@wopr-network/crypto-plugins 1.0.1 → 1.1.0

package/src/solana/sweeper.ts

@@ -1,16 +1,206 @@
+import { ed25519 } from "@noble/curves/ed25519.js";
 import type {
 	DepositInfo,
 	ISweepStrategy,
 	KeyPair,
 	SweeperOpts,
 	SweepResult,
-} from "@wopr-network/platform-core/crypto-plugin";
+} from "@wopr-network/platform-crypto-server/plugin";
 import type { SolanaRpcCall } from "./types.js";
 import { createSolanaRpcCaller } from "./watcher.js";
 
 /** Transaction fee estimate (in lamports). */
 const TX_FEE = 5_000n;
 
+/** SPL Token program ID. */
+const TOKEN_PROGRAM_ID = "TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA";
+
+/** System program ID. */
+const SYSTEM_PROGRAM_ID = "11111111111111111111111111111111";
+
+// --- Base58 for Solana ---
+
+const BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+
+function base58decode(str: string): Uint8Array {
+	let num = 0n;
+	for (const ch of str) {
+		const idx = BASE58_ALPHABET.indexOf(ch);
+		if (idx < 0) throw new Error(`Invalid Base58 char: ${ch}`);
+		num = num * 58n + BigInt(idx);
+	}
+	const bytes: number[] = [];
+	while (num > 0n) {
+		bytes.unshift(Number(num % 256n));
+		num = num / 256n;
+	}
+	let leadingZeros = 0;
+	for (const ch of str) {
+		if (ch !== "1") break;
+		leadingZeros++;
+	}
+	return new Uint8Array([...new Array(leadingZeros).fill(0), ...bytes]);
+}
+
+function base58encode(data: Uint8Array): string {
+	let num = 0n;
+	for (const byte of data) num = num * 256n + BigInt(byte);
+	let encoded = "";
+	while (num > 0n) {
+		encoded = BASE58_ALPHABET[Number(num % 58n)] + encoded;
+		num = num / 58n;
+	}
+	for (const byte of data) {
+		if (byte !== 0) break;
+		encoded = `1${encoded}`;
+	}
+	return encoded || "1";
+}
+
+// --- Solana transaction helpers ---
+
+/** Compact-u16 encoding used by Solana for array lengths. */
+function encodeCompactU16(value: number): Uint8Array {
+	if (value < 0x80) return new Uint8Array([value]);
+	if (value < 0x4000) return new Uint8Array([(value & 0x7f) | 0x80, value >> 7]);
+	return new Uint8Array([(value & 0x7f) | 0x80, ((value >> 7) & 0x7f) | 0x80, value >> 14]);
+}
+
+/** Write a u32 as little-endian bytes. */
+function writeU32LE(value: number): Uint8Array {
+	const buf = new Uint8Array(4);
+	buf[0] = value & 0xff;
+	buf[1] = (value >> 8) & 0xff;
+	buf[2] = (value >> 16) & 0xff;
+	buf[3] = (value >> 24) & 0xff;
+	return buf;
+}
+
+/** Write a u64 as little-endian bytes. */
+function writeU64LE(value: bigint): Uint8Array {
+	const buf = new Uint8Array(8);
+	for (let i = 0; i < 8; i++) {
+		buf[i] = Number(value & 0xffn);
+		value = value >> 8n;
+	}
+	return buf;
+}
+
+/** Concatenate multiple Uint8Arrays. */
+function concatBytes(...arrays: Uint8Array[]): Uint8Array {
+	const total = arrays.reduce((sum, a) => sum + a.length, 0);
+	const result = new Uint8Array(total);
+	let offset = 0;
+	for (const a of arrays) {
+		result.set(a, offset);
+		offset += a.length;
+	}
+	return result;
+}
+
+/**
+ * Build a Solana transaction message (v0 legacy format).
+ * Returns the serialized message bytes for signing.
+ */
+function buildTransactionMessage(
+	recentBlockhash: string,
+	feePayer: Uint8Array,
+	instructions: Array<{
+		programId: Uint8Array;
+		accounts: Array<{ pubkey: Uint8Array; isSigner: boolean; isWritable: boolean }>;
+		data: Uint8Array;
+	}>,
+): Uint8Array {
+	// Collect all unique accounts
+	const accountMap = new Map<string, { pubkey: Uint8Array; isSigner: boolean; isWritable: boolean }>();
+	const feePayerKey = base58encode(feePayer);
+	accountMap.set(feePayerKey, { pubkey: feePayer, isSigner: true, isWritable: true });
+
+	for (const ix of instructions) {
+		const progKey = base58encode(ix.programId);
+		if (!accountMap.has(progKey)) {
+			accountMap.set(progKey, { pubkey: ix.programId, isSigner: false, isWritable: false });
