npm - @pafi-dev/issuer - Versions diffs - 0.3.0-beta.9 → 0.4.0 - Mend

@pafi-dev/issuer 0.3.0-beta.9 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.cjs CHANGED Viewed

@@ -28,15 +28,14 @@ __export(index_exports, {
   FeeManager: () => FeeManager,
   InMemoryCursorStore: () => InMemoryCursorStore,
   IssuerApiHandlers: () => IssuerApiHandlers,
-  MemoryPointLedger: () => MemoryPointLedger,
   MemorySessionStore: () => MemorySessionStore,
   NonceManager: () => NonceManager,
   PAFI_ISSUER_SDK_VERSION: () => PAFI_ISSUER_SDK_VERSION,
   PTRedeemError: () => PTRedeemError,
   PTRedeemHandler: () => PTRedeemHandler,
+  PafiBackendClient: () => PafiBackendClient,
   PafiBackendError: () => PafiBackendError,
   PointIndexer: () => PointIndexer,
-  PrivateKeySigner: () => PrivateKeySigner,
   RelayError: () => RelayError,
   RelayService: () => RelayService,
   TopUpRedemptionError: () => TopUpRedemptionError,
@@ -48,204 +47,6 @@ __export(index_exports, {
 });
 module.exports = __toCommonJS(index_exports);
-// src/ledger/memoryLedger.ts
-var import_viem = require("viem");
-var MemoryPointLedger = class {
-  balances = /* @__PURE__ */ new Map();
-  locks = /* @__PURE__ */ new Map();
-  nextLockId = 1;
-  now;
-  constructor(opts = {}) {
-    this.now = opts.now ?? (() => Date.now());
-  }
-  // -------------------------------------------------------------------------
-  // Read
-  // -------------------------------------------------------------------------
-  async getBalance(userAddress, tokenAddress) {
-    const user = (0, import_viem.getAddress)(userAddress);
-    const token = normalizeToken(tokenAddress);
-    this.purgeExpired();
-    const total = this.balances.get(balanceKey(user, token)) ?? 0n;
-    const locked = this.lockedTotalFor(user, token);
-    return total - locked;
-  }
-  async getLockedRequests(userAddress, tokenAddress) {
-    const user = (0, import_viem.getAddress)(userAddress);
-    const token = normalizeToken(tokenAddress);
-    this.purgeExpired();
-    const out = [];
-    for (const lock of this.locks.values()) {
-      if (lock.userAddress === user && lock.status === "PENDING" && (lock.tokenAddress ?? DEFAULT_TOKEN_KEY) === token) {
-        out.push({ ...lock });
-      }
-    }
-    return out;
-  }
-  // -------------------------------------------------------------------------
-  // Write
-  // -------------------------------------------------------------------------
-  async creditBalance(userAddress, amount, _reason, tokenAddress) {
-    if (amount <= 0n) {
-      throw new Error("MemoryPointLedger: credit amount must be positive");
-    }
-    const user = (0, import_viem.getAddress)(userAddress);
-    const token = normalizeToken(tokenAddress);
-    const key = balanceKey(user, token);
-    const current = this.balances.get(key) ?? 0n;
-    this.balances.set(key, current + amount);
-  }
-  async lockForMinting(userAddress, amount, lockDurationMs, tokenAddress) {
-    if (amount <= 0n) {
-      throw new Error("MemoryPointLedger: lock amount must be positive");
-    }
-    if (lockDurationMs <= 0) {
-      throw new Error("MemoryPointLedger: lockDurationMs must be positive");
-    }
-    const user = (0, import_viem.getAddress)(userAddress);
-    const token = normalizeToken(tokenAddress);
-    this.purgeExpired();
-    const total = this.balances.get(balanceKey(user, token)) ?? 0n;
-    const alreadyLocked = this.lockedTotalFor(user, token);
-    const available = total - alreadyLocked;
-    if (available < amount) {
-      throw new Error(
-        `MemoryPointLedger: insufficient balance \u2014 available=${available}, requested=${amount}`
-      );
-    }
-    const lockId = `lock-${this.nextLockId++}`;
-    const now = this.now();
-    const lock = {
-      lockId,
-      userAddress: user,
-      amount,
-      status: "PENDING",
-      createdAt: now,
-      expiresAt: now + lockDurationMs
-    };
-    if (tokenAddress !== void 0) {
-      lock.tokenAddress = (0, import_viem.getAddress)(tokenAddress);
-    }
-    this.locks.set(lockId, lock);
-    return lockId;
-  }
-  async releaseLock(lockId) {
-    const lock = this.locks.get(lockId);
-    if (!lock) return;
-    if (lock.status === "PENDING") {
-      this.locks.delete(lockId);
-    }
-  }
-  async deductBalance(userAddress, amount, txHash, tokenAddress) {
-    if (amount <= 0n) {
-      throw new Error("MemoryPointLedger: deduct amount must be positive");
-    }
-    const user = (0, import_viem.getAddress)(userAddress);
-    const token = normalizeToken(tokenAddress);
-    const key = balanceKey(user, token);
-    const current = this.balances.get(key) ?? 0n;
-    if (current < amount) {
-      throw new Error(
-        `MemoryPointLedger: cannot deduct ${amount} from balance ${current}`
-      );
-    }
-    this.balances.set(key, current - amount);
-    for (const lock of this.locks.values()) {
-      if (lock.userAddress === user && lock.status === "PENDING" && lock.amount === amount && (lock.tokenAddress ?? DEFAULT_TOKEN_KEY) === token) {
-        lock.status = "MINTED";
-        lock.txHash = txHash;
-        return;
-      }
-    }
-  }
-  async updateMintStatus(lockId, status, txHash) {
-    const lock = this.locks.get(lockId);
-    if (!lock) {
-      throw new Error(`MemoryPointLedger: unknown lockId ${lockId}`);
-    }
-    lock.status = status;
-    if (txHash) lock.txHash = txHash;
-  }
-  // -------------------------------------------------------------------------
-  // v1.4 — Reverse flow (PT burn → off-chain credit)
-  // -------------------------------------------------------------------------
-  pendingCredits = /* @__PURE__ */ new Map();
-  nextCreditId = 1;
-  async reservePendingCredit(userAddress, amount, durationMs, tokenAddress) {
-    if (amount <= 0n) {
-      throw new Error(
-        "MemoryPointLedger: pending credit amount must be positive"
-      );
-    }
-    if (durationMs <= 0) {
-      throw new Error("MemoryPointLedger: durationMs must be positive");
-    }
-    const user = (0, import_viem.getAddress)(userAddress);
-    const lockId = `credit-${this.nextCreditId++}`;
-    const now = this.now();
-    this.pendingCredits.set(lockId, {
-      lockId,
-      userAddress: user,
-      amount,
-      tokenAddress: tokenAddress !== void 0 ? (0, import_viem.getAddress)(tokenAddress) : void 0,
-      createdAt: now,
-      expiresAt: now + durationMs,
-      status: "PENDING"
-    });
-    return lockId;
-  }
-  async resolveCreditByBurnTx(lockId, txHash) {
-    const credit = this.pendingCredits.get(lockId);
-    if (!credit) {
-      throw new Error(
-        `MemoryPointLedger: unknown pending credit lockId ${lockId}`
-      );
-    }
-    if (credit.status === "RESOLVED") {
-      if (credit.txHash === txHash) return;
-      throw new Error(
-        `MemoryPointLedger: credit ${lockId} already resolved with a different txHash`
-      );
-    }
-    const token = normalizeToken(credit.tokenAddress);
-    const key = balanceKey(credit.userAddress, token);
-    const current = this.balances.get(key) ?? 0n;
-    this.balances.set(key, current + credit.amount);
-    credit.status = "RESOLVED";
-    credit.txHash = txHash;
-  }
-  // -------------------------------------------------------------------------
-  // Internal helpers
-  // -------------------------------------------------------------------------
-  /**
-   * Auto-expire any PENDING lock past its expiry. Called lazily on every
-   * read/write so the in-memory state stays self-cleaning without a timer.
