@pafi-dev/issuer 0.3.0-beta.3 → 0.3.0-beta.5

package/dist/index.js

@@ -587,177 +587,16 @@ import {
   erc20Abi
 } from "viem";
 import {
-  relayAbi,
-  encodeMintAndSwap,
-  simulateMintAndSwap as coreSimulateMintAndSwap,
-  SimulationError,
   POINT_TOKEN_V2_ABI,
-  buildPartialUserOperation
+  buildPartialUserOperation,
+  signMintRequest as signMintRequest2
 } from "@pafi-dev/core";
-var DEFAULT_CONFIRMATION_TIMEOUT_MS = 6e4;
 var RelayService = class {
-  relayAddress;
-  operatorWallet;
-  provider;
-  confirmationTimeoutMs;
-  simulateBeforeSubmit;
-  constructor(config) {
-    if (!config.relayAddress) {
-      throw new Error("RelayService: relayAddress is required");
-    }
-    if (!config.operatorWallet) {
-      throw new Error("RelayService: operatorWallet is required");
-    }
-    this.relayAddress = config.relayAddress;
-    this.operatorWallet = config.operatorWallet;
-    if (config.provider) this.provider = config.provider;
-    this.confirmationTimeoutMs = config.confirmationTimeoutMs ?? DEFAULT_CONFIRMATION_TIMEOUT_MS;
-    this.simulateBeforeSubmit = config.simulateBeforeSubmit ?? config.provider !== void 0;
-  }
-  /** Address the operator wallet is broadcasting from (for logging). */
-  operatorAddress() {
-    return this.operatorWallet.account?.address;
-  }
-  /**
-   * Build calldata for the Relay `mintAndSwap` function. Kept public so
-   * callers (e.g. the MintingGateway) can log or persist the encoded call
-   * for audit before broadcasting.
-   */
-  encodeCall(params) {
-    try {
-      return encodeMintAndSwap(params.mint, params.swap);
-    } catch (err) {
-      throw new RelayError(
-        "ENCODE_FAILED",
-        `Failed to encode mintAndSwap calldata: ${errorMessage(err)}`,
-        err
-      );
-    }
-  }
-  /**
-   * Submit a `mintAndSwap` transaction. Flow:
-   *
-   *   1. (optional) pre-flight simulate via provider
-   *   2. writeContract through the operator wallet
-   *   3. (optional) wait for the receipt and surface gasUsed / status
-   *
-   * Throws a typed `RelayError` on any failure so the MintingGateway can
-   * decide whether to release the ledger lock (`SUBMIT_FAILED` and
-   * `SIMULATION_FAILED` are safe to release; `TX_REVERTED` and `TIMEOUT`
-   * need manual review because the tx may still land).
-   *
-   * @deprecated Since 0.3.0 — will be replaced by `prepareMint()` +
-   * `prepareBurn()` in the v1.4 sponsored-UserOp flow. The SC team
-   * still needs to finalize Relayer v2 ABI before the replacements
-   * can ship (blocker B1). Kept for v0.2.x consumers. Removed in 2.0.
