npm - @waiaas/daemon - Versions diffs - 2.4.0-rc.2 → 2.4.0-rc.3 - Mend

@waiaas/daemon 2.4.0-rc.2 → 2.4.0-rc.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/dist/services/signing-sdk/sign-response-handler.js ADDED Viewed

@@ -0,0 +1,303 @@
+/**
+ * SignResponseHandler -- processes SignResponse from wallet apps.
+ *
+ * Handles approve/reject responses for PENDING_APPROVAL transactions:
+ * - Validates SignResponse schema (Zod)
+ * - Matches requestId to registered pending requests
+ * - Checks request expiration
+ * - Verifies signer address matches wallet owner
+ * - Verifies cryptographic signature (EVM: EIP-191, Solana: Ed25519)
+ * - Updates pending_approvals and transactions tables directly
+ *
+ * **Design Decision: ApprovalWorkflow bypass (intentional)**
+ * SignResponseHandler directly updates pending_approvals/transactions tables,
+ * bypassing ApprovalWorkflow. This is the same pattern used by Telegram bot
+ * approval (/approve, /reject commands). Rationale: SignResponseHandler performs
+ * its own cryptographic signature verification (SIWE/SIWS), making
+ * ApprovalWorkflow's verification step redundant.
+ *
+ * @see internal/design/73-signing-protocol-v1.md (Section 4, 10, 11)
+ * @see internal/design/74-wallet-sdk-daemon-components.md
+ */
+import { SignResponseSchema, WAIaaSError, } from '@waiaas/core';
+// ---------------------------------------------------------------------------
+// Default verification implementations
+// ---------------------------------------------------------------------------
+/**
+ * Default EVM signature verification using viem.
+ * Uses lazy import to avoid loading viem at module level.
+ */
+const defaultEvmVerify = async ({ address, message, signature }) => {
+    const { verifyMessage } = await import('viem');
+    return verifyMessage({
+        address: address,
+        message,
+        signature: signature,
+    });
+};
+/**
+ * Default Solana signature verification using @solana/kit.
+ * Decodes base64 signature, converts address to CryptoKey, verifies Ed25519.
+ */
+const defaultSolanaVerify = async ({ publicKeyAddress, message, signature }) => {
+    const { verifySignature, signatureBytes: toSignatureBytes, getPublicKeyFromAddress, address } = await import('@solana/kit');
+    // Convert address string to CryptoKey
+    const pubKey = await getPublicKeyFromAddress(address(publicKeyAddress));
+    // Decode base64 signature to bytes
+    const sigBytes = Buffer.from(signature, 'base64');
+    const sigTyped = toSignatureBytes(new Uint8Array(sigBytes));
+    // Encode message to bytes
+    const messageBytes = new TextEncoder().encode(message);
+    return verifySignature(pubKey, sigTyped, messageBytes);
+};
+// ---------------------------------------------------------------------------
+// SignResponseHandler
+// ---------------------------------------------------------------------------
+export class SignResponseHandler {
+    sqlite;
+    /**
+     * In-memory store: requestId -> { request, createdAt }.
+     * Lost on daemon restart (acceptable -- 1-shot requests with expiry).
+     */
+    pendingRequests = new Map();
+    /**
+     * Set of already-processed requestIds (for duplicate detection).
+     * Also lost on daemon restart.
+     */
+    processedRequests = new Set();
+    /** Expiration timers by requestId */
+    expirationTimers = new Map();
+    /** Injectable verification functions (for testing) */
+    evmVerify;
+    solanaVerify;
+    constructor(deps, opts) {
+        this.sqlite = deps.sqlite;
+        this.evmVerify = opts?.evmVerify ?? defaultEvmVerify;
+        this.solanaVerify = opts?.solanaVerify ?? defaultSolanaVerify;
+    }
+    // -------------------------------------------------------------------------
+    // registerRequest -- store pending request for later matching
+    // -------------------------------------------------------------------------
+    /**
+     * Register a SignRequest for later response matching.
+     * Sets an expiration timer to auto-remove the request after expiresAt.
