
-  constructor(config) {
-    if (!config.relayAddress) {
-      throw new Error("RelayService: relayAddress is required");
-    }
-    if (!config.operatorWallet) {
-      throw new Error("RelayService: operatorWallet is required");
-    }
-    this.relayAddress = config.relayAddress;
-    this.operatorWallet = config.operatorWallet;
-    if (config.provider) this.provider = config.provider;
-    this.confirmationTimeoutMs = config.confirmationTimeoutMs ?? DEFAULT_CONFIRMATION_TIMEOUT_MS;
-    this.simulateBeforeSubmit = config.simulateBeforeSubmit ?? config.provider !== void 0;
-  }
-  /** Address the operator wallet is broadcasting from (for logging). */
-  operatorAddress() {
-    return this.operatorWallet.account?.address;
-  }
   /**
-   * Build calldata for the Relay `mintAndSwap` function. Kept public so
-   * callers (e.g. the MintingGateway) can log or persist the encoded call
-   * for audit before broadcasting.
+   * Build an unsigned UserOp for Scenario 1 (Mint) — sig-gated
+   * `PointToken.mint(to, amount, deadline, minterSig)`.
    */
-  encodeCall(params) {
-    try {
-      return encodeMintAndSwap(params.mint, params.swap);
-    } catch (err) {
+  async prepareMint(params) {
+    if (!params.batchExecutorAddress) {
       throw new RelayError(
         "ENCODE_FAILED",
-        `Failed to encode mintAndSwap calldata: ${errorMessage(err)}`,
-        err
+        "prepareMint: batchExecutorAddress required"
       );
     }
-  }
-  /**
-   * Submit a `mintAndSwap` transaction. Flow:
-   *
-   *   1. (optional) pre-flight simulate via provider
-   *   2. writeContract through the operator wallet
-   *   3. (optional) wait for the receipt and surface gasUsed / status
-   *
-   * Throws a typed `RelayError` on any failure so the MintingGateway can
-   * decide whether to release the ledger lock (`SUBMIT_FAILED` and
-   * `SIMULATION_FAILED` are safe to release; `TX_REVERTED` and `TIMEOUT`
-   * need manual review because the tx may still land).
-   *
-   * @deprecated Since 0.3.0 — will be replaced by `prepareMint()` +
-   * `prepareBurn()` in the v1.4 sponsored-UserOp flow. The SC team
-   * still needs to finalize Relayer v2 ABI before the replacements
-   * can ship (blocker B1). Kept for v0.2.x consumers. Removed in 2.0.
-   */
-  async submitMintAndSwap(params) {
-    if (this.simulateBeforeSubmit && this.provider) {
-      const operatorAddr = this.operatorWallet.account?.address;
-      if (operatorAddr) {
-        try {
-          await coreSimulateMintAndSwap(
-            this.provider,
-            this.relayAddress,
-            params.mint,
-            params.swap,
-            operatorAddr
-          );
-        } catch (err) {
-          const reason = err instanceof SimulationError ? err.reason : errorMessage(err);
-          throw new RelayError(
-            "SIMULATION_FAILED",
-            `mintAndSwap would revert: ${reason}`,
-            err
-          );
-        }
-      }
+    if (!params.userAddress) {
+      throw new RelayError("ENCODE_FAILED", "prepareMint: userAddress required");
     }
-    let txHash;
-    try {
-      txHash = await this.operatorWallet.writeContract({
-        address: this.relayAddress,
-        abi: relayAbi,
-        functionName: "mintAndSwap",
-        args: [params.mint, params.swap],
-        ...this.operatorWallet.account ? { account: this.operatorWallet.account } : {}
-      });
-    } catch (err) {
+    if (!params.pointTokenAddress) {
       throw new RelayError(
-        "SUBMIT_FAILED",
-        `Failed to broadcast mintAndSwap: ${errorMessage(err)}`,
-        err
+        "ENCODE_FAILED",
+        "prepareMint: pointTokenAddress required"
       );
     }
-    if (!this.provider) {
-      return { txHash };
+    if (params.amount <= 0n) {
+      throw new RelayError("ENCODE_FAILED", "prepareMint: amount must be positive");
     }
-    try {
-      const receipt = await this.provider.waitForTransactionReceipt({
-        hash: txHash,
-        timeout: this.confirmationTimeoutMs
-      });
-      if (receipt.status !== "success") {
-        throw new RelayError(
-          "TX_REVERTED",
-          `mintAndSwap reverted on-chain (tx=${txHash})`
-        );
-      }
-      return {
-        txHash,
-        blockNumber: receipt.blockNumber,
-        gasUsed: receipt.gasUsed,
-        status: receipt.status
-      };
-    } catch (err) {
-      if (err instanceof RelayError) throw err;
+    if (!params.issuerSignerWallet) {
       throw new RelayError(
-        "TIMEOUT",
-        `Timed out waiting for mintAndSwap receipt (tx=${txHash}): ${errorMessage(err)}`,
-        err
+        "ENCODE_FAILED",
+        "prepareMint: issuerSignerWallet required (for MintRequest EIP-712 signature)"
       );
     }
-  }
-  // ==========================================================================
-  // v1.4 — Sponsored UserOp preparation (beta with mocked SC contracts)
-  // ==========================================================================
-  //
-  // These two methods build unsigned `PartialUserOperation` payloads for
-  // the Frontend to sign (via Privy) and submit to the Bundler. The
-  // Issuer Backend no longer broadcasts — that's the Frontend's job.
-  //
-  // Uses mocked Relayer v2 + PointToken ABIs from `@pafi-dev/core/contracts`.
-  // When SC delivers real ABIs, the imports swap but these method bodies
-  // stay the same (calldata encoder is ABI-driven).
-  // ==========================================================================
-  /**
-   * Build an unsigned UserOp for Scenario 1 (Mint).
-   *
-   * Flow:
-   *   1. Encode `Relayer.mint(request, userSig, issuerSig)` as the inner call
-   *   2. Optionally append a PT fee transfer from user → feeRecipient
-   *      (fee recovery happens on-chain via BatchExecutor, not via an
-   *      operator wallet)
-   *   3. Wrap all inner calls into `BatchExecutor.execute(calls[])`
-   *   4. Return a `PartialUserOperation` ready for:
-   *        - gas estimation (Bundler)
-   *        - paymaster sponsorship (PAFI Backend)
-   *        - user signature (Privy)
-   */
-  prepareMint(params) {
-    if (!params.relayerAddress) {
-      throw new RelayError("ENCODE_FAILED", "prepareMint: relayerAddress required");
+    if (params.deadline <= 0n) {
+      throw new RelayError("ENCODE_FAILED", "prepareMint: deadline must be positive");
     }
-    if (!params.batchExecutorAddress) {
+    const nowSecs = BigInt(Math.floor(Date.now() / 1e3));
+    if (params.deadline <= nowSecs) {
+      throw new RelayError("ENCODE_FAILED", "prepareMint: deadline is in the past");
+    }
+    const MAX_DEADLINE_WINDOW = 3600n;
+    if (params.deadline > nowSecs + MAX_DEADLINE_WINDOW) {
       throw new RelayError(
         "ENCODE_FAILED",
-        "prepareMint: batchExecutorAddress required"
+        "prepareMint: deadline exceeds maximum allowed window (1 hour)"
       );
     }
-    if (!params.userAddress) {
-      throw new RelayError("ENCODE_FAILED", "prepareMint: userAddress required");
+    let minterSig;
+    try {
+      const sig = await signMintRequest(
+        params.issuerSignerWallet,
+        params.domain,
+        {
+          to: params.userAddress,
+          amount: params.amount,
+          nonce: params.mintRequestNonce,
+          deadline: params.deadline
+        }
+      );
+      minterSig = sig.serialized;
+    } catch (err) {
+      throw new RelayError(
+        "ENCODE_FAILED",
+        `prepareMint: failed to sign MintRequest: ${errorMessage(err)}`,
+        err
+      );
     }
     let mintCallData;
     try {
       mintCallData = encodeFunctionData({
-        abi: RELAYER_V2_ABI,
+        abi: POINT_TOKEN_V2_ABI,
         functionName: "mint",
-        args: [params.mintRequest, params.userSignature, params.issuerSignature]
+        args: [params.userAddress, params.amount, params.deadline, minterSig]
       });
     } catch (err) {
       throw new RelayError(
         "ENCODE_FAILED",
-        `prepareMint: failed to encode Relayer.mint: ${errorMessage(err)}`,
+        `prepareMint: failed to encode PointToken.mint: ${errorMessage(err)}`,
         err
       );
     }
     const operations = [
       {
-        target: params.relayerAddress,
+        target: params.pointTokenAddress,
         value: 0n,
         data: mintCallData
       }
     ];
-    if (params.mintRequest.feeAmount > 0n) {
+    if (params.feeAmount && params.feeAmount > 0n) {
+      if (!params.feeRecipient) {
+        throw new RelayError(
+          "ENCODE_FAILED",
+          "prepareMint: feeRecipient required when feeAmount > 0"
+        );
+      }
+      if (params.feeRecipient === "0x0000000000000000000000000000000000000000") {
+        throw new RelayError(
+          "ENCODE_FAILED",
+          "prepareMint: feeRecipient must not be zero address"
+        );
+      }
       operations.push({
         target: params.pointTokenAddress,
         value: 0n,
         data: encodeFunctionData({
-          abi: POINT_TOKEN_V2_ABI,
-          functionName: "balanceOf",
-          // placeholder — real impl uses transfer
-          args: [params.mintRequest.feeRecipient]
+          abi: erc20Abi,
+          functionName: "transfer",
+          args: [params.feeRecipient, params.feeAmount]
         })
       });
     }
@@ -793,7 +503,7 @@ var RelayService = class {
       nonce: params.aaNonce,
       operations,
       gasLimits: {
-        callGasLimit: params.callGasLimit ?? 500000n,
+        callGasLimit: params.callGasLimit ?? 300000n,
         verificationGasLimit: params.verificationGasLimit ?? 150000n,
         preVerificationGas: params.preVerificationGas ?? 50000n
       }
@@ -803,13 +513,12 @@ var RelayService = class {
    * Build an unsigned UserOp for Scenario 2 (Burn/Redeem).
