@waiaas/daemon 2.0.0-rc.1

package/dist/api/routes/sessions.js

@@ -0,0 +1,347 @@
+/**
+ * Session routes: POST /sessions (create + JWT issuance),
+ * GET /sessions (list active), DELETE /sessions/:id (revoke),
+ * PUT /sessions/:id/renew (token renewal with 5 safety checks).
+ *
+ * CRUD routes are protected by masterAuth middleware at the server level.
+ * Renewal route is protected by sessionAuth (session's own token).
+ *
+ * @see docs/52-auth-redesign.md
+ * @see docs/37-rest-api-complete-spec.md
+ */
+import { OpenAPIHono, createRoute, z } from '@hono/zod-openapi';
+import { createHash } from 'node:crypto';
+import { eq, and, isNull, gt, sql } from 'drizzle-orm';
+import { WAIaaSError } from '@waiaas/core';
+import { generateId } from '../../infrastructure/database/id.js';
+import { wallets, sessions } from '../../infrastructure/database/schema.js';
+import { CreateSessionRequestOpenAPI, SessionCreateResponseSchema, SessionListItemSchema, SessionRevokeResponseSchema, SessionRenewResponseSchema, buildErrorResponses, openApiValidationHook, } from './openapi-schemas.js';
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+const createSessionRoute = createRoute({
+    method: 'post',
+    path: '/sessions',
+    tags: ['Sessions'],
+    summary: 'Create a new session',
+    request: {
+        body: {
+            content: {
+                'application/json': { schema: CreateSessionRequestOpenAPI },
+            },
+        },
+    },
+    responses: {
+        201: {
+            description: 'Session created with JWT token',
+            content: { 'application/json': { schema: SessionCreateResponseSchema } },
+        },
+        ...buildErrorResponses(['WALLET_NOT_FOUND', 'SESSION_LIMIT_EXCEEDED']),
+    },
+});
+const listSessionsRoute = createRoute({
+    method: 'get',
+    path: '/sessions',
+    tags: ['Sessions'],
+    summary: 'List active sessions',
+    request: {
+        query: z.object({
+            walletId: z.string().uuid().optional(),
+        }),
+    },
+    responses: {
+        200: {
+            description: 'List of active sessions',
+            content: { 'application/json': { schema: z.array(SessionListItemSchema) } },
+        },
+        ...buildErrorResponses(['WALLET_NOT_FOUND']),
+    },
+});
+const revokeSessionRoute = createRoute({
+    method: 'delete',
+    path: '/sessions/{id}',
+    tags: ['Sessions'],
+    summary: 'Revoke a session',
+    request: {
+        params: z.object({ id: z.string().uuid() }),
+    },
+    responses: {
+        200: {
+            description: 'Session revoked',
+            content: { 'application/json': { schema: SessionRevokeResponseSchema } },
+        },
+        ...buildErrorResponses(['SESSION_NOT_FOUND']),
+    },
+});
+const renewSessionRoute = createRoute({
+    method: 'put',
+    path: '/sessions/{id}/renew',
+    tags: ['Sessions'],
+    summary: 'Renew session token',
+    request: {
+        params: z.object({ id: z.string().uuid() }),
+    },
+    responses: {
+        200: {
+            description: 'Session renewed with new token',
+            content: { 'application/json': { schema: SessionRenewResponseSchema } },
+        },
+        ...buildErrorResponses([
+            'SESSION_NOT_FOUND',
+            'SESSION_REVOKED',
+            'SESSION_RENEWAL_MISMATCH',
+            'RENEWAL_LIMIT_REACHED',
+            'SESSION_ABSOLUTE_LIFETIME_EXCEEDED',
+            'RENEWAL_TOO_EARLY',
+        ]),
+    },
+});
+// ---------------------------------------------------------------------------
+// Route factory
+// ---------------------------------------------------------------------------
+/**
+ * Create session route sub-router.
+ *
+ * POST /sessions         -> create session + JWT issuance (201)
+ * GET /sessions          -> list active sessions for wallet (200)
+ * DELETE /sessions/:id   -> revoke session (200)
+ * PUT /sessions/:id/renew -> renew session token (200)
+ */
+export function sessionRoutes(deps) {
+    const router = new OpenAPIHono({ defaultHook: openApiValidationHook });
+    // -------------------------------------------------------------------------
+    // POST /sessions -- create a new session
+    // -------------------------------------------------------------------------
+    router.openapi(createSessionRoute, async (c) => {
+        const parsed = c.req.valid('json');
+        // Verify wallet exists
+        const wallet = deps.db
+            .select()
+            .from(wallets)
+            .where(eq(wallets.id, parsed.walletId))
+            .get();
+        if (!wallet) {
+            throw new WAIaaSError('WALLET_NOT_FOUND');
+        }
+        if (wallet.status === 'TERMINATED') {
+            throw new WAIaaSError('WALLET_TERMINATED');
+        }
+        // Check active session count for this wallet
+        const nowSec = Math.floor(Date.now() / 1000);
+        const nowDate = new Date(nowSec * 1000);
+        const activeCountResult = deps.db
+            .select({ count: sql `count(*)` })
+            .from(sessions)
+            .where(and(eq(sessions.walletId, parsed.walletId), isNull(sessions.revokedAt), gt(sessions.expiresAt, nowDate)))
+            .get();