-   */
-  async submitMintAndSwap(params) {
-    if (this.simulateBeforeSubmit && this.provider) {
-      const operatorAddr = this.operatorWallet.account?.address;
-      if (operatorAddr) {
-        try {
-          await coreSimulateMintAndSwap(
-            this.provider,
-            this.relayAddress,
-            params.mint,
-            params.swap,
-            operatorAddr
-          );
-        } catch (err) {
-          const reason = err instanceof SimulationError ? err.reason : errorMessage(err);
-          throw new RelayError(
-            "SIMULATION_FAILED",
-            `mintAndSwap would revert: ${reason}`,
-            err
-          );
-        }
-      }
-    }
-    let txHash;
-    try {
-      txHash = await this.operatorWallet.writeContract({
-        address: this.relayAddress,
-        abi: relayAbi,
-        functionName: "mintAndSwap",
-        args: [params.mint, params.swap],
-        ...this.operatorWallet.account ? { account: this.operatorWallet.account } : {}
-      });
-    } catch (err) {
-      throw new RelayError(
-        "SUBMIT_FAILED",
-        `Failed to broadcast mintAndSwap: ${errorMessage(err)}`,
-        err
-      );
-    }
-    if (!this.provider) {
-      return { txHash };
-    }
-    try {
-      const receipt = await this.provider.waitForTransactionReceipt({
-        hash: txHash,
-        timeout: this.confirmationTimeoutMs
-      });
-      if (receipt.status !== "success") {
-        throw new RelayError(
-          "TX_REVERTED",
-          `mintAndSwap reverted on-chain (tx=${txHash})`
-        );
-      }
-      return {
-        txHash,
-        blockNumber: receipt.blockNumber,
-        gasUsed: receipt.gasUsed,
-        status: receipt.status
-      };
-    } catch (err) {
-      if (err instanceof RelayError) throw err;
-      throw new RelayError(
-        "TIMEOUT",
-        `Timed out waiting for mintAndSwap receipt (tx=${txHash}): ${errorMessage(err)}`,
-        err
-      );
-    }
-  }
-  // ==========================================================================
-  // v1.4 — Sponsored UserOp preparation (beta with mocked SC contracts)
-  // ==========================================================================
-  //
-  // These two methods build unsigned `PartialUserOperation` payloads for
-  // the Frontend to sign (via Privy) and submit to the Bundler. The
-  // Issuer Backend no longer broadcasts — that's the Frontend's job.
-  //
-  // Uses mocked Relayer v2 + PointToken ABIs from `@pafi-dev/core/contracts`.
-  // When SC delivers real ABIs, the imports swap but these method bodies
-  // stay the same (calldata encoder is ABI-driven).
-  // ==========================================================================
-  /**
-   * Build an unsigned UserOp for Scenario 1 (Mint).
-   *
-   * Flow:
-   *   1. Encode `Relayer.mint(request, userSig, issuerSig)` as the inner call
-   *   2. Optionally append a PT fee transfer from user → feeRecipient
-   *      (fee recovery happens on-chain via BatchExecutor, not via an
-   *      operator wallet)
-   *   3. Wrap all inner calls into `BatchExecutor.execute(calls[])`
-   *   4. Return a `PartialUserOperation` ready for:
-   *        - gas estimation (Bundler)
-   *        - paymaster sponsorship (PAFI Backend)
-   *        - user signature (Privy)
-   */
   /**
-   * Build an unsigned UserOp for Scenario 1 (Mint) — direct
-   * `PointToken.mint(amount)` flow (v1.4 post-Relayer-removal).
-   *
-   * `msg.sender` inside the batch = user EOA via EIP-7702 delegation.
-   * `PointToken.mint` checks the caller is on its `minters` allowlist
-   * (gg56 BE pre-validates this off-chain to avoid wasted gas).
-   *
-   * Optional PT fee transfer is appended after the mint when
-   * `feeAmount > 0` — this is application-level fee recovery (no
-   * Relayer doing it for us). The user must end up with `amount - fee`
-   * net PT after the batch executes.
+   * Build an unsigned UserOp for Scenario 1 (Mint) — sig-gated
+   * `PointToken.mint(to, amount, deadline, minterSig)`.
    */
-  prepareMint(params) {
+  async prepareMint(params) {
     if (!params.batchExecutorAddress) {
       throw new RelayError(
         "ENCODE_FAILED",
@@ -776,12 +615,41 @@ var RelayService = class {
     if (params.amount <= 0n) {
       throw new RelayError("ENCODE_FAILED", "prepareMint: amount must be positive");
     }
+    if (!params.issuerSignerWallet) {
+      throw new RelayError(
+        "ENCODE_FAILED",
+        "prepareMint: issuerSignerWallet required (for MintRequest EIP-712 signature)"
+      );
+    }
+    if (params.deadline <= 0n) {
+      throw new RelayError("ENCODE_FAILED", "prepareMint: deadline must be positive");
+    }
+    let minterSig;
+    try {
+      const sig = await signMintRequest2(
+        params.issuerSignerWallet,
+        params.domain,
+        {
+          to: params.userAddress,
+          amount: params.amount,
+          nonce: params.mintRequestNonce,
+          deadline: params.deadline
+        }
+      );
+      minterSig = sig.serialized;
+    } catch (err) {
+      throw new RelayError(
+        "ENCODE_FAILED",
+        `prepareMint: failed to sign MintRequest: ${errorMessage(err)}`,
+        err
+      );
+    }
     let mintCallData;
     try {
       mintCallData = encodeFunctionData({
         abi: POINT_TOKEN_V2_ABI,
         functionName: "mint",
-        args: [params.amount]
+        args: [params.userAddress, params.amount, params.deadline, minterSig]
       });
     } catch (err) {
       throw new RelayError(
@@ -829,13 +697,12 @@ var RelayService = class {
    * Build an unsigned UserOp for Scenario 2 (Burn/Redeem).