+     */
+    registerRequest(request) {
+        this.pendingRequests.set(request.requestId, {
+            request,
+            createdAt: new Date(),
+        });
+        // Set expiration timer
+        const expiresAtMs = new Date(request.expiresAt).getTime();
+        const timeoutMs = Math.max(0, expiresAtMs - Date.now());
+        const timer = setTimeout(() => {
+            this.pendingRequests.delete(request.requestId);
+            this.expirationTimers.delete(request.requestId);
+        }, timeoutMs);
+        // Unref the timer so it doesn't prevent process exit
+        if (typeof timer === 'object' && 'unref' in timer) {
+            timer.unref();
+        }
+        this.expirationTimers.set(request.requestId, timer);
+    }
+    // -------------------------------------------------------------------------
+    // handle -- process a SignResponse
+    // -------------------------------------------------------------------------
+    /**
+     * Process a SignResponse: validate, match, verify signature, update DB.
+     *
+     * @param signResponse - The response from the wallet app
+     * @returns { action: 'approved' | 'rejected', txId }
+     * @throws WAIaaSError with appropriate error code on validation failure
+     */
+    async handle(signResponse) {
+        // 1. Zod validation
+        try {
+            SignResponseSchema.parse(signResponse);
+        }
+        catch {
+            throw new WAIaaSError('INVALID_SIGN_RESPONSE', {
+                message: 'Sign response failed schema validation',
+            });
+        }
+        const { requestId, action, signerAddress } = signResponse;
+        // 2. Check if already processed (duplicate detection)
+        if (this.processedRequests.has(requestId)) {
+            throw new WAIaaSError('SIGN_REQUEST_ALREADY_PROCESSED', {
+                message: `Sign request ${requestId} has already been processed`,
+            });
+        }
+        // 3. Find pending request
+        const pending = this.pendingRequests.get(requestId);
+        if (!pending) {
+            throw new WAIaaSError('SIGN_REQUEST_NOT_FOUND', {
+                message: `No pending sign request found for requestId: ${requestId}`,
+            });
+        }
+        const { request } = pending;
+        // 4. Check expiration
+        if (new Date() > new Date(request.expiresAt)) {
+            this.pendingRequests.delete(requestId);
+            this.clearTimer(requestId);
+            throw new WAIaaSError('SIGN_REQUEST_EXPIRED', {
+                message: `Sign request ${requestId} has expired`,
+            });
+        }
+        // 5. Verify signer address matches wallet owner
+        const txId = request.metadata.txId;
+        const walletRow = this.sqlite
+            .prepare(`SELECT w.owner_address FROM wallets w
+         JOIN transactions t ON t.wallet_id = w.id
+         WHERE t.id = ?`)
+            .get(txId);
+        if (walletRow?.owner_address) {
+            // Case-insensitive comparison for EVM addresses (0x-prefixed hex)
+            const normalizedSigner = signerAddress.toLowerCase();
+            const normalizedOwner = walletRow.owner_address.toLowerCase();
+            if (normalizedSigner !== normalizedOwner) {
+                throw new WAIaaSError('SIGNER_ADDRESS_MISMATCH', {
+                    message: `Signer address ${signerAddress} does not match wallet owner ${walletRow.owner_address}`,
+                });
+            }
+        }
+        // 6. Handle action
+        if (action === 'approve') {
+            return this.handleApprove(request, signResponse);
+        }
+        else {
+            return this.handleReject(request, signResponse);
+        }
+    }
+    // -------------------------------------------------------------------------
+    // Private: handleApprove
+    // -------------------------------------------------------------------------
+    async handleApprove(request, response) {
+        const { requestId, signature, signerAddress } = response;
+        const txId = request.metadata.txId;
+        // Signature is required for approve
+        if (!signature) {
+            throw new WAIaaSError('INVALID_SIGN_RESPONSE', {
+                message: 'Missing signature for approve action',
+            });
+        }
+        // Verify cryptographic signature
+        let isValid = false;
+        try {
+            if (request.chain === 'evm') {
+                isValid = await this.evmVerify({
+                    address: signerAddress,
+                    message: request.message,