-   */
-  purgeExpired() {
-    const now = this.now();
-    for (const lock of this.locks.values()) {
-      if (lock.status === "PENDING" && lock.expiresAt <= now) {
-        lock.status = "EXPIRED";
-      }
-    }
-  }
-  lockedTotalFor(userAddress, tokenKey) {
-    let total = 0n;
-    for (const lock of this.locks.values()) {
-      if (lock.userAddress === userAddress && lock.status === "PENDING" && (lock.tokenAddress ?? DEFAULT_TOKEN_KEY) === tokenKey) {
-        total += lock.amount;
-      }
-    }
-    return total;
-  }
-};
-var DEFAULT_TOKEN_KEY = "default";
-function normalizeToken(tokenAddress) {
-  return tokenAddress === void 0 ? DEFAULT_TOKEN_KEY : (0, import_viem.getAddress)(tokenAddress);
-}
-function balanceKey(user, tokenKey) {
-  return `${user}|${tokenKey}`;
-}
 // src/policy/defaultPolicy.ts
 var DefaultPolicyEngine = class {
   ledger;
@@ -261,6 +62,13 @@ var DefaultPolicyEngine = class {
     }
     if (opts.verifyMintCap) this.verifyMintCap = opts.verifyMintCap;
     if (opts.resolveIssuer) this.resolveIssuer = opts.resolveIssuer;
+    if (!opts.mintingOracleAddress || !opts.provider || !opts.verifyMintCap || !opts.resolveIssuer) {
+      if (process.env.NODE_ENV === "production") {
+        throw new Error(
+          "[PAFI] DefaultPolicyEngine: on-chain MintingOracle cap check is required in production. Configure mintingOracleAddress, provider, verifyMintCap, and resolveIssuer."
+        );
+      }
+    }
   }
   async evaluate(request) {
     if (request.amount <= 0n) {
@@ -297,32 +105,9 @@ var DefaultPolicyEngine = class {
   }
 };
-// src/signer/privateKeySigner.ts
-var import_viem2 = require("viem");
-var import_accounts = require("viem/accounts");
-var import_core = require("@pafi-dev/core");
-var PrivateKeySigner = class {
-  account;
-  walletClient;
-  constructor(opts) {
-    this.account = (0, import_accounts.privateKeyToAccount)(opts.privateKey);
-    this.walletClient = (0, import_viem2.createWalletClient)({
-      account: this.account,
-      chain: opts.chain,
-      transport: (0, import_viem2.http)(opts.rpcUrl)
-    });
-  }
-  async signMintRequest(domain, message) {
-    return (0, import_core.signMintRequest)(this.walletClient, domain, message);
-  }
-  async getAddress() {
-    return this.account.address;
-  }
-};
 // src/auth/memorySessionStore.ts
 var import_node_crypto = require("crypto");
-var import_viem3 = require("viem");
+var import_viem = require("viem");
 var DEFAULT_NONCE_TTL_MS = 5 * 60 * 1e3;
 var MemorySessionStore = class {
   nonces = /* @__PURE__ */ new Map();
@@ -332,6 +117,11 @@ var MemorySessionStore = class {
   nonceTtlMs;
   now;
   constructor(opts = {}) {
+    if (process.env.NODE_ENV === "production") {
+      console.error(
+        "[PAFI] MemorySessionStore is not safe for multi-process/K8s deployments. Session revocations are NOT propagated across pods. Use a Redis-backed session store in production."
