@pafi-dev/issuer 0.34.0 → 0.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -1139,9 +1139,9 @@ function createPafiEstimatorClient(config) {
1139
1139
  var InMemoryCursorStore = class _InMemoryCursorStore {
1140
1140
  cursor;
1141
1141
  /**
1142
- * Child stores keyed by `forKey()`. Each child has its own cursor
1143
- * (the H-05 fix), so a single InMemoryCursorStore can back N
1144
- * PointIndexers in tests / single-process callers.
1142
+ * Child stores keyed by `forKey()`. Each child has its own cursor,
1143
+ * so a single InMemoryCursorStore can back N PointIndexers in tests
1144
+ * / single-process callers.
1145
1145
  */
1146
1146
  children = /* @__PURE__ */ new Map();
1147
1147
  async load() {
@@ -2151,7 +2151,7 @@ var PTRedeemHandler = class {
2151
2151
  if (!config.supportedTokens) {
2152
2152
  throw new PTRedeemError(
2153
2153
  "UNSUPPORTED_POINT_TOKEN",
2154
- "PTRedeemHandler requires `supportedTokens` (issuer's allow-listed PointToken contracts). See audit PACI5-18."
2154
+ "PTRedeemHandler requires `supportedTokens` (issuer's allow-listed PointToken contracts)."
2155
2155
  );
2156
2156
  }
2157
2157
  this.supportedTokens = config.supportedTokens;
@@ -2165,7 +2165,7 @@ var PTRedeemHandler = class {
2165
2165
  if (this.signatureDeadlineSeconds * 1e3 > maxAllowedSignatureMs) {
2166
2166
  throw new PTRedeemError(
2167
2167
  "INVALID_AMOUNT",
2168
- `PTRedeemHandler config: signatureDeadlineSeconds (${this.signatureDeadlineSeconds}s) must be at most redeemLockDurationMs - safety margin = ${maxAllowedSignatureMs / 1e3}s (redeemLockDurationMs=${this.redeemLockDurationMs / 1e3}s, safety=${M11_SAFETY_MARGIN_MS / 1e3}s). See audit M-11.`
2168
+ `PTRedeemHandler config: signatureDeadlineSeconds (${this.signatureDeadlineSeconds}s) must be at most redeemLockDurationMs - safety margin = ${maxAllowedSignatureMs / 1e3}s (redeemLockDurationMs=${this.redeemLockDurationMs / 1e3}s, safety=${M11_SAFETY_MARGIN_MS / 1e3}s).`
2169
2169
  );
2170
2170
  }
2171
2171
  if (config.redemptionService) {
@@ -2509,7 +2509,7 @@ async function handleClaimStatus(params) {
2509
2509
  if (receipt.success && receipt.txHash) {
2510
2510
  if (!lock.tokenAddress) {
2511
2511
  params.onWarning?.(
2512
- `handleClaimStatus: lock ${lock.lockId} has no tokenAddress; falling back to status-only flip (PACI5-24 defence degraded). Migrate the ledger to the multi-token schema.`
2512
+ `handleClaimStatus: lock ${lock.lockId} has no tokenAddress; falling back to status-only flip \u2014 atomic debit+flip cannot run on a legacy single-token row. Migrate the ledger to the multi-token schema.`
2513
2513
  );
2514
2514
  await params.ledger.updateMintStatus(lock.lockId, "MINTED", receipt.txHash).catch((err) => {
2515
2515
  params.onWarning?.(
@@ -2763,8 +2763,8 @@ async function prepareMobileUserOp(params) {
2763
2763
  verificationGasLimit: fallback.userOp.verificationGasLimit.toString(),
2764
2764
  preVerificationGas: fallback.userOp.preVerificationGas.toString(),
2765
2765
  userOpHash: fallback.userOpHash,
2766
- // Audit PACI5-21 — carry the fallback-specific lockId so submit
2767
- // can bind the fallback userOpHash to the correct ledger row.
2766
+ // Carry the fallback-specific lockId so submit can bind the
2767
+ // fallback userOpHash to the correct ledger row.
2768
2768
  lockId: params.lockIdFallback
2769
2769
  };
2770
2770
  }
@@ -3041,7 +3041,7 @@ var PTClaimHandler = class {
3041
3041
  if (!config.supportedTokens) {
3042
3042
  throw new PTClaimError(
3043
3043
  "UNSUPPORTED_POINT_TOKEN",
3044
- "PTClaimHandler requires `supportedTokens` (issuer's allow-listed PointToken contracts). See audit PACI5-18."
3044
+ "PTClaimHandler requires `supportedTokens` (issuer's allow-listed PointToken contracts)."
