@pafi-dev/issuer 0.32.0 → 0.33.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.cjs CHANGED
@@ -2646,6 +2646,45 @@ var PTRedeemHandler = class {
2646
2646
  };
2647
2647
 
2648
2648
  // src/api/statusHandlers.ts
2649
+ var DEFAULT_STATUS_CONFIRMATIONS = 3;
2650
+ async function isReceiptPastConfirmations(receipt, provider, confirmations, onWarning, handlerName) {
2651
+ if (!provider) {
2652
+ onWarning?.(
2653
+ `${handlerName}: provider missing \u2014 cannot enforce confirmation depth; deferring receipt fallback to on-chain indexer (audit PACI5-13).`
2654
+ );
2655
+ return false;
2656
+ }
2657
+ if (!receipt.blockNumber) {
2658
+ onWarning?.(
2659
+ `${handlerName}: receipt has no blockNumber \u2014 cannot enforce confirmation depth; deferring to indexer (audit PACI5-13).`
2660
+ );
2661
+ return false;
2662
+ }
2663
+ const requiredConfs = BigInt(confirmations ?? DEFAULT_STATUS_CONFIRMATIONS);
2664
+ let receiptBlock;
2665
+ try {
2666
+ receiptBlock = BigInt(receipt.blockNumber);
2667
+ } catch {
2668
+ onWarning?.(
2669
+ `${handlerName}: malformed receipt blockNumber (${receipt.blockNumber}) \u2014 deferring to indexer (audit PACI5-13).`
2670
+ );
2671
+ return false;
2672
+ }
2673
+ let head;
2674
+ try {
2675
+ head = await provider.getBlockNumber();
2676
+ } catch (err) {
2677
+ onWarning?.(
2678
+ `${handlerName}: getBlockNumber failed (${err instanceof Error ? err.message : String(err)}) \u2014 deferring to indexer (audit PACI5-13).`
2679
+ );
2680
+ return false;
2681
+ }
2682
+ const depth = head - receiptBlock;
2683
+ if (depth < requiredConfs) {
2684
+ return false;
2685
+ }
2686
+ return true;
2687
+ }
2649
2688
  var LockNotFoundError = class extends import_core.PafiSdkError {
2650
2689
  code = "LOCK_NOT_FOUND";
2651
2690
  httpStatus = "not_found";
@@ -2674,6 +2713,23 @@ async function handleClaimStatus(params) {
2674
2713
  lock.userOpHash
2675
2714
  );
2676
2715
  if (receipt) {
2716
+ const passesConfirmationDepth = await isReceiptPastConfirmations(
2717
+ receipt,
2718
+ params.provider,
2719
+ params.confirmations,
2720
+ params.onWarning,
2721
+ "handleClaimStatus"
2722
+ );
2723
+ if (!passesConfirmationDepth) {
2724
+ return {
2725
+ lockId: lock.lockId,
2726
+ status: "PENDING",
2727
+ txHash: lock.txHash ?? null,
2728
+ amount: lock.amount.toString(),
2729
+ createdAt: new Date(lock.createdAt).toISOString(),
2730
+ expiresAt: new Date(lock.expiresAt).toISOString()
2731
+ };
2732
+ }
2677
2733
  if (receipt.success && receipt.txHash) {
2678
2734
  if (!lock.tokenAddress) {
2679
2735
  params.onWarning?.(
@@ -2748,14 +2804,23 @@ async function handleRedeemStatus(params) {
2748
2804
  credit.userOpHash
2749
2805
  );
2750
2806
  if (receipt && receipt.success) {
2751
- status = "RESOLVED";
2752
- txHash = receipt.txHash;
2753
- if (params.ledger.resolveCreditByBurnTx) {
2754
- await params.ledger.resolveCreditByBurnTx(credit.lockId, receipt.txHash).catch((err) => {
2755
- params.onWarning?.(
2756
- `handleRedeemStatus: resolveCreditByBurnTx failed for lock ${credit.lockId}: ${err}`
2757
- );
2758
- });
2807
+ const passesConfirmationDepth = await isReceiptPastConfirmations(
2808
+ receipt,
2809
+ params.provider,
2810
+ params.confirmations,
2811
+ params.onWarning,
2812
+ "handleRedeemStatus"
2813
+ );
2814
+ if (passesConfirmationDepth) {
2815
+ status = "RESOLVED";
2816
+ txHash = receipt.txHash;
2817
+ if (params.ledger.resolveCreditByBurnTx) {
2818
+ await params.ledger.resolveCreditByBurnTx(credit.lockId, receipt.txHash).catch((err) => {
2819
+ params.onWarning?.(
2820
+ `handleRedeemStatus: resolveCreditByBurnTx failed for lock ${credit.lockId}: ${err}`
2821
+ );
2822
+ });
2823
+ }
2759
2824
  }
2760
2825
  }
2761
2826
  } catch (err) {
@@ -3919,6 +3984,9 @@ var IssuerApiAdapter = class {
3919
3984
  userAddress: authenticatedAddress,
3920
3985
  ledger: this.cfg.ledger,
3921
3986
  pafiBackendClient: this.cfg.pafiBackendClient,
3987
+ // Audit PACI5-13 — pass the same provider the indexers use so
3988
+ // the receipt fallback gates on the same reorg depth.
3989
+ provider: this.cfg.provider,
3922
3990
  onWarning: this.cfg.onWarning
3923
3991
  });
3924
3992
  }
@@ -3928,6 +3996,8 @@ var IssuerApiAdapter = class {
3928
3996
  userAddress: authenticatedAddress,
3929
3997
  ledger: this.cfg.ledger,
3930
3998
  pafiBackendClient: this.cfg.pafiBackendClient,
3999
+ // Audit PACI5-13 — see claimStatus comment.
4000
+ provider: this.cfg.provider,
3931
4001
  onWarning: this.cfg.onWarning
3932
4002
  });
3933
4003
  }
@@ -4742,9 +4812,6 @@ var SettlementClient = class {
4742
4812
  if (!config.issuerId) throw new Error("SettlementClient: issuerId is required");
4743
4813
  if (!config.apiKey) throw new Error("SettlementClient: apiKey is required");
4744
4814
  this.config = {
4745
- // Audit PACI5-17 — honor optional baseUrl override wired from
4746
- // an env var (e.g. PAFI_ISSUER_API_URL). Empty / undefined →
4747
- // ship-default for chainId.
4748
4815
  baseUrl: (0, import_core17.getPafiServiceUrls)(config.chainId, {
4749
4816
  issuerApi: config.baseUrl
4750
4817
  }).issuerApi.replace(/\/+$/, ""),
@@ -5337,7 +5404,7 @@ var MemoryRedemptionHistoryStore = class {
5337
5404
  };
5338
5405
 
5339
5406
  // src/index.ts
5340
- var PAFI_ISSUER_SDK_VERSION = true ? "0.32.0" : "dev";
5407
+ var PAFI_ISSUER_SDK_VERSION = true ? "0.33.0" : "dev";
5341
5408
  // Annotate the CommonJS export names for ESM import in node:
5342
5409
  0 && (module.exports = {
5343
5410
  AdapterMisconfiguredError,