+        const activeCount = activeCountResult?.count ?? 0;
+        const maxSessions = deps.config.security.max_sessions_per_wallet;
+        if (activeCount >= maxSessions) {
+            throw new WAIaaSError('SESSION_LIMIT_EXCEEDED', {
+                message: `Wallet has ${activeCount} active sessions (max: ${maxSessions})`,
+            });
+        }
+        // Generate session ID
+        const sessionId = generateId();
+        // Compute TTL and expiry timestamps
+        const ttl = parsed.ttl ?? deps.config.security.session_ttl;
+        const expiresAt = nowSec + ttl;
+        const absoluteExpiresAt = nowSec + 30 * 86400; // 30 days absolute lifetime
+        // Create JWT payload and sign token
+        const jwtPayload = {
+            sub: sessionId,
+            wlt: parsed.walletId,
+            iat: nowSec,
+            exp: expiresAt,
+        };
+        const token = await deps.jwtSecretManager.signToken(jwtPayload);
+        // Compute token hash for storage (never store raw token)
+        const tokenHash = createHash('sha256').update(token).digest('hex');
+        // Insert session into DB
+        deps.db.insert(sessions).values({
+            id: sessionId,
+            walletId: parsed.walletId,
+            tokenHash,
+            expiresAt: new Date(expiresAt * 1000),
+            absoluteExpiresAt: new Date(absoluteExpiresAt * 1000),
+            createdAt: new Date(nowSec * 1000),
+            renewalCount: 0,
+            maxRenewals: 30,
+            constraints: parsed.constraints ? JSON.stringify(parsed.constraints) : null,
+        }).run();
+        // Fire-and-forget: notify session creation
+        void deps.notificationService?.notify('SESSION_CREATED', parsed.walletId, {
+            sessionId,
+        });
+        // v1.6: emit wallet:activity SESSION_CREATED event
+        deps.eventBus?.emit('wallet:activity', {
+            walletId: parsed.walletId,
+            activity: 'SESSION_CREATED',
+            details: { sessionId },
+            timestamp: Math.floor(Date.now() / 1000),
+        });
+        return c.json({
+            id: sessionId,
+            token,
+            expiresAt,
+            walletId: parsed.walletId,
+        }, 201);
+    });
+    // -------------------------------------------------------------------------
+    // GET /sessions -- list active sessions for a wallet
+    // -------------------------------------------------------------------------
+    router.openapi(listSessionsRoute, (c) => {
+        const { walletId } = c.req.valid('query');
+        const conditions = [isNull(sessions.revokedAt)];
+        if (walletId) {
+            conditions.push(eq(sessions.walletId, walletId));
+        }
+        const rows = deps.db
+            .select({
+            id: sessions.id,
+            walletId: sessions.walletId,
+            expiresAt: sessions.expiresAt,
+            absoluteExpiresAt: sessions.absoluteExpiresAt,
+            createdAt: sessions.createdAt,
+            renewalCount: sessions.renewalCount,
+            maxRenewals: sessions.maxRenewals,
+            lastRenewedAt: sessions.lastRenewedAt,
+            walletName: wallets.name,
+        })
+            .from(sessions)
+            .leftJoin(wallets, eq(sessions.walletId, wallets.id))
+            .where(and(...conditions))
+            .orderBy(sql `${sessions.createdAt} DESC`)
+            .all();
+        const nowSec = Math.floor(Date.now() / 1000);
+        const result = rows.map((row) => {
+            const expiresAtSec = Math.floor(row.expiresAt.getTime() / 1000);
+            const status = expiresAtSec < nowSec ? 'EXPIRED' : 'ACTIVE';
+            return {
+                id: row.id,
+                walletId: row.walletId,
+                walletName: row.walletName ?? null,
+                status,
+                renewalCount: row.renewalCount,
+                maxRenewals: row.maxRenewals,
+                expiresAt: expiresAtSec,
+                absoluteExpiresAt: Math.floor(row.absoluteExpiresAt.getTime() / 1000),
+                createdAt: Math.floor(row.createdAt.getTime() / 1000),
+                lastRenewedAt: row.lastRenewedAt
+                    ? Math.floor(row.lastRenewedAt.getTime() / 1000)
+                    : null,
+            };
+        });
+        return c.json(result, 200);
+    });
+    // -------------------------------------------------------------------------
+    // DELETE /sessions/:id -- revoke a session
+    // -------------------------------------------------------------------------
+    router.openapi(revokeSessionRoute, (c) => {
+        const { id: sessionId } = c.req.valid('param');
+        const session = deps.db
+            .select()
+            .from(sessions)
+            .where(eq(sessions.id, sessionId))
+            .get();
+        if (!session) {
+            throw new WAIaaSError('SESSION_NOT_FOUND');
+        }
+        // Already revoked -- idempotent response
+        if (session.revokedAt !== null) {
+            return c.json({ id: sessionId, status: 'REVOKED', message: 'Session already revoked' }, 200);
+        }
+        // Revoke the session
+        const nowSec = Math.floor(Date.now() / 1000);