+		}
+		for (const acc of ix.accounts) {
+			const key = base58encode(acc.pubkey);
+			const existing = accountMap.get(key);
+			if (existing) {
+				existing.isSigner = existing.isSigner || acc.isSigner;
+				existing.isWritable = existing.isWritable || acc.isWritable;
+			} else {
+				accountMap.set(key, { ...acc });
+			}
+		}
+	}
+
+	// Sort: signers+writable first, then signers+readonly, then non-signers+writable, then non-signers+readonly
+	// Fee payer is always first
+	const accounts = [...accountMap.values()];
+	accounts.sort((a, b) => {
+		const aKey = base58encode(a.pubkey);
+		const bKey = base58encode(b.pubkey);
+		if (aKey === feePayerKey) return -1;
+		if (bKey === feePayerKey) return 1;
+		if (a.isSigner !== b.isSigner) return a.isSigner ? -1 : 1;
+		if (a.isWritable !== b.isWritable) return a.isWritable ? -1 : 1;
+		return 0;
+	});
+
+	const numRequiredSignatures = accounts.filter((a) => a.isSigner).length;
+	const numReadonlySignedAccounts = accounts.filter((a) => a.isSigner && !a.isWritable).length;
+	const numReadonlyUnsignedAccounts = accounts.filter((a) => !a.isSigner && !a.isWritable).length;
+
+	const accountKeyIndex = new Map<string, number>();
+	for (let i = 0; i < accounts.length; i++) {
+		accountKeyIndex.set(base58encode(accounts[i].pubkey), i);
+	}
+
+	// Serialize message
+	const header = new Uint8Array([numRequiredSignatures, numReadonlySignedAccounts, numReadonlyUnsignedAccounts]);
+	const accountKeysLen = encodeCompactU16(accounts.length);
+	const accountKeysData = concatBytes(...accounts.map((a) => a.pubkey));
+	const blockhashBytes = base58decode(recentBlockhash);
+	const instructionsLen = encodeCompactU16(instructions.length);
+
+	const ixData: Uint8Array[] = [];
+	for (const ix of instructions) {
+		const progIdx = accountKeyIndex.get(base58encode(ix.programId));
+		if (progIdx === undefined) throw new Error("Program ID not in account list");
+		const accountIdxs = ix.accounts.map((a) => {
+			const idx = accountKeyIndex.get(base58encode(a.pubkey));
+			if (idx === undefined) throw new Error("Account not in account list");
+			return idx;
+		});
+		ixData.push(
+			concatBytes(
+				new Uint8Array([progIdx]),
+				encodeCompactU16(accountIdxs.length),
+				new Uint8Array(accountIdxs),
+				encodeCompactU16(ix.data.length),
+				ix.data,
+			),
+		);
+	}
+
+	return concatBytes(header, accountKeysLen, accountKeysData, blockhashBytes, instructionsLen, ...ixData);
+}
+
+/**
+ * Sign and serialize a full Solana transaction (legacy format).
+ * Returns base58-encoded wire format ready for sendTransaction.
+ */
+function signAndSerialize(messageBytes: Uint8Array, signers: Uint8Array[]): string {
+	const signatures: Uint8Array[] = [];
+	for (const secretKey of signers) {
+		const sig = ed25519.sign(messageBytes, secretKey.slice(0, 32));
+		signatures.push(sig);
+	}
+
+	const numSigs = encodeCompactU16(signatures.length);
+	const wire = concatBytes(numSigs, ...signatures, messageBytes);
+	return base58encode(wire);
+}
+
 /**
  * Solana sweep strategy.
  *
@@ -164,33 +354,98 @@ export class SolanaSweeper implements ISweepStrategy {
 	}
 
 	/**
-	 * Submit a native SOL transfer.
+	 * Submit a native SOL transfer via SystemProgram.transfer.
 	 *
-	 * Builds a SystemProgram.transfer instruction, signs with the deposit keypair,
-	 * and submits via sendTransaction.
+	 * Builds the instruction manually, signs with Ed25519, and submits via sendTransaction.
 	 */
 	private async submitSolTransfer(key: KeyPair, treasury: string, lamports: bigint): Promise<string> {
-		// Get recent blockhash
 		const blockhashResult = (await this.rpc("getLatestBlockhash", [{ commitment: "finalized" }])) as {
 			value: { blockhash: string; lastValidBlockHeight: number };
 		};
 