+      );
+    }
     this.nonceTtlMs = opts.nonceTtlMs ?? DEFAULT_NONCE_TTL_MS;
     this.now = opts.now ?? (() => Date.now());
   }
@@ -358,7 +148,7 @@ var MemorySessionStore = class {
     this.purgeExpiredSessions();
     const normalized = {
       ...session,
-      userAddress: (0, import_viem3.getAddress)(session.userAddress)
+      userAddress: (0, import_viem.getAddress)(session.userAddress)
     };
     this.sessions.set(session.tokenId, normalized);
   }
@@ -376,7 +166,7 @@ var MemorySessionStore = class {
     this.sessions.delete(tokenId);
   }
   async revokeAllSessions(userAddress) {
-    const key = (0, import_viem3.getAddress)(userAddress);
+    const key = (0, import_viem.getAddress)(userAddress);
     for (const [tokenId, session] of this.sessions.entries()) {
       if (session.userAddress === key) {
         this.sessions.delete(tokenId);
@@ -422,8 +212,8 @@ var NonceManager = class {
 // src/auth/loginVerifier.ts
 var import_node_crypto2 = require("crypto");
 var import_jose = require("jose");
-var import_viem4 = require("viem");
-var import_core2 = require("@pafi-dev/core");
+var import_viem2 = require("viem");
+var import_core = require("@pafi-dev/core");
 // src/auth/errors.ts
 var AuthError = class extends Error {
@@ -446,8 +236,8 @@ var AuthService = class {
   nonceManager;
   now;
   constructor(config) {
-    if (!config.jwtSecret || config.jwtSecret.length < 16) {
-      throw new Error("AuthService: jwtSecret must be at least 16 chars");
+    if (!config.jwtSecret || config.jwtSecret.length < 32) {
+      throw new Error("AuthService: jwtSecret must be at least 32 characters for HS256 security");
     }
     this.sessionStore = config.sessionStore;
     this.jwtSecret = new TextEncoder().encode(config.jwtSecret);
@@ -471,11 +261,17 @@ var AuthService = class {
   async login(message, signature) {
     let parsed;
     try {
-      parsed = (0, import_core2.parseLoginMessage)(message);
+      parsed = (0, import_core.parseLoginMessage)(message);
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
       throw new AuthError("INVALID_MESSAGE", `Could not parse login message: ${msg}`);
     }
+    if (parsed.expirationTime == null) {
+      throw new AuthError(
+        "INVALID_MESSAGE",
+        "login message must include expirationTime"
+      );
+    }
     if (parsed.domain !== this.domain) {
       throw new AuthError(
         "DOMAIN_MISMATCH",
@@ -498,7 +294,7 @@ var AuthService = class {
     if (parsed.expirationTime && parsed.expirationTime.getTime() <= now.getTime()) {
       throw new AuthError("MESSAGE_EXPIRED", "Login message has expired");
     }
-    const verifyResult = await (0, import_core2.verifyLoginMessage)(message, signature);
+    const verifyResult = await (0, import_core.verifyLoginMessage)(message, signature);
     if (!verifyResult.valid) {
       throw new AuthError(
         "SIGNATURE_INVALID",
@@ -512,7 +308,7 @@ var AuthService = class {
         "Nonce is unknown, expired, or already used"
       );
     }
-    const userAddress = (0, import_viem4.getAddress)(verifyResult.address);
+    const userAddress = (0, import_viem2.getAddress)(verifyResult.address);
     const tokenId = (0, import_node_crypto2.randomBytes)(16).toString("hex");
     const issuedAt = now;
     const expiresAt = parseExpiry(issuedAt, this.jwtExpiresIn);
@@ -540,7 +336,11 @@ var AuthService = class {
       if (payload.jti) {
         await this.sessionStore.revokeSession(payload.jti);
       }
-    } catch {
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      if (!msg.includes("not found") && !msg.includes("expired")) {
+        console.error("[PAFI] AuthService logout: session store error", err);
+      }
     }
   }
   /**
@@ -579,7 +379,7 @@ var AuthService = class {
       throw new AuthError("TOKEN_INVALID", "JWT payload is malformed");
     }
     return {
-      userAddress: (0, import_viem4.getAddress)(userAddress),
+      userAddress: (0, import_viem2.getAddress)(userAddress),
       chainId,
       tokenId
     };
@@ -630,8 +430,8 @@ var RelayError = class extends Error {
 };
 // src/relay/relayService.ts
-var import_viem5 = require("viem");
-var import_core3 = require("@pafi-dev/core");
+var import_viem3 = require("viem");
+var import_core2 = require("@pafi-dev/core");
 var RelayService = class {
   /**
    * Build an unsigned UserOp for Scenario 1 (Mint) — sig-gated
@@ -665,9 +465,20 @@ var RelayService = class {
     if (params.deadline <= 0n) {
       throw new RelayError("ENCODE_FAILED", "prepareMint: deadline must be positive");
     }
+    const nowSecs = BigInt(Math.floor(Date.now() / 1e3));
+    if (params.deadline <= nowSecs) {
+      throw new RelayError("ENCODE_FAILED", "prepareMint: deadline is in the past");
+    }
+    const MAX_DEADLINE_WINDOW = 3600n;
+    if (params.deadline > nowSecs + MAX_DEADLINE_WINDOW) {
+      throw new RelayError(
+        "ENCODE_FAILED",
+        "prepareMint: deadline exceeds maximum allowed window (1 hour)"
+      );
+    }
     let minterSig;
     try {
-      const sig = await (0, import_core3.signMintRequest)(
+      const sig = await (0, import_core2.signMintRequest)(
         params.issuerSignerWallet,
         params.domain,
         {
@@ -687,8 +498,8 @@ var RelayService = class {
     }
     let mintCallData;
     try {
-      mintCallData = (0, import_viem5.encodeFunctionData)({
-        abi: import_core3.POINT_TOKEN_V2_ABI,
+      mintCallData = (0, import_viem3.encodeFunctionData)({
+        abi: import_core2.POINT_TOKEN_V2_ABI,
         functionName: "mint",
         args: [params.userAddress, params.amount, params.deadline, minterSig]
       });
@@ -713,17 +524,23 @@ var RelayService = class {
           "prepareMint: feeRecipient required when feeAmount > 0"
         );
       }
+      if (params.feeRecipient === "0x0000000000000000000000000000000000000000") {
+        throw new RelayError(
+          "ENCODE_FAILED",
+          "prepareMint: feeRecipient must not be zero address"
+        );
+      }
       operations.push({
         target: params.pointTokenAddress,
         value: 0n,
-        data: (0, import_viem5.encodeFunctionData)({
-          abi: import_viem5.erc20Abi,
+        data: (0, import_viem3.encodeFunctionData)({
+          abi: import_viem3.erc20Abi,
           functionName: "transfer",
           args: [params.feeRecipient, params.feeAmount]
         })
       });
     }
-    return (0, import_core3.buildPartialUserOperation)({
+    return (0, import_core2.buildPartialUserOperation)({
       sender: params.userAddress,
       nonce: params.aaNonce,
       operations,
@@ -761,8 +578,8 @@ var RelayService = class {
         if (!params.burnRequest || !params.burnerSignature) {
           throw new Error("burnWithSig requires burnRequest + burnerSignature");
         }
-        burnCallData = (0, import_viem5.encodeFunctionData)({
-          abi: import_core3.POINT_TOKEN_V2_ABI,
+        burnCallData = (0, import_viem3.encodeFunctionData)({
+          abi: import_core2.POINT_TOKEN_V2_ABI,
           functionName: "burn",
           args: [
             params.burnRequest.from,
@@ -772,8 +589,8 @@ var RelayService = class {
           ]
         });
       } else {
-        burnCallData = (0, import_viem5.encodeFunctionData)({
-          abi: import_core3.POINT_TOKEN_V2_ABI,
+        burnCallData = (0, import_viem3.encodeFunctionData)({
+          abi: import_core2.POINT_TOKEN_V2_ABI,
           functionName: "burn",
           args: [params.userAddress, params.amount]
         });
@@ -792,7 +609,7 @@ var RelayService = class {
         data: burnCallData
       }
     ];
-    return (0, import_core3.buildPartialUserOperation)({
+    return (0, import_core2.buildPartialUserOperation)({
       sender: params.userAddress,
       nonce: params.aaNonce,
       operations,
@@ -811,11 +628,14 @@ function errorMessage(err) {
 // src/relay/feeManager.ts
 var DEFAULT_GAS_UNITS = 500000n;
 var DEFAULT_PREMIUM_BPS = 12e3;
-var FeeManager = class {
+var FeeManager = class _FeeManager {
   provider;
   gasUnits;
   gasPremiumBps;
   quoteNativeToFee;
+  cachedFee = null;
+  cacheExpiresAt = 0;
+  static CACHE_TTL_MS = 1e4;
   constructor(config) {
     if (!config.provider) throw new Error("FeeManager: provider required");
     if (!config.quoteNativeToFee)
@@ -838,10 +658,17 @@ var FeeManager = class {
    * currency depends on how the caller wired `quoteNativeToFee`.