    *
    * Two modes:
-   *   - `mode: 'burn'` — direct `PointToken.burn(amount)`; `msg.sender`
-   *     via EIP-7702 delegation is the user, so no signature needed
-   *     on-chain (the BurnConsent was already verified off-chain by
-   *     the issuer backend before we got here)
-   *   - `mode: 'burnWithSig'` — `PointToken.burnWithSig(consent, sig)`;
-   *     used when the issuer hasn't verified the consent and the
-   *     contract has to do it on-chain
+   *   - `mode: 'burn'` — direct `PointToken.burn(from, amount)`; only
+   *     usable if the caller (via EIP-7702) is whitelisted as a burner.
+   *     Rare in v1.4; kept for admin/operator tools.
+   *   - `mode: 'burnWithSig'` — `PointToken.burn(from, amount, deadline,
+   *     burnerSig)`. Caller provides a pre-signed `BurnRequest` + sig
+   *     bytes (typically from `PTRedeemHandler`).
    */
   prepareBurn(params) {
     if (!params.pointTokenAddress) {
@@ -824,19 +533,24 @@ var RelayService = class {
     let burnCallData;
     try {
       if (params.mode === "burnWithSig") {
-        if (!params.burnConsent || !params.consentSignature) {
-          throw new Error("burnWithSig requires burnConsent + consentSignature");
+        if (!params.burnRequest || !params.burnerSignature) {
+          throw new Error("burnWithSig requires burnRequest + burnerSignature");
         }
         burnCallData = encodeFunctionData({
           abi: POINT_TOKEN_V2_ABI,
-          functionName: "burnWithSig",
-          args: [params.burnConsent, params.consentSignature]
+          functionName: "burn",
+          args: [
+            params.burnRequest.from,
+            params.burnRequest.amount,
+            params.burnRequest.deadline,
+            params.burnerSignature
+          ]
         });
       } else {
         burnCallData = encodeFunctionData({
           abi: POINT_TOKEN_V2_ABI,
           functionName: "burn",
-          args: [params.amount]
+          args: [params.userAddress, params.amount]
         });
       }
     } catch (err) {
@@ -872,11 +586,14 @@ function errorMessage(err) {
 // src/relay/feeManager.ts
 var DEFAULT_GAS_UNITS = 500000n;
 var DEFAULT_PREMIUM_BPS = 12e3;
-var FeeManager = class {
+var FeeManager = class _FeeManager {
   provider;
   gasUnits;
   gasPremiumBps;
   quoteNativeToFee;
+  cachedFee = null;
+  cacheExpiresAt = 0;
+  static CACHE_TTL_MS = 1e4;
   constructor(config) {
     if (!config.provider) throw new Error("FeeManager: provider required");
     if (!config.quoteNativeToFee)
@@ -899,262 +616,20 @@ var FeeManager = class {
    * currency depends on how the caller wired `quoteNativeToFee`.
    */
   async estimateGasFee() {
+    const now = Date.now();
+    if (this.cachedFee !== null && now < this.cacheExpiresAt) {
+      return this.cachedFee;
+    }
     const gasPrice = await this.provider.getGasPrice();
     const nativeCost = gasPrice * this.gasUnits;
     const withPremium = nativeCost * BigInt(this.gasPremiumBps) / 10000n;
-    return this.quoteNativeToFee(withPremium);
+    const fee = await this.quoteNativeToFee(withPremium);
+    this.cachedFee = fee;
+    this.cacheExpiresAt = now + _FeeManager.CACHE_TTL_MS;
+    return fee;
   }
 };
-// src/gateway/types.ts
-var MintingGatewayError = class extends Error {
-  code;
-  /**
-   * True if the ledger lock was released before this error was thrown,
-   * meaning the user can safely retry. False means the funds are still
-   * locked (e.g. tx may still land on-chain) and retry would double-spend.
-   */
-  safeToRetry;
-  cause;
-  constructor(code, message, opts) {
-    super(message);
-    this.name = "MintingGatewayError";
-    this.code = code;
-    this.safeToRetry = opts.safeToRetry;
-    if (opts.cause !== void 0) this.cause = opts.cause;
-  }
-};
-// src/gateway/mintingGateway.ts
-import {
-  verifyReceiverConsent,
-  encodeExtData
-} from "@pafi-dev/core";
-var DEFAULT_LOCK_BUFFER_MS = 6e4;
-var MintingGateway = class {
-  ledger;
-  policy;
-  signer;
-  relayService;
-  now;
-  defaultLockBufferMs;
-  constructor(config) {
-    if (!config.ledger) throw new Error("MintingGateway: ledger required");
-    if (!config.policy) throw new Error("MintingGateway: policy required");
-    if (!config.signer) throw new Error("MintingGateway: signer required");
-    if (!config.relayService)
-      throw new Error("MintingGateway: relayService required");
-    this.ledger = config.ledger;
-    this.policy = config.policy;
-    this.signer = config.signer;
-    this.relayService = config.relayService;
-    this.now = config.now ?? (() => Date.now());
-    this.defaultLockBufferMs = config.defaultLockBufferMs ?? DEFAULT_LOCK_BUFFER_MS;
-  }
-  /**
-   * @deprecated Since 0.3.0 — will be renamed to `processMint()` once
-   * the SC team finalizes Relayer v2 ABI. The new flow drops the
-   * swap steps entirely (no more single-call mint+swap); users swap
-   * separately on PAFI Web. Kept here for v0.2.x consumers. Removed in 2.0.