-		// In production, build + sign the transaction using @solana/web3.js or manual serialization.
-		// For Phase 1, we use a simplified approach:
-		throw new Error(
-			`SOL transfer not yet implemented — would send ${lamports} lamports from ${key.address} to ${treasury} with blockhash ${blockhashResult.value.blockhash}`,
-		);
+		const fromPubkey = base58decode(key.address);
+		const toPubkey = base58decode(treasury);
+		const systemProgramId = base58decode(SYSTEM_PROGRAM_ID);
+
+		// SystemProgram.Transfer instruction: index 2, followed by u64 lamports
+		const ixData = concatBytes(writeU32LE(2), writeU64LE(lamports));
+
+		const message = buildTransactionMessage(blockhashResult.value.blockhash, fromPubkey, [
+			{
+				programId: systemProgramId,
+				accounts: [
+					{ pubkey: fromPubkey, isSigner: true, isWritable: true },
+					{ pubkey: toPubkey, isSigner: false, isWritable: true },
+				],
+				data: ixData,
+			},
+		]);
+
+		// Ed25519 signing requires the 64-byte secret key (32-byte seed + 32-byte pubkey)
+		const secretKey = concatBytes(key.privateKey, fromPubkey);
+		const serialized = signAndSerialize(message, [secretKey]);
+
+		const result = (await this.rpc("sendTransaction", [serialized, { encoding: "base58" }])) as string;
+		return result;
 	}
 
 	/**
 	 * Submit an SPL token transfer.
 	 *
-	 * Builds a TokenProgram.transfer instruction for the given mint,
-	 * signs with the deposit keypair, and submits via sendTransaction.
+	 * Finds or derives the associated token accounts for sender and receiver,
+	 * then builds a TokenProgram.Transfer instruction.
 	 */
 	private async submitSplTransfer(key: KeyPair, treasury: string, mint: string, amount: bigint): Promise<string> {
-		throw new Error(
-			`SPL transfer not yet implemented — would send ${amount} of ${mint} from ${key.address} to ${treasury}`,
-		);
+		const blockhashResult = (await this.rpc("getLatestBlockhash", [{ commitment: "finalized" }])) as {
+			value: { blockhash: string; lastValidBlockHeight: number };
+		};
+
+		const fromPubkey = base58decode(key.address);
+		const tokenProgramId = base58decode(TOKEN_PROGRAM_ID);
+
+		// Find sender's token account for this mint
+		const senderAccounts = (await this.rpc("getTokenAccountsByOwner", [
+			key.address,
+			{ mint },
+			{ encoding: "jsonParsed" },
+		])) as { value: Array<{ pubkey: string }> };
+
+		if (senderAccounts.value.length === 0) {
+			throw new Error(`No token account found for ${key.address} mint ${mint}`);
+		}
+		const senderTokenAccount = base58decode(senderAccounts.value[0].pubkey);
+
+		// Find receiver's token account for this mint
+		const receiverAccounts = (await this.rpc("getTokenAccountsByOwner", [
+			treasury,
+			{ mint },
+			{ encoding: "jsonParsed" },
+		])) as { value: Array<{ pubkey: string }> };
+
+		if (receiverAccounts.value.length === 0) {
+			throw new Error(`No token account found for treasury ${treasury} mint ${mint} — create ATA first`);
+		}
+		const receiverTokenAccount = base58decode(receiverAccounts.value[0].pubkey);
+
+		// SPL Token Transfer instruction: index 3, followed by u64 amount
+		const ixData = concatBytes(new Uint8Array([3]), writeU64LE(amount));
+
+		const message = buildTransactionMessage(blockhashResult.value.blockhash, fromPubkey, [
+			{
+				programId: tokenProgramId,
+				accounts: [
+					{ pubkey: senderTokenAccount, isSigner: false, isWritable: true },
+					{ pubkey: receiverTokenAccount, isSigner: false, isWritable: true },
+					{ pubkey: fromPubkey, isSigner: true, isWritable: false },
+				],
+				data: ixData,
+			},
+		]);
+
+		const secretKey = concatBytes(key.privateKey, fromPubkey);
+		const serialized = signAndSerialize(message, [secretKey]);
+
+		const result = (await this.rpc("sendTransaction", [serialized, { encoding: "base58" }])) as string;
+		return result;
 	}
 }

package/src/solana/watcher.ts

@@ -3,7 +3,7 @@ import type {
 	IWatcherCursorStore,
 	PaymentEvent,
 	WatcherOpts,
-} from "@wopr-network/platform-core/crypto-plugin";
+} from "@wopr-network/platform-crypto-server/plugin";
 import type { SignatureInfo, SolanaRpcCall, SolanaTransaction } from "./types.js";
 