    */
   async estimateGasFee() {
+    const now = Date.now();
+    if (this.cachedFee !== null && now < this.cacheExpiresAt) {
+      return this.cachedFee;
+    }
     const gasPrice = await this.provider.getGasPrice();
     const nativeCost = gasPrice * this.gasUnits;
     const withPremium = nativeCost * BigInt(this.gasPremiumBps) / 10000n;
-    return this.quoteNativeToFee(withPremium);
+    const fee = await this.quoteNativeToFee(withPremium);
+    this.cachedFee = fee;
+    this.cacheExpiresAt = now + _FeeManager.CACHE_TTL_MS;
+    return fee;
   }
 };
@@ -857,8 +684,8 @@ var InMemoryCursorStore = class {
 };
 // src/indexer/pointIndexer.ts
-var import_viem6 = require("viem");
-var TRANSFER_EVENT = (0, import_viem6.parseAbiItem)(
+var import_viem4 = require("viem");
+var TRANSFER_EVENT = (0, import_viem4.parseAbiItem)(
   "event Transfer(address indexed from, address indexed to, uint256 value)"
 );
 var ZERO_ADDRESS = "0x0000000000000000000000000000000000000000";
@@ -928,7 +755,8 @@ var PointIndexer = class {
         return;
       }
       await this.processBlockRange(from, safeHead);
-    } catch {
+    } catch (err) {
+      console.error("[PAFI] PointIndexer tick error:", err);
     }
     this.scheduleNext();
   }
@@ -978,10 +806,10 @@ var PointIndexer = class {
     for (const log of logs) {
       const args = log.args;
       if (!args.from || !args.to || args.value === void 0) continue;
-      if ((0, import_viem6.getAddress)(args.from) !== ZERO_ADDRESS) continue;
+      if ((0, import_viem4.getAddress)(args.from) !== ZERO_ADDRESS) continue;
       if (log.blockNumber === null || log.transactionHash === null) continue;
       out.push({
-        to: (0, import_viem6.getAddress)(args.to),
+        to: (0, import_viem4.getAddress)(args.to),
         amount: args.value,
         blockNumber: log.blockNumber,
         txHash: log.transactionHash,
@@ -1037,8 +865,8 @@ function pickMatchingLock(locks, amount) {
 }
 // src/indexer/burnIndexer.ts
-var import_viem7 = require("viem");
-var TRANSFER_EVENT2 = (0, import_viem7.parseAbiItem)(
+var import_viem5 = require("viem");
+var TRANSFER_EVENT2 = (0, import_viem5.parseAbiItem)(
   "event Transfer(address indexed from, address indexed to, uint256 value)"
 );
 var ZERO_ADDRESS2 = "0x0000000000000000000000000000000000000000";
@@ -1054,18 +882,7 @@ var BurnIndexer = class {
   confirmations;
   batchSize;
   pollIntervalMs;
-  /**
-   * Caller-supplied matcher. Return the lockId to resolve for a given
-   * burn event, or `undefined` to skip. Runs synchronously via the
-   * ledger's query path.
-   *
-   * Default: try `ledger.resolveCreditByBurnTx` keyed on a synthetic
-   * lock id `burn-${from}-${amount}` — the in-memory ledger assigns
-   * incrementing IDs so callers with the memory ledger must provide a
-   * custom matcher. Real DB-backed ledgers override this to JOIN on
-   * their `pending_credits` table.
-   */
-  matchLockId = async () => void 0;
+  matchLockId;
   running = false;
   timer;
   constructor(config) {
@@ -1083,6 +900,12 @@ var BurnIndexer = class {
     );
     this.batchSize = BigInt(config.batchSize ?? Number(DEFAULT_BATCH_SIZE2));
     this.pollIntervalMs = config.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS2;
+    if (!config.matchLockId) {
+      throw new Error(
+        "BurnIndexer: matchLockId is required. Provide a function that maps a burn event to its pending credit lockId. Without it, no on-chain burns will ever grant off-chain credits."
+      );
+    }
+    this.matchLockId = config.matchLockId;
   }
   start() {
     if (this.running) return;
@@ -1112,7 +935,8 @@ var BurnIndexer = class {
         return;
       }
       await this.processBlockRange(from, safeHead);
-    } catch {
+    } catch (err) {
+      console.error("[PAFI] BurnIndexer tick error:", err);
     }
     this.scheduleNext();
   }
@@ -1157,10 +981,10 @@ var BurnIndexer = class {
     for (const log of logs) {
       const args = log.args;
       if (!args.from || !args.to || args.value === void 0) continue;
-      if ((0, import_viem7.getAddress)(args.to) !== ZERO_ADDRESS2) continue;
+      if ((0, import_viem5.getAddress)(args.to) !== ZERO_ADDRESS2) continue;
       if (log.blockNumber === null || log.transactionHash === null) continue;
       out.push({
-        from: (0, import_viem7.getAddress)(args.from),
+        from: (0, import_viem5.getAddress)(args.from),
         amount: args.value,
         blockNumber: log.blockNumber,
         txHash: log.transactionHash,
@@ -1175,21 +999,28 @@ var BurnIndexer = class {
    * log + skip.
    */
   async finalize(evt) {
+    const txHash = evt.txHash;
     const lockId = await this.matchLockId(evt);
-    if (!lockId) return;
+    if (lockId === void 0) {
+      console.warn(
+        "[PAFI] BurnIndexer: matchLockId returned undefined for burn tx " + txHash + ". This burn will NOT be credited. Implement matchLockId to map burn events to lock IDs."