+        deps.db
+            .update(sessions)
+            .set({ revokedAt: new Date(nowSec * 1000) })
+            .where(eq(sessions.id, sessionId))
+            .run();
+        return c.json({ id: sessionId, status: 'REVOKED' }, 200);
+    });
+    // -------------------------------------------------------------------------
+    // PUT /sessions/:id/renew -- renew session token with 5 safety checks
+    // -------------------------------------------------------------------------
+    router.openapi(renewSessionRoute, async (c) => {
+        const { id: sessionId } = c.req.valid('param');
+        // Verify caller owns the session (sessionAuth sets sessionId from JWT)
+        const callerSessionId = c.get('sessionId');
+        if (sessionId !== callerSessionId) {
+            throw new WAIaaSError('SESSION_NOT_FOUND', {
+                message: 'Cannot renew a different session',
+            });
+        }
+        // Extract current token from Authorization header
+        const authHeader = c.req.header('Authorization');
+        const currentToken = authHeader.slice('Bearer '.length);
+        const currentTokenHash = createHash('sha256').update(currentToken).digest('hex');
+        // Verify JWT payload to get iat/exp for TTL calculation
+        const jwtPayload = await deps.jwtSecretManager.verifyToken(currentToken);
+        // ----- Check 1: Session exists and not revoked -----
+        const session = deps.db
+            .select()
+            .from(sessions)
+            .where(eq(sessions.id, sessionId))
+            .get();
+        if (!session) {
+            throw new WAIaaSError('SESSION_NOT_FOUND');
+        }
+        if (session.revokedAt !== null) {
+            throw new WAIaaSError('SESSION_REVOKED');
+        }
+        // ----- Check 2: token_hash CAS (Compare-And-Swap) -----
+        if (session.tokenHash !== currentTokenHash) {
+            throw new WAIaaSError('SESSION_RENEWAL_MISMATCH');
+        }
+        // ----- Check 3: maxRenewals limit -----
+        if (session.renewalCount >= session.maxRenewals) {
+            throw new WAIaaSError('RENEWAL_LIMIT_REACHED');
+        }
+        // ----- Check 4: Absolute lifetime -----
+        const nowSec = Math.floor(Date.now() / 1000);
+        const absoluteExpiresAtSec = Math.floor(session.absoluteExpiresAt.getTime() / 1000);
+        if (nowSec >= absoluteExpiresAtSec) {
+            throw new WAIaaSError('SESSION_ABSOLUTE_LIFETIME_EXCEEDED');
+        }
+        // ----- Check 5: 50% TTL elapsed -----
+        const currentTtl = jwtPayload.exp - jwtPayload.iat;
+        const elapsed = nowSec - jwtPayload.iat;
+        if (elapsed < currentTtl * 0.5) {
+            throw new WAIaaSError('RENEWAL_TOO_EARLY');
+        }
+        // ----- Issue new token -----
+        const newTtl = currentTtl;
+        const newExpiresAt = Math.min(nowSec + newTtl, absoluteExpiresAtSec);
+        const newPayload = {
+            sub: sessionId,
+            wlt: session.walletId,
+            iat: nowSec,
+            exp: newExpiresAt,
+        };
+        const newToken = await deps.jwtSecretManager.signToken(newPayload);
+        const newTokenHash = createHash('sha256').update(newToken).digest('hex');
+        // Atomic update with CAS guard on token_hash
+        const result = deps.db
+            .update(sessions)
+            .set({
+            tokenHash: newTokenHash,
+            expiresAt: new Date(newExpiresAt * 1000),
+            renewalCount: session.renewalCount + 1,
+            lastRenewedAt: new Date(nowSec * 1000),
+        })
+            .where(and(eq(sessions.id, sessionId), eq(sessions.tokenHash, currentTokenHash)))
+            .run();
+        if (result.changes === 0) {
+            throw new WAIaaSError('SESSION_RENEWAL_MISMATCH');
+        }
+        return c.json({
+            id: sessionId,
+            token: newToken,
+            expiresAt: newExpiresAt,
+            renewalCount: session.renewalCount + 1,
+        }, 200);
+    });
+    return router;
+}
+//# sourceMappingURL=sessions.js.map

package/dist/api/routes/sessions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessions.js","sourceRoot":"","sources":["../../../src/api/routes/sessions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC,EAAE,MAAM,mBAAmB,CAAC;AAChE,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AACvD,OAAO,EAAE,WAAW,EAAiB,MAAM,cAAc,CAAC;AAE1D,OAAO,EAAE,UAAU,EAAE,MAAM,qCAAqC,CAAC;AACjE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,yCAAyC,CAAC;AAI5E,OAAO,EACL,2BAA2B,EAC3B,2BAA2B,EAC3B,qBAAqB,EACrB,2BAA2B,EAC3B,0BAA0B,EAC1B,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAc9B,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,MAAM,kBAAkB,GAAG,WAAW,CAAC;IACrC,MAAM,EAAE,MAAM;IACd,IAAI,EAAE,WAAW;IACjB,IAAI,EAAE,CAAC,UAAU,CAAC;IAClB,OAAO,EAAE,sBAAsB;IAC/B,OAAO,EAAE;QACP,IAAI,EAAE;YACJ,OAAO,EAAE;gBACP,kBAAkB,EAAE,EAAE,MAAM,EAAE,2BAA2B,EAAE;aAC5D;SACF;KACF;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,gCAAgC;YAC7C,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,2BAA2B,EAAE,EAAE;SACzE;QACD,GAAG,mBAAmB,CAAC,CAAC,kBAAkB,EAAE,wBAAwB,CAAC,CAAC;KACvE;CACF,