+                    signature,
+                });
+            }
+            else if (request.chain === 'solana') {
+                isValid = await this.solanaVerify({
+                    publicKeyAddress: signerAddress,
+                    message: request.message,
+                    signature,
+                });
+            }
+        }
+        catch {
+            isValid = false;
+        }
+        if (!isValid) {
+            throw new WAIaaSError('INVALID_SIGNATURE', {
+                message: 'Cryptographic signature verification failed',
+            });
+        }
+        // Direct DB update (ApprovalWorkflow bypass -- same pattern as Telegram bot)
+        const now = Math.floor(Date.now() / 1000);
+        this.sqlite
+            .prepare(`UPDATE pending_approvals SET approved_at = ?, owner_signature = ?, approval_channel = 'signing_sdk'
+         WHERE tx_id = ? AND approved_at IS NULL AND rejected_at IS NULL`)
+            .run(now, signature, txId);
+        this.sqlite
+            .prepare(`UPDATE transactions SET status = 'EXECUTING', reserved_amount = NULL, reserved_amount_usd = NULL
+         WHERE id = ? AND status = 'QUEUED'`)
+            .run(txId);
+        // Cleanup
+        this.pendingRequests.delete(requestId);
+        this.processedRequests.add(requestId);
+        this.clearTimer(requestId);
+        return { action: 'approved', txId };
+    }
+    // -------------------------------------------------------------------------
+    // Private: handleReject
+    // -------------------------------------------------------------------------
+    async handleReject(request, response) {
+        const { requestId, signature, signerAddress } = response;
+        const txId = request.metadata.txId;
+        // Optional signature verification for reject
+        if (signature) {
+            try {
+                let isValid = false;
+                if (request.chain === 'evm') {
+                    isValid = await this.evmVerify({
+                        address: signerAddress,
+                        message: request.message,
+                        signature,
+                    });
+                }
+                else if (request.chain === 'solana') {
+                    isValid = await this.solanaVerify({
+                        publicKeyAddress: signerAddress,
+                        message: request.message,
+                        signature,
+                    });
+                }
+                if (!isValid) {
+                    throw new WAIaaSError('INVALID_SIGNATURE', {
+                        message: 'Cryptographic signature verification failed for reject action',
+                    });
+                }
+            }
+            catch (err) {
+                if (err instanceof WAIaaSError && err.code === 'INVALID_SIGNATURE') {
+                    throw err;
+                }
+                // Signature verification errors on reject are non-fatal if not INVALID_SIGNATURE
+            }
+        }
+        // Direct DB update (ApprovalWorkflow bypass -- same pattern as Telegram bot)
+        const now = Math.floor(Date.now() / 1000);
+        this.sqlite
+            .prepare(`UPDATE pending_approvals SET rejected_at = ?, approval_channel = 'signing_sdk'
+         WHERE tx_id = ? AND approved_at IS NULL AND rejected_at IS NULL`)
+            .run(now, txId);
+        this.sqlite
+            .prepare(`UPDATE transactions SET status = 'CANCELLED', error = 'Rejected via signing SDK', reserved_amount = NULL, reserved_amount_usd = NULL
+         WHERE id = ? AND status = 'QUEUED'`)
+            .run(txId);
+        // Cleanup
+        this.pendingRequests.delete(requestId);
+        this.processedRequests.add(requestId);
+        this.clearTimer(requestId);
+        return { action: 'rejected', txId };
+    }
+    // -------------------------------------------------------------------------
+    // Private: Timer cleanup
+    // -------------------------------------------------------------------------
+    clearTimer(requestId) {
+        const timer = this.expirationTimers.get(requestId);
+        if (timer) {
+            clearTimeout(timer);
+            this.expirationTimers.delete(requestId);
+        }
+    }
+    // -------------------------------------------------------------------------
+    // Cleanup: destroy (for graceful shutdown)
+    // -------------------------------------------------------------------------
+    /**
+     * Clear all pending timers. Call during daemon shutdown.