 /** Microdollars per cent. Used for oracle price conversion. */

package/src/sweep/evm-sweeper.ts

@@ -6,7 +6,7 @@
  *   2. Fund gas -- treasury sends ETH to ERC-20 deposit addresses
  *   3. Sweep ERC-20s -- deposit addresses send all tokens to treasury
  */
-import type { DepositInfo, ISweepStrategy, KeyPair, SweepResult } from "@wopr-network/platform-core/crypto-plugin";
+import type { DepositInfo, ISweepStrategy, KeyPair, SweepResult } from "@wopr-network/platform-crypto-server/plugin";
 import {
 	type Address,
 	type Chain,

package/src/sweep/index.ts

@@ -25,8 +25,9 @@ import { keccak_256 } from "@noble/hashes/sha3.js";
 import { HDKey } from "@scure/bip32";
 import * as bip39 from "@scure/bip39";
 import { wordlist } from "@scure/bip39/wordlists/english.js";
-import type { KeyPair, SweepResult } from "@wopr-network/platform-core/crypto-plugin";
+import type { KeyPair, SweepResult } from "@wopr-network/platform-crypto-server/plugin";
 import { privateKeyToAccount } from "viem/accounts";
+import { SolanaSweeper } from "../solana/sweeper.js";
 import { sha256 } from "../tron/sha256.js";
 import { EvmSweeper, type EvmToken } from "./evm-sweeper.js";
 import { TronSweeper, type TronToken } from "./tron-sweeper.js";
@@ -38,6 +39,7 @@ const CRYPTO_SERVICE_URL = process.env.CRYPTO_SERVICE_URL;
 const CRYPTO_SERVICE_KEY = process.env.CRYPTO_SERVICE_KEY;
 const DRY_RUN = process.env.SWEEP_DRY_RUN !== "false";
 const MAX_INDEX = Number(process.env.MAX_ADDRESSES ?? "200");
+const SUBCOMMAND = process.argv[2]; // "sweep" (default) or "pool-replenish"
 
 // --- Chain server types ---
 
@@ -323,6 +325,47 @@ async function main() {
 			continue;
 		}
 
+		if (family === "solana") {
+			// Solana uses Ed25519 — pre-derived pool keys come from the chain server
+			const rpcUrl = group[0]?.rpc_url;
+			if (!rpcUrl) {
+				console.log("  Skipping solana -- no rpc_url in chain config");
+				continue;
+			}
+
+			// For Solana, fetch pre-derived pool addresses from the chain server
+			console.log(`\n--- Solana (${group.length} tokens) ---`);
+			console.log("  Note: Solana uses Ed25519 pre-derived keys -- sweep requires pool keys from chain server");
+
+			for (const method of group) {
+				const sweeper = new SolanaSweeper({
+					rpcUrl,
+					rpcHeaders: method.rpc_headers ?? {},
+					chain: method.chain,
+					token: method.token,
+					decimals: method.decimals,
+					contractAddress: method.contractAddress ?? undefined,
+				});
+
+				// For Solana, we can't derive keys from the secp256k1 master — skip if no pool keys.
+				// In production, pool keys would be fetched from the chain server's admin API.
+				console.log(`  ${method.token}: scan-only (pool key sweep requires admin/pool/export endpoint)`);
+				try {
+					const deposits = await sweeper.scan([], treasury.address);
+					if (deposits.length > 0) {
+						for (const d of deposits) {
+							console.log(`    [${d.index}] ${d.address}: ${d.nativeBalance} lamports`);
+						}
+					} else {
+						console.log("    No deposits found");
+					}
+				} catch (err) {
+					console.log(`    Scan error: ${(err as Error).message}`);
+				}
+			}
+			continue;
+		}
+
 		console.log(`  Skipping ${family} -- no sweeper implemented`);
 	}
 