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,WAAW,CAAC;IACpC,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,WAAW;IACjB,IAAI,EAAE,CAAC,UAAU,CAAC;IAClB,OAAO,EAAE,sBAAsB;IAC/B,OAAO,EAAE;QACP,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC;YACd,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;SACvC,CAAC;KACH;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,yBAAyB;YACtC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,EAAE;SAC5E;QACD,GAAG,mBAAmB,CAAC,CAAC,kBAAkB,CAAC,CAAC;KAC7C;CACF,CAAC,CAAC;AAEH,MAAM,kBAAkB,GAAG,WAAW,CAAC;IACrC,MAAM,EAAE,QAAQ;IAChB,IAAI,EAAE,gBAAgB;IACtB,IAAI,EAAE,CAAC,UAAU,CAAC;IAClB,OAAO,EAAE,kBAAkB;IAC3B,OAAO,EAAE;QACP,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC;KAC5C;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,iBAAiB;YAC9B,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,2BAA2B,EAAE,EAAE;SACzE;QACD,GAAG,mBAAmB,CAAC,CAAC,mBAAmB,CAAC,CAAC;KAC9C;CACF,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,WAAW,CAAC;IACpC,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,sBAAsB;IAC5B,IAAI,EAAE,CAAC,UAAU,CAAC;IAClB,OAAO,EAAE,qBAAqB;IAC9B,OAAO,EAAE;QACP,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC;KAC5C;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,gCAAgC;YAC7C,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,0BAA0B,EAAE,EAAE;SACxE;QACD,GAAG,mBAAmB,CAAC;YACrB,mBAAmB;YACnB,iBAAiB;YACjB,0BAA0B;YAC1B,uBAAuB;YACvB,oCAAoC;YACpC,mBAAmB;SACpB,CAAC;KACH;CACF,CAAC,CAAC;AAEH,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CAAC,IAAsB;IAClD,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC,CAAC;IAEvE,4EAA4E;IAC5E,yCAAyC;IACzC,4EAA4E;IAC5E,MAAM,CAAC,OAAO,CAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC7C,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEnC,uBAAuB;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE;aACnB,MAAM,EAAE;aACR,IAAI,CAAC,OAAO,CAAC;aACb,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;aACtC,GAAG,EAAE,CAAC;QAET,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,WAAW,CAAC,kBAAkB,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;YACnC,MAAM,IAAI,WAAW,CAAC,mBAAmB,CAAC,CAAC;QAC7C,CAAC;QAED,6CAA6C;QAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7C,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;QAExC,MAAM,iBAAiB,GAAG,IAAI,CAAC,EAAE;aAC9B,MAAM,CAAC,EAAE,KAAK,EAAE,GAAG,CAAQ,UAAU,EAAE,CAAC;aACxC,IAAI,CAAC,QAAQ,CAAC;aACd,KAAK,CACJ,GAAG,CACD,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,EACtC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,EAC1B,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAChC,CACF;aACA,GAAG,EAAE,CAAC;QAET,MAAM,WAAW,GAAG,iBAAiB,EAAE,KAAK,IAAI,CAAC,CAAC;QAClD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,uBAAuB,CAAC;QAEjE,IAAI,WAAW,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,IAAI,WAAW,CAAC,wBAAwB,EAAE;gBAC9C,OAAO,EAAE,cAAc,WAAW,0BAA0B,WAAW,GAAG;aAC3E,CAAC,CAAC;QACL,CAAC;QAED,sBAAsB;QACtB,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAE/B,oCAAoC;QACpC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;QAC3D,MAAM,SAAS,GAAG,MAAM,GAAG,GAAG,CAAC;QAC/B,MAAM,iBAAiB,GAAG,MAAM,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,4BAA4B;QAE3E,oCAAoC;QACpC,MAAM,UAAU,GAAe;YAC7B,GAAG,EAAE,SAAS;YACd,GAAG,EAAE,MAAM,CAAC,QAAQ;YACpB,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,SAAS;SACf,CAAC;QACF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAEhE,yDAAyD;QACzD,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEnE,yBAAyB;QACzB,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;YAC9B,EAAE,EAAE,SAAS;YACb,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,SAAS;YACT,SAAS,EAAE,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC;YACrC,iBAAiB,EAAE,IAAI,IAAI,CAAC,iBAAiB,GAAG,IAAI,CAAC;YACrD,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;YAClC,YAAY,EAAE,CAAC;YACf,WAAW,EAAE,EAAE;YACf,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI;SAC5E,CAAC,CAAC,GAAG,EAAE,CAAC;QAET,2CAA2C;QAC3C,KAAK,IAAI,CAAC,mBAAmB,EAAE,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,QAAQ,EAAE;YACxE,SAAS;SACV,CAAC,CAAC;QAEH,mDAAmD;QACnD,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,iBAAiB,EAAE;YACrC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ,EAAE,iBAAiB;YAC3B,OAAO,EAAE,EAAE,SAAS,EAAE;YACtB,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;SACzC,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CACX;YACE,EAAE,EAAE,SAAS;YACb,KAAK;YACL,SAAS;YACT,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,EACD,GAAG,CACJ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,4EAA4E;IAC5E,qDAAqD;IACrD,4EAA4E;IAC5E,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC,EAAE,EAAE;QACtC,MAAM,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE1C,MAAM,UAAU,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;QAChD,IAAI,QAAQ,EAAE,CAAC;YACb,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC;QACnD,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,MAAM,CAAC;YACN,EAAE,EAAE,QAAQ,CAAC,EAAE;YACf,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,iBAAiB,EAAE,QAAQ,CAAC,iBAAiB;YAC7C,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,YAAY,EAAE,QAAQ,CAAC,YAAY;YACnC,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