+     */
+    destroy() {
+        for (const timer of this.expirationTimers.values()) {
+            clearTimeout(timer);
+        }
+        this.expirationTimers.clear();
+        this.pendingRequests.clear();
+        this.processedRequests.clear();
+    }
+}
+//# sourceMappingURL=sign-response-handler.js.map

package/dist/services/signing-sdk/sign-response-handler.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sign-response-handler.js","sourceRoot":"","sources":["../../../src/services/signing-sdk/sign-response-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAGH,OAAO,EAGL,kBAAkB,EAClB,WAAW,GACZ,MAAM,cAAc,CAAC;AA4CtB,8EAA8E;AAC9E,uCAAuC;AACvC,8EAA8E;AAE9E;;;GAGG;AACH,MAAM,gBAAgB,GAAgB,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE;IAC9E,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAC;IAC/C,OAAO,aAAa,CAAC;QACnB,OAAO,EAAE,OAAwB;QACjC,OAAO;QACP,SAAS,EAAE,SAA0B;KACtC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,mBAAmB,GAAmB,KAAK,EAAE,EAAE,gBAAgB,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE;IAC7F,MAAM,EAAE,eAAe,EAAE,cAAc,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,OAAO,EAAE,GAC3F,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;IAE9B,sCAAsC;IACtC,MAAM,MAAM,GAAG,MAAM,uBAAuB,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAExE,mCAAmC;IACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC;IAE5D,0BAA0B;IAC1B,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEvD,OAAO,eAAe,CAAC,MAAM,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC;AACzD,CAAC,CAAC;AAEF,8EAA8E;AAC9E,sBAAsB;AACtB,8EAA8E;AAE9E,MAAM,OAAO,mBAAmB;IACb,MAAM,CAAiB;IAExC;;;OAGG;IACc,eAAe,GAAG,IAAI,GAAG,EAGvC,CAAC;IAEJ;;;OAGG;IACc,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;IAEvD,qCAAqC;IACpB,gBAAgB,GAAG,IAAI,GAAG,EAAyC,CAAC;IAErF,sDAAsD;IACrC,SAAS,CAAc;IACvB,YAAY,CAAiB;IAE9C,YACE,IAA6B,EAC7B,IAGC;QAED,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAC1B,IAAI,CAAC,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,gBAAgB,CAAC;QACrD,IAAI,CAAC,YAAY,GAAG,IAAI,EAAE,YAAY,IAAI,mBAAmB,CAAC;IAChE,CAAC;IAED,4EAA4E;IAC5E,8DAA8D;IAC9D,4EAA4E;IAE5E;;;OAGG;IACH,eAAe,CAAC,OAAoB;QAClC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE;YAC1C,OAAO;YACP,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC,CAAC;QAEH,uBAAuB;QACvB,MAAM,WAAW,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC/C,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAClD,CAAC,EAAE,SAAS,CAAC,CAAC;QAEd,qDAAqD;QACrD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,IAAI,KAAK,EAAE,CAAC;YAClD,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,CAAC;QAED,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;IACtD,CAAC;IAED,4EAA4E;IAC5E,mCAAmC;IACnC,4EAA4E;IAE5E;;;;;;OAMG;IACH,KAAK,CAAC,MAAM,CAAC,YAA0B;QACrC,oBAAoB;QACpB,IAAI,CAAC;YACH,kBAAkB,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,WAAW,CAAC,uBAAuB,EAAE;gBAC7C,OAAO,EAAE,wCAAwC;aAClD,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,YAAY,CAAC;QAE1D,sDAAsD;QACtD,IAAI,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,WAAW,CAAC,gCAAgC,EAAE;gBACtD,OAAO,EAAE,gBAAgB,SAAS,6BAA6B;aAChE,CAAC,CAAC;QACL,CAAC;QAED,0BAA0B;QAC1B,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACpD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,wBAAwB,EAAE;gBAC9C,OAAO,EAAE,gDAAgD,SAAS,EAAE;aACrE,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;QAE5B,sBAAsB;QACtB,IAAI,IAAI,IAAI,EAAE,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACvC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YAC3B,MAAM,IAAI,WAAW,CAAC,sBAAsB,EAAE;gBAC5C,OAAO,EAAE,gBAAgB,SAAS,cAAc;aACjD,CAAC,CAAC;QACL,CAAC;QAED,gDAAgD;QAChD,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM;aAC1B,OAAO,CACN;;wBAEgB,CACjB;aACA,GAAG,CAAC,IAAI,CAA0B,CAAC;QAEtC,IAAI,SAAS,EAAE,aAAa,EAAE,CAAC;YAC7B,kEAAkE;YAClE,MAAM,gBAAgB,GAAG,aAAa,CAAC,WAAW,EAAE,CAAC;YACrD,MAAM,eAAe,GAAG,SAAS,CAAC,aAAa,CAAC,WAAW,EAAE,CAAC;YAC9D,IAAI,gBAAgB,KAAK,eAAe,EAAE,CAAC;gBACzC,MAAM,IAAI,WAAW,CAAC,yBAAyB,EAAE;oBAC/C,OAAO,EAAE,kBAAkB,aAAa,gCAAgC,SAAS,CAAC,aAAa,EAAE;iBAClG,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,mBAAmB;QACnB,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QAClD,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,yBAAyB;IACzB,4EAA4E;IAEpE,KAAK,CAAC,aAAa,CACzB,OAAoB,EACpB,QAAsB;QAEtB,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,QAAQ,CAAC;QACzD,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QAEnC,oCAAoC;QACpC,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,WAAW,CAAC,uBAAuB,EAAE;gBAC7C,OAAO,EAAE,sCAAsC;aAChD,CAAC,CAAC;QACL,CAAC;QAED,iCAAiC;QACjC,IAAI,OAAO,GAAG,KAAK,CAAC;QACpB,IAAI,CAAC;YACH,IAAI,OAAO,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;gBAC5B,OAAO,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC;oBAC7B,OAAO,EAAE,aAAa;oBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,SAAS;iBACV,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,OAAO,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACtC,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;oBAChC,gBAAgB,EAAE,aAAa;oBAC/B,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,SAAS;iBACV,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,KAAK,CAAC;QAClB,CAAC;QAED,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,mBAAmB,EAAE;gBACzC,OAAO,EAAE,6CAA6C;aACvD,CAAC,CAAC;QACL,CAAC;QAED,6EAA6E;QAC7E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM;aACR,OAAO,CACN;yEACiE,CAClE;aACA,GAAG,CAAC,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;QAE7B,IAAI,CAAC,MAAM;aACR,OAAO,CACN;4CACoC,CACrC;aACA,GAAG,CAAC,IAAI,CAAC,CAAC;QAEb,UAAU;QACV,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACtC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAE3B,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IACtC,CAAC;IAED,4EAA4E;IAC5E,wBAAwB;IACxB,4EAA4E;IAEpE,KAAK,CAAC,YAAY,CACxB,OAAoB,EACpB,QAAsB;QAEtB,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,QAAQ,CAAC;QACzD,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QAEnC,6CAA6C;QAC7C,IAAI,SAAS,EAAE,CAAC;YACd,IAAI,CAAC;gBACH,IAAI,OAAO,GAAG,KAAK,CAAC;gBACpB,IAAI,OAAO,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;oBAC5B,OAAO,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC;wBAC7B,OAAO,EAAE,aAAa;wBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;wBACxB,SAAS;qBACV,CAAC,CAAC;gBACL,CAAC;qBAAM,IAAI,OAAO,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACtC,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC;wBAChC,gBAAgB,EAAE,aAAa;wBAC/B,OAAO,EAAE,OAAO,CAAC,OAAO;wBACxB,SAAS;qBACV,CAAC,CAAC;gBACL,CAAC;gBACD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,MAAM,IAAI,WAAW,CAAC,mBAAmB,EAAE;wBACzC,OAAO,EAAE,+DAA+D;qBACzE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,GAAG,YAAY,WAAW,IAAI,GAAG,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;oBACnE,MAAM,GAAG,CAAC;gBACZ,CAAC;gBACD,iFAAiF;YACnF,CAAC;QACH,CAAC;QAED,6EAA6E;QAC7E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM;aACR,OAAO,CACN;yEACiE,CAClE;aACA,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAElB,IAAI,CAAC,MAAM;aACR,OAAO,CACN;4CACoC,CACrC;aACA,GAAG,CAAC,IAAI,CAAC,CAAC;QAEb,UAAU;QACV,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACtC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAE3B,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;IACtC,CAAC;IAED,4EAA4E;IAC5E,yBAAyB;IACzB,4EAA4E;IAEpE,UAAU,CAAC,SAAiB;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACnD,IAAI,KAAK,EAAE,CAAC;YACV,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,4EAA4E;IAC5E,2CAA2C;IAC3C,4EAA4E;IAE5E;;OAEG;IACH,OAAO;QACL,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,EAAE,CAAC;YACnD,YAAY,CAAC,KAAK,CAAC,CAAC;QACtB,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;QAC9B,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;IACjC,CAAC;CACF"}

package/dist/services/signing-sdk/wallet-link-registry.d.ts ADDED Viewed

@@ -0,0 +1,44 @@
+/**
+ * WalletLinkRegistry -- manages wallet registration for the Signing SDK.