+      );
+      return;
+    }
     if (!this.ledger.resolveCreditByBurnTx) {
       return;
     }
     try {
       await this.ledger.resolveCreditByBurnTx(lockId, evt.txHash);
-    } catch {
+    } catch (err) {
+      console.error("[PAFI] BurnIndexer finalize error \u2014 credit may be lost:", err);
     }
   }
 };
 // src/api/handlers.ts
-var import_viem8 = require("viem");
-var import_core4 = require("@pafi-dev/core");
+var import_viem6 = require("viem");
+var import_core3 = require("@pafi-dev/core");
 var IssuerApiHandlers = class {
   authService;
   ledger;
@@ -1199,15 +1030,12 @@ var IssuerApiHandlers = class {
    * validate the request's `pointTokenAddress` against this set.
    */
   supportedTokens;
-  /** First supported token — used as default when a handler doesn't
-   * receive a `pointTokenAddress` in the request (shouldn't happen in
-   * practice, but keeps type-narrowing happy). */
-  defaultToken;
   chainId;
   contracts;
   pafiWebUrl;
   feeManager;
   poolsProvider;
+  claim;
   constructor(config) {
     this.authService = config.authService;
     this.ledger = config.ledger;
@@ -1218,14 +1046,14 @@ var IssuerApiHandlers = class {
         "IssuerApiHandlers: pointTokenAddress or pointTokenAddresses required"
       );
     }
-    const normalized = raw.map((a) => (0, import_viem8.getAddress)(a));
+    const normalized = raw.map((a) => (0, import_viem6.getAddress)(a));
     this.supportedTokens = new Set(normalized);
-    this.defaultToken = normalized[0];
     this.chainId = config.chainId;
     this.contracts = config.contracts;
     if (config.pafiWebUrl) this.pafiWebUrl = config.pafiWebUrl;
     if (config.feeManager) this.feeManager = config.feeManager;
     if (config.poolsProvider) this.poolsProvider = config.poolsProvider;
+    if (config.claim) this.claim = config.claim;
   }
   // =========================================================================
   // Public handlers (no auth required)
@@ -1240,6 +1068,12 @@ var IssuerApiHandlers = class {
     if (!body || typeof body.message !== "string" || body.message.length === 0 || typeof body.signature !== "string" || body.signature.length <= 2) {
       throw new Error("handleLogin: message and signature are required");
     }
+    if (body.message.length > 4096) {
+      throw new Error("message too long");
+    }
+    if (body.signature.length > 260) {
+      throw new Error("signature too long");
+    }
     const result = await this.authService.login(body.message, body.signature);
     return {
       token: result.token,
@@ -1254,9 +1088,12 @@ var IssuerApiHandlers = class {
    * needs to build EIP-712 messages and interact with on-chain.
    */
   async handleConfig(chainId) {
+    if (!Number.isInteger(chainId) || chainId <= 0) {
+      throw new Error("invalid chainId");
+    }
     if (chainId !== this.chainId) {
       throw new Error(
-        `handleConfig: unsupported chainId ${chainId}, issuer is configured for ${this.chainId}`
+        `handleConfig: unsupported chainId ${chainId}`
       );
     }
     const contracts = {
@@ -1319,25 +1156,25 @@ var IssuerApiHandlers = class {
         `handleUser: unsupported chainId ${request.chainId}`
       );
     }
-    const normalizedAuthed = (0, import_viem8.getAddress)(userAddress);
-    const normalizedRequest = (0, import_viem8.getAddress)(request.userAddress);
+    const normalizedAuthed = (0, import_viem6.getAddress)(userAddress);
+    const normalizedRequest = (0, import_viem6.getAddress)(request.userAddress);
     if (normalizedAuthed !== normalizedRequest) {
       throw new Error(
         "handleUser: request userAddress must match authenticated user"
       );
     }
-    const pointToken = (0, import_viem8.getAddress)(request.pointTokenAddress);
+    const pointToken = (0, import_viem6.getAddress)(request.pointTokenAddress);
     if (!this.supportedTokens.has(pointToken)) {
       throw new Error(
         `handleUser: unsupported pointToken ${pointToken}`
       );
     }
     const [mintRequestNonce, receiverConsentNonce, offChainBalance, onChainBalance, minter] = await Promise.all([
-      (0, import_core4.getMintRequestNonce)(this.provider, pointToken, normalizedAuthed),
-      (0, import_core4.getReceiverConsentNonce)(this.provider, pointToken, normalizedAuthed),
+      (0, import_core3.getMintRequestNonce)(this.provider, pointToken, normalizedAuthed),
+      (0, import_core3.getReceiverConsentNonce)(this.provider, pointToken, normalizedAuthed),
       this.ledger.getBalance(normalizedAuthed, pointToken),
-      (0, import_core4.getPointTokenBalance)(this.provider, pointToken, normalizedAuthed),
-      (0, import_core4.isMinter)(this.provider, pointToken, normalizedAuthed)
+      (0, import_core3.getPointTokenBalance)(this.provider, pointToken, normalizedAuthed),
+      (0, import_core3.isMinter)(this.provider, pointToken, normalizedAuthed)
     ]);
     return {
       mintRequestNonce,
@@ -1369,19 +1206,32 @@ var IssuerApiHandlers = class {
         `handleBuildConsentTypedData: unsupported chainId ${request.chainId}`
       );
     }
-    const pointToken = (0, import_viem8.getAddress)(request.pointTokenAddress);
+    const pointToken = (0, import_viem6.getAddress)(request.pointTokenAddress);
     if (!this.supportedTokens.has(pointToken)) {
       throw new Error(
         `handleBuildConsentTypedData: unsupported pointToken ${pointToken}`
       );
     }
-    const name = await (0, import_core4.getTokenName)(this.provider, pointToken);
+    const consent = request.receiverConsent;
+    if ((0, import_viem6.getAddress)(consent.originalReceiver) !== (0, import_viem6.getAddress)(userAddress)) {
+      throw new Error(
+        "handleBuildConsentTypedData: receiverConsent.originalReceiver must match authenticated user"
+      );
+    }
+    if (consent.amount <= 0n) {
+      throw new Error("handleBuildConsentTypedData: amount must be positive");
+    }
+    const nowSecs = BigInt(Math.floor(Date.now() / 1e3));
+    if (consent.deadline <= nowSecs) {
+      throw new Error("handleBuildConsentTypedData: deadline is in the past");
+    }
+    const name = await (0, import_core3.getTokenName)(this.provider, pointToken);
     const domain = {
       name,
       verifyingContract: pointToken,
       chainId: this.chainId
     };
-    const typedData = (0, import_core4.buildReceiverConsentTypedData)(domain, request.receiverConsent);
+    const typedData = (0, import_core3.buildReceiverConsentTypedData)(domain, consent);
     return {
       typedData: {
         domain: typedData.domain,
@@ -1391,11 +1241,96 @@ var IssuerApiHandlers = class {
       }
     };
   }
+  /**
+   * `POST /claim`
+   *
+   * Policy gate + ledger lock + MintRequest signing in a single atomic
+   * step. Returns an unsigned UserOp the frontend attaches paymaster data
+   * to and submits via EIP-7702 + Bundler.