    *
    * Two modes:
-   *   - `mode: 'burn'` — direct `PointToken.burn(amount)`; `msg.sender`
-   *     via EIP-7702 delegation is the user, so no signature needed
-   *     on-chain (the BurnConsent was already verified off-chain by
-   *     the issuer backend before we got here)
-   *   - `mode: 'burnWithSig'` — `PointToken.burnWithSig(consent, sig)`;
-   *     used when the issuer hasn't verified the consent and the
-   *     contract has to do it on-chain
+   *   - `mode: 'burn'` — direct `PointToken.burn(from, amount)`; only
+   *     usable if the caller (via EIP-7702) is whitelisted as a burner.
+   *     Rare in v1.4; kept for admin/operator tools.
+   *   - `mode: 'burnWithSig'` — `PointToken.burn(from, amount, deadline,
+   *     burnerSig)`. Caller provides a pre-signed `BurnRequest` + sig
+   *     bytes (typically from `PTRedeemHandler`).
    */
   prepareBurn(params) {
     if (!params.pointTokenAddress) {
@@ -850,19 +717,24 @@ var RelayService = class {
     let burnCallData;
     try {
       if (params.mode === "burnWithSig") {
-        if (!params.burnConsent || !params.consentSignature) {
-          throw new Error("burnWithSig requires burnConsent + consentSignature");
+        if (!params.burnRequest || !params.burnerSignature) {
+          throw new Error("burnWithSig requires burnRequest + burnerSignature");
         }
         burnCallData = encodeFunctionData({
           abi: POINT_TOKEN_V2_ABI,
-          functionName: "burnWithSig",
-          args: [params.burnConsent, params.consentSignature]
+          functionName: "burn",
+          args: [
+            params.burnRequest.from,
+            params.burnRequest.amount,
+            params.burnRequest.deadline,
+            params.burnerSignature
+          ]
         });
       } else {
         burnCallData = encodeFunctionData({
           abi: POINT_TOKEN_V2_ABI,
           functionName: "burn",
-          args: [params.amount]
+          args: [params.userAddress, params.amount]
         });
       }
     } catch (err) {
@@ -932,255 +804,6 @@ var FeeManager = class {
   }
 };
 
-// src/gateway/types.ts
-var MintingGatewayError = class extends Error {
-  code;
-  /**
-   * True if the ledger lock was released before this error was thrown,
-   * meaning the user can safely retry. False means the funds are still
-   * locked (e.g. tx may still land on-chain) and retry would double-spend.
-   */
-  safeToRetry;
-  cause;
-  constructor(code, message, opts) {
-    super(message);
-    this.name = "MintingGatewayError";
-    this.code = code;
-    this.safeToRetry = opts.safeToRetry;
-    if (opts.cause !== void 0) this.cause = opts.cause;
-  }
-};
-
-// src/gateway/mintingGateway.ts
-import {
-  verifyReceiverConsent,
-  encodeExtData
-} from "@pafi-dev/core";
-var DEFAULT_LOCK_BUFFER_MS = 6e4;
-var MintingGateway = class {
-  ledger;
-  policy;
-  signer;
-  relayService;
-  now;
-  defaultLockBufferMs;
-  constructor(config) {
-    if (!config.ledger) throw new Error("MintingGateway: ledger required");
-    if (!config.policy) throw new Error("MintingGateway: policy required");
-    if (!config.signer) throw new Error("MintingGateway: signer required");
-    if (!config.relayService)
-      throw new Error("MintingGateway: relayService required");
-    this.ledger = config.ledger;
-    this.policy = config.policy;
-    this.signer = config.signer;
-    this.relayService = config.relayService;
-    this.now = config.now ?? (() => Date.now());
-    this.defaultLockBufferMs = config.defaultLockBufferMs ?? DEFAULT_LOCK_BUFFER_MS;
-  }
-  /**
-   * @deprecated Since 0.3.0 — will be renamed to `processMint()` once
-   * the SC team finalizes Relayer v2 ABI. The new flow drops the
-   * swap steps entirely (no more single-call mint+swap); users swap
-   * separately on PAFI Web. Kept here for v0.2.x consumers. Removed in 2.0.