-   */
-  async processMintAndCashOut(request) {
-    const { receiverConsent, receiverSignature } = request;
-    if (!receiverConsent || !receiverSignature) {
-      throw new MintingGatewayError(
-        "INVALID_REQUEST",
-        "receiverConsent and receiverSignature are required",
-        { safeToRetry: true }
-      );
-    }
-    if (receiverConsent.amount <= 0n) {
-      throw new MintingGatewayError(
-        "INVALID_REQUEST",
-        "consent amount must be positive",
-        { safeToRetry: true }
-      );
-    }
-    if (receiverConsent.originalReceiver !== request.userAddress) {
-      throw new MintingGatewayError(
-        "INVALID_REQUEST",
-        "consent.originalReceiver must equal request.userAddress",
-        { safeToRetry: true }
-      );
-    }
-    const nowSec = BigInt(Math.floor(this.now() / 1e3));
-    if (receiverConsent.deadline <= nowSec) {
-      throw new MintingGatewayError(
-        "CONSENT_EXPIRED",
-        "ReceiverConsent deadline has already passed",
-        { safeToRetry: true }
-      );
-    }
-    const consentResult = await verifyReceiverConsent(
-      request.domain,
-      receiverConsent,
-      receiverSignature,
-      request.userAddress
-    );
-    if (!consentResult.isValid) {
-      throw new MintingGatewayError(
-        "INVALID_CONSENT_SIGNATURE",
-        `ReceiverConsent signature did not recover to ${request.userAddress}`,
-        { safeToRetry: true }
-      );
-    }
-    const policyDecision = await this.policy.evaluate({
-      userAddress: request.userAddress,
-      amount: receiverConsent.amount,
-      pointTokenAddress: request.pointTokenAddress,
-      chainId: request.chainId
-    });
-    if (!policyDecision.approved) {
-      const code = policyDecision.reason?.toLowerCase().includes("insufficient") ? "INSUFFICIENT_BALANCE" : "POLICY_REJECTED";
-      throw new MintingGatewayError(
-        code,
-        policyDecision.reason ?? "Minting request rejected by policy engine",
-        { safeToRetry: true }
-      );
-    }
-    const lockDurationMs = request.lockDurationMs ?? this.computeLockDurationMs(receiverConsent.deadline);
-    let lockId;
-    try {
-      lockId = await this.ledger.lockForMinting(
-        request.userAddress,
-        receiverConsent.amount,
-        lockDurationMs,
-        request.pointTokenAddress
-      );
-    } catch (err) {
-      throw new MintingGatewayError(
-        "INSUFFICIENT_BALANCE",
-        `Failed to lock ledger balance: ${errorMessage2(err)}`,
-        { safeToRetry: true, cause: err }
-      );
-    }
-    try {
-      let minterSignature;
-      try {
-        minterSignature = await this.signer.signMintRequest(request.domain, {
-          to: request.userAddress,
-          amount: receiverConsent.amount,
-          nonce: receiverConsent.nonce,
-          deadline: receiverConsent.deadline
-        });
-      } catch (err) {
-        await this.releaseLockSafely(lockId);
-        throw new MintingGatewayError(
-          "SIGNER_FAILED",
-          `Issuer signer failed: ${errorMessage2(err)}`,
-          { safeToRetry: true, cause: err }
-        );
-      }
-      const mintParams = {
-        pointToken: request.pointTokenAddress,
-        receiver: request.userAddress,
-        amount: receiverConsent.amount,
-        deadline: receiverConsent.deadline,
-        minterSig: minterSignature.serialized,
-        receiverSig: receiverSignature,
-        extData: receiverConsent.extData
-      };
-      const swapParams = {
-        path: request.swapPath,
-        deadline: request.swapDeadline
-      };
-      let relayResult;
-      try {
-        relayResult = await this.relayService.submitMintAndSwap({
-          mint: mintParams,
-          swap: swapParams
-        });
-      } catch (err) {
-        await this.handleRelayFailure(err, lockId);
-      }
-      const result = {
-        txHash: relayResult.txHash,
-        lockId
-      };
-      if (relayResult.blockNumber !== void 0) {
-        result.blockNumber = relayResult.blockNumber;
-      }
-      if (relayResult.gasUsed !== void 0) {
-        result.gasUsed = relayResult.gasUsed;
-      }
-      return result;
-    } catch (err) {
-      if (err instanceof MintingGatewayError) throw err;
-      await this.releaseLockSafely(lockId);
-      throw new MintingGatewayError(
-        "RELAY_SUBMIT_FAILED",
-        `Unexpected error: ${errorMessage2(err)}`,
-        { safeToRetry: true, cause: err }
-      );
-    }
-  }
-  // ---------------------------------------------------------------------------
-  // Internals
-  // ---------------------------------------------------------------------------
-  computeLockDurationMs(consentDeadlineSec) {
-    const nowMs = this.now();
-    const deadlineMs = Number(consentDeadlineSec) * 1e3;
-    const remaining = Math.max(0, deadlineMs - nowMs);
-    return remaining + this.defaultLockBufferMs;
-  }
-  /**
-   * Map a RelayError to a MintingGatewayError, releasing the lock only
-   * when the tx definitely did not land. `TX_REVERTED` and `TIMEOUT`
-   * leave the lock in place because the tx may still be in the mempool
-   * or already mined — releasing would enable a double-spend on retry.
-   * Always throws.
-   */
-  async handleRelayFailure(err, lockId) {
-    if (err instanceof RelayError) {
-      switch (err.code) {
-        case "ENCODE_FAILED":
-        case "SIMULATION_FAILED":
-        case "SUBMIT_FAILED":
-        case "NOT_CONFIGURED":
-          await this.releaseLockSafely(lockId);
-          throw new MintingGatewayError(
-            err.code === "SIMULATION_FAILED" ? "RELAY_SIMULATION_FAILED" : "RELAY_SUBMIT_FAILED",
-            err.message,
-            { safeToRetry: true, cause: err }
-          );
-        case "TX_REVERTED":
-          throw new MintingGatewayError("RELAY_REVERTED", err.message, {
-            safeToRetry: false,
-            cause: err
-          });
-        case "TIMEOUT":
-          throw new MintingGatewayError("RELAY_TIMEOUT", err.message, {
-            safeToRetry: false,
-            cause: err
-          });
-      }
-    }
-    await this.releaseLockSafely(lockId);
-    throw new MintingGatewayError(
-      "RELAY_SUBMIT_FAILED",
-      `Unexpected relay error: ${errorMessage2(err)}`,
-      { safeToRetry: true, cause: err }
-    );
-  }
-  /**
-   * Release a lock, swallowing any secondary error. We never want a lock
-   * release failure to mask the original error — the lock will auto-expire
-   * via TTL anyway.
-   */
-  async releaseLockSafely(lockId) {
-    try {
-      await this.ledger.releaseLock(lockId);
-    } catch {
-    }
-  }
-};
-function errorMessage2(err) {
-  return err instanceof Error ? err.message : String(err);
-}
 // src/indexer/types.ts
 var InMemoryCursorStore = class {
   cursor;
@@ -1167,7 +642,7 @@ var InMemoryCursorStore = class {
 };
 // src/indexer/pointIndexer.ts
-import { getAddress as getAddress4, parseAbiItem } from "viem";
+import { getAddress as getAddress3, parseAbiItem } from "viem";
 var TRANSFER_EVENT = parseAbiItem(
   "event Transfer(address indexed from, address indexed to, uint256 value)"
 );
@@ -1238,7 +713,8 @@ var PointIndexer = class {
         return;
       }
       await this.processBlockRange(from, safeHead);
-    } catch {
+    } catch (err) {
+      console.error("[PAFI] PointIndexer tick error:", err);
     }
     this.scheduleNext();
   }
@@ -1288,10 +764,10 @@ var PointIndexer = class {
     for (const log of logs) {
       const args = log.args;
       if (!args.from || !args.to || args.value === void 0) continue;
-      if (getAddress4(args.from) !== ZERO_ADDRESS) continue;
+      if (getAddress3(args.from) !== ZERO_ADDRESS) continue;
       if (log.blockNumber === null || log.transactionHash === null) continue;
       out.push({
-        to: getAddress4(args.to),
+        to: getAddress3(args.to),
         amount: args.value,
         blockNumber: log.blockNumber,
         txHash: log.transactionHash,
@@ -1347,7 +823,7 @@ function pickMatchingLock(locks, amount) {
 }
 // src/indexer/burnIndexer.ts
-import { getAddress as getAddress5, parseAbiItem as parseAbiItem2 } from "viem";
+import { getAddress as getAddress4, parseAbiItem as parseAbiItem2 } from "viem";
 var TRANSFER_EVENT2 = parseAbiItem2(
   "event Transfer(address indexed from, address indexed to, uint256 value)"
 );
@@ -1364,18 +840,7 @@ var BurnIndexer = class {
   confirmations;
   batchSize;
   pollIntervalMs;
-  /**
-   * Caller-supplied matcher. Return the lockId to resolve for a given
-   * burn event, or `undefined` to skip. Runs synchronously via the
-   * ledger's query path.