+   *
+   * Order of operations:
+   *   1. Validate request fields.
+   *   2. policy.evaluate() — throws if denied; cannot be bypassed.
+   *   3. ledger.lockForMinting() — reserves the balance.
+   *   4. Read on-chain mintRequestNonce + token name in parallel.
+   *   5. relayService.prepareMint() — sign MintRequest + encode UserOp.
+   *   6. On any error after step 3, release the lock before re-throwing.
+   */
+  async handleClaim(userAddress, request) {
+    if (!this.claim) {
+      throw new Error("handleClaim: claim is not configured on this issuer");
+    }
+    if (request.chainId !== this.chainId) {
+      throw new Error(`handleClaim: unsupported chainId ${request.chainId}`);
+    }
+    const pointToken = (0, import_viem6.getAddress)(request.pointTokenAddress);
+    if (!this.supportedTokens.has(pointToken)) {
+      throw new Error(`handleClaim: unsupported pointToken ${pointToken}`);
+    }
+    if (request.amount <= 0n) {
+      throw new Error("handleClaim: amount must be positive");
+    }
+    const nowSecs = BigInt(Math.floor(Date.now() / 1e3));
+    if (request.deadline <= nowSecs) {
+      throw new Error("handleClaim: deadline is in the past");
+    }
+    const { policy, relayService, issuerSignerWallet, batchExecutorAddress } = this.claim;
+    const lockDurationMs = this.claim.lockDurationMs ?? 15 * 60 * 1e3;
+    const normalizedUser = (0, import_viem6.getAddress)(userAddress);
+    const decision = await policy.evaluate({
+      userAddress: normalizedUser,
+      amount: request.amount,
+      pointTokenAddress: pointToken,
+      chainId: this.chainId
+    });
+    if (!decision.approved) {
+      throw new Error(`handleClaim: policy denied \u2014 ${decision.reason ?? "no reason given"}`);
+    }
+    const lockId = await this.ledger.lockForMinting(
+      normalizedUser,
+      request.amount,
+      lockDurationMs,
+      pointToken
+    );
+    try {
+      const [mintRequestNonce, tokenName] = await Promise.all([
+        (0, import_core3.getMintRequestNonce)(this.provider, pointToken, normalizedUser),
+        (0, import_core3.getTokenName)(this.provider, pointToken)
+      ]);
+      const domain = {
+        name: tokenName,
+        verifyingContract: pointToken,
+        chainId: this.chainId
+      };
+      const userOp = await relayService.prepareMint({
+        userAddress: normalizedUser,
+        aaNonce: request.aaNonce,
+        batchExecutorAddress,
+        pointTokenAddress: pointToken,
+        amount: request.amount,
+        issuerSignerWallet,
+        domain,
+        mintRequestNonce,
+        deadline: request.deadline,
+        feeAmount: request.feeAmount,
+        feeRecipient: request.feeRecipient
+      });
+      return {
+        lockId,
+        userOp,
+        expiresInSeconds: Math.floor(lockDurationMs / 1e3)
+      };
+    } catch (err) {
+      await this.ledger.releaseLock(lockId).catch(() => {
+      });
+      throw err;
+    }
+  }
 };
 // src/api/handlers/ptRedeemHandler.ts
-var import_viem9 = require("viem");
-var import_core5 = require("@pafi-dev/core");
+var import_viem7 = require("viem");
+var import_core4 = require("@pafi-dev/core");
 var DEFAULT_REDEEM_LOCK_MS = 15 * 60 * 1e3;
 var DEFAULT_SIG_DEADLINE_SEC = 15 * 60;
 var PTRedeemError = class extends Error {
@@ -1434,16 +1369,25 @@ var PTRedeemHandler = class {
     this.ledger = config.ledger;
     this.relayService = config.relayService;
     this.provider = config.provider;
-    this.pointTokenAddress = (0, import_viem9.getAddress)(config.pointTokenAddress);
-    this.batchExecutorAddress = (0, import_viem9.getAddress)(config.batchExecutorAddress);
+    this.pointTokenAddress = (0, import_viem7.getAddress)(config.pointTokenAddress);
+    this.batchExecutorAddress = (0, import_viem7.getAddress)(config.batchExecutorAddress);
     this.chainId = config.chainId;
     this.domain = config.domain;
     this.burnerSignerWallet = config.burnerSignerWallet;
+    if (this.burnerSignerWallet?.account?.type === "local") {
+      console.warn("[PAFI] PTRedeemHandler: burnerSignerWallet uses a local (private key) account. Use a KMS-backed signer in production.");
+    }
     this.redeemLockDurationMs = config.redeemLockDurationMs ?? DEFAULT_REDEEM_LOCK_MS;
     this.signatureDeadlineSeconds = config.signatureDeadlineSeconds ?? DEFAULT_SIG_DEADLINE_SEC;
     this.now = config.now ?? (() => Date.now());
   }
   async handle(request) {
+    if ((0, import_viem7.getAddress)(request.authenticatedAddress) !== (0, import_viem7.getAddress)(request.userAddress)) {
+      throw new PTRedeemError(
+        "UNAUTHORIZED",
+        `userAddress (${request.userAddress}) does not match authenticated session (${request.authenticatedAddress})`
+      );
+    }
     if (request.amount <= 0n) {
       throw new PTRedeemError("INVALID_AMOUNT", "redeem amount must be positive");
     }
@@ -1451,7 +1395,7 @@ var PTRedeemHandler = class {
     try {
       burnNonce = await this.provider.readContract({
         address: this.pointTokenAddress,
-        abi: import_core5.POINT_TOKEN_V2_ABI,
+        abi: import_core4.POINT_TOKEN_V2_ABI,
         functionName: "burnRequestNonces",
         args: [request.userAddress]
       });
@@ -1461,6 +1405,17 @@ var PTRedeemHandler = class {
         `failed to read burnRequestNonces(${request.userAddress}): ${err instanceof Error ? err.message : String(err)}`
       );
     }
+    const onChainBalance = await (0, import_core4.getPointTokenBalance)(
+      this.provider,
+      this.pointTokenAddress,
+      request.userAddress
+    );
+    if (onChainBalance < request.amount) {
+      throw new PTRedeemError(
+        "INVALID_AMOUNT",
