npm - @wopr-network/platform-core - Versions diffs - 1.13.2 → 1.14.0 - Mend

@wopr-network/platform-core 1.13.2 → 1.14.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (238) hide show

package/dist/api/routes/admin-credits.d.ts +2 -2
package/dist/api/routes/admin-credits.js +9 -4
package/dist/api/routes/quota.d.ts +2 -2
package/dist/api/routes/verify-email.d.ts +3 -3
package/dist/backup/on-demand-snapshot-service.d.ts +2 -2
package/dist/billing/payram/webhook.d.ts +3 -3
package/dist/billing/payram/webhook.js +5 -1
package/dist/billing/payram/webhook.test.js +5 -4
package/dist/billing/stripe/stripe-payment-processor.d.ts +2 -2
package/dist/billing/stripe/stripe-payment-processor.test.js +7 -0
package/dist/billing/stripe/tenant-store.d.ts +1 -1
package/dist/billing/stripe/tenant-store.js +1 -1
package/dist/credits/auto-topup-charge.d.ts +2 -2
package/dist/credits/auto-topup-charge.js +5 -1
package/dist/credits/auto-topup-charge.test.js +5 -4
package/dist/credits/auto-topup-usage.d.ts +2 -2
package/dist/credits/auto-topup-usage.test.js +53 -12
package/dist/credits/credit-expiry-cron.d.ts +2 -2
package/dist/credits/credit-expiry-cron.js +7 -4
package/dist/credits/credit-expiry-cron.test.js +25 -8
package/dist/credits/credit-ledger.d.ts +2 -2
package/dist/credits/credit-ledger.js +1 -1
package/dist/credits/dividend-cron.d.ts +4 -6
package/dist/credits/dividend-cron.js +10 -16
package/dist/credits/dividend-cron.test.js +31 -44
package/dist/credits/dividend-repository.js +19 -22
package/dist/credits/dividend-repository.test.js +4 -3
package/dist/credits/index.d.ts +4 -2
package/dist/credits/index.js +2 -1
package/dist/credits/ledger.d.ts +195 -0
package/dist/credits/ledger.js +561 -0
package/dist/credits/ledger.test.js +418 -0
package/dist/credits/signup-grant.d.ts +2 -2
package/dist/credits/signup-grant.js +4 -4
package/dist/credits/signup-grant.test.js +5 -3
package/dist/credits/trial-balance-cron.d.ts +19 -0
package/dist/credits/trial-balance-cron.js +30 -0
package/dist/credits/trial-balance-cron.test.js +55 -0
package/dist/db/schema/gateway-service-keys.d.ts +109 -0
package/dist/db/schema/gateway-service-keys.js +18 -0
package/dist/db/schema/index.d.ts +2 -0
package/dist/db/schema/index.js +2 -0
package/dist/db/schema/ledger.d.ts +442 -0
package/dist/db/schema/ledger.js +76 -0
package/dist/gateway/credit-gate.d.ts +2 -2
package/dist/gateway/credit-gate.js +5 -1
package/dist/gateway/credit-gate.test.js +35 -33
package/dist/gateway/gateway-routes.test.js +1 -1
package/dist/gateway/index.d.ts +2 -0
package/dist/gateway/index.js +1 -0
package/dist/gateway/protocol/anthropic.js +1 -1
package/dist/gateway/protocol/deps.d.ts +5 -5
package/dist/gateway/protocol/openai.js +1 -1
package/dist/gateway/proxy.d.ts +4 -4
package/dist/gateway/route-mounting.test.js +1 -1
package/dist/gateway/service-key-auth.d.ts +1 -1
package/dist/gateway/service-key-auth.js +1 -1
package/dist/gateway/service-key-repository.d.ts +27 -0
package/dist/gateway/service-key-repository.js +64 -0
package/dist/gateway/types.d.ts +5 -5
package/dist/metering/reconciliation-cron.test.js +9 -8
package/dist/metering/reconciliation-repository.js +12 -10
package/dist/metering/reconciliation-repository.test.js +9 -8
package/dist/monetization/affiliate/affiliate-admin-repository.js +10 -8
package/dist/monetization/affiliate/affiliate-admin-repository.test.js +32 -13
package/dist/monetization/affiliate/credit-match.d.ts +2 -2
package/dist/monetization/affiliate/credit-match.js +4 -1
package/dist/monetization/affiliate/credit-match.test.js +58 -13
package/dist/monetization/affiliate/new-user-bonus.d.ts +2 -2
package/dist/monetization/affiliate/new-user-bonus.js +4 -1
package/dist/monetization/affiliate/new-user-bonus.test.js +4 -3
package/dist/monetization/credits/auto-topup-charge.d.ts +2 -2
package/dist/monetization/credits/auto-topup-charge.js +5 -1
package/dist/monetization/credits/auto-topup-charge.test.js +5 -4
package/dist/monetization/credits/auto-topup-usage.d.ts +2 -2
package/dist/monetization/credits/auto-topup-usage.test.js +53 -12
package/dist/monetization/credits/bot-billing.d.ts +3 -3
package/dist/monetization/credits/bot-billing.test.js +18 -5
package/dist/monetization/credits/credit-expiry-cron.test.js +25 -8
package/dist/monetization/credits/dividend-cron.d.ts +2 -4
package/dist/monetization/credits/dividend-cron.js +7 -4
package/dist/monetization/credits/dividend-cron.test.js +26 -46
package/dist/monetization/credits/dividend-repository.js +15 -24
package/dist/monetization/credits/dividend-repository.test.js +4 -3
package/dist/monetization/credits/index.d.ts +2 -2
package/dist/monetization/credits/index.js +1 -1
package/dist/monetization/credits/member-usage.test.js +23 -10
package/dist/monetization/credits/phone-billing.d.ts +2 -2
package/dist/monetization/credits/phone-billing.js +5 -1
package/dist/monetization/credits/phone-billing.test.js +9 -12
package/dist/monetization/credits/runtime-cron.d.ts +2 -2
package/dist/monetization/credits/runtime-cron.js +32 -8
package/dist/monetization/credits/runtime-cron.test.js +28 -27
package/dist/monetization/credits/runtime-scheduler.d.ts +2 -2
package/dist/monetization/credits/runtime-scheduler.test.js +1 -1
package/dist/monetization/credits/signup-grant.test.js +5 -3
package/dist/monetization/credits/storage-tier-cron.test.js +3 -2
package/dist/monetization/credits/trial-balance-cron.test.js +42 -0
package/dist/monetization/feature-gate.d.ts +3 -3
package/dist/monetization/index.d.ts +3 -3
package/dist/monetization/index.js +1 -1
package/dist/monetization/metering/reconciliation-cron.test.js +9 -8
package/dist/monetization/metering/reconciliation-repository.js +11 -10
package/dist/monetization/metering/reconciliation-repository.test.js +9 -8
package/dist/monetization/payram/webhook.d.ts +2 -2
package/dist/monetization/payram/webhook.js +5 -1
package/dist/monetization/payram/webhook.test.js +5 -4
package/dist/monetization/promotions/engine.d.ts +2 -2
package/dist/monetization/promotions/engine.js +4 -1
package/dist/monetization/promotions/engine.test.js +3 -1
package/dist/monetization/repository-types.d.ts +1 -1
package/dist/monetization/socket/socket.d.ts +3 -3
package/dist/monetization/stripe/stripe-payment-processor.d.ts +2 -2
package/dist/monetization/stripe/stripe-payment-processor.test.js +7 -0
package/dist/monetization/stripe/webhook.d.ts +2 -2
package/dist/monetization/stripe/webhook.js +70 -6
package/dist/monetization/stripe/webhook.test.js +20 -15
package/dist/onboarding/onboarding-service.d.ts +2 -2
package/dist/onboarding/onboarding-service.js +6 -2
package/drizzle/migrations/0002_gateway_service_keys.sql +14 -0