+ *
+ * Stores wallet link configurations as a JSON array in SettingsService
+ * under the 'signing_sdk.wallets' key. Provides CRUD operations and
+ * universal link URL generation for registered wallets.
+ *
+ * @see internal/design/74-wallet-sdk-daemon-components.md
+ */
+import { type WalletLinkConfig, type SignRequest } from '@waiaas/core';
+import type { SettingsService } from '../../infrastructure/settings/settings-service.js';
+export declare class WalletLinkRegistry {
+    private readonly settings;
+    constructor(settings: SettingsService);
+    /**
+     * Get a wallet configuration by name.
+     * @throws WAIaaSError('WALLET_NOT_REGISTERED') if wallet is not found.
+     */
+    getWallet(name: string): WalletLinkConfig;
+    /**
+     * Get all registered wallet configurations.
+     */
+    getAllWallets(): WalletLinkConfig[];
+    /**
+     * Register a new wallet configuration.
+     * @throws WAIaaSError('WALLET_NOT_REGISTERED') is NOT thrown -- instead throws
+     *         a generic error if the wallet name already exists (duplicate prevention).
+     */
+    registerWallet(config: WalletLinkConfig): void;
+    /**
+     * Remove a wallet configuration by name.
+     * @throws WAIaaSError('WALLET_NOT_REGISTERED') if wallet is not found.
+     */
+    removeWallet(name: string): void;
+    /**
+     * Build a universal link URL for a wallet signing request.
+     * Combines getWallet() + buildUniversalLinkUrl().
+     * @throws WAIaaSError('WALLET_NOT_REGISTERED') if wallet is not found.
+     */
+    buildSignUrl(walletName: string, request: SignRequest): string;
+    private loadWallets;
+    private saveWallets;
+}
+//# sourceMappingURL=wallet-link-registry.d.ts.map

package/dist/services/signing-sdk/wallet-link-registry.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wallet-link-registry.d.ts","sourceRoot":"","sources":["../../../src/services/signing-sdk/wallet-link-registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EACL,KAAK,gBAAgB,EAErB,KAAK,WAAW,EAGjB,MAAM,cAAc,CAAC;AAEtB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,mDAAmD,CAAC;AAYzF,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAkB;gBAE/B,QAAQ,EAAE,eAAe;IAQrC;;;OAGG;IACH,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB;IAYzC;;OAEG;IACH,aAAa,IAAI,gBAAgB,EAAE;IAQnC;;;;OAIG;IACH,cAAc,CAAC,MAAM,EAAE,gBAAgB,GAAG,IAAI;IAiB9C;;;OAGG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAiBhC;;;;OAIG;IACH,YAAY,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,GAAG,MAAM;IAS9D,OAAO,CAAC,WAAW;IAWnB,OAAO,CAAC,WAAW;CAGpB"}

package/dist/services/signing-sdk/wallet-link-registry.js ADDED Viewed

@@ -0,0 +1,116 @@
+/**
+ * WalletLinkRegistry -- manages wallet registration for the Signing SDK.