3045
3045
  );
3046
3046
  }
3047
3047
  const lockDurationMs = config.lockDurationMs ?? DEFAULT_LOCK_MS;
@@ -3050,7 +3050,7 @@ var PTClaimHandler = class {
3050
3050
  if (signatureDeadlineSeconds * 1e3 > maxAllowedSignatureMs) {
3051
3051
  throw new PTClaimError(
3052
3052
  "VALIDATION_FAILED",
3053
- `PTClaimHandler config: signatureDeadlineSeconds (${signatureDeadlineSeconds}s) must be at most lockDurationMs - safety margin = ${maxAllowedSignatureMs / 1e3}s (lockDurationMs=${lockDurationMs / 1e3}s, safety=${M11_SAFETY_MARGIN_MS2 / 1e3}s). See audit M-11.`,
3053
+ `PTClaimHandler config: signatureDeadlineSeconds (${signatureDeadlineSeconds}s) must be at most lockDurationMs - safety margin = ${maxAllowedSignatureMs / 1e3}s (lockDurationMs=${lockDurationMs / 1e3}s, safety=${M11_SAFETY_MARGIN_MS2 / 1e3}s).`,
3054
3054
  {
3055
3055
  lockDurationMs,
3056
3056
  signatureDeadlineSeconds,
@@ -3164,6 +3164,13 @@ var PTClaimHandler = class {
3164
3164
  callData: previewUserOp.callData
3165
3165
  }
3166
3166
  }) : 0n;
3167
+ if (feeAmount > 0n && feeAmount >= request.amount) {
3168
+ throw new PTClaimError(
3169
+ "INVALID_AMOUNT",
3170
+ `fee (${feeAmount}) must be strictly less than claim amount (${request.amount})`,
3171
+ { feeAmount: feeAmount.toString(), amount: request.amount.toString() }
3172
+ );
3173
+ }
3167
3174
  const domainName = await this.cfg.domainResolver.resolve(
3168
3175
  request.pointTokenAddress
3169
3176
  );
@@ -4894,7 +4901,7 @@ async function createIssuerService(config) {
4894
4901
  const sharedCursorWithMultipleTokens = baseCursorStore !== void 0 && typeof baseCursorStore.forKey !== "function" && tokenAddresses.length > 1;
4895
4902
  if (sharedCursorWithMultipleTokens) {
4896
4903
  console.warn(
4897
- `[@pafi-dev/issuer] cursorStore lacks forKey() and ${tokenAddresses.length} PointTokens are configured. All PointIndexers will share one cursor row, causing token-skipping (audit finding H-05). Implement IIndexerCursorStore.forKey to return per-token derived stores. This permissive path will be removed in a future major release.`
4904
+ `[@pafi-dev/issuer] cursorStore lacks forKey() and ${tokenAddresses.length} PointTokens are configured. All PointIndexers will share one cursor row, causing token-skipping. Implement IIndexerCursorStore.forKey to return per-token derived stores. This permissive path will be removed in a future major release.`
4898
4905
  );
4899
4906
  }
4900
4907
  const indexers = /* @__PURE__ */ new Map();
@@ -4985,7 +4992,7 @@ async function createIssuerService(config) {
4985
4992
  const lock = config.indexer.singletonLock;
4986
4993
  if (!lock) {
4987
4994
  console.warn(
4988
- "[@pafi-dev/issuer] indexer.autoStart=true without singletonLock \u2014 this is UNSAFE in multi-replica deployments (audit finding H-04). Either set replicas=1 + INDEXER_AUTOSTART=false on non-leader pods, or pass `singletonLock: makePostgresSingletonLock(dataSource)`. This permissive path will be removed in a future major release."
4995
+ "[@pafi-dev/issuer] indexer.autoStart=true without singletonLock \u2014 this is UNSAFE in multi-replica deployments. Either set replicas=1 + INDEXER_AUTOSTART=false on non-leader pods, or pass `singletonLock: makePostgresSingletonLock(dataSource)`. This permissive path will be removed in a future major release."
4989
4996
  );
4990
4997
  for (const idx of indexers.values()) {
4991
4998
  idx.start();
@@ -5045,7 +5052,7 @@ var IssuerStateValidator = class _IssuerStateValidator {
5045
5052
  /**
5046
5053
  * Invalidate cached state for one PointToken, or everything if omitted.
5047
5054
  * Call after admin txs that change registry or cap settings — closes
5048
- * the split-brain window described in audit PACI5-3 ahead of the
5055
+ * the split-brain window described
5049
5056
  * passive TTL. Idempotent: safe to call when no entry exists.
5050
5057
  */
5051
5058
  invalidate(pointToken) {
@@ -5219,7 +5226,7 @@ var MemoryRedemptionHistoryStore = class {
5219
5226
  };
5220
5227
 
5221
5228
  // src/index.ts
5222
- var PAFI_ISSUER_SDK_VERSION = true ? "0.34.0" : "dev";
5229
+ var PAFI_ISSUER_SDK_VERSION = true ? "0.35.0" : "dev";
5223
5230
  export {
5224
5231
  AdapterMisconfiguredError,
5225
5232
  AuthError,