-   *
-   * Default: try `ledger.resolveCreditByBurnTx` keyed on a synthetic
-   * lock id `burn-${from}-${amount}` — the in-memory ledger assigns
-   * incrementing IDs so callers with the memory ledger must provide a
-   * custom matcher. Real DB-backed ledgers override this to JOIN on
-   * their `pending_credits` table.
-   */
-  matchLockId = async () => void 0;
+  matchLockId;
   running = false;
   timer;
   constructor(config) {
@@ -1393,6 +858,12 @@ var BurnIndexer = class {
     );
     this.batchSize = BigInt(config.batchSize ?? Number(DEFAULT_BATCH_SIZE2));
     this.pollIntervalMs = config.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS2;
+    if (!config.matchLockId) {
+      throw new Error(
+        "BurnIndexer: matchLockId is required. Provide a function that maps a burn event to its pending credit lockId. Without it, no on-chain burns will ever grant off-chain credits."
+      );
+    }
+    this.matchLockId = config.matchLockId;
   }
   start() {
     if (this.running) return;
@@ -1422,7 +893,8 @@ var BurnIndexer = class {
         return;
       }
       await this.processBlockRange(from, safeHead);
-    } catch {
+    } catch (err) {
+      console.error("[PAFI] BurnIndexer tick error:", err);
     }
     this.scheduleNext();
   }
@@ -1467,10 +939,10 @@ var BurnIndexer = class {
     for (const log of logs) {
       const args = log.args;
       if (!args.from || !args.to || args.value === void 0) continue;
-      if (getAddress5(args.to) !== ZERO_ADDRESS2) continue;
+      if (getAddress4(args.to) !== ZERO_ADDRESS2) continue;
       if (log.blockNumber === null || log.transactionHash === null) continue;
       out.push({
-        from: getAddress5(args.from),
+        from: getAddress4(args.from),
         amount: args.value,
         blockNumber: log.blockNumber,
         txHash: log.transactionHash,
@@ -1485,20 +957,27 @@ var BurnIndexer = class {
    * log + skip.
    */
   async finalize(evt) {
+    const txHash = evt.txHash;
     const lockId = await this.matchLockId(evt);
-    if (!lockId) return;
+    if (lockId === void 0) {
+      console.warn(
+        "[PAFI] BurnIndexer: matchLockId returned undefined for burn tx " + txHash + ". This burn will NOT be credited. Implement matchLockId to map burn events to lock IDs."
+      );
+      return;
+    }
     if (!this.ledger.resolveCreditByBurnTx) {
       return;
     }
     try {
       await this.ledger.resolveCreditByBurnTx(lockId, evt.txHash);
-    } catch {
+    } catch (err) {
+      console.error("[PAFI] BurnIndexer finalize error \u2014 credit may be lost:", err);
     }
   }
 };
 // src/api/handlers.ts
-import { getAddress as getAddress6 } from "viem";
+import { getAddress as getAddress5 } from "viem";
 import {
   getMintRequestNonce,
   getPointTokenBalance,
@@ -1509,7 +988,6 @@ import {
 } from "@pafi-dev/core";
 var IssuerApiHandlers = class {
   authService;
-  gateway;
   ledger;
   provider;
   /**
@@ -1517,18 +995,14 @@ var IssuerApiHandlers = class {
    * validate the request's `pointTokenAddress` against this set.
    */
   supportedTokens;
-  /** First supported token — used as default when a handler doesn't
-   * receive a `pointTokenAddress` in the request (shouldn't happen in
-   * practice, but keeps type-narrowing happy). */
-  defaultToken;
   chainId;
   contracts;
   pafiWebUrl;
   feeManager;
   poolsProvider;
+  claim;
   constructor(config) {
     this.authService = config.authService;
-    this.gateway = config.gateway;
     this.ledger = config.ledger;
     this.provider = config.provider;
     const raw = config.pointTokenAddresses && config.pointTokenAddresses.length > 0 ? config.pointTokenAddresses : config.pointTokenAddress ? [config.pointTokenAddress] : [];
@@ -1537,14 +1011,14 @@ var IssuerApiHandlers = class {
         "IssuerApiHandlers: pointTokenAddress or pointTokenAddresses required"
       );
     }
-    const normalized = raw.map((a) => getAddress6(a));
+    const normalized = raw.map((a) => getAddress5(a));
     this.supportedTokens = new Set(normalized);
-    this.defaultToken = normalized[0];
     this.chainId = config.chainId;
     this.contracts = config.contracts;
     if (config.pafiWebUrl) this.pafiWebUrl = config.pafiWebUrl;
     if (config.feeManager) this.feeManager = config.feeManager;
     if (config.poolsProvider) this.poolsProvider = config.poolsProvider;
+    if (config.claim) this.claim = config.claim;
   }
   // =========================================================================
   // Public handlers (no auth required)
@@ -1559,6 +1033,12 @@ var IssuerApiHandlers = class {
     if (!body || typeof body.message !== "string" || body.message.length === 0 || typeof body.signature !== "string" || body.signature.length <= 2) {
       throw new Error("handleLogin: message and signature are required");
     }
+    if (body.message.length > 4096) {
+      throw new Error("message too long");
+    }
+    if (body.signature.length > 260) {
+      throw new Error("signature too long");
+    }
     const result = await this.authService.login(body.message, body.signature);
     return {
       token: result.token,
@@ -1573,9 +1053,12 @@ var IssuerApiHandlers = class {
    * needs to build EIP-712 messages and interact with on-chain.
    */
   async handleConfig(chainId) {
+    if (!Number.isInteger(chainId) || chainId <= 0) {
+      throw new Error("invalid chainId");
+    }
     if (chainId !== this.chainId) {
       throw new Error(
-        `handleConfig: unsupported chainId ${chainId}, issuer is configured for ${this.chainId}`
+        `handleConfig: unsupported chainId ${chainId}`
       );
     }
     const contracts = {
@@ -1638,14 +1121,14 @@ var IssuerApiHandlers = class {
         `handleUser: unsupported chainId ${request.chainId}`
       );
     }
-    const normalizedAuthed = getAddress6(userAddress);
-    const normalizedRequest = getAddress6(request.userAddress);
+    const normalizedAuthed = getAddress5(userAddress);
+    const normalizedRequest = getAddress5(request.userAddress);
     if (normalizedAuthed !== normalizedRequest) {
       throw new Error(
         "handleUser: request userAddress must match authenticated user"
       );
     }
-    const pointToken = getAddress6(request.pointTokenAddress);
+    const pointToken = getAddress5(request.pointTokenAddress);
     if (!this.supportedTokens.has(pointToken)) {
       throw new Error(
         `handleUser: unsupported pointToken ${pointToken}`
@@ -1688,19 +1171,32 @@ var IssuerApiHandlers = class {
         `handleBuildConsentTypedData: unsupported chainId ${request.chainId}`
       );
     }
-    const pointToken = getAddress6(request.pointTokenAddress);
+    const pointToken = getAddress5(request.pointTokenAddress);
     if (!this.supportedTokens.has(pointToken)) {
       throw new Error(
         `handleBuildConsentTypedData: unsupported pointToken ${pointToken}`
       );
     }
+    const consent = request.receiverConsent;
+    if (getAddress5(consent.originalReceiver) !== getAddress5(userAddress)) {
+      throw new Error(
+        "handleBuildConsentTypedData: receiverConsent.originalReceiver must match authenticated user"
+      );
+    }
+    if (consent.amount <= 0n) {
+      throw new Error("handleBuildConsentTypedData: amount must be positive");
+    }
+    const nowSecs = BigInt(Math.floor(Date.now() / 1e3));
+    if (consent.deadline <= nowSecs) {
+      throw new Error("handleBuildConsentTypedData: deadline is in the past");
+    }
     const name = await getTokenName(this.provider, pointToken);
     const domain = {
       name,
       verifyingContract: pointToken,
       chainId: this.chainId
     };
-    const typedData = buildReceiverConsentTypedData(domain, request.receiverConsent);
+    const typedData = buildReceiverConsentTypedData(domain, consent);
     return {
       typedData: {
         domain: typedData.domain,
@@ -1711,54 +1207,97 @@ var IssuerApiHandlers = class {
     };
   }
   /**
-   * `POST /claim-and-swap`
+   * `POST /claim`
    *
-   * @deprecated Since 0.3.0 — the single-call mint-then-swap flow is
-   * retired in v1.4. Use the new `handleClaim()` (mint only) and let
-   * the user swap separately on PAFI Web. See
-   * [V1.4_V1.5_OVERVIEW.md §4] for the new scenario model. Will be
-   * removed in 2.0.