+ *
+ * Stores wallet link configurations as a JSON array in SettingsService
+ * under the 'signing_sdk.wallets' key. Provides CRUD operations and
+ * universal link URL generation for registered wallets.
+ *
+ * @see internal/design/74-wallet-sdk-daemon-components.md
+ */
+import { WalletLinkConfigSchema, buildUniversalLinkUrl, WAIaaSError, } from '@waiaas/core';
+import { z } from 'zod';
+// ---------------------------------------------------------------------------
+// Internal: JSON array schema for wallet configs
+// ---------------------------------------------------------------------------
+const WalletLinkConfigArraySchema = z.array(WalletLinkConfigSchema);
+// ---------------------------------------------------------------------------
+// WalletLinkRegistry
+// ---------------------------------------------------------------------------
+export class WalletLinkRegistry {
+    settings;
+    constructor(settings) {
+        this.settings = settings;
+    }
+    // -------------------------------------------------------------------------
+    // Read: getWallet / getAllWallets
+    // -------------------------------------------------------------------------
+    /**
+     * Get a wallet configuration by name.
+     * @throws WAIaaSError('WALLET_NOT_REGISTERED') if wallet is not found.
+     */
+    getWallet(name) {
+        const wallets = this.loadWallets();
+        const wallet = wallets.find((w) => w.name === name);
+        if (!wallet) {
+            throw new WAIaaSError('WALLET_NOT_REGISTERED', {
+                message: `Wallet '${name}' not registered in signing SDK`,
+                details: { walletName: name },
+            });
+        }
+        return wallet;
+    }
+    /**
+     * Get all registered wallet configurations.
+     */
+    getAllWallets() {
+        return this.loadWallets();
+    }
+    // -------------------------------------------------------------------------
+    // Write: registerWallet / removeWallet
+    // -------------------------------------------------------------------------
+    /**
+     * Register a new wallet configuration.
+     * @throws WAIaaSError('WALLET_NOT_REGISTERED') is NOT thrown -- instead throws
+     *         a generic error if the wallet name already exists (duplicate prevention).
+     */
+    registerWallet(config) {
+        // Validate input against schema
+        const validated = WalletLinkConfigSchema.parse(config);
+        const wallets = this.loadWallets();
+        const existing = wallets.find((w) => w.name === validated.name);
+        if (existing) {
+            throw new WAIaaSError('SIGN_REQUEST_ALREADY_PROCESSED', {
+                message: `Wallet '${validated.name}' is already registered`,
+                details: { walletName: validated.name },
+            });
+        }
+        wallets.push(validated);
+        this.saveWallets(wallets);
+    }
+    /**
+     * Remove a wallet configuration by name.
+     * @throws WAIaaSError('WALLET_NOT_REGISTERED') if wallet is not found.
+     */
+    removeWallet(name) {
+        const wallets = this.loadWallets();
+        const index = wallets.findIndex((w) => w.name === name);
+        if (index === -1) {
+            throw new WAIaaSError('WALLET_NOT_REGISTERED', {
+                message: `Wallet '${name}' not registered in signing SDK`,
+                details: { walletName: name },
+            });
+        }
+        wallets.splice(index, 1);
+        this.saveWallets(wallets);
+    }
+    // -------------------------------------------------------------------------
+    // URL generation: buildSignUrl
+    // -------------------------------------------------------------------------
+    /**
+     * Build a universal link URL for a wallet signing request.
+     * Combines getWallet() + buildUniversalLinkUrl().
+     * @throws WAIaaSError('WALLET_NOT_REGISTERED') if wallet is not found.