-   */
-  async processMintAndCashOut(request) {
-    const { receiverConsent, receiverSignature } = request;
-    if (!receiverConsent || !receiverSignature) {
-      throw new MintingGatewayError(
-        "INVALID_REQUEST",
-        "receiverConsent and receiverSignature are required",
-        { safeToRetry: true }
-      );
-    }
-    if (receiverConsent.amount <= 0n) {
-      throw new MintingGatewayError(
-        "INVALID_REQUEST",
-        "consent amount must be positive",
-        { safeToRetry: true }
-      );
-    }
-    if (receiverConsent.originalReceiver !== request.userAddress) {
-      throw new MintingGatewayError(
-        "INVALID_REQUEST",
-        "consent.originalReceiver must equal request.userAddress",
-        { safeToRetry: true }
-      );
-    }
-    const nowSec = BigInt(Math.floor(this.now() / 1e3));
-    if (receiverConsent.deadline <= nowSec) {
-      throw new MintingGatewayError(
-        "CONSENT_EXPIRED",
-        "ReceiverConsent deadline has already passed",
-        { safeToRetry: true }
-      );
-    }
-    const consentResult = await verifyReceiverConsent(
-      request.domain,
-      receiverConsent,
-      receiverSignature,
-      request.userAddress
-    );
-    if (!consentResult.isValid) {
-      throw new MintingGatewayError(
-        "INVALID_CONSENT_SIGNATURE",
-        `ReceiverConsent signature did not recover to ${request.userAddress}`,
-        { safeToRetry: true }
-      );
-    }
-    const policyDecision = await this.policy.evaluate({
-      userAddress: request.userAddress,
-      amount: receiverConsent.amount,
-      pointTokenAddress: request.pointTokenAddress,
-      chainId: request.chainId
-    });
-    if (!policyDecision.approved) {
-      const code = policyDecision.reason?.toLowerCase().includes("insufficient") ? "INSUFFICIENT_BALANCE" : "POLICY_REJECTED";
-      throw new MintingGatewayError(
-        code,
-        policyDecision.reason ?? "Minting request rejected by policy engine",
-        { safeToRetry: true }
-      );
-    }
-    const lockDurationMs = request.lockDurationMs ?? this.computeLockDurationMs(receiverConsent.deadline);
-    let lockId;
-    try {
-      lockId = await this.ledger.lockForMinting(
-        request.userAddress,
-        receiverConsent.amount,
-        lockDurationMs,
-        request.pointTokenAddress
-      );
-    } catch (err) {
-      throw new MintingGatewayError(
-        "INSUFFICIENT_BALANCE",
-        `Failed to lock ledger balance: ${errorMessage2(err)}`,
-        { safeToRetry: true, cause: err }
-      );
-    }
-    try {
-      let minterSignature;
-      try {
-        minterSignature = await this.signer.signMintRequest(request.domain, {
-          to: request.userAddress,
-          amount: receiverConsent.amount,
-          nonce: receiverConsent.nonce,
-          deadline: receiverConsent.deadline
-        });
-      } catch (err) {
-        await this.releaseLockSafely(lockId);
-        throw new MintingGatewayError(
-          "SIGNER_FAILED",
-          `Issuer signer failed: ${errorMessage2(err)}`,
-          { safeToRetry: true, cause: err }
-        );
-      }
-      const mintParams = {
-        pointToken: request.pointTokenAddress,
-        receiver: request.userAddress,
-        amount: receiverConsent.amount,
-        deadline: receiverConsent.deadline,
-        minterSig: minterSignature.serialized,
-        receiverSig: receiverSignature,
-        extData: receiverConsent.extData
-      };
-      const swapParams = {
-        path: request.swapPath,
-        deadline: request.swapDeadline
-      };
-      let relayResult;
-      try {
-        relayResult = await this.relayService.submitMintAndSwap({
-          mint: mintParams,
-          swap: swapParams
-        });
-      } catch (err) {
-        await this.handleRelayFailure(err, lockId);
-      }
-      const result = {