package/drizzle/migrations/0003_double_entry_ledger.sql +82 -0
package/drizzle/migrations/meta/_journal.json +14 -0
package/package.json +1 -1
package/src/api/routes/admin-credits.ts +11 -14
package/src/api/routes/quota.ts +2 -2
package/src/api/routes/verify-email.ts +4 -4
package/src/backup/on-demand-snapshot-service.test.ts +3 -3
package/src/backup/on-demand-snapshot-service.ts +3 -3
package/src/billing/payram/webhook.test.ts +7 -5
package/src/billing/payram/webhook.ts +8 -11
package/src/billing/stripe/stripe-payment-processor.test.ts +10 -3
package/src/billing/stripe/stripe-payment-processor.ts +3 -3
package/src/billing/stripe/tenant-store.ts +1 -1
package/src/credits/auto-topup-charge.test.ts +7 -5
package/src/credits/auto-topup-charge.ts +7 -10
package/src/credits/auto-topup-usage.test.ts +55 -13
package/src/credits/auto-topup-usage.ts +2 -2
package/src/credits/credit-expiry-cron.test.ts +26 -45
package/src/credits/credit-expiry-cron.ts +9 -12
package/src/credits/credit-ledger.ts +3 -3
package/src/credits/dividend-cron.test.ts +38 -45
package/src/credits/dividend-cron.ts +12 -26
package/src/credits/dividend-repository.test.ts +4 -3
package/src/credits/dividend-repository.ts +21 -23
package/src/credits/index.ts +23 -4
package/src/credits/ledger.test.ts +514 -0
package/src/credits/ledger.ts +851 -0
package/src/credits/signup-grant.test.ts +7 -4
package/src/credits/signup-grant.ts +6 -12
package/src/credits/trial-balance-cron.test.ts +68 -0
package/src/credits/trial-balance-cron.ts +46 -0
package/src/db/schema/gateway-service-keys.ts +23 -0
package/src/db/schema/index.ts +2 -0
package/src/db/schema/ledger.ts +94 -0
package/src/gateway/credit-gate-wiring.test.ts +3 -3
package/src/gateway/credit-gate.test.ts +35 -33
package/src/gateway/credit-gate.ts +6 -10
package/src/gateway/gateway-routes.test.ts +6 -6
package/src/gateway/index.ts +2 -0
package/src/gateway/protocol/anthropic.ts +2 -2
package/src/gateway/protocol/deps.ts +5 -5
package/src/gateway/protocol/openai.ts +2 -2
package/src/gateway/proxy.ts +4 -4
package/src/gateway/route-mounting.test.ts +3 -3
package/src/gateway/service-key-auth.ts +4 -2
package/src/gateway/service-key-repository.ts +87 -0
package/src/gateway/types.ts +5 -5
package/src/metering/reconciliation-cron.test.ts +10 -9
package/src/metering/reconciliation-repository.test.ts +10 -9
package/src/metering/reconciliation-repository.ts +14 -11
package/src/monetization/affiliate/affiliate-admin-repository.test.ts +32 -19
package/src/monetization/affiliate/affiliate-admin-repository.ts +16 -8
package/src/monetization/affiliate/credit-match.test.ts +60 -14
package/src/monetization/affiliate/credit-match.ts +6 -9
package/src/monetization/affiliate/new-user-bonus.test.ts +6 -4
package/src/monetization/affiliate/new-user-bonus.ts +6 -9
package/src/monetization/credits/auto-topup-charge.test.ts +7 -5
package/src/monetization/credits/auto-topup-charge.ts +7 -10
package/src/monetization/credits/auto-topup-usage.test.ts +55 -13
package/src/monetization/credits/auto-topup-usage.ts +2 -2
package/src/monetization/credits/bot-billing.test.ts +20 -6
package/src/monetization/credits/bot-billing.ts +3 -3
package/src/monetization/credits/credit-expiry-cron.test.ts +26 -45
package/src/monetization/credits/dividend-cron.test.ts +34 -48
package/src/monetization/credits/dividend-cron.ts +9 -14
package/src/monetization/credits/dividend-repository.test.ts +4 -3
package/src/monetization/credits/dividend-repository.ts +19 -25
package/src/monetization/credits/index.ts +4 -4
package/src/monetization/credits/member-usage.test.ts +25 -11
package/src/monetization/credits/phone-billing.test.ts +18 -26
package/src/monetization/credits/phone-billing.ts +7 -10
package/src/monetization/credits/runtime-cron.test.ts +29 -28
package/src/monetization/credits/runtime-cron.ts +34 -58
package/src/monetization/credits/runtime-scheduler.test.ts +1 -1
package/src/monetization/credits/runtime-scheduler.ts +2 -2
package/src/monetization/credits/signup-grant.test.ts +7 -4
package/src/monetization/credits/storage-tier-cron.test.ts +5 -3
package/src/monetization/credits/trial-balance-cron.test.ts +52 -0
package/src/monetization/feature-gate.ts +3 -3
package/src/monetization/index.ts +4 -4
package/src/monetization/metering/reconciliation-cron.test.ts +10 -9
package/src/monetization/metering/reconciliation-repository.test.ts +11 -9
package/src/monetization/metering/reconciliation-repository.ts +13 -11
package/src/monetization/payram/webhook.test.ts +7 -5
package/src/monetization/payram/webhook.ts +7 -10
package/src/monetization/promotions/engine.test.ts +6 -5
package/src/monetization/promotions/engine.ts +6 -3
package/src/monetization/repository-types.ts +1 -1
package/src/monetization/socket/socket.ts +4 -4
package/src/monetization/stripe/stripe-payment-processor.test.ts +10 -3
package/src/monetization/stripe/stripe-payment-processor.ts +3 -3
package/src/monetization/stripe/webhook.test.ts +22 -16
package/src/monetization/stripe/webhook.ts +75 -50
package/src/onboarding/onboarding-service.ts +8 -11
package/dist/credits/credit-ledger-extra.test.js +0 -40
package/dist/credits/credit-ledger.bench.js +0 -33
package/dist/credits/credit-ledger.test.d.ts +0 -4
package/dist/credits/credit-ledger.test.js +0 -203
package/dist/credits/credit-transaction-repository.test.js +0 -232
package/dist/monetization/credits/credit-ledger-extra.test.d.ts +0 -1
package/dist/monetization/credits/credit-ledger-extra.test.js +0 -39
package/dist/monetization/credits/credit-ledger.bench.d.ts +0 -1
package/dist/monetization/credits/credit-ledger.bench.js +0 -32
package/dist/monetization/credits/credit-ledger.test.d.ts +0 -4
package/dist/monetization/credits/credit-ledger.test.js +0 -202
package/dist/monetization/credits/credit-transaction-repository.test.d.ts +0 -1
package/dist/monetization/credits/credit-transaction-repository.test.js +0 -232
package/src/credits/credit-ledger-extra.test.ts +0 -57
package/src/credits/credit-ledger.bench.ts +0 -56
package/src/credits/credit-ledger.test.ts +0 -276
package/src/credits/credit-transaction-repository.test.ts +0 -274
package/src/monetization/credits/credit-ledger-extra.test.ts +0 -56
package/src/monetization/credits/credit-ledger.bench.ts +0 -55
package/src/monetization/credits/credit-ledger.test.ts +0 -275
package/src/monetization/credits/credit-transaction-repository.test.ts +0 -274
/package/dist/credits/{credit-ledger-extra.test.d.ts → ledger.test.d.ts} +0 -0
/package/dist/credits/{credit-ledger.bench.d.ts → trial-balance-cron.test.d.ts} +0 -0
/package/dist/{credits/credit-transaction-repository.test.d.ts → monetization/credits/trial-balance-cron.test.d.ts} +0 -0