+     */
+    buildSignUrl(walletName, request) {
+        const wallet = this.getWallet(walletName);
+        return buildUniversalLinkUrl(wallet, request);
+    }
+    // -------------------------------------------------------------------------
+    // Private: load/save from SettingsService
+    // -------------------------------------------------------------------------
+    loadWallets() {
+        const json = this.settings.get('signing_sdk.wallets');
+        try {
+            const parsed = JSON.parse(json);
+            return WalletLinkConfigArraySchema.parse(parsed);
+        }
+        catch {
+            // If the stored JSON is invalid, return empty array (graceful degradation)
+            return [];
+        }
+    }
+    saveWallets(wallets) {
+        this.settings.set('signing_sdk.wallets', JSON.stringify(wallets));
+    }
+}
+//# sourceMappingURL=wallet-link-registry.js.map

package/dist/services/signing-sdk/wallet-link-registry.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"wallet-link-registry.js","sourceRoot":"","sources":["../../../src/services/signing-sdk/wallet-link-registry.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAEL,sBAAsB,EAEtB,qBAAqB,EACrB,WAAW,GACZ,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,8EAA8E;AAC9E,iDAAiD;AACjD,8EAA8E;AAE9E,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;AAEpE,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,MAAM,OAAO,kBAAkB;IACZ,QAAQ,CAAkB;IAE3C,YAAY,QAAyB;QACnC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED,4EAA4E;IAC5E,kCAAkC;IAClC,4EAA4E;IAE5E;;;OAGG;IACH,SAAS,CAAC,IAAY;QACpB,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QACpD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,WAAW,CAAC,uBAAuB,EAAE;gBAC7C,OAAO,EAAE,WAAW,IAAI,iCAAiC;gBACzD,OAAO,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE;aAC9B,CAAC,CAAC;QACL,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,WAAW,EAAE,CAAC;IAC5B,CAAC;IAED,4EAA4E;IAC5E,uCAAuC;IACvC,4EAA4E;IAE5E;;;;OAIG;IACH,cAAc,CAAC,MAAwB;QACrC,gCAAgC;QAChC,MAAM,SAAS,GAAG,sBAAsB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEvD,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,CAAC;QAChE,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CAAC,gCAAgC,EAAE;gBACtD,OAAO,EAAE,WAAW,SAAS,CAAC,IAAI,yBAAyB;gBAC3D,OAAO,EAAE,EAAE,UAAU,EAAE,SAAS,CAAC,IAAI,EAAE;aACxC,CAAC,CAAC;QACL,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACxB,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACH,YAAY,CAAC,IAAY;QACvB,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QACxD,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;YACjB,MAAM,IAAI,WAAW,CAAC,uBAAuB,EAAE;gBAC7C,OAAO,EAAE,WAAW,IAAI,iCAAiC;gBACzD,OAAO,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE;aAC9B,CAAC,CAAC;QACL,CAAC;QACD,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACzB,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAC5B,CAAC;IAED,4EAA4E;IAC5E,+BAA+B;IAC/B,4EAA4E;IAE5E;;;;OAIG;IACH,YAAY,CAAC,UAAkB,EAAE,OAAoB;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAC1C,OAAO,qBAAqB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,4EAA4E;IAC5E,0CAA0C;IAC1C,4EAA4E;IAEpE,WAAW;QACjB,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACtD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAChC,OAAO,2BAA2B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,2EAA2E;YAC3E,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,OAA2B;QAC7C,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,qBAAqB,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IACpE,CAAC;CACF"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@waiaas/daemon",
-  "version": "2.4.0-rc.2",
+  "version": "2.4.0-rc.3",
   "description": "WAIaaS daemon - self-hosted wallet service for AI agents",
   "license": "MIT",
   "type": "module",
@@ -47,9 +47,9 @@
     "uuidv7": "^1.0.2",
     "viem": "^2.21.0",
     "zod": "^3.24.0",
-    "@waiaas/adapter-evm": "2.4.0-rc.2",
-    "@waiaas/core": "2.4.0-rc.2",
-    "@waiaas/adapter-solana": "2.4.0-rc.2"
+    "@waiaas/adapter-evm": "2.4.0-rc.3",
+    "@waiaas/core": "2.4.0-rc.3",
+    "@waiaas/adapter-solana": "2.4.0-rc.3"
   },
   "devDependencies": {
     "@types/better-sqlite3": "^7.6.0",