-        txHash: relayResult.txHash,
-        lockId
-      };
-      if (relayResult.blockNumber !== void 0) {
-        result.blockNumber = relayResult.blockNumber;
-      }
-      if (relayResult.gasUsed !== void 0) {
-        result.gasUsed = relayResult.gasUsed;
-      }
-      return result;
-    } catch (err) {
-      if (err instanceof MintingGatewayError) throw err;
-      await this.releaseLockSafely(lockId);
-      throw new MintingGatewayError(
-        "RELAY_SUBMIT_FAILED",
-        `Unexpected error: ${errorMessage2(err)}`,
-        { safeToRetry: true, cause: err }
-      );
-    }
-  }
-  // ---------------------------------------------------------------------------
-  // Internals
-  // ---------------------------------------------------------------------------
-  computeLockDurationMs(consentDeadlineSec) {
-    const nowMs = this.now();
-    const deadlineMs = Number(consentDeadlineSec) * 1e3;
-    const remaining = Math.max(0, deadlineMs - nowMs);
-    return remaining + this.defaultLockBufferMs;
-  }
-  /**
-   * Map a RelayError to a MintingGatewayError, releasing the lock only
-   * when the tx definitely did not land. `TX_REVERTED` and `TIMEOUT`
-   * leave the lock in place because the tx may still be in the mempool
-   * or already mined — releasing would enable a double-spend on retry.
-   * Always throws.
-   */
-  async handleRelayFailure(err, lockId) {
-    if (err instanceof RelayError) {
-      switch (err.code) {
-        case "ENCODE_FAILED":
-        case "SIMULATION_FAILED":
-        case "SUBMIT_FAILED":
-        case "NOT_CONFIGURED":
-          await this.releaseLockSafely(lockId);
-          throw new MintingGatewayError(
-            err.code === "SIMULATION_FAILED" ? "RELAY_SIMULATION_FAILED" : "RELAY_SUBMIT_FAILED",
-            err.message,
-            { safeToRetry: true, cause: err }
-          );
-        case "TX_REVERTED":
-          throw new MintingGatewayError("RELAY_REVERTED", err.message, {
-            safeToRetry: false,
-            cause: err
-          });
-        case "TIMEOUT":
-          throw new MintingGatewayError("RELAY_TIMEOUT", err.message, {
-            safeToRetry: false,
-            cause: err
-          });
-      }
-    }
-    await this.releaseLockSafely(lockId);
-    throw new MintingGatewayError(
-      "RELAY_SUBMIT_FAILED",
-      `Unexpected relay error: ${errorMessage2(err)}`,
-      { safeToRetry: true, cause: err }
-    );
-  }
-  /**
-   * Release a lock, swallowing any secondary error. We never want a lock
-   * release failure to mask the original error — the lock will auto-expire
-   * via TTL anyway.
-   */
-  async releaseLockSafely(lockId) {
-    try {
-      await this.ledger.releaseLock(lockId);
-    } catch {
-    }
-  }
-};
-function errorMessage2(err) {
-  return err instanceof Error ? err.message : String(err);
-}
-
 // src/indexer/types.ts
 var InMemoryCursorStore = class {
   cursor;
@@ -1535,7 +1158,6 @@ import {
 } from "@pafi-dev/core";
 var IssuerApiHandlers = class {
   authService;
-  gateway;
   ledger;
   provider;
   /**
@@ -1554,7 +1176,6 @@ var IssuerApiHandlers = class {
   poolsProvider;
   constructor(config) {
     this.authService = config.authService;
-    this.gateway = config.gateway;
     this.ledger = config.ledger;
     this.provider = config.provider;
     const raw = config.pointTokenAddresses && config.pointTokenAddresses.length > 0 ? config.pointTokenAddresses : config.pointTokenAddress ? [config.pointTokenAddress] : [];
@@ -1736,55 +1357,13 @@ var IssuerApiHandlers = class {
       }
     };
   }
-  /**
-   * `POST /claim-and-swap`
-   *
-   * @deprecated Since 0.3.0 — the single-call mint-then-swap flow is
-   * retired in v1.4. Use the new `handleClaim()` (mint only) and let
-   * the user swap separately on PAFI Web. See
-   * [V1.4_V1.5_OVERVIEW.md §4] for the new scenario model. Will be
-   * removed in 2.0.