,aAAa,EAAE,QAAQ,CAAC,aAAa;YACrC,UAAU,EAAE,OAAO,CAAC,IAAI;SACzB,CAAC;aACD,IAAI,CAAC,QAAQ,CAAC;aACd,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;aACpD,KAAK,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC;aACzB,OAAO,CAAC,GAAG,CAAA,GAAG,QAAQ,CAAC,SAAS,OAAO,CAAC;aACxC,GAAG,EAAE,CAAC;QAET,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE7C,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAC9B,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;YAChE,MAAM,MAAM,GAAG,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC;YAE5D,OAAO;gBACL,EAAE,EAAE,GAAG,CAAC,EAAE;gBACV,QAAQ,EAAE,GAAG,CAAC,QAAQ;gBACtB,UAAU,EAAE,GAAG,CAAC,UAAU,IAAI,IAAI;gBAClC,MAAM;gBACN,YAAY,EAAE,GAAG,CAAC,YAAY;gBAC9B,WAAW,EAAE,GAAG,CAAC,WAAW;gBAC5B,SAAS,EAAE,YAAY;gBACvB,iBAAiB,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;gBACrE,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;gBACrD,aAAa,EAAE,GAAG,CAAC,aAAa;oBAC9B,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC;oBAChD,CAAC,CAAC,IAAI;aACT,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,4EAA4E;IAC5E,2CAA2C;IAC3C,4EAA4E;IAC5E,MAAM,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAC,EAAE,EAAE;QACvC,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE/C,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE;aACpB,MAAM,EAAE;aACR,IAAI,CAAC,QAAQ,CAAC;aACd,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;aACjC,GAAG,EAAE,CAAC;QAET,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,mBAAmB,CAAC,CAAC;QAC7C,CAAC;QAED,yCAAyC;QACzC,IAAI,OAAO,CAAC,SAAS,KAAK,IAAI,EAAE,CAAC;YAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,yBAAyB,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/F,CAAC;QAED,qBAAqB;QACrB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7C,IAAI,CAAC,EAAE;aACJ,MAAM,CAAC,QAAQ,CAAC;aAChB,GAAG,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;aAC3C,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;aACjC,GAAG,EAAE,CAAC;QAET,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,GAAG,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,4EAA4E;IAC5E,sEAAsE;IACtE,4EAA4E;IAC5E,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC5C,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE/C,uEAAuE;QACvE,MAAM,eAAe,GAAG,CAAC,CAAC,GAAG,CAAC,WAAoB,CAAW,CAAC;QAC9D,IAAI,SAAS,KAAK,eAAe,EAAE,CAAC;YAClC,MAAM,IAAI,WAAW,CAAC,mBAAmB,EAAE;gBACzC,OAAO,EAAE,kCAAkC;aAC5C,CAAC,CAAC;QACL,CAAC;QAED,kDAAkD;QAClD,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,UAAW,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEjF,wDAAwD;QACxD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;QAEzE,sDAAsD;QACtD,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE;aACpB,MAAM,EAAE;aACR,IAAI,CAAC,QAAQ,CAAC;aACd,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;aACjC,GAAG,EAAE,CAAC;QAET,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,mBAAmB,CAAC,CAAC;QAC7C,CAAC;QACD,IAAI,OAAO,CAAC,SAAS,KAAK,IAAI,EAAE,CAAC;YAC/B,MAAM,IAAI,WAAW,CAAC,iBAAiB,CAAC,CAAC;QAC3C,CAAC;QAED,yDAAyD;QACzD,IAAI,OAAO,CAAC,SAAS,KAAK,gBAAgB,EAAE,CAAC;YAC3C,MAAM,IAAI,WAAW,CAAC,0BAA0B,CAAC,CAAC;QACpD,CAAC;QAED,yCAAyC;QACzC,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YAChD,MAAM,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;QACjD,CAAC;QAED,yCAAyC;QACzC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC7C,MAAM,oBAAoB,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,iBAAiB,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,CAAC;QACpF,IAAI,MAAM,IAAI,oBAAoB,EAAE,CAAC;YACnC,MAAM,IAAI,WAAW,CAAC,oCAAoC,CAAC,CAAC;QAC9D,CAAC;QAED,uCAAuC;QACvC,MAAM,UAAU,GAAG,UAAU,CAAC,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC;QACnD,MAAM,OAAO,GAAG,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC;QACxC,IAAI,OAAO,GAAG,UAAU,GAAG,GAAG,EAAE,CAAC;YAC/B,MAAM,IAAI,WAAW,CAAC,mBAAmB,CAAC,CAAC;QAC7C,CAAC;QAED,8BAA8B;QAC9B,MAAM,MAAM,GAAG,UAAU,CAAC;QAC1B,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,MAAM,EAAE,oBAAoB,CAAC,CAAC;QAErE,MAAM,UAAU,GAAe;YAC7B,GAAG,EAAE,SAAS;YACd,GAAG,EAAE,OAAO,CAAC,QAAQ;YACrB,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,YAAY;SAClB,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACnE,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEzE,6CAA6C;QAC7C,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE;aACnB,MAAM,CAAC,QAAQ,CAAC;aAChB,GAAG,CAAC;YACH,SAAS,EAAE,YAAY;YACvB,SAAS,EAAE,IAAI,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;YACxC,YAAY,EAAE,OAAO,CAAC,YAAY,GAAG,CAAC;YACtC,aAAa,EAAE,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;SACvC,CAAC;aACD,KAAK,CACJ,GAAG,CACD,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,CAAC,EAC1B,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,gBAAgB,CAAC,CACzC,CACF;aACA,GAAG,EAAE,CAAC;QAET,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;YACzB,MAAM,IAAI,WAAW,CAAC,0BAA0B,CAAC,CAAC;QACpD,CAAC;QAED,OAAO,CAAC,CAAC,IAAI,CACX;YACE,EAAE,EAAE,SAAS;YACb,KAAK,EAAE,QAAQ;YACf,SAAS,EAAE,YAAY;YACvB,YAAY,EAAE,OAAO,CAAC,YAAY,GAAG,CAAC;SACvC,EACD,GAAG,CACJ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/api/routes/skills.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Skills routes: serve API skill reference files (public, no auth required).
