@secondlayer/shared 6.28.0 → 6.29.0

package/migrations/0091_x402_payments.ts

@@ -0,0 +1,41 @@
+import { type Kysely, sql } from "kysely";
+import { onControlPlane } from "../src/db/migration-role.ts";
+
+// x402 payment ledger. Accountless x402 payers are entirely outside the
+// account-keyed usage/billing path (countApiRequests / emitMeterEvent / freeze
+// all short-circuit on a missing accountId), so per-payment accounting needs its
+// own table — keyed by the challenge nonce + settled txid, not account_id.
+// Control-plane (TARGET): written by the API on settle, read by reconcilers.
+export async function up(db: Kysely<unknown>): Promise<void> {
+	await sql`SET lock_timeout = '30s'`.execute(db);
+	await onControlPlane(async () => {
+		await sql`
+			CREATE TABLE x402_payments (
+				id BIGSERIAL PRIMARY KEY,
+				nonce TEXT NOT NULL UNIQUE,
+				txid TEXT NOT NULL UNIQUE,
+				asset TEXT NOT NULL,
+				amount TEXT NOT NULL,
+				payer TEXT NOT NULL,
+				surface TEXT NOT NULL,
+				state TEXT NOT NULL DEFAULT 'pending'
+					CHECK (state IN ('pending', 'confirmed', 'reverted')),
+				created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+				updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+			)
+		`.execute(db);
+		// Velocity/abuse queries scan by payer; reconcilers scan by state.
+		await sql`CREATE INDEX x402_payments_payer_idx ON x402_payments (payer)`.execute(
+			db,
+		);
+		await sql`CREATE INDEX x402_payments_state_idx ON x402_payments (state)`.execute(
+			db,
+		);
+	});
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+	await onControlPlane(async () => {
+		await sql`DROP TABLE IF EXISTS x402_payments`.execute(db);
+	});
+}

package/migrations/0092_subgraph_visibility.ts

@@ -0,0 +1,33 @@
+import { type Kysely, sql } from "kysely";
+import { onControlPlane } from "../src/db/migration-role.ts";
+
+// Subgraph read visibility. 'public' = anon-readable on /v1/subgraphs/:name
+// (wildcard CORS, anon rate limits); 'private' = reads require the owning
+// account's bearer key, anon resolution 404s. Existing rows default 'private'
+// so nothing already deployed becomes world-readable; the public default for
+// new managed deploys is applied at the API layer, not here. Public names are
+// a single global namespace (claim-on-publish), enforced by the partial
+// unique index. Control-plane (TARGET).
+export async function up(db: Kysely<unknown>): Promise<void> {
+	await sql`SET lock_timeout = '30s'`.execute(db);
+	await onControlPlane(async () => {
+		await sql`
+			ALTER TABLE subgraphs
+			ADD COLUMN visibility TEXT NOT NULL DEFAULT 'private'
+			CHECK (visibility IN ('public', 'private'))
+		`.execute(db);
+		await sql`
+			CREATE UNIQUE INDEX subgraphs_public_name_uidx
+			ON subgraphs (name) WHERE visibility = 'public'
+		`.execute(db);
+	});
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+	await onControlPlane(async () => {
+		await sql`DROP INDEX IF EXISTS subgraphs_public_name_uidx`.execute(db);
+		await sql`ALTER TABLE subgraphs DROP COLUMN IF EXISTS visibility`.execute(
+			db,
+		);
+	});
+}

package/migrations/0093_ghost_accounts.ts

@@ -0,0 +1,47 @@
+import { type Kysely, sql } from "kysely";
+import { onControlPlane } from "../src/db/migration-role.ts";
+
+// Ghost accounts: anonymous self-serve API keys. `POST /v1/keys` with no auth
+// mints an account with ghost=true and email NULL; a claim token (hash stored,
+// raw returned once in the claim URL) later attaches an email via the magic-link
+// flow. Email's NOT NULL is dropped; the existing plain UNIQUE constraint stays —
+// Postgres unique constraints ignore NULLs (multiple NULL emails coexist), so
+// `ON CONFLICT (email)` upserts keep working unchanged and no partial index is
+// needed. Control-plane (TARGET).
+export async function up(db: Kysely<unknown>): Promise<void> {
+	await sql`SET lock_timeout = '30s'`.execute(db);
+	await onControlPlane(async () => {
+		await sql`
+			ALTER TABLE accounts
+			ADD COLUMN ghost BOOLEAN NOT NULL DEFAULT false
+		`.execute(db);
+		await sql`ALTER TABLE accounts ALTER COLUMN email DROP NOT NULL`.execute(
+			db,
+		);
+		await sql`
+			CREATE TABLE claim_tokens (
+				id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+				account_id UUID NOT NULL REFERENCES accounts(id) ON DELETE CASCADE,
+				token_hash TEXT NOT NULL UNIQUE,
+				created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+				expires_at TIMESTAMPTZ NOT NULL,
+				used_at TIMESTAMPTZ
+			)
+		`.execute(db);
+		// Sweeper + claim flow look tokens up by account.
+		await sql`CREATE INDEX claim_tokens_account_id_idx ON claim_tokens (account_id)`.execute(
+			db,
+		);
+	});
+}
+
+export async function down(db: Kysely<unknown>): Promise<void> {
+	await onControlPlane(async () => {
+		await sql`DROP TABLE IF EXISTS claim_tokens`.execute(db);
+		// Unclaimed ghosts have NULL emails — they cannot survive a NOT NULL
+		// restore, so drop them before reinstating the constraint.
+		await sql`DELETE FROM accounts WHERE email IS NULL`.execute(db);
+		await sql`ALTER TABLE accounts ALTER COLUMN email SET NOT NULL`.execute(db);
+		await sql`ALTER TABLE accounts DROP COLUMN IF EXISTS ghost`.execute(db);
+	});
+}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@secondlayer/shared",
-	"version": "6.28.0",
+	"version": "6.29.0",
 	"license": "MIT",
 	"repository": {
 		"type": "git",
@@ -112,6 +112,10 @@
 			"types": "./dist/src/errors.d.ts",
 			"import": "./dist/src/errors.js"
 		},
+		"./x402": {
+			"types": "./dist/src/x402.d.ts",
+			"import": "./dist/src/x402.js"
+		},
 		"./crypto/secrets": {
 			"types": "./dist/src/crypto/secrets.d.ts",
 			"import": "./dist/src/crypto/secrets.js"
@@ -163,7 +167,7 @@
 		"prepublishOnly": "bun run build"
 	},
 	"dependencies": {
-		"@secondlayer/stacks": "^2.4.0",
+		"@secondlayer/stacks": "^2.5.0",
 		"kysely": "0.28.15",
 		"kysely-postgres-js": "3.0.0",
 		"postgres": "^3.4.6",