package/src/gateway/protocol/deps.ts CHANGED Viewed

@@ -5,10 +5,10 @@
  * budget checking, metering, provider configs, fetch, and service key resolution.
  */
-import type { Credit, ICreditLedger } from "@wopr-network/platform-core/credits";
+import type { Credit, ILedger } from "@wopr-network/platform-core/credits";
 import type { MeterEmitter } from "@wopr-network/platform-core/metering";
 import type { IRateLimitRepository } from "../../api/rate-limit-repository.js";
-import type { BudgetChecker } from "../../monetization/budget/budget-checker.js";
+import type { IBudgetChecker } from "../../monetization/budget/budget-checker.js";
 import type { CapabilityRateLimitConfig } from "../capability-rate-limit.js";
 import type { CircuitBreakerConfig } from "../circuit-breaker.js";
 import type { ICircuitBreakerRepository } from "../circuit-breaker-repository.js";
@@ -17,14 +17,14 @@ import type { FetchFn, GatewayTenant, ProviderConfig } from "../types.js";
 export interface ProtocolDeps {
   meter: MeterEmitter;
-  budgetChecker: BudgetChecker;
-  creditLedger?: ICreditLedger;
+  budgetChecker: IBudgetChecker;
+  creditLedger?: ILedger;
   topUpUrl: string;
   graceBufferCents?: number;
   providers: ProviderConfig;
   defaultMargin: number;
   fetchFn: FetchFn;
-  resolveServiceKey: (key: string) => GatewayTenant | null;
+  resolveServiceKey: (key: string) => GatewayTenant | null | Promise<GatewayTenant | null>;
   /** Apply margin to a cost. Defaults to withMargin from adapters/types. */
   withMarginFn: (cost: Credit, margin: number) => Credit;
   rateLookupFn?: SellRateLookupFn;