+        `insufficient on-chain PT balance: have ${onChainBalance}, need ${request.amount}`
+      );
+    }
     const deadline = BigInt(
       Math.floor(this.now() / 1e3) + this.signatureDeadlineSeconds
     );
@@ -1477,7 +1432,7 @@ var PTRedeemHandler = class {
     };
     let burnerSignature;
     try {
-      const sig = await (0, import_core5.signBurnRequest)(
+      const sig = await (0, import_core4.signBurnRequest)(
         this.burnerSignerWallet,
         domain,
         burnRequest
@@ -1514,8 +1469,8 @@ var PTRedeemHandler = class {
 };
 // src/api/handlers/topUpRedemptionHandler.ts
-var import_viem10 = require("viem");
-var import_core6 = require("@pafi-dev/core");
+var import_viem8 = require("viem");
+var import_core5 = require("@pafi-dev/core");
 var TopUpRedemptionError = class extends Error {
   constructor(code, message) {
     super(message);
@@ -1533,9 +1488,15 @@ var TopUpRedemptionHandler = class {
     this.ledger = config.ledger;
     this.ptRedeemHandler = config.ptRedeemHandler;
     this.provider = config.provider;
-    this.pointTokenAddress = (0, import_viem10.getAddress)(config.pointTokenAddress);
+    this.pointTokenAddress = (0, import_viem8.getAddress)(config.pointTokenAddress);
   }
   async handle(request) {
+    if ((0, import_viem8.getAddress)(request.authenticatedAddress) !== (0, import_viem8.getAddress)(request.userAddress)) {
+      throw new TopUpRedemptionError(
+        "UNAUTHORIZED",
+        `userAddress (${request.userAddress}) does not match authenticated session (${request.authenticatedAddress})`
+      );
+    }
     const offChainBalance = await this.ledger.getBalance(
       request.userAddress,
       this.pointTokenAddress
@@ -1544,7 +1505,7 @@ var TopUpRedemptionHandler = class {
       return { action: "NO_TOP_UP_NEEDED", offChainBalance };
     }
     const shortfall = request.requiredAmount - offChainBalance;
-    const onChainBalance = await (0, import_core6.getPointTokenBalance)(
+    const onChainBalance = await (0, import_core5.getPointTokenBalance)(
       this.provider,
       this.pointTokenAddress,
       request.userAddress
@@ -1558,6 +1519,7 @@ var TopUpRedemptionHandler = class {
       };
     }
     const redeem = await this.ptRedeemHandler.handle({
+      authenticatedAddress: request.authenticatedAddress,
       userAddress: request.userAddress,
       amount: shortfall,
       aaNonce: request.aaNonce
@@ -1571,6 +1533,7 @@ var TopUpRedemptionHandler = class {
 };
 // src/pools/subgraphPoolsProvider.ts
+var import_viem9 = require("viem");
 var DEFAULT_CACHE_TTL_MS = 3e4;
 var POOL_QUERY = `
   query GetPoolForPointToken($id: ID!) {
@@ -1593,6 +1556,19 @@ function createSubgraphPoolsProvider(config) {
       "createSubgraphPoolsProvider: subgraphUrl is required"
     );
   }
+  try {
+    const parsed = new URL(config.subgraphUrl);
+    if (process.env.NODE_ENV === "production" && parsed.protocol !== "https:") {
+      throw new Error("subgraphUrl must use HTTPS in production");
+    }
+  } catch (err) {
+    if (err instanceof TypeError) {
+      throw new Error(
+        `subgraphPoolsProvider: invalid subgraphUrl: ${config.subgraphUrl}`
+      );
+    }
+    throw err;
+  }
   const cacheTtl = config.cacheTtlMs ?? DEFAULT_CACHE_TTL_MS;
   const fetchImpl = config.fetchImpl ?? globalThis.fetch;
   const now = config.now ?? (() => Date.now());
@@ -1661,6 +1637,26 @@ async function fetchPoolsFromSubgraph(fetchImpl, subgraphUrl, pointTokenAddress)
     return [];
   }
   const { pool } = token;
+  if (!(0, import_viem9.isAddress)(pool.hooks)) {
+    console.error(
+      "[PAFI] SubgraphPoolsProvider: invalid hooks address in response:",
+      pool.hooks,
+      "\u2014 skipping pool"
+    );
+    return [];
+  }
+  if (!(0, import_viem9.isAddress)(pool.token0.id) || !(0, import_viem9.isAddress)(pool.token1.id)) {
+    console.error(
+      "[PAFI] SubgraphPoolsProvider: invalid token address in response \u2014 skipping pool"
+    );
+    return [];
+  }
+  if (!Number.isFinite(Number(pool.feeTier)) || !Number.isFinite(Number(pool.tickSpacing))) {
+    console.error(
+      "[PAFI] SubgraphPoolsProvider: invalid feeTier/tickSpacing \u2014 skipping pool"
+    );
+    return [];
+  }
   const [currency0, currency1] = sortCurrencies(
     pool.token0.id,
     pool.token1.id
@@ -1696,6 +1692,19 @@ function createSubgraphNativeUsdtQuoter(config) {
       "createSubgraphNativeUsdtQuoter: subgraphUrl is required"
     );
   }
+  try {
+    const parsed = new URL(config.subgraphUrl);
+    if (process.env.NODE_ENV === "production" && parsed.protocol !== "https:") {
+      throw new Error("subgraphUrl must use HTTPS in production");
+    }
+  } catch (err) {
+    if (err instanceof TypeError) {
+      throw new Error(
+        `subgraphPoolsProvider: invalid subgraphUrl: ${config.subgraphUrl}`
+      );
+    }
+    throw err;
+  }
   const usdtDecimals = config.usdtDecimals ?? DEFAULT_USDT_DECIMALS;
   const nativeDecimals = config.nativeDecimals ?? DEFAULT_NATIVE_DECIMALS;
   const cacheTtl = config.cacheTtlMs ?? DEFAULT_CACHE_TTL_MS2;
@@ -1772,6 +1781,14 @@ async function fetchEthPriceFromSubgraph(fetchImpl, subgraphUrl) {
     );
     return null;
   }
+  const MIN_REASONABLE_ETH_PRICE = 100;
+  const MAX_REASONABLE_ETH_PRICE = 1e5;
+  if (parsed < MIN_REASONABLE_ETH_PRICE || parsed > MAX_REASONABLE_ETH_PRICE) {
+    console.warn(
+      `[PAFI] SubgraphNativeUsdtQuoter: ETH/USD price ${parsed} is outside reasonable range. Using fallback.`
+    );
+    return null;
+  }
   return parsed;
 }
 function toUsdtPerNative(priceFloat, usdtDecimals) {
@@ -1782,7 +1799,7 @@ function toUsdtPerNative(priceFloat, usdtDecimals) {
 }
 // src/balance/balanceAggregator.ts