+   * Policy gate + ledger lock + MintRequest signing in a single atomic
+   * step. Returns an unsigned UserOp the frontend attaches paymaster data
+   * to and submits via EIP-7702 + Bundler.
    *
-   * Legacy behavior: the terminal handler forwards the verified
-   * consent to the MintingGateway, which runs the 11-step flow.
+   * Order of operations:
+   *   1. Validate request fields.
+   *   2. policy.evaluate() — throws if denied; cannot be bypassed.
+   *   3. ledger.lockForMinting() — reserves the balance.
+   *   4. Read on-chain mintRequestNonce + token name in parallel.
+   *   5. relayService.prepareMint() — sign MintRequest + encode UserOp.
+   *   6. On any error after step 3, release the lock before re-throwing.
    */
-  async handleClaimAndSwap(userAddress, request) {
+  async handleClaim(userAddress, request) {
+    if (!this.claim) {
+      throw new Error("handleClaim: claim is not configured on this issuer");
+    }
     if (request.chainId !== this.chainId) {
-      throw new Error(
-        `handleClaimAndSwap: unsupported chainId ${request.chainId}`
-      );
+      throw new Error(`handleClaim: unsupported chainId ${request.chainId}`);
     }
-    const pointToken = getAddress6(request.pointTokenAddress);
+    const pointToken = getAddress5(request.pointTokenAddress);
     if (!this.supportedTokens.has(pointToken)) {
-      throw new Error(
-        `handleClaimAndSwap: unsupported pointToken ${pointToken}`
-      );
+      throw new Error(`handleClaim: unsupported pointToken ${pointToken}`);
     }
-    const result = await this.gateway.processMintAndCashOut({
-      userAddress: getAddress6(userAddress),
+    if (request.amount <= 0n) {
+      throw new Error("handleClaim: amount must be positive");
+    }
+    const nowSecs = BigInt(Math.floor(Date.now() / 1e3));
+    if (request.deadline <= nowSecs) {
+      throw new Error("handleClaim: deadline is in the past");
+    }
+    const { policy, relayService, issuerSignerWallet, batchExecutorAddress } = this.claim;
+    const lockDurationMs = this.claim.lockDurationMs ?? 15 * 60 * 1e3;
+    const normalizedUser = getAddress5(userAddress);
+    const decision = await policy.evaluate({
+      userAddress: normalizedUser,
+      amount: request.amount,
       pointTokenAddress: pointToken,
-      chainId: request.chainId,
-      domain: request.domain,
-      receiverConsent: request.receiverConsent,
-      receiverSignature: request.receiverSignature,
-      swapPath: request.swapPath,
-      swapDeadline: request.swapDeadline
+      chainId: this.chainId
     });
-    const response = {
-      txHash: result.txHash,
-      lockId: result.lockId
-    };
-    if (result.blockNumber !== void 0)
-      response.blockNumber = result.blockNumber;
-    if (result.gasUsed !== void 0) response.gasUsed = result.gasUsed;
-    return response;
+    if (!decision.approved) {
+      throw new Error(`handleClaim: policy denied \u2014 ${decision.reason ?? "no reason given"}`);
+    }
+    const lockId = await this.ledger.lockForMinting(
+      normalizedUser,
+      request.amount,
+      lockDurationMs,
+      pointToken
+    );
+    try {
+      const [mintRequestNonce, tokenName] = await Promise.all([
+        getMintRequestNonce(this.provider, pointToken, normalizedUser),
+        getTokenName(this.provider, pointToken)
+      ]);
+      const domain = {
+        name: tokenName,
+        verifyingContract: pointToken,
+        chainId: this.chainId
+      };
+      const userOp = await relayService.prepareMint({
+        userAddress: normalizedUser,
+        aaNonce: request.aaNonce,
+        batchExecutorAddress,
+        pointTokenAddress: pointToken,
+        amount: request.amount,
+        issuerSignerWallet,
+        domain,
+        mintRequestNonce,
+        deadline: request.deadline,
+        feeAmount: request.feeAmount,
+        feeRecipient: request.feeRecipient
+      });
+      return {
+        lockId,
+        userOp,
+        expiresInSeconds: Math.floor(lockDurationMs / 1e3)
+      };
+    } catch (err) {
+      await this.ledger.releaseLock(lockId).catch(() => {
+      });
+      throw err;
+    }
   }
 };
 // src/api/handlers/ptRedeemHandler.ts
-import { getAddress as getAddress7 } from "viem";
-import { verifyBurnConsent } from "@pafi-dev/core";
+import { getAddress as getAddress6 } from "viem";
+import { signBurnRequest, POINT_TOKEN_V2_ABI as POINT_TOKEN_V2_ABI2, getPointTokenBalance as getPointTokenBalance2 } from "@pafi-dev/core";
 var DEFAULT_REDEEM_LOCK_MS = 15 * 60 * 1e3;
+var DEFAULT_SIG_DEADLINE_SEC = 15 * 60;
 var PTRedeemError = class extends Error {
   constructor(code, message) {
     super(message);
@@ -1770,11 +1309,14 @@ var PTRedeemError = class extends Error {
 var PTRedeemHandler = class {
   ledger;
   relayService;
+  provider;
   pointTokenAddress;
   batchExecutorAddress;
   chainId;
   domain;
+  burnerSignerWallet;
   redeemLockDurationMs;
+  signatureDeadlineSeconds;
   now;
   constructor(config) {
     if (!config.ledger.reservePendingCredit) {
@@ -1783,46 +1325,88 @@ var PTRedeemHandler = class {
         "PTRedeemHandler requires a ledger that implements reservePendingCredit() (v0.3.0+)"
       );
     }
+    if (!config.burnerSignerWallet) {
+      throw new PTRedeemError(
+        "SIGNING_FAILED",
+        "PTRedeemHandler requires burnerSignerWallet (issuer burner signer)"
+      );
+    }
     this.ledger = config.ledger;
     this.relayService = config.relayService;
-    this.pointTokenAddress = getAddress7(config.pointTokenAddress);
-    this.batchExecutorAddress = getAddress7(config.batchExecutorAddress);
+    this.provider = config.provider;
+    this.pointTokenAddress = getAddress6(config.pointTokenAddress);
+    this.batchExecutorAddress = getAddress6(config.batchExecutorAddress);
     this.chainId = config.chainId;
     this.domain = config.domain;
+    this.burnerSignerWallet = config.burnerSignerWallet;
+    if (this.burnerSignerWallet?.account?.type === "local") {
+      console.warn("[PAFI] PTRedeemHandler: burnerSignerWallet uses a local (private key) account. Use a KMS-backed signer in production.");
+    }
     this.redeemLockDurationMs = config.redeemLockDurationMs ?? DEFAULT_REDEEM_LOCK_MS;
+    this.signatureDeadlineSeconds = config.signatureDeadlineSeconds ?? DEFAULT_SIG_DEADLINE_SEC;
     this.now = config.now ?? (() => Date.now());
   }
   async handle(request) {
+    if (getAddress6(request.authenticatedAddress) !== getAddress6(request.userAddress)) {
+      throw new PTRedeemError(
+        "UNAUTHORIZED",
+        `userAddress (${request.userAddress}) does not match authenticated session (${request.authenticatedAddress})`
+      );
+    }
     if (request.amount <= 0n) {
-      throw new PTRedeemError("INVALID_CONSENT", "redeem amount must be positive");
+      throw new PTRedeemError("INVALID_AMOUNT", "redeem amount must be positive");
     }
-    if (request.consent.amount !== request.amount) {
+    let burnNonce;
+    try {
+      burnNonce = await this.provider.readContract({