-   *
-   * Legacy behavior: the terminal handler forwards the verified
-   * consent to the MintingGateway, which runs the 11-step flow.
-   */
-  async handleClaimAndSwap(userAddress, request) {
-    if (request.chainId !== this.chainId) {
-      throw new Error(
-        `handleClaimAndSwap: unsupported chainId ${request.chainId}`
-      );
-    }
-    const pointToken = getAddress6(request.pointTokenAddress);
-    if (!this.supportedTokens.has(pointToken)) {
-      throw new Error(
-        `handleClaimAndSwap: unsupported pointToken ${pointToken}`
-      );
-    }
-    const result = await this.gateway.processMintAndCashOut({
-      userAddress: getAddress6(userAddress),
-      pointTokenAddress: pointToken,
-      chainId: request.chainId,
-      domain: request.domain,
-      receiverConsent: request.receiverConsent,
-      receiverSignature: request.receiverSignature,
-      swapPath: request.swapPath,
-      swapDeadline: request.swapDeadline
-    });
-    const response = {
-      txHash: result.txHash,
-      lockId: result.lockId
-    };
-    if (result.blockNumber !== void 0)
-      response.blockNumber = result.blockNumber;
-    if (result.gasUsed !== void 0) response.gasUsed = result.gasUsed;
-    return response;
-  }
 };
 
 // src/api/handlers/ptRedeemHandler.ts
 import { getAddress as getAddress7 } from "viem";
-import { verifyBurnConsent } from "@pafi-dev/core";
+import { signBurnRequest, POINT_TOKEN_V2_ABI as POINT_TOKEN_V2_ABI2 } from "@pafi-dev/core";
 var DEFAULT_REDEEM_LOCK_MS = 15 * 60 * 1e3;
+var DEFAULT_SIG_DEADLINE_SEC = 15 * 60;
 var PTRedeemError = class extends Error {
   constructor(code, message) {
     super(message);
@@ -1796,11 +1375,14 @@ var PTRedeemError = class extends Error {
 var PTRedeemHandler = class {
   ledger;
   relayService;
+  provider;
   pointTokenAddress;
   batchExecutorAddress;
   chainId;
   domain;
+  burnerSignerWallet;
   redeemLockDurationMs;
+  signatureDeadlineSeconds;
   now;
   constructor(config) {
     if (!config.ledger.reservePendingCredit) {
@@ -1809,46 +1391,68 @@ var PTRedeemHandler = class {
         "PTRedeemHandler requires a ledger that implements reservePendingCredit() (v0.3.0+)"
       );
     }
+    if (!config.burnerSignerWallet) {
+      throw new PTRedeemError(
+        "SIGNING_FAILED",
+        "PTRedeemHandler requires burnerSignerWallet (issuer burner signer)"
+      );
+    }
     this.ledger = config.ledger;
     this.relayService = config.relayService;
+    this.provider = config.provider;
     this.pointTokenAddress = getAddress7(config.pointTokenAddress);
     this.batchExecutorAddress = getAddress7(config.batchExecutorAddress);
     this.chainId = config.chainId;
     this.domain = config.domain;
+    this.burnerSignerWallet = config.burnerSignerWallet;
     this.redeemLockDurationMs = config.redeemLockDurationMs ?? DEFAULT_REDEEM_LOCK_MS;
+    this.signatureDeadlineSeconds = config.signatureDeadlineSeconds ?? DEFAULT_SIG_DEADLINE_SEC;
     this.now = config.now ?? (() => Date.now());
   }
   async handle(request) {
     if (request.amount <= 0n) {
-      throw new PTRedeemError("INVALID_CONSENT", "redeem amount must be positive");
-    }
-    if (request.consent.amount !== request.amount) {
-      throw new PTRedeemError(
-        "AMOUNT_MISMATCH",
-        `consent.amount (${request.consent.amount}) must match request.amount (${request.amount})`
-      );
+      throw new PTRedeemError("INVALID_AMOUNT", "redeem amount must be positive");
     }