+ *
+ * GET /skills/:name - Return skill file content as JSON.
+ * No DB, keystore, or adapter dependencies (stateless file serving).
+ */
+import { OpenAPIHono } from '@hono/zod-openapi';
+export declare function skillsRoutes(): OpenAPIHono;
+//# sourceMappingURL=skills.d.ts.map

package/dist/api/routes/skills.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skills.d.ts","sourceRoot":"","sources":["../../../src/api/routes/skills.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EAAE,WAAW,EAAe,MAAM,mBAAmB,CAAC;AAkC7D,wBAAgB,YAAY,IAAI,WAAW,CAyB1C"}

package/dist/api/routes/skills.js

@@ -0,0 +1,59 @@
+/**
+ * Skills routes: serve API skill reference files (public, no auth required).
+ *
+ * GET /skills/:name - Return skill file content as JSON.
+ * No DB, keystore, or adapter dependencies (stateless file serving).
+ */
+import { readFileSync, existsSync } from 'node:fs';
+import { resolve } from 'node:path';
+import { OpenAPIHono, createRoute } from '@hono/zod-openapi';
+import { z } from '@hono/zod-openapi';
+import { WAIaaSError } from '@waiaas/core';
+import { openApiValidationHook, buildErrorResponses } from './openapi-schemas.js';
+const SKILLS_DIR = resolve(process.cwd(), 'skills');
+const VALID_SKILLS = ['quickstart', 'wallet', 'transactions', 'policies', 'admin', 'actions', 'x402'];
+const SkillResponseSchema = z
+    .object({
+    name: z.string(),
+    content: z.string(),
+})
+    .openapi('SkillResponse');
+const getSkillRoute = createRoute({
+    method: 'get',
+    path: '/skills/{name}',
+    tags: ['Skills'],
+    summary: 'Get skill file content',
+    request: {
+        params: z.object({
+            name: z.string(),
+        }),
+    },
+    responses: {
+        200: {
+            description: 'Skill file content',
+            content: { 'application/json': { schema: SkillResponseSchema } },
+        },
+        ...buildErrorResponses(['SKILL_NOT_FOUND']),
+    },
+});
+export function skillsRoutes() {
+    const router = new OpenAPIHono({ defaultHook: openApiValidationHook });
+    router.openapi(getSkillRoute, (c) => {
+        const { name } = c.req.valid('param');
+        if (!VALID_SKILLS.includes(name)) {
+            throw new WAIaaSError('SKILL_NOT_FOUND', {
+                message: `Skill '${name}' not found`,
+            });
+        }
+        const filePath = resolve(SKILLS_DIR, `${name}.skill.md`);
+        if (!existsSync(filePath)) {
+            throw new WAIaaSError('SKILL_NOT_FOUND', {
+                message: `Skill '${name}' not found`,
+            });
+        }
+        const content = readFileSync(filePath, 'utf-8');
+        return c.json({ name, content }, 200);
+    });
+    return router;
+}
+//# sourceMappingURL=skills.js.map

package/dist/api/routes/skills.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"skills.js","sourceRoot":"","sources":["../../../src/api/routes/skills.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,EAAE,CAAC,EAAE,MAAM,mBAAmB,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAElF,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,QAAQ,CAAC,CAAC;AACpD,MAAM,YAAY,GAAG,CAAC,YAAY,EAAE,QAAQ,EAAE,cAAc,EAAE,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,CAAU,CAAC;AAE/G,MAAM,mBAAmB,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;CACpB,CAAC;KACD,OAAO,CAAC,eAAe,CAAC,CAAC;AAE5B,MAAM,aAAa,GAAG,WAAW,CAAC;IAChC,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,gBAAgB;IACtB,IAAI,EAAE,CAAC,QAAQ,CAAC;IAChB,OAAO,EAAE,wBAAwB;IACjC,OAAO,EAAE;QACP,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;YACf,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;SACjB,CAAC;KACH;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,oBAAoB;YACjC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,mBAAmB,EAAE,EAAE;SACjE;QACD,GAAG,mBAAmB,CAAC,CAAC,iBAAiB,CAAC,CAAC;KAC5C;CACF,CAAC,CAAC;AAEH,MAAM,UAAU,YAAY;IAC1B,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC,CAAC;IAEvE,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE;QAClC,MAAM,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEtC,IAAI,CAAE,YAAkC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACxD,MAAM,IAAI,WAAW,CAAC,iBAAiB,EAAE;gBACvC,OAAO,EAAE,UAAU,IAAI,aAAa;aACrC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,EAAE,GAAG,IAAI,WAAW,CAAC,CAAC;QAEzD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,WAAW,CAAC,iBAAiB,EAAE;gBACvC,OAAO,EAAE,UAAU,IAAI,aAAa;aACrC,CAAC,CAAC;QACL,CAAC;QAED,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAChD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/api/routes/tokens.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Token registry route handlers: GET /v1/tokens, POST /v1/tokens, DELETE /v1/tokens.
+ *
+ * GET /v1/tokens?network=: list all tokens (builtin + custom) for the given EVM network.
+ * POST /v1/tokens: add a custom token to the registry (masterAuth required).
+ * DELETE /v1/tokens: remove a custom token from the registry (masterAuth required).
+ *
+ * Token registry is UX-only: adding/removing tokens does NOT affect ALLOWED_TOKENS policy.