+        address: this.pointTokenAddress,
+        abi: POINT_TOKEN_V2_ABI2,
+        functionName: "burnRequestNonces",
+        args: [request.userAddress]
+      });
+    } catch (err) {
       throw new PTRedeemError(
-        "AMOUNT_MISMATCH",
-        `consent.amount (${request.consent.amount}) must match request.amount (${request.amount})`
+        "NONCE_READ_FAILED",
+        `failed to read burnRequestNonces(${request.userAddress}): ${err instanceof Error ? err.message : String(err)}`
       );
     }
-    const nowSeconds = BigInt(Math.floor(this.now() / 1e3));
-    if (request.consent.deadline <= nowSeconds) {
+    const onChainBalance = await getPointTokenBalance2(
+      this.provider,
+      this.pointTokenAddress,
+      request.userAddress
+    );
+    if (onChainBalance < request.amount) {
       throw new PTRedeemError(
-        "EXPIRED_CONSENT",
-        `consent deadline (${request.consent.deadline}) already passed`
+        "INVALID_AMOUNT",
+        `insufficient on-chain PT balance: have ${onChainBalance}, need ${request.amount}`
       );
     }
-    const verification = await verifyBurnConsent(
-      {
-        name: this.domain.name,
-        chainId: this.chainId,
-        verifyingContract: this.domain.verifyingContract ?? this.pointTokenAddress
-      },
-      request.consent,
-      request.consentSignature,
-      request.userAddress
+    const deadline = BigInt(
+      Math.floor(this.now() / 1e3) + this.signatureDeadlineSeconds
     );
-    if (!verification.isValid) {
+    const domain = {
+      name: this.domain.name,
+      chainId: this.chainId,
+      verifyingContract: this.domain.verifyingContract ?? this.pointTokenAddress
+    };
+    const burnRequest = {
+      from: request.userAddress,
+      amount: request.amount,
+      nonce: burnNonce,
+      deadline
+    };
+    let burnerSignature;
+    try {
+      const sig = await signBurnRequest(
+        this.burnerSignerWallet,
+        domain,
+        burnRequest
+      );
+      burnerSignature = sig.serialized;
+    } catch (err) {
       throw new PTRedeemError(
-        "SIGNATURE_MISMATCH",
-        `signer mismatch \u2014 expected ${request.userAddress}, got ${verification.recoveredAddress}`
+        "SIGNING_FAILED",
+        `failed to sign BurnRequest: ${err instanceof Error ? err.message : String(err)}`
       );
     }
     const lockId = await this.ledger.reservePendingCredit(
@@ -1837,33 +1421,21 @@ var PTRedeemHandler = class {
       aaNonce: request.aaNonce,
       pointTokenAddress: this.pointTokenAddress,
       batchExecutorAddress: this.batchExecutorAddress,
-      burnConsent: request.consent,
-      consentSignature: parseSigStruct(request.consentSignature)
+      burnRequest,
+      burnerSignature
     });
     return {
       lockId,
       userOp,
-      expiresInSeconds: Math.floor(this.redeemLockDurationMs / 1e3)
+      expiresInSeconds: Math.floor(this.redeemLockDurationMs / 1e3),
+      signatureDeadline: deadline
     };
   }
 };
-function parseSigStruct(serialized) {
-  const raw = serialized.slice(2);
-  if (raw.length !== 130) {
-    throw new PTRedeemError(
-      "INVALID_CONSENT",
-      `signature must be 65 bytes, got ${raw.length / 2}`
-    );
-  }
-  const r = `0x${raw.slice(0, 64)}`;
-  const s = `0x${raw.slice(64, 128)}`;
-  const v = parseInt(raw.slice(128, 130), 16);
-  return { v, r, s };
-}
 // src/api/handlers/topUpRedemptionHandler.ts
-import { getAddress as getAddress8 } from "viem";
-import { getPointTokenBalance as getPointTokenBalance2 } from "@pafi-dev/core";
+import { getAddress as getAddress7 } from "viem";
+import { getPointTokenBalance as getPointTokenBalance3 } from "@pafi-dev/core";
 var TopUpRedemptionError = class extends Error {
   constructor(code, message) {
     super(message);
@@ -1881,9 +1453,15 @@ var TopUpRedemptionHandler = class {
     this.ledger = config.ledger;
     this.ptRedeemHandler = config.ptRedeemHandler;
     this.provider = config.provider;
-    this.pointTokenAddress = getAddress8(config.pointTokenAddress);
+    this.pointTokenAddress = getAddress7(config.pointTokenAddress);
   }
   async handle(request) {
+    if (getAddress7(request.authenticatedAddress) !== getAddress7(request.userAddress)) {
+      throw new TopUpRedemptionError(
+        "UNAUTHORIZED",
+        `userAddress (${request.userAddress}) does not match authenticated session (${request.authenticatedAddress})`
+      );
+    }
     const offChainBalance = await this.ledger.getBalance(
       request.userAddress,
       this.pointTokenAddress
@@ -1892,7 +1470,7 @@ var TopUpRedemptionHandler = class {
       return { action: "NO_TOP_UP_NEEDED", offChainBalance };
     }
     const shortfall = request.requiredAmount - offChainBalance;
-    const onChainBalance = await getPointTokenBalance2(
+    const onChainBalance = await getPointTokenBalance3(
       this.provider,
       this.pointTokenAddress,
       request.userAddress
@@ -1905,24 +1483,11 @@ var TopUpRedemptionHandler = class {
         shortfall
       };
     }
-    if (request.redeemRequest.consent.amount < shortfall) {
-      throw new TopUpRedemptionError(
-        "CONSENT_AMOUNT_TOO_LOW",
-        `consent.amount (${request.redeemRequest.consent.amount}) must cover shortfall (${shortfall})`
-      );
-    }
-    if (request.redeemRequest.consent.amount !== shortfall) {
-      throw new TopUpRedemptionError(
-        "CONSENT_AMOUNT_TOO_LOW",
-        `consent.amount (${request.redeemRequest.consent.amount}) must equal shortfall (${shortfall}) exactly \u2014 re-sign with correct amount`
-      );
-    }
     const redeem = await this.ptRedeemHandler.handle({
+      authenticatedAddress: request.authenticatedAddress,
       userAddress: request.userAddress,
       amount: shortfall,
-      consent: request.redeemRequest.consent,
-      consentSignature: request.redeemRequest.consentSignature,
-      aaNonce: request.redeemRequest.aaNonce
+      aaNonce: request.aaNonce
     });
     return {
       action: "TOP_UP_STARTED",
@@ -1933,6 +1498,7 @@ var TopUpRedemptionHandler = class {
 };
 // src/pools/subgraphPoolsProvider.ts
+import { isAddress } from "viem";
 var DEFAULT_CACHE_TTL_MS = 3e4;
 var POOL_QUERY = `
   query GetPoolForPointToken($id: ID!) {
@@ -1955,6 +1521,19 @@ function createSubgraphPoolsProvider(config) {
       "createSubgraphPoolsProvider: subgraphUrl is required"
     );
   }
+  try {
+    const parsed = new URL(config.subgraphUrl);
+    if (process.env.NODE_ENV === "production" && parsed.protocol !== "https:") {
+      throw new Error("subgraphUrl must use HTTPS in production");
+    }
+  } catch (err) {
+    if (err instanceof TypeError) {
+      throw new Error(
+        `subgraphPoolsProvider: invalid subgraphUrl: ${config.subgraphUrl}`
+      );
+    }
+    throw err;
+  }
   const cacheTtl = config.cacheTtlMs ?? DEFAULT_CACHE_TTL_MS;
   const fetchImpl = config.fetchImpl ?? globalThis.fetch;
   const now = config.now ?? (() => Date.now());