-    const nowSeconds = BigInt(Math.floor(this.now() / 1e3));
-    if (request.consent.deadline <= nowSeconds) {
+    let burnNonce;
+    try {
+      burnNonce = await this.provider.readContract({
+        address: this.pointTokenAddress,
+        abi: POINT_TOKEN_V2_ABI2,
+        functionName: "burnRequestNonces",
+        args: [request.userAddress]
+      });
+    } catch (err) {
       throw new PTRedeemError(
-        "EXPIRED_CONSENT",
-        `consent deadline (${request.consent.deadline}) already passed`
+        "NONCE_READ_FAILED",
+        `failed to read burnRequestNonces(${request.userAddress}): ${err instanceof Error ? err.message : String(err)}`
       );
     }
-    const verification = await verifyBurnConsent(
-      {
-        name: this.domain.name,
-        chainId: this.chainId,
-        verifyingContract: this.domain.verifyingContract ?? this.pointTokenAddress
-      },
-      request.consent,
-      request.consentSignature,
-      request.userAddress
+    const deadline = BigInt(
+      Math.floor(this.now() / 1e3) + this.signatureDeadlineSeconds
     );
-    if (!verification.isValid) {
+    const domain = {
+      name: this.domain.name,
+      chainId: this.chainId,
+      verifyingContract: this.domain.verifyingContract ?? this.pointTokenAddress
+    };
+    const burnRequest = {
+      from: request.userAddress,
+      amount: request.amount,
+      nonce: burnNonce,
+      deadline
+    };
+    let burnerSignature;
+    try {
+      const sig = await signBurnRequest(
+        this.burnerSignerWallet,
+        domain,
+        burnRequest
+      );
+      burnerSignature = sig.serialized;
+    } catch (err) {
       throw new PTRedeemError(
-        "SIGNATURE_MISMATCH",
-        `signer mismatch \u2014 expected ${request.userAddress}, got ${verification.recoveredAddress}`
+        "SIGNING_FAILED",
+        `failed to sign BurnRequest: ${err instanceof Error ? err.message : String(err)}`
       );
     }
     const lockId = await this.ledger.reservePendingCredit(
@@ -1863,29 +1467,17 @@ var PTRedeemHandler = class {
       aaNonce: request.aaNonce,
       pointTokenAddress: this.pointTokenAddress,
       batchExecutorAddress: this.batchExecutorAddress,
-      burnConsent: request.consent,
-      consentSignature: parseSigStruct(request.consentSignature)
+      burnRequest,
+      burnerSignature
     });
     return {
       lockId,
       userOp,
-      expiresInSeconds: Math.floor(this.redeemLockDurationMs / 1e3)
+      expiresInSeconds: Math.floor(this.redeemLockDurationMs / 1e3),
+      signatureDeadline: deadline
     };
   }
 };
-function parseSigStruct(serialized) {
-  const raw = serialized.slice(2);
-  if (raw.length !== 130) {
-    throw new PTRedeemError(
-      "INVALID_CONSENT",
-      `signature must be 65 bytes, got ${raw.length / 2}`
-    );
-  }
-  const r = `0x${raw.slice(0, 64)}`;
-  const s = `0x${raw.slice(64, 128)}`;
-  const v = parseInt(raw.slice(128, 130), 16);
-  return { v, r, s };
-}
 
 // src/api/handlers/topUpRedemptionHandler.ts
 import { getAddress as getAddress8 } from "viem";
@@ -1931,24 +1523,10 @@ var TopUpRedemptionHandler = class {
         shortfall
       };
     }
-    if (request.redeemRequest.consent.amount < shortfall) {
-      throw new TopUpRedemptionError(
-        "CONSENT_AMOUNT_TOO_LOW",
-        `consent.amount (${request.redeemRequest.consent.amount}) must cover shortfall (${shortfall})`
-      );
-    }
-    if (request.redeemRequest.consent.amount !== shortfall) {