+ *
+ * @see docs/56-spl-erc20-spec.md
+ */
+import { OpenAPIHono } from '@hono/zod-openapi';
+import type { TokenRegistryService } from '../../infrastructure/token-registry/index.js';
+export interface TokenRegistryRouteDeps {
+    tokenRegistryService: TokenRegistryService;
+}
+/**
+ * Create token registry route sub-router.
+ *
+ * GET  /tokens?network= -> list builtin + custom tokens for the network.
+ * POST /tokens -> add custom token (409 on duplicate).
+ * DELETE /tokens -> remove custom token.
+ */
+export declare function tokenRegistryRoutes(deps: TokenRegistryRouteDeps): OpenAPIHono;
+//# sourceMappingURL=tokens.d.ts.map

package/dist/api/routes/tokens.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../../../src/api/routes/tokens.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,WAAW,EAAkB,MAAM,mBAAmB,CAAC;AAEhE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,8CAA8C,CAAC;AAWzF,MAAM,WAAW,sBAAsB;IACrC,oBAAoB,EAAE,oBAAoB,CAAC;CAC5C;AAmFD;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,sBAAsB,GAAG,WAAW,CAwF7E"}

package/dist/api/routes/tokens.js

@@ -0,0 +1,161 @@
+/**
+ * Token registry route handlers: GET /v1/tokens, POST /v1/tokens, DELETE /v1/tokens.
+ *
+ * GET /v1/tokens?network=: list all tokens (builtin + custom) for the given EVM network.
+ * POST /v1/tokens: add a custom token to the registry (masterAuth required).
+ * DELETE /v1/tokens: remove a custom token from the registry (masterAuth required).
+ *
+ * Token registry is UX-only: adding/removing tokens does NOT affect ALLOWED_TOKENS policy.
+ *
+ * @see docs/56-spl-erc20-spec.md
+ */
+import { OpenAPIHono, createRoute, z } from '@hono/zod-openapi';
+import { EVM_NETWORK_TYPES, WAIaaSError } from '@waiaas/core';
+import { TokenRegistryListResponseSchema, AddTokenRequestSchema, AddTokenResponseSchema, RemoveTokenRequestSchema, RemoveTokenResponseSchema, buildErrorResponses, openApiValidationHook, } from './openapi-schemas.js';
+// ---------------------------------------------------------------------------
+// Route definitions
+// ---------------------------------------------------------------------------
+const listTokensRoute = createRoute({
+    method: 'get',
+    path: '/tokens',
+    tags: ['Tokens'],
+    summary: 'List tokens for a network',
+    request: {
+        query: z.object({
+            network: z.string().openapi({ example: 'ethereum-mainnet' }),
+        }),
+    },
+    responses: {
+        200: {
+            description: 'Token list',
+            content: { 'application/json': { schema: TokenRegistryListResponseSchema } },
+        },
+        ...buildErrorResponses(['ACTION_VALIDATION_FAILED']),
+    },
+});
+const addTokenRoute = createRoute({
+    method: 'post',
+    path: '/tokens',
+    tags: ['Tokens'],
+    summary: 'Add a custom token to the registry',
+    request: {
+        body: {
+            content: {
+                'application/json': { schema: AddTokenRequestSchema },
+            },
+        },
+    },
+    responses: {
+        201: {
+            description: 'Token added',
+            content: { 'application/json': { schema: AddTokenResponseSchema } },
+        },
+        ...buildErrorResponses(['ACTION_VALIDATION_FAILED']),
+    },
+});
+const removeTokenRoute = createRoute({
+    method: 'delete',
+    path: '/tokens',
+    tags: ['Tokens'],
+    summary: 'Remove a custom token from the registry',
+    request: {
+        body: {
+            content: {
+                'application/json': { schema: RemoveTokenRequestSchema },
+            },
+        },
+    },
+    responses: {
+        200: {
+            description: 'Token removal result',
+            content: { 'application/json': { schema: RemoveTokenResponseSchema } },
+        },
+        ...buildErrorResponses(['ACTION_VALIDATION_FAILED']),
+    },
+});
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function validateEvmNetwork(network) {
+    if (!EVM_NETWORK_TYPES.includes(network)) {
+        throw new WAIaaSError('ACTION_VALIDATION_FAILED', {
+            message: `Invalid EVM network '${network}'. Valid networks: ${EVM_NETWORK_TYPES.join(', ')}`,
+        });
+    }
+}
+// ---------------------------------------------------------------------------
+// Route factory
+// ---------------------------------------------------------------------------
+/**
+ * Create token registry route sub-router.
+ *
+ * GET  /tokens?network= -> list builtin + custom tokens for the network.
+ * POST /tokens -> add custom token (409 on duplicate).
+ * DELETE /tokens -> remove custom token.