@@ -347,7 +390,62 @@ async function main() {
 	console.log("\nDone.");
 }
 
-main().catch((err) => {
-	console.error(err);
-	process.exit(1);
-});
+// --- Pool replenish subcommand ---
+
+async function poolReplenish() {
+	if (!CRYPTO_SERVICE_URL) {
+		console.error("CRYPTO_SERVICE_URL is required");
+		process.exit(1);
+	}
+
+	const count = Number(process.env.POOL_COUNT ?? "100");
+	const chain = process.env.POOL_CHAIN;
+
+	if (!chain) {
+		console.error("POOL_CHAIN is required (e.g. 'solana')");
+		process.exit(1);
+	}
+
+	console.log(`Replenishing ${count} addresses for chain "${chain}"...`);
+
+	const headers: Record<string, string> = { "Content-Type": "application/json" };
+	if (CRYPTO_SERVICE_KEY) headers.Authorization = `Bearer ${CRYPTO_SERVICE_KEY}`;
+
+	const res = await fetch(`${CRYPTO_SERVICE_URL}/admin/pool/replenish`, {
+		method: "POST",
+		headers,
+		body: JSON.stringify({ chain, count }),
+	});
+
+	if (!res.ok) {
+		const body = await res.text();
+		console.error(`Pool replenish failed: ${res.status} ${body}`);
+		process.exit(1);
+	}
+
+	const result = (await res.json()) as { added: number; total: number };
+	console.log(`Added ${result.added} addresses (total pool: ${result.total})`);
+
+	// Check pool status
+	const statusRes = await fetch(`${CRYPTO_SERVICE_URL}/admin/pool/status?chain=${chain}`, { headers });
+	if (statusRes.ok) {
+		const status = (await statusRes.json()) as { available: number; claimed: number; total: number };
+		console.log(`Pool status: ${status.available} available, ${status.claimed} claimed, ${status.total} total`);
+	}
+
+	console.log("Done.");
+}
+
+// --- Entry point ---
+
+if (SUBCOMMAND === "pool-replenish") {
+	poolReplenish().catch((err) => {
+		console.error(err);
+		process.exit(1);
+	});
+} else {
+	main().catch((err) => {
+		console.error(err);
+		process.exit(1);
+	});
+}

package/src/sweep/tron-sweeper.ts

@@ -11,7 +11,7 @@
 
 import { secp256k1 } from "@noble/curves/secp256k1.js";
 import { keccak_256 } from "@noble/hashes/sha3.js";
-import type { DepositInfo, ISweepStrategy, KeyPair, SweepResult } from "@wopr-network/platform-core/crypto-plugin";
+import type { DepositInfo, ISweepStrategy, KeyPair, SweepResult } from "@wopr-network/platform-crypto-server/plugin";
 import { sha256 } from "../tron/sha256.js";
 
 // TRX has 6 decimals (1 TRX = 1,000,000 SUN)

package/src/sweep/utxo-sweeper.ts

@@ -4,7 +4,7 @@
  * UTXO chains require coin selection, fee estimation, and input signing
  * that is best handled by dedicated wallet software (Electrum, Sparrow, etc.).
  */
-import type { DepositInfo, ISweepStrategy, KeyPair, SweepResult } from "@wopr-network/platform-core/crypto-plugin";
+import type { DepositInfo, ISweepStrategy, KeyPair, SweepResult } from "@wopr-network/platform-crypto-server/plugin";
 
 export class UtxoSweeper implements ISweepStrategy {
 	private readonly chain: string;

package/src/tron/encoder.ts

@@ -1,6 +1,6 @@
 import { secp256k1 } from "@noble/curves/secp256k1.js";
 import { keccak_256 } from "@noble/hashes/sha3.js";
-import type { EncodingParams, IAddressEncoder } from "@wopr-network/platform-core/crypto-plugin";
+import type { EncodingParams, IAddressEncoder } from "@wopr-network/platform-crypto-server/plugin";
 
 import { sha256 } from "./sha256.js";
 

package/src/tron/index.ts

@@ -1,4 +1,4 @@
-import type { IChainPlugin, WatcherOpts } from "@wopr-network/platform-core/crypto-plugin";
+import type { IChainPlugin, WatcherOpts } from "@wopr-network/platform-crypto-server/plugin";
 
 import { keccakB58Encoder } from "./encoder.js";
 import { TronEvmWatcher } from "./watcher.js";

package/src/tron/watcher.ts

@@ -3,7 +3,7 @@ import type {
 	IWatcherCursorStore,
 	PaymentEvent,
 	WatcherOpts,
-} from "@wopr-network/platform-core/crypto-plugin";
+} from "@wopr-network/platform-crypto-server/plugin";
 
 import { hexToTron, tronToHex } from "./address-convert.js";