-      throw new TopUpRedemptionError(
-        "CONSENT_AMOUNT_TOO_LOW",
-        `consent.amount (${request.redeemRequest.consent.amount}) must equal shortfall (${shortfall}) exactly \u2014 re-sign with correct amount`
-      );
-    }
     const redeem = await this.ptRedeemHandler.handle({
       userAddress: request.userAddress,
       amount: shortfall,
-      consent: request.redeemRequest.consent,
-      consentSignature: request.redeemRequest.consentSignature,
-      aaNonce: request.redeemRequest.aaNonce
+      aaNonce: request.aaNonce
     });
     return {
       action: "TOP_UP_STARTED",
@@ -2441,15 +2019,6 @@ function createIssuerService(config) {
   if (!config.provider) {
     throw new Error("createIssuerService: provider is required");
   }
-  if (!config.operatorWallet) {
-    throw new Error("createIssuerService: operatorWallet is required");
-  }
-  if (!config.signer) {
-    throw new Error("createIssuerService: signer is required");
-  }
-  if (!config.relayAddress) {
-    throw new Error("createIssuerService: relayAddress is required");
-  }
   if (!config.auth?.jwtSecret) {
     throw new Error("createIssuerService: auth.jwtSecret is required");
   }
@@ -2476,18 +2045,7 @@ function createIssuerService(config) {
     authServiceConfig.jwtExpiresIn = config.auth.jwtExpiresIn;
   }
   const authService = new AuthService(authServiceConfig);
-  const relayServiceConfig = {
-    relayAddress: config.relayAddress,
-    operatorWallet: config.operatorWallet,
-    provider: config.provider
-  };
-  if (config.relay?.simulateBeforeSubmit !== void 0) {
-    relayServiceConfig.simulateBeforeSubmit = config.relay.simulateBeforeSubmit;
-  }
-  if (config.relay?.confirmationTimeoutMs !== void 0) {
-    relayServiceConfig.confirmationTimeoutMs = config.relay.confirmationTimeoutMs;
-  }
-  const relayService = new RelayService(relayServiceConfig);
+  const relayService = new RelayService();
   let feeManager;
   if (config.fee) {
     feeManager = new FeeManager({
@@ -2495,16 +2053,6 @@ function createIssuerService(config) {
       provider: config.provider
     });
   }
-  const gatewayConfig = {
-    ledger,
-    policy,
-    signer: config.signer,
-    relayService
-  };
-  if (config.gateway?.defaultLockBufferMs !== void 0) {
-    gatewayConfig.defaultLockBufferMs = config.gateway.defaultLockBufferMs;
-  }
-  const gateway = new MintingGateway(gatewayConfig);
   const indexers = /* @__PURE__ */ new Map();
   for (const tokenAddress of tokenAddresses) {
     const indexerConfig = {
@@ -2532,7 +2080,6 @@ function createIssuerService(config) {
   const firstIndexer = indexers.get(tokenAddresses[0]);
   const handlersConfig = {
     authService,
-    gateway,
     ledger,
     provider: config.provider,
     pointTokenAddresses: tokenAddresses,
@@ -2552,10 +2099,8 @@ function createIssuerService(config) {
     sessionStore,
     ledger,
     policy,
-    signer: config.signer,
     relayService,
     feeManager,
-    gateway,
     indexers,
     indexer: firstIndexer,
     handlers
@@ -2575,8 +2120,6 @@ export {
   IssuerApiHandlers,
   MemoryPointLedger,
   MemorySessionStore,
-  MintingGateway,
-  MintingGatewayError,
   NonceManager,
   PAFI_ISSUER_SDK_VERSION,
   PTRedeemError,
@@ -2592,7 +2135,6 @@ export {
   authenticateRequest,
   createIssuerService,
   createSubgraphNativeUsdtQuoter,
-  createSubgraphPoolsProvider,
-  encodeExtData
+  createSubgraphPoolsProvider
 };
 //# sourceMappingURL=index.js.map