-var import_core7 = require("@pafi-dev/core");
+var import_core6 = require("@pafi-dev/core");
 var BalanceAggregator = class {
   provider;
   ledger;
@@ -1803,7 +1820,7 @@ var BalanceAggregator = class {
   async getCombinedBalance(user, pointToken) {
     const [offChain, onChain] = await Promise.all([
       this.ledger.getBalance(user, pointToken),
-      (0, import_core7.getPointTokenBalance)(this.provider, pointToken, user)
+      (0, import_core6.getPointTokenBalance)(this.provider, pointToken, user)
     ]);
     return {
       offChain,
@@ -1862,12 +1879,104 @@ var PafiBackendError = class extends Error {
   }
 };
+// src/pafi-backend/client.ts
+function serializeBigInt(_key, value) {
+  return typeof value === "bigint" ? value.toString(10) : value;
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+var PafiBackendClient = class {
+  config;
+  constructor(config) {
+    if (!config.url) throw new Error("PafiBackendClient: url is required");
+    if (!config.issuerId) throw new Error("PafiBackendClient: issuerId is required");
+    this.config = config;
+  }
+  async requestSponsorship(request) {
+    const maxAttempts = this.config.retry?.maxAttempts ?? 1;
+    const initialDelayMs = this.config.retry?.initialDelayMs ?? 100;
+    const maxDelayMs = this.config.retry?.maxDelayMs ?? 1e4;
+    const maxRetryAfterMs = this.config.retry?.maxRetryAfterMs;
+    let lastError;
+    let delay = initialDelayMs;
+    for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+      try {
+        return await this._doRequest(request);
+      } catch (err) {
+        if (!(err instanceof PafiBackendError)) throw err;
+        lastError = err;
+        if (attempt >= maxAttempts) break;
+        if (!err.safeToRetry) break;
+        const retryAfterMs = err.retryAfter !== void 0 ? err.retryAfter * 1e3 : void 0;
+        if (maxRetryAfterMs !== void 0 && retryAfterMs !== void 0 && retryAfterMs > maxRetryAfterMs) {
+          break;
+        }
+        await sleep(retryAfterMs ?? delay);
+        delay = Math.min(delay * 2, maxDelayMs);
+      }
+    }
+    throw lastError;
+  }
+  async _doRequest(request) {
+    const fetchFn = this.config.fetchImpl ?? fetch;
+    const url = `${this.config.url}/paymaster/sponsor`;
+    const body = JSON.stringify(request, serializeBigInt);
+    let response;
+    try {
+      response = await fetchFn(url, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${this.config.apiKey}`,
+          "X-Issuer-Id": this.config.issuerId
+        },
+        body
+      });
+    } catch (err) {
+      throw new PafiBackendError(
+        "NETWORK_ERROR",
+        `Network error: ${err instanceof Error ? err.message : String(err)}`,
+        0
+      );
+    }
+    const text = await response.text();
+    let json = {};
+    try {
+      json = JSON.parse(text);
+    } catch {
+    }
+    if (!response.ok) {
+      const code = json.code ?? "INTERNAL_ERROR";
+      const message = json.message ?? `HTTP ${response.status}`;
+      const retryAfter = typeof json.retryAfter === "number" ? json.retryAfter : void 0;
+      const safeToRetry = typeof json.safeToRetry === "boolean" ? json.safeToRetry : void 0;
+      throw new PafiBackendError(code, message, response.status, json, {
+        retryAfter,
+        safeToRetry
+      });
+    }
+    return {
+      paymaster: json.paymaster,
+      paymasterData: json.paymasterData,
+      paymasterVerificationGasLimit: BigInt(
+        json.paymasterVerificationGasLimit
+      ),
+      paymasterPostOpGasLimit: BigInt(json.paymasterPostOpGasLimit),
+      expiresAt: json.expiresAt
+    };
+  }
+};
 // src/config.ts
-var import_viem11 = require("viem");
+var import_viem10 = require("viem");
 function createIssuerService(config) {
   if (!config.provider) {
     throw new Error("createIssuerService: provider is required");
   }
+  if (!config.ledger) {
+    throw new Error("createIssuerService: ledger is required");
+  }
   if (!config.auth?.jwtSecret) {
     throw new Error("createIssuerService: auth.jwtSecret is required");
   }
@@ -1880,8 +1989,8 @@ function createIssuerService(config) {
       "createIssuerService: at least one of pointTokenAddress / pointTokenAddresses is required"
     );
   }
-  const tokenAddresses = rawAddresses.map((a) => (0, import_viem11.getAddress)(a));
-  const ledger = config.ledger ?? new MemoryPointLedger();
+  const tokenAddresses = rawAddresses.map((a) => (0, import_viem10.getAddress)(a));
+  const ledger = config.ledger;
   const sessionStore = config.sessionStore ?? new MemorySessionStore();
   const policy = config.policy ?? new DefaultPolicyEngine({ ledger });
   const authServiceConfig = {
@@ -1937,6 +2046,15 @@ function createIssuerService(config) {
   };
   if (feeManager) handlersConfig.feeManager = feeManager;
   if (config.poolsProvider) handlersConfig.poolsProvider = config.poolsProvider;
+  if (config.claim) {
+    handlersConfig.claim = {
+      policy,
+      relayService,
+      issuerSignerWallet: config.claim.issuerSignerWallet,
+      batchExecutorAddress: config.claim.batchExecutorAddress,
+      lockDurationMs: config.claim.lockDurationMs
+    };
+  }
   const handlers = new IssuerApiHandlers(handlersConfig);
   if (config.indexer?.autoStart) {
     for (const idx of indexers.values()) {
@@ -1968,15 +2086,14 @@ var PAFI_ISSUER_SDK_VERSION = "0.1.0";
   FeeManager,
   InMemoryCursorStore,
   IssuerApiHandlers,
-  MemoryPointLedger,
   MemorySessionStore,
   NonceManager,
   PAFI_ISSUER_SDK_VERSION,
   PTRedeemError,
   PTRedeemHandler,
+  PafiBackendClient,
   PafiBackendError,
   PointIndexer,
-  PrivateKeySigner,
   RelayError,
   RelayService,
   TopUpRedemptionError,