package/src/gateway/protocol/openai.ts CHANGED Viewed

@@ -26,7 +26,7 @@ import type { ProtocolDeps } from "./deps.js";
 // Auth middleware — OpenAI SDK sends Authorization: Bearer
 // ---------------------------------------------------------------------------
-function openaiAuth(resolveServiceKey: (key: string) => GatewayTenant | null) {
+function openaiAuth(resolveServiceKey: (key: string) => GatewayTenant | null | Promise<GatewayTenant | null>) {
   return async (c: Context<GatewayAuthEnv>, next: Next) => {
     const authHeader = c.req.header("Authorization");
@@ -73,7 +73,7 @@ function openaiAuth(resolveServiceKey: (key: string) => GatewayTenant | null) {
       );
     }
-    const tenant = resolveServiceKey(key);
+    const tenant = await resolveServiceKey(key);
     if (!tenant) {
       logger.warn("Invalid service key attempted (openai handler)", {
         keyPrefix: `${key.slice(0, 8)}...`,

package/src/gateway/proxy.ts CHANGED Viewed

@@ -10,7 +10,7 @@
  * 5. Return response to bot
  */
-import type { ICreditLedger } from "@wopr-network/platform-core/credits";
+import type { ILedger } from "@wopr-network/platform-core/credits";
 import { Credit } from "@wopr-network/platform-core/credits";
 import type { MeterEmitter } from "@wopr-network/platform-core/metering";
 import type { Context } from "hono";
@@ -19,7 +19,7 @@ import { logger } from "../config/logger.js";
 import type { TTSOutput } from "../monetization/adapters/types.js";
 import { withMargin } from "../monetization/adapters/types.js";
 import { NoProviderAvailableError } from "../monetization/arbitrage/types.js";
-import type { BudgetChecker } from "../monetization/budget/budget-checker.js";
+import type { IBudgetChecker } from "../monetization/budget/budget-checker.js";
 import { PHONE_NUMBER_MONTHLY_COST } from "../monetization/credits/phone-billing.js";
 import { creditBalanceCheck, debitCredits } from "./credit-gate.js";
 import { mapBudgetError, mapProviderError } from "./error-mapping.js";
@@ -62,8 +62,8 @@ const smsDeliveryStatusBodySchema = z.object({
 /** Shared state for all proxy handlers. */
 export interface ProxyDeps {
   meter: MeterEmitter;
-  budgetChecker: BudgetChecker;
-  creditLedger?: ICreditLedger;
+  budgetChecker: IBudgetChecker;
+  creditLedger?: ILedger;
   topUpUrl: string;
   graceBufferCents?: number;
   providers: ProviderConfig;

package/src/gateway/route-mounting.test.ts CHANGED Viewed

@@ -5,7 +5,7 @@
  * is correctly applied, and route ordering is correct.
  */
-import type { ICreditLedger } from "@wopr-network/platform-core/credits";
+import type { ILedger } from "@wopr-network/platform-core/credits";
 import { Credit } from "@wopr-network/platform-core/credits";
 import { Hono } from "hono";
 import { beforeEach, describe, expect, it, vi } from "vitest";
@@ -48,7 +48,7 @@ function buildTestConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig
     debit: vi.fn().mockResolvedValue(undefined),
     credit: vi.fn(),
     history: vi.fn(),
-  } as unknown as ICreditLedger;
+  } as unknown as ILedger;
   const fetchFn = vi.fn().mockResolvedValue(
     new Response(
       JSON.stringify({
@@ -65,7 +65,7 @@ function buildTestConfig(overrides: Partial<GatewayConfig> = {}): GatewayConfig
   return {
     meter: meter as unknown as import("@wopr-network/platform-core/metering").MeterEmitter,
-    budgetChecker: budgetChecker as unknown as import("../monetization/budget/budget-checker.js").BudgetChecker,
+    budgetChecker,
     creditLedger,
     providers: { openrouter: { apiKey: "or-test-key" } },
     fetchFn,

package/src/gateway/service-key-auth.ts CHANGED Viewed

@@ -26,7 +26,9 @@ export interface GatewayAuthEnv {
  *
  * @param resolveServiceKey - Function that maps a service key to a tenant (or null)
  */
-export function serviceKeyAuth(resolveServiceKey: (key: string) => GatewayTenant | null) {
+export function serviceKeyAuth(
+  resolveServiceKey: (key: string) => GatewayTenant | null | Promise<GatewayTenant | null>,
+) {
   return async (c: Context<GatewayAuthEnv>, next: Next) => {
     const authHeader = c.req.header("Authorization");
     if (!authHeader) {
@@ -70,7 +72,7 @@ export function serviceKeyAuth(resolveServiceKey: (key: string) => GatewayTenant
       );
     }
-    const tenant = resolveServiceKey(serviceKey);
+    const tenant = await resolveServiceKey(serviceKey);
     if (!tenant) {
       logger.warn("Invalid service key attempted", {
         keyPrefix: `${serviceKey.slice(0, 8)}...`,