@@ -2023,6 +1602,26 @@ async function fetchPoolsFromSubgraph(fetchImpl, subgraphUrl, pointTokenAddress)
     return [];
   }
   const { pool } = token;
+  if (!isAddress(pool.hooks)) {
+    console.error(
+      "[PAFI] SubgraphPoolsProvider: invalid hooks address in response:",
+      pool.hooks,
+      "\u2014 skipping pool"
+    );
+    return [];
+  }
+  if (!isAddress(pool.token0.id) || !isAddress(pool.token1.id)) {
+    console.error(
+      "[PAFI] SubgraphPoolsProvider: invalid token address in response \u2014 skipping pool"
+    );
+    return [];
+  }
+  if (!Number.isFinite(Number(pool.feeTier)) || !Number.isFinite(Number(pool.tickSpacing))) {
+    console.error(
+      "[PAFI] SubgraphPoolsProvider: invalid feeTier/tickSpacing \u2014 skipping pool"
+    );
+    return [];
+  }
   const [currency0, currency1] = sortCurrencies(
     pool.token0.id,
     pool.token1.id
@@ -2058,6 +1657,19 @@ function createSubgraphNativeUsdtQuoter(config) {
       "createSubgraphNativeUsdtQuoter: subgraphUrl is required"
     );
   }
+  try {
+    const parsed = new URL(config.subgraphUrl);
+    if (process.env.NODE_ENV === "production" && parsed.protocol !== "https:") {
+      throw new Error("subgraphUrl must use HTTPS in production");
+    }
+  } catch (err) {
+    if (err instanceof TypeError) {
+      throw new Error(
+        `subgraphPoolsProvider: invalid subgraphUrl: ${config.subgraphUrl}`
+      );
+    }
+    throw err;
+  }
   const usdtDecimals = config.usdtDecimals ?? DEFAULT_USDT_DECIMALS;
   const nativeDecimals = config.nativeDecimals ?? DEFAULT_NATIVE_DECIMALS;
   const cacheTtl = config.cacheTtlMs ?? DEFAULT_CACHE_TTL_MS2;
@@ -2134,6 +1746,14 @@ async function fetchEthPriceFromSubgraph(fetchImpl, subgraphUrl) {
     );
     return null;
   }
+  const MIN_REASONABLE_ETH_PRICE = 100;
+  const MAX_REASONABLE_ETH_PRICE = 1e5;
+  if (parsed < MIN_REASONABLE_ETH_PRICE || parsed > MAX_REASONABLE_ETH_PRICE) {
+    console.warn(
+      `[PAFI] SubgraphNativeUsdtQuoter: ETH/USD price ${parsed} is outside reasonable range. Using fallback.`
+    );
+    return null;
+  }
   return parsed;
 }
 function toUsdtPerNative(priceFloat, usdtDecimals) {
@@ -2144,7 +1764,7 @@ function toUsdtPerNative(priceFloat, usdtDecimals) {
 }
 // src/balance/balanceAggregator.ts
-import { getPointTokenBalance as getPointTokenBalance3 } from "@pafi-dev/core";
+import { getPointTokenBalance as getPointTokenBalance4 } from "@pafi-dev/core";
 var BalanceAggregator = class {
   provider;
   ledger;
@@ -2165,7 +1785,7 @@ var BalanceAggregator = class {
   async getCombinedBalance(user, pointToken) {
     const [offChain, onChain] = await Promise.all([
       this.ledger.getBalance(user, pointToken),
-      getPointTokenBalance3(this.provider, pointToken, user)
+      getPointTokenBalance4(this.provider, pointToken, user)
     ]);
     return {
       offChain,
@@ -2203,28 +1823,11 @@ var PafiBackendError = class extends Error {
   code;
   httpStatus;
   details;
-  /**
-   * Seconds to wait before retry. Populated from the server body
-   * (e.g. rate limit returns the number of seconds until UTC midnight).
-   */
   retryAfter;
-  /**
-   * `safeToRetry` as reported by the server body. Prefer this over the
-   * code-based heuristic when available — the server knows more about
-   * whether the same request will succeed on retry.
-   */
   serverSafeToRetry;
-  /**
-   * Whether the caller can safely retry the same request.
-   *
-   * If the server provided `safeToRetry` in the body, trust that.
-   * Otherwise fall back to a code-based heuristic.
-   */
   get safeToRetry() {
     if (this.serverSafeToRetry !== void 0) return this.serverSafeToRetry;
     switch (this.code) {
-      case "PAYMASTER_UNAVAILABLE":
-      case "PAYMASTER_TIMEOUT":
       case "RATE_LIMITER_UNAVAILABLE":
       case "INTERNAL_ERROR":
       case "TIMEOUT":
@@ -2233,196 +1836,22 @@ var PafiBackendError = class extends Error {
       case "RATE_LIMIT_EXCEEDED":
       case "RATE_LIMIT_EXCEEDED_DAILY":
       case "RATE_LIMIT_EXCEEDED_PER_USER":
+      case "ISSUER_BUDGET_EXCEEDED":
         return true;
-      // after retryAfter
       default:
         return false;
     }
   }
 };
-// src/pafi-backend/pafiBackendClient.ts
-var DEFAULT_TIMEOUT_MS = 1e4;
-var RETRY_DEFAULTS = {
-  maxAttempts: 1,
-  initialDelayMs: 500,
-  maxDelayMs: 1e4,
-  maxRetryAfterMs: 3e4
-};
-var PafiBackendClient = class {
-  url;
-  issuerId;
-  apiKey;
-  fetchImpl;
-  timeoutMs;
-  retry;
-  constructor(config) {
-    if (!config.url) {
-      throw new Error("PafiBackendClient: url is required");
-    }
-    if (!config.issuerId) {
-      throw new Error("PafiBackendClient: issuerId is required");
-    }
-    if (!config.apiKey) {
-      throw new Error("PafiBackendClient: apiKey is required");
-    }
-    this.url = config.url.replace(/\/+$/, "");
-    this.issuerId = config.issuerId;
-    this.apiKey = config.apiKey;
-    this.fetchImpl = config.fetchImpl ?? globalThis.fetch;
-    this.timeoutMs = config.timeoutMs ?? DEFAULT_TIMEOUT_MS;
-    this.retry = { ...RETRY_DEFAULTS, ...config.retry ?? {} };
-    if (!this.fetchImpl) {
-      throw new Error(
-        "PafiBackendClient: no fetch implementation available \u2014 pass `fetchImpl` or run on Node 18+"
-      );
-    }
-    if (this.retry.maxAttempts < 1) {
-      throw new Error("PafiBackendClient: retry.maxAttempts must be >= 1");
-    }
-  }
-  /**
-   * Request paymaster sponsorship for a pre-built UserOperation.
-   * See [SPONSORED_PATH_FLOW.md §4.1] for the API contract.
-   *
-   * Retries automatically on transient failures (5xx, timeouts, network
-   * errors, and errors the server flags with `safeToRetry: true`) up to
-   * `retry.maxAttempts`. 4xx errors that are not `safeToRetry` fail fast.
-   *
-   * @throws PafiBackendError on final failure after exhausting retries
-   */
-  async requestSponsorship(req) {
-    return this.postWithRetry(
-      "/paymaster/sponsor",
-      req
-    );
-  }
-  // -------------------------------------------------------------------------
-  // Internals
-  // -------------------------------------------------------------------------
-  async postWithRetry(path, body) {
-    let lastError;
-    for (let attempt = 1; attempt <= this.retry.maxAttempts; attempt++) {
-      try {
-        return await this.post(path, body);
-      } catch (err) {
-        if (!(err instanceof PafiBackendError)) throw err;
-        lastError = err;
-        const isLastAttempt = attempt >= this.retry.maxAttempts;
-        if (isLastAttempt || !err.safeToRetry) throw err;
-        const delay = this.computeBackoff(attempt, err.retryAfter);
-        if (delay === null) throw err;
-        await this.sleep(delay);
-      }
-    }
-    throw lastError;
-  }
-  /**
-   * Pick the delay before the next retry.
-   * - If the server sent `retryAfter` (seconds), honor it (capped by
-   *   `maxRetryAfterMs`) — returns null if the server wait exceeds the
-   *   cap, signalling the caller should give up.