+ */
+export function tokenRegistryRoutes(deps) {
+    const router = new OpenAPIHono({ defaultHook: openApiValidationHook });
+    // ---------------------------------------------------------------------------
+    // GET /tokens?network=
+    // ---------------------------------------------------------------------------
+    router.openapi(listTokensRoute, async (c) => {
+        const { network } = c.req.valid('query');
+        validateEvmNetwork(network);
+        const tokens = await deps.tokenRegistryService.getTokensForNetwork(network);
+        return c.json({
+            network,
+            tokens: tokens.map((t) => ({
+                address: t.address,
+                symbol: t.symbol,
+                name: t.name,
+                decimals: t.decimals,
+                source: t.source,
+            })),
+        }, 200);
+    });
+    // ---------------------------------------------------------------------------
+    // POST /tokens
+    // ---------------------------------------------------------------------------
+    router.openapi(addTokenRoute, async (c) => {
+        const body = c.req.valid('json');
+        validateEvmNetwork(body.network);
+        try {
+            const result = await deps.tokenRegistryService.addCustomToken(body.network, {
+                address: body.address,
+                symbol: body.symbol,
+                name: body.name,
+                decimals: body.decimals,
+            });
+            return c.json({
+                id: result.id,
+                network: body.network,
+                address: body.address,
+                symbol: body.symbol,
+            }, 201);
+        }
+        catch (err) {
+            // UNIQUE constraint violation -> 409 Conflict
+            if (err instanceof Error && err.message.includes('UNIQUE constraint failed')) {
+                throw new WAIaaSError('ACTION_VALIDATION_FAILED', {
+                    message: 'Token already exists in registry',
+                });
+            }
+            throw err;
+        }
+    });
+    // ---------------------------------------------------------------------------
+    // DELETE /tokens
+    // ---------------------------------------------------------------------------
+    router.openapi(removeTokenRoute, async (c) => {
+        const body = c.req.valid('json');
+        validateEvmNetwork(body.network);
+        const removed = await deps.tokenRegistryService.removeCustomToken(body.network, body.address);
+        return c.json({
+            removed,
+            network: body.network,
+            address: body.address,
+        }, 200);
+    });
+    return router;
+}
+//# sourceMappingURL=tokens.js.map

package/dist/api/routes/tokens.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../../../src/api/routes/tokens.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC,EAAE,MAAM,mBAAmB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAE9D,OAAO,EACL,+BAA+B,EAC/B,qBAAqB,EACrB,sBAAsB,EACtB,wBAAwB,EACxB,yBAAyB,EACzB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,sBAAsB,CAAC;AAM9B,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,MAAM,eAAe,GAAG,WAAW,CAAC;IAClC,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,CAAC,QAAQ,CAAC;IAChB,OAAO,EAAE,2BAA2B;IACpC,OAAO,EAAE;QACP,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC;YACd,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC;SAC7D,CAAC;KACH;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,YAAY;YACzB,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,+BAA+B,EAAE,EAAE;SAC7E;QACD,GAAG,mBAAmB,CAAC,CAAC,0BAA0B,CAAC,CAAC;KACrD;CACF,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,WAAW,CAAC;IAChC,MAAM,EAAE,MAAM;IACd,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,CAAC,QAAQ,CAAC;IAChB,OAAO,EAAE,oCAAoC;IAC7C,OAAO,EAAE;QACP,IAAI,EAAE;YACJ,OAAO,EAAE;gBACP,kBAAkB,EAAE,EAAE,MAAM,EAAE,qBAAqB,EAAE;aACtD;SACF;KACF;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,aAAa;YAC1B,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,sBAAsB,EAAE,EAAE;SACpE;QACD,GAAG,mBAAmB,CAAC,CAAC,0BAA0B,CAAC,CAAC;KACrD;CACF,CAAC,CAAC;AAEH,MAAM,gBAAgB,GAAG,WAAW,CAAC;IACnC,MAAM,EAAE,QAAQ;IAChB,IAAI,EAAE,SAAS;IACf,IAAI,EAAE,CAAC,QAAQ,CAAC;IAChB,OAAO,EAAE,yCAAyC;IAClD,OAAO,EAAE;QACP,IAAI,EAAE;YACJ,OAAO,EAAE;gBACP,kBAAkB,EAAE,EAAE,MAAM,EAAE,wBAAwB,EAAE;aACzD;SACF;KACF;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,WAAW,EAAE,sBAAsB;YACnC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,yBAAyB,EAAE,EAAE;SACvE;QACD,GAAG,mBAAmB,CAAC,CAAC,0BAA0B,CAAC,CAAC;KACrD;CACF,CAAC,CAAC;AAEH,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,kBAAkB,CAAC,OAAe;IACzC,IAAI,CAAE,iBAAuC,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,WAAW,CAAC,0BAA0B,EAAE;YAChD,OAAO,EAAE,wBAAwB,OAAO,sBAAsB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;SAC7F,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E;;;;;;GAMG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAA4B;IAC9D,MAAM,MAAM,GAAG,IAAI,WAAW,CAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC,CAAC;IAEvE,8EAA8E;IAC9E,uBAAuB;IACvB,8EAA8E;IAE9E,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC1C,MAAM,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEzC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAE5B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAE5E,OAAO,CAAC,CAAC,IAAI,CACX;YACE,OAAO;YACP,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACzB,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,MAAM,EAAE,CAAC,CAAC,MAAM;gBAChB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,MAAM,EAAE,CAAC,CAAC,MAAM;aACjB,CAAC,CAAC;SACJ,EACD,GAAG,CACJ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,8EAA8E;IAC9E,eAAe;IACf,8EAA8E;IAE9E,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACxC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEjC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEjC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE;gBAC1E,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,QAAQ,EAAE,IAAI,CAAC,QAAQ;aACxB,CAAC,CAAC;YAEH,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,EAAE,EAAE,MAAM,CAAC,EAAE;gBACb,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,IAAI,CAAC,MAAM;aACpB,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,8CAA8C;YAC9C,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;gBAC7E,MAAM,IAAI,WAAW,CAAC,0BAA0B,EAAE;oBAChD,OAAO,EAAE,kCAAkC;iBAC5C,CAAC,CAAC;YACL,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,8EAA8E;IAC9E,iBAAiB;IACjB,8EAA8E;IAE9E,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC3C,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEjC,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAEjC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QAE9F,OAAO,CAAC,CAAC,IAAI,CACX;YACE,OAAO;YACP,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,EACD,GAAG,CACJ,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}