package/src/gateway/service-key-repository.ts ADDED Viewed

@@ -0,0 +1,87 @@
+/**
+ * Gateway service key repository.
+ *
+ * Stores SHA-256 hashes of per-instance service keys used to authenticate
+ * tenant containers against the metered inference gateway. Raw keys are
+ * NEVER stored — only hashes.
+ */
+import { createHash, randomBytes } from "node:crypto";
+import { and, eq, isNull } from "drizzle-orm";
+import type { PlatformDb } from "../db/index.js";
+import { gatewayServiceKeys } from "../db/schema/gateway-service-keys.js";
+import type { GatewayTenant } from "./types.js";
+/** Hash a raw key for storage/lookup. */
+function hashKey(raw: string): string {
+  return createHash("sha256").update(raw).digest("hex");
+}
+export interface IServiceKeyRepository {
+  /** Generate a new service key for an instance. Returns the raw key (caller must store it). */
+  generate(tenantId: string, instanceId: string): Promise<string>;
+  /** Resolve a raw bearer token to a GatewayTenant. Returns null if not found or revoked. */
+  resolve(rawKey: string): Promise<GatewayTenant | null>;
+  /** Revoke the service key for a specific instance. */
+  revokeByInstance(instanceId: string): Promise<void>;
+  /** Revoke all service keys for a tenant (used when tenant is deleted). */
+  revokeByTenant(tenantId: string): Promise<void>;
+}
+export class DrizzleServiceKeyRepository implements IServiceKeyRepository {
+  constructor(private readonly db: PlatformDb) {}
+  async generate(tenantId: string, instanceId: string): Promise<string> {
+    const raw = randomBytes(32).toString("hex");
+    const hash = hashKey(raw);
+    const id = randomBytes(16).toString("hex");
+    await this.db.insert(gatewayServiceKeys).values({
+      id,
+      keyHash: hash,
+      tenantId,
+      instanceId,
+      createdAt: Date.now(),
+    });
+    return raw;
+  }
+  async resolve(rawKey: string): Promise<GatewayTenant | null> {
+    const hash = hashKey(rawKey);
+    const rows = await this.db
+      .select({
+        tenantId: gatewayServiceKeys.tenantId,
+        instanceId: gatewayServiceKeys.instanceId,
+      })
+      .from(gatewayServiceKeys)
+      .where(and(eq(gatewayServiceKeys.keyHash, hash), isNull(gatewayServiceKeys.revokedAt)))
+      .limit(1);
+    const row = rows[0];
+    if (!row) return null;
+    return {
+      id: row.tenantId,
+      instanceId: row.instanceId,
+      spendLimits: { maxSpendPerHour: null, maxSpendPerMonth: null },
+    };
+  }
+  async revokeByInstance(instanceId: string): Promise<void> {
+    await this.db
+      .update(gatewayServiceKeys)
+      .set({ revokedAt: Date.now() })
+      .where(and(eq(gatewayServiceKeys.instanceId, instanceId), isNull(gatewayServiceKeys.revokedAt)));
+  }
+  async revokeByTenant(tenantId: string): Promise<void> {
+    await this.db
+      .update(gatewayServiceKeys)
+      .set({ revokedAt: Date.now() })
+      .where(and(eq(gatewayServiceKeys.tenantId, tenantId), isNull(gatewayServiceKeys.revokedAt)));
+  }
+}

package/src/gateway/types.ts CHANGED Viewed

@@ -6,10 +6,10 @@
  * budget-checks, proxies to upstream providers, meters usage, and responds.
  */
-import type { ICreditLedger } from "@wopr-network/platform-core/credits";
+import type { ILedger } from "@wopr-network/platform-core/credits";
 import type { MeterEmitter } from "@wopr-network/platform-core/metering";
 import type { IRateLimitRepository } from "../api/rate-limit-repository.js";
-import type { BudgetChecker, SpendLimits } from "../monetization/budget/budget-checker.js";
+import type { IBudgetChecker, SpendLimits } from "../monetization/budget/budget-checker.js";
 import type { CapabilityRateLimitConfig } from "./capability-rate-limit.js";
 import type { CircuitBreakerConfig } from "./circuit-breaker.js";
 import type { ICircuitBreakerRepository } from "./circuit-breaker-repository.js";
@@ -97,9 +97,9 @@ export interface GatewayConfig {
   /** MeterEmitter instance for usage tracking */
   meter: MeterEmitter;
   /** BudgetChecker instance for pre-call budget validation */
-  budgetChecker: BudgetChecker;
+  budgetChecker: IBudgetChecker;
   /** CreditLedger instance for deducting credits after proxy calls (optional — if absent, credit deduction is skipped) */
-  creditLedger?: ICreditLedger;
+  creditLedger?: ILedger;
   /** URL to direct users to when they need to add credits (default: "/dashboard/credits") */
   topUpUrl?: string;
   /** Maximum negative credit balance (in cents) before hard-stop. Default: 50 (-$0.50). */
@@ -115,7 +115,7 @@ export interface GatewayConfig {
   /** Optional cached rate lookup for model-specific token pricing (WOP-646) */
   rateLookupFn?: import("./rate-lookup.js").SellRateLookupFn;
   /** Function to resolve a service key to a tenant */
-  resolveServiceKey: (key: string) => GatewayTenant | null;
+  resolveServiceKey: (key: string) => GatewayTenant | null | Promise<GatewayTenant | null>;
   /** Base URL for Twilio webhook signature verification (e.g., https://api.wopr.network/v1). Required for Twilio/Telnyx webhook endpoints. */
   webhookBaseUrl?: string;
   /** Resolve a tenant from an inbound webhook request (e.g., from a tenantId URL path param). Required when webhookBaseUrl is set. */