-   * - Otherwise: exponential backoff with ±20% jitter, capped at
-   *   `maxDelayMs`.
-   */
-  computeBackoff(attempt, retryAfter) {
-    if (retryAfter !== void 0) {
-      const serverMs = retryAfter * 1e3;
-      if (serverMs > this.retry.maxRetryAfterMs) return null;
-      return serverMs;
-    }
-    const exp = this.retry.initialDelayMs * 2 ** (attempt - 1);
-    const capped = Math.min(exp, this.retry.maxDelayMs);
-    const jitter = capped * (0.8 + Math.random() * 0.4);
-    return Math.round(jitter);
-  }
-  sleep(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
-  }
-  async post(path, body) {
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);
-    let response;
-    try {
-      response = await this.fetchImpl(`${this.url}${path}`, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          "Authorization": `Bearer ${this.apiKey}`,
-          "X-Issuer-Id": this.issuerId
-        },
-        body: JSON.stringify(body, this.bigintReplacer),
-        signal: controller.signal
-      });
-    } catch (err) {
-      if (err.name === "AbortError") {
-        throw new PafiBackendError(
-          "TIMEOUT",
-          `PAFI Backend request timed out after ${this.timeoutMs}ms`,
-          0
-        );
-      }
-      throw new PafiBackendError(
-        "NETWORK_ERROR",
-        `PAFI Backend unreachable: ${err.message}`,
-        0
-      );
-    } finally {
-      clearTimeout(timeoutId);
-    }
-    const text = await response.text();
-    if (!response.ok) {
-      let code = "INTERNAL_ERROR";
-      let message = text || response.statusText;
-      let details;
-      let retryAfter;
-      let serverSafeToRetry;
-      try {
-        const parsed = JSON.parse(text);
-        code = parsed.code ?? code;
-        message = parsed.message ?? message;
-        details = parsed.details;
-        if (typeof parsed.retryAfter === "number") retryAfter = parsed.retryAfter;
-        if (typeof parsed.safeToRetry === "boolean") serverSafeToRetry = parsed.safeToRetry;
-      } catch {
-      }
-      throw new PafiBackendError(code, message, response.status, details, {
-        ...retryAfter !== void 0 ? { retryAfter } : {},
-        ...serverSafeToRetry !== void 0 ? { safeToRetry: serverSafeToRetry } : {}
-      });
-    }
-    return JSON.parse(text, this.bigintReviver);
-  }
-  /** JSON replacer that stringifies bigints. Paired with bigintReviver. */
-  bigintReplacer = (_key, value) => {
-    return typeof value === "bigint" ? value.toString() : value;
-  };
-  /**
-   * JSON reviver that coerces specific numeric-string fields back to
-   * bigint. The server must send these fields as decimal strings.
-   */
-  bigintReviver = (key, value) => {
-    if (typeof value === "string" && (key.endsWith("GasLimit") || key === "nonce" || key === "callGasLimit" || key === "verificationGasLimit" || key === "preVerificationGas" || key === "maxFeePerGas" || key === "maxPriorityFeePerGas" || key === "paymasterVerificationGasLimit" || key === "paymasterPostOpGasLimit") && /^\d+$/.test(value)) {
-      return BigInt(value);
-    }
-    return value;
-  };
-};
 // src/config.ts
-import { getAddress as getAddress9 } from "viem";
+import { getAddress as getAddress8 } from "viem";
 function createIssuerService(config) {
   if (!config.provider) {
     throw new Error("createIssuerService: provider is required");
   }
-  if (!config.operatorWallet) {
-    throw new Error("createIssuerService: operatorWallet is required");
-  }
-  if (!config.signer) {
-    throw new Error("createIssuerService: signer is required");
-  }
-  if (!config.relayAddress) {
-    throw new Error("createIssuerService: relayAddress is required");
+  if (!config.ledger) {
+    throw new Error("createIssuerService: ledger is required");
   }
   if (!config.auth?.jwtSecret) {
     throw new Error("createIssuerService: auth.jwtSecret is required");
@@ -2436,8 +1865,8 @@ function createIssuerService(config) {
       "createIssuerService: at least one of pointTokenAddress / pointTokenAddresses is required"
     );
   }
-  const tokenAddresses = rawAddresses.map((a) => getAddress9(a));
-  const ledger = config.ledger ?? new MemoryPointLedger();
+  const tokenAddresses = rawAddresses.map((a) => getAddress8(a));
+  const ledger = config.ledger;
   const sessionStore = config.sessionStore ?? new MemorySessionStore();
   const policy = config.policy ?? new DefaultPolicyEngine({ ledger });
   const authServiceConfig = {
@@ -2450,18 +1879,7 @@ function createIssuerService(config) {
     authServiceConfig.jwtExpiresIn = config.auth.jwtExpiresIn;
   }
   const authService = new AuthService(authServiceConfig);
-  const relayServiceConfig = {
-    relayAddress: config.relayAddress,
-    operatorWallet: config.operatorWallet,
-    provider: config.provider
-  };
-  if (config.relay?.simulateBeforeSubmit !== void 0) {
-    relayServiceConfig.simulateBeforeSubmit = config.relay.simulateBeforeSubmit;
-  }
-  if (config.relay?.confirmationTimeoutMs !== void 0) {
-    relayServiceConfig.confirmationTimeoutMs = config.relay.confirmationTimeoutMs;
-  }
-  const relayService = new RelayService(relayServiceConfig);
+  const relayService = new RelayService();
   let feeManager;
   if (config.fee) {
     feeManager = new FeeManager({
@@ -2469,16 +1887,6 @@ function createIssuerService(config) {
       provider: config.provider
     });
   }
-  const gatewayConfig = {
-    ledger,
-    policy,
-    signer: config.signer,
-    relayService
-  };
-  if (config.gateway?.defaultLockBufferMs !== void 0) {
-    gatewayConfig.defaultLockBufferMs = config.gateway.defaultLockBufferMs;
-  }
-  const gateway = new MintingGateway(gatewayConfig);
   const indexers = /* @__PURE__ */ new Map();
   for (const tokenAddress of tokenAddresses) {
     const indexerConfig = {
@@ -2506,7 +1914,6 @@ function createIssuerService(config) {
   const firstIndexer = indexers.get(tokenAddresses[0]);
   const handlersConfig = {
     authService,
-    gateway,
     ledger,
     provider: config.provider,
     pointTokenAddresses: tokenAddresses,
@@ -2515,6 +1922,15 @@ function createIssuerService(config) {
   };
   if (feeManager) handlersConfig.feeManager = feeManager;
   if (config.poolsProvider) handlersConfig.poolsProvider = config.poolsProvider;
+  if (config.claim) {
+    handlersConfig.claim = {
+      policy,
+      relayService,
+      issuerSignerWallet: config.claim.issuerSignerWallet,
+      batchExecutorAddress: config.claim.batchExecutorAddress,
+      lockDurationMs: config.claim.lockDurationMs
+    };
+  }
   const handlers = new IssuerApiHandlers(handlersConfig);
   if (config.indexer?.autoStart) {
     for (const idx of indexers.values()) {
@@ -2526,10 +1942,8 @@ function createIssuerService(config) {
     sessionStore,
     ledger,
     policy,
-    signer: config.signer,
     relayService,
     feeManager,
-    gateway,
     indexers,
     indexer: firstIndexer,
     handlers
@@ -2547,18 +1961,13 @@ export {
   FeeManager,
   InMemoryCursorStore,
   IssuerApiHandlers,
-  MemoryPointLedger,
   MemorySessionStore,
-  MintingGateway,
-  MintingGatewayError,
   NonceManager,
   PAFI_ISSUER_SDK_VERSION,
   PTRedeemError,
   PTRedeemHandler,
-  PafiBackendClient,
   PafiBackendError,
   PointIndexer,
-  PrivateKeySigner,
   RelayError,
   RelayService,
   TopUpRedemptionError,
@@ -2566,7 +1975,6 @@ export {
   authenticateRequest,
   createIssuerService,
   createSubgraphNativeUsdtQuoter,
-  createSubgraphPoolsProvider,
-  encodeExtData
+  createSubgraphPoolsProvider
 };
 //# sourceMappingURL=index.js.map