package/src/metering/reconciliation-cron.test.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import crypto from "node:crypto";
 import type { PGlite } from "@electric-sql/pglite";
 import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
 import { Credit } from "../credits/credit.js";
-import { CreditLedger } from "../credits/credit-ledger.js";
+import { DrizzleLedger } from "../credits/ledger.js";
 import type { PlatformDb } from "../db/index.js";
 import { usageSummaries } from "../db/schema/meter-events.js";
 import { createTestDb, truncateAllTables } from "../test/db.js";
@@ -18,7 +18,7 @@ const DAY_END = DAY_START + 24 * 60 * 60 * 1000;
 describe("runReconciliation", () => {
   let pool: PGlite;
   let db: PlatformDb;
-  let ledger: CreditLedger;
+  let ledger: DrizzleLedger;
   let usageSummaryRepo: DrizzleUsageSummaryRepository;
   let adapterUsageRepo: DrizzleAdapterUsageRepository;
@@ -26,7 +26,7 @@ describe("runReconciliation", () => {
     const t = await createTestDb();
     pool = t.pool;
     db = t.db;
-    ledger = new CreditLedger(db);
+    ledger = new DrizzleLedger(db);
     usageSummaryRepo = new DrizzleUsageSummaryRepository(db);
     adapterUsageRepo = new DrizzleAdapterUsageRepository(db);
   });
@@ -37,6 +37,7 @@ describe("runReconciliation", () => {
   beforeEach(async () => {
     await truncateAllTables(pool);
+    await ledger.seedSystemAccounts();
   });
   /** Insert a usage_summaries row directly. */
@@ -75,7 +76,7 @@ describe("runReconciliation", () => {
     await insertSummary({ tenant: "t1", totalCharge: charge.toRaw() });
     await ledger.credit("t1", Credit.fromCents(500), "purchase");
-    await ledger.debit("t1", charge, "adapter_usage", "chat usage");
+    await ledger.debit("t1", charge, "adapter_usage", { description: "chat usage" });
     const result = await runReconciliation({ usageSummaryRepo, adapterUsageRepo, targetDate: TODAY });
     expect(result.tenantsChecked).toBe(1);
@@ -86,7 +87,7 @@ describe("runReconciliation", () => {
     await insertSummary({ tenant: "t1", totalCharge: Credit.fromCents(100).toRaw() });
     await ledger.credit("t1", Credit.fromCents(500), "purchase");
-    await ledger.debit("t1", Credit.fromCents(80), "adapter_usage", "chat usage");
+    await ledger.debit("t1", Credit.fromCents(80), "adapter_usage", { description: "chat usage" });
     const result = await runReconciliation({ usageSummaryRepo, adapterUsageRepo, targetDate: TODAY });
     expect(result.tenantsChecked).toBe(1);
@@ -118,7 +119,7 @@ describe("runReconciliation", () => {
     await ledger.credit("t1", Credit.fromCents(500), "purchase");
     // Debit as bot_runtime — should NOT count toward reconciliation
-    await ledger.debit("t1", Credit.fromCents(20), "bot_runtime", "daily runtime");
+    await ledger.debit("t1", Credit.fromCents(20), "bot_runtime", { description: "daily runtime" });
     const result = await runReconciliation({ usageSummaryRepo, adapterUsageRepo, targetDate: TODAY });
     // Metered 20c, ledger adapter_usage = 0 => drift = 20c
@@ -150,12 +151,12 @@ describe("runReconciliation", () => {
     // t1: balanced
     await insertSummary({ tenant: "t1", totalCharge: Credit.fromCents(50).toRaw() });
     await ledger.credit("t1", Credit.fromCents(500), "purchase");
-    await ledger.debit("t1", Credit.fromCents(50), "adapter_usage", "chat");
+    await ledger.debit("t1", Credit.fromCents(50), "adapter_usage", { description: "chat" });
     // t2: drifted
     await insertSummary({ tenant: "t2", totalCharge: Credit.fromCents(100).toRaw() });
     await ledger.credit("t2", Credit.fromCents(500), "purchase");
-    await ledger.debit("t2", Credit.fromCents(60), "adapter_usage", "chat");
+    await ledger.debit("t2", Credit.fromCents(60), "adapter_usage", { description: "chat" });
     const result = await runReconciliation({ usageSummaryRepo, adapterUsageRepo, targetDate: TODAY });
     expect(result.tenantsChecked).toBe(2);
@@ -193,7 +194,7 @@ describe("runReconciliation", () => {
     await insertSummary({ tenant: "t1", totalCharge: Credit.fromCents(50).toRaw() });
     await ledger.credit("t1", Credit.fromCents(500), "purchase");
-    await ledger.debit("t1", Credit.fromCents(80), "adapter_usage", "chat usage");
+    await ledger.debit("t1", Credit.fromCents(80), "adapter_usage", { description: "chat usage" });
     const result = await runReconciliation({ usageSummaryRepo, adapterUsageRepo, targetDate: TODAY });
     expect(result.discrepancies).toHaveLength(1);

package/src/metering/reconciliation-repository.test.ts CHANGED Viewed

@@ -2,7 +2,7 @@ import crypto from "node:crypto";
 import type { PGlite } from "@electric-sql/pglite";
 import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
 import { Credit } from "../credits/credit.js";
-import { CreditLedger } from "../credits/credit-ledger.js";
+import { DrizzleLedger } from "../credits/ledger.js";
 import type { PlatformDb } from "../db/index.js";
 import { createTestDb, seedUsageSummary, truncateAllTables } from "../test/db.js";
 import { DrizzleAdapterUsageRepository, DrizzleUsageSummaryRepository } from "./reconciliation-repository.js";
@@ -126,12 +126,13 @@ describe("DrizzleUsageSummaryRepository", () => {
 describe("DrizzleAdapterUsageRepository", () => {
   let repo: DrizzleAdapterUsageRepository;
-  let ledger: CreditLedger;
+  let ledger: DrizzleLedger;
   beforeEach(async () => {
     await truncateAllTables(pool);
     repo = new DrizzleAdapterUsageRepository(db);
-    ledger = new CreditLedger(db);
+    ledger = new DrizzleLedger(db);
+    await ledger.seedSystemAccounts();
   });
   it("returns empty array when no adapter_usage debits exist", async () => {
@@ -147,9 +148,9 @@ describe("DrizzleAdapterUsageRepository", () => {
     await ledger.credit("t1", Credit.fromCents(1000), "purchase");
     await ledger.credit("t2", Credit.fromCents(1000), "purchase");
-    await ledger.debit("t1", Credit.fromCents(30), "adapter_usage", "t1-debit-1");
-    await ledger.debit("t1", Credit.fromCents(20), "adapter_usage", "t1-debit-2");
-    await ledger.debit("t2", Credit.fromCents(50), "adapter_usage", "t2-debit-1");
+    await ledger.debit("t1", Credit.fromCents(30), "adapter_usage", { description: "t1-debit-1" });
+    await ledger.debit("t1", Credit.fromCents(20), "adapter_usage", { description: "t1-debit-2" });
+    await ledger.debit("t2", Credit.fromCents(50), "adapter_usage", { description: "t2-debit-1" });
     // Query window covering today
     const today = new Date().toISOString().slice(0, 10);
@@ -168,8 +169,8 @@ describe("DrizzleAdapterUsageRepository", () => {
   it("excludes non-adapter_usage debit types", async () => {
     await ledger.credit("t1", Credit.fromCents(1000), "purchase");
-    await ledger.debit("t1", Credit.fromCents(30), "adapter_usage", "adapter debit");
-    await ledger.debit("t1", Credit.fromCents(20), "bot_runtime", "runtime debit");
+    await ledger.debit("t1", Credit.fromCents(30), "adapter_usage", { description: "adapter debit" });
+    await ledger.debit("t1", Credit.fromCents(20), "bot_runtime", { description: "runtime debit" });
     const today = new Date().toISOString().slice(0, 10);
     const startIso = `${today}T00:00:00Z`;
@@ -182,7 +183,7 @@ describe("DrizzleAdapterUsageRepository", () => {
   it("excludes credit transactions (positive amounts are not debits)", async () => {
     await ledger.credit("t1", Credit.fromCents(1000), "purchase");
-    await ledger.debit("t1", Credit.fromCents(10), "adapter_usage", "real debit");
+    await ledger.debit("t1", Credit.fromCents(10), "adapter_usage", { description: "real debit" });
     const today = new Date().toISOString().slice(0, 10);
     const startIso = `${today}T00:00:00Z`;

package/src/metering/reconciliation-repository.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { and, eq, gte, lt, ne, sql } from "drizzle-orm";
 import type { PlatformDb } from "../db/index.js";
-import { creditTransactions } from "../db/schema/credits.js";
+import { journalEntries, journalLines } from "../db/schema/ledger.js";
 import { usageSummaries } from "../db/schema/meter-events.js";
 // ---------------------------------------------------------------------------
@@ -59,24 +59,27 @@ export class DrizzleAdapterUsageRepository implements IAdapterUsageRepository {
   constructor(private readonly db: PlatformDb) {}
   async getAggregatedAdapterUsageDebits(startIso: string, endIso: string): Promise<AggregatedDebit[]> {
+    // Sum the debit-side journal line amounts for adapter_usage entries.
+    // In double-entry: DR tenant liability (2000:<tenantId>), CR revenue:adapter_usage (4010).
+    // The debit line on the tenant account represents the charge amount.
     const rows = await this.db
       .select({
-        tenantId: creditTransactions.tenantId,
-        // amount_credits stores negative values for debits; ABS gives the raw positive debit amount.
-        // Use the raw column name in sql to bypass the custom creditColumn type serializer.
-        // raw SQL: Drizzle cannot express ABS with COALESCE and SUM
-        totalDebitRaw: sql<number>`COALESCE(SUM(ABS(amount_credits)), 0)`,
+        tenantId: journalEntries.tenantId,
+        // raw SQL: Drizzle cannot express COALESCE with SUM aggregation
+        totalDebitRaw: sql<number>`COALESCE(SUM(${journalLines.amount}), 0)`,
       })
-      .from(creditTransactions)
+      .from(journalLines)
+      .innerJoin(journalEntries, eq(journalEntries.id, journalLines.journalEntryId))
       .where(
         and(
-          eq(creditTransactions.type, "adapter_usage"),
+          eq(journalEntries.entryType, "adapter_usage"),
+          eq(journalLines.side, "debit"),
           // raw SQL: Drizzle cannot express timestamptz cast for text column date comparison
-          sql`${creditTransactions.createdAt}::timestamptz >= ${startIso}::timestamptz`,
-          sql`${creditTransactions.createdAt}::timestamptz < ${endIso}::timestamptz`,
+          sql`${journalEntries.postedAt}::timestamptz >= ${startIso}::timestamptz`,
+          sql`${journalEntries.postedAt}::timestamptz < ${endIso}::timestamptz`,
         ),
       )
-      .groupBy(creditTransactions.tenantId);
+      .groupBy(journalEntries.tenantId);
     return rows.map((r) => ({ tenantId: r.tenantId, totalDebitRaw: Number(r.totalDebitRaw) }));
   }

package/src/monetization/affiliate/affiliate-admin-repository.test.ts CHANGED Viewed

@@ -1,10 +1,10 @@
 import type { PGlite } from "@electric-sql/pglite";
-import { sql } from "drizzle-orm";
+import { Credit, DrizzleLedger } from "@wopr-network/platform-core/credits";
 import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
 import type { DrizzleDb } from "../../db/index.js";
 import { affiliateReferrals } from "../../db/schema/affiliate.js";
 import { affiliateFraudEvents } from "../../db/schema/affiliate-fraud.js";
-import { beginTestTransaction, createTestDb, endTestTransaction, rollbackTestTransaction } from "../../test/db.js";
+import { createTestDb, truncateAllTables } from "../../test/db.js";
 import { ADMIN_BLOCK_SENTINEL, DrizzleAffiliateFraudAdminRepository } from "./affiliate-admin-repository.js";
 describe("DrizzleAffiliateFraudAdminRepository", () => {
@@ -14,16 +14,15 @@ describe("DrizzleAffiliateFraudAdminRepository", () => {
   beforeAll(async () => {
     ({ db, pool } = await createTestDb());
-    await beginTestTransaction(pool);
   });
   afterAll(async () => {
-    await endTestTransaction(pool);
     await pool.close();
   });
   beforeEach(async () => {
-    await rollbackTestTransaction(pool);
+    await truncateAllTables(pool);
+    await new DrizzleLedger(db).seedSystemAccounts();
     repo = new DrizzleAffiliateFraudAdminRepository(db);
   });
@@ -162,11 +161,17 @@ describe("DrizzleAffiliateFraudAdminRepository", () => {
   describe("blockFingerprint", () => {
     it("should insert fraud events with ADMIN_BLOCK as referredTenantId", async () => {
-      await db.execute(
-        sql`INSERT INTO credit_transactions (id, tenant_id, amount_credits, balance_after_credits, type, created_at, stripe_fingerprint)
-            VALUES ('ct-1', 't-alice', 0, 0, 'purchase', now(), 'fp_abc123'),
-                   ('ct-2', 't-bob', 0, 0, 'purchase', now(), 'fp_abc123')`,
-      );
+      const ledger = new DrizzleLedger(db);
+      await ledger.credit("t-alice", Credit.fromCents(1), "purchase", {
+        description: "test purchase",
+        referenceId: "ref-alice-fp_abc123",
+        stripeFingerprint: "fp_abc123",
+      });
+      await ledger.credit("t-bob", Credit.fromCents(1), "purchase", {
+        description: "test purchase",
+        referenceId: "ref-bob-fp_abc123",
+        stripeFingerprint: "fp_abc123",
+      });
       await repo.blockFingerprint("fp_abc123", "admin-user-1");
@@ -185,11 +190,17 @@ describe("DrizzleAffiliateFraudAdminRepository", () => {
     });
     it("should use unique referralId per tenant to avoid unique constraint conflicts", async () => {
-      await db.execute(
-        sql`INSERT INTO credit_transactions (id, tenant_id, amount_credits, balance_after_credits, type, created_at, stripe_fingerprint)
-            VALUES ('ct-3', 't-carol', 0, 0, 'purchase', now(), 'fp_def456'),
-                   ('ct-4', 't-dave', 0, 0, 'purchase', now(), 'fp_def456')`,
-      );
+      const ledger = new DrizzleLedger(db);
+      await ledger.credit("t-carol", Credit.fromCents(1), "purchase", {
+        description: "test purchase",
+        referenceId: "ref-carol-fp_def456",
+        stripeFingerprint: "fp_def456",
+      });
+      await ledger.credit("t-dave", Credit.fromCents(1), "purchase", {
+        description: "test purchase",
+        referenceId: "ref-dave-fp_def456",
+        stripeFingerprint: "fp_def456",
+      });
       await repo.blockFingerprint("fp_def456", "admin-user-2");
@@ -204,10 +215,12 @@ describe("DrizzleAffiliateFraudAdminRepository", () => {
     });
     it("should be idempotent via onConflictDoNothing", async () => {
-      await db.execute(
-        sql`INSERT INTO credit_transactions (id, tenant_id, amount_credits, balance_after_credits, type, created_at, stripe_fingerprint)
-            VALUES ('ct-5', 't-eve', 0, 0, 'purchase', now(), 'fp_ghi789')`,
-      );
+      const ledger = new DrizzleLedger(db);
+      await ledger.credit("t-eve", Credit.fromCents(1), "purchase", {
+        description: "test purchase",
+        referenceId: "ref-eve-fp_ghi789",
+        stripeFingerprint: "fp_ghi789",
+      });
       await repo.blockFingerprint("fp_ghi789", "admin-user-3");
       await repo.blockFingerprint("fp_ghi789", "admin-user-3");

package/src/monetization/affiliate/affiliate-admin-repository.ts CHANGED Viewed

@@ -4,7 +4,7 @@ import { logger } from "../../config/logger.js";
 import type { DrizzleDb } from "../../db/index.js";
 import { affiliateReferrals } from "../../db/schema/affiliate.js";
 import { affiliateFraudEvents } from "../../db/schema/affiliate-fraud.js";
-import { creditTransactions } from "../../db/schema/credits.js";
+import { journalEntries } from "../../db/schema/ledger.js";
 function parseSignals(raw: string): string[] {
   try {
@@ -119,13 +119,16 @@ export class DrizzleAffiliateFraudAdminRepository implements IAffiliateFraudAdmi
   }
   async listFingerprintClusters(): Promise<FingerprintCluster[]> {
+    // Query journal_entries.metadata->>'stripeFingerprint' for purchase entries
     // raw SQL: Drizzle cannot express HAVING COUNT(DISTINCT ...) with array_agg in a single query
     type ClusterRow = { stripe_fingerprint: string; tenant_ids: string[] };
     const rows = (await this.db.execute(sql`
-      SELECT stripe_fingerprint, array_agg(DISTINCT tenant_id ORDER BY tenant_id) AS tenant_ids
-      FROM credit_transactions
-      WHERE stripe_fingerprint IS NOT NULL
-      GROUP BY stripe_fingerprint
+      SELECT metadata->>'stripeFingerprint' AS stripe_fingerprint,
+             array_agg(DISTINCT tenant_id ORDER BY tenant_id) AS tenant_ids
+      FROM journal_entries
+      WHERE metadata->>'stripeFingerprint' IS NOT NULL
+        AND entry_type = 'purchase'
+      GROUP BY metadata->>'stripeFingerprint'
       HAVING COUNT(DISTINCT tenant_id) > 1
       ORDER BY COUNT(DISTINCT tenant_id) DESC
     `)) as unknown as { rows: ClusterRow[] };
@@ -138,9 +141,14 @@ export class DrizzleAffiliateFraudAdminRepository implements IAffiliateFraudAdmi
   async blockFingerprint(fingerprint: string, adminUserId: string): Promise<void> {
     const rows = await this.db
-      .selectDistinct({ tenantId: creditTransactions.tenantId })
-      .from(creditTransactions)
-      .where(eq(creditTransactions.stripeFingerprint, fingerprint));
+      .selectDistinct({ tenantId: journalEntries.tenantId })
+      .from(journalEntries)
+      .where(
+        and(
+          eq(journalEntries.entryType, "purchase"),
+          sql`${journalEntries.metadata}->>'stripeFingerprint' = ${fingerprint}`,
+        ),
+      );
     const tenantIds = rows.map((r) => r.tenantId);
     const now = new Date().toISOString();