@wopr-network/platform-core 1.14.7 → 1.15.0

package/src/monetization/crypto/__tests__/webhook.test.ts

@@ -0,0 +1,327 @@
+/**
+ * Unit tests for the monetization crypto webhook handler.
+ *
+ * This handler is the WOPR-specific layer on top of the platform-core
+ * billing/crypto webhook. Key differences from billing/crypto/webhook.ts:
+ *  - Uses BotBilling.checkReactivation() instead of onCreditsPurchased callback
+ *  - Imports charge store / replay guard types from billing layer (relative)
+ */
+import type { PGlite } from "@electric-sql/pglite";
+import { afterAll, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
+import { CryptoChargeRepository } from "../../../billing/crypto/charge-store.js";
+import type { CryptoWebhookPayload } from "../../../billing/crypto/types.js";
+import { DrizzleWebhookSeenRepository } from "../../../billing/drizzle-webhook-seen-repository.js";
+import { noOpReplayGuard } from "../../../billing/webhook-seen-repository.js";
+import { DrizzleLedger } from "../../../credits/ledger.js";
+import { createTestDb, truncateAllTables } from "../../../test/db.js";
+import type { BotBilling } from "../../credits/bot-billing.js";
+import type { CryptoWebhookDeps } from "../webhook.js";
+import { handleCryptoWebhook } from "../webhook.js";
+
+function makePayload(overrides: Partial<CryptoWebhookPayload> = {}): CryptoWebhookPayload {
+  return {
+    deliveryId: "del-001",
+    webhookId: "whk-001",
+    originalDeliveryId: "del-001",
+    isRedelivery: false,
+    type: "InvoiceSettled",
+    timestamp: Date.now(),
+    storeId: "store-test",
+    invoiceId: "inv-test-001",
+    metadata: { orderId: "order-001" },
+    ...overrides,
+  };
+}
+
+let pool: PGlite;
+let db: Awaited<ReturnType<typeof createTestDb>>["db"];
+
+beforeAll(async () => {
+  ({ db, pool } = await createTestDb());
+});
+
+afterAll(async () => {
+  await pool.close();
+});
+
+describe("handleCryptoWebhook (monetization layer)", () => {
+  let chargeStore: CryptoChargeRepository;
+  let creditLedger: DrizzleLedger;
+  let deps: CryptoWebhookDeps;
+
+  beforeEach(async () => {
+    await truncateAllTables(pool);
+    chargeStore = new CryptoChargeRepository(db);
+    creditLedger = new DrizzleLedger(db);
+    await creditLedger.seedSystemAccounts();
+    deps = { chargeStore, creditLedger, replayGuard: noOpReplayGuard };
+
+    // Default test charge: $25 = 2500 cents
+    await chargeStore.create("inv-test-001", "tenant-a", 2500);
+  });
+
+  // ---------------------------------------------------------------------------
+  // InvoiceSettled — credits ledger
+  // ---------------------------------------------------------------------------
+
+  describe("InvoiceSettled", () => {
+    it("credits the ledger with the USD amount in cents", async () => {
+      const result = await handleCryptoWebhook(deps, makePayload({ type: "InvoiceSettled" }));
+
+      expect(result.handled).toBe(true);
+      expect(result.status).toBe("Settled");
+      expect(result.tenant).toBe("tenant-a");
+      expect(result.creditedCents).toBe(2500);
+
+      const balance = await creditLedger.balance("tenant-a");
+      expect(balance.toCents()).toBe(2500);
+    });
+
+    it("marks the charge as credited after settlement", async () => {
+      await handleCryptoWebhook(deps, makePayload({ type: "InvoiceSettled" }));
+      expect(await chargeStore.isCredited("inv-test-001")).toBe(true);
+    });
+
+    it("uses crypto: prefix on reference ID in ledger entry", async () => {
+      await handleCryptoWebhook(deps, makePayload({ type: "InvoiceSettled" }));
+
+      const history = await creditLedger.history("tenant-a");
+      expect(history).toHaveLength(1);
+      expect(history[0].referenceId).toBe("crypto:inv-test-001");
+      expect(history[0].entryType).toBe("purchase");
+    });
+
+    it("records fundingSource as crypto", async () => {
+      await handleCryptoWebhook(deps, makePayload({ type: "InvoiceSettled" }));
+
+      const history = await creditLedger.history("tenant-a");
+      expect(history[0].metadata?.fundingSource).toBe("crypto");
+    });
+
+    it("is idempotent — second InvoiceSettled does not double-credit", async () => {
+      await handleCryptoWebhook(deps, makePayload({ type: "InvoiceSettled" }));
+      const result2 = await handleCryptoWebhook(deps, makePayload({ type: "InvoiceSettled" }));
+
+      expect(result2.handled).toBe(true);
+      expect(result2.creditedCents).toBe(0);
+
+      // Balance is still $25, not $50
+      const balance = await creditLedger.balance("tenant-a");
+      expect(balance.toCents()).toBe(2500);
+    });
+  });
+
+  // ---------------------------------------------------------------------------
+  // Non-settlement event types — no ledger credit
+  // ---------------------------------------------------------------------------
+
+  describe("InvoiceProcessing", () => {
+    it("does NOT credit the ledger", async () => {
+      const result = await handleCryptoWebhook(deps, makePayload({ type: "InvoiceProcessing" }));
+
+      expect(result.handled).toBe(true);
+      expect(result.tenant).toBe("tenant-a");
+      expect(result.creditedCents).toBeUndefined();
+      expect((await creditLedger.balance("tenant-a")).toCents()).toBe(0);
+    });
+  });
+
+  describe("InvoiceCreated", () => {
+    it("does NOT credit the ledger", async () => {
+      const result = await handleCryptoWebhook(deps, makePayload({ type: "InvoiceCreated" }));
+
+      expect(result.handled).toBe(true);
+      expect(result.creditedCents).toBeUndefined();
+      expect((await creditLedger.balance("tenant-a")).toCents()).toBe(0);
+    });
+  });
+
+  describe("InvoiceExpired", () => {
+    it("does NOT credit the ledger", async () => {
+      const result = await handleCryptoWebhook(deps, makePayload({ type: "InvoiceExpired" }));
+
+      expect(result.handled).toBe(true);
+      expect(result.creditedCents).toBeUndefined();
+      expect((await creditLedger.balance("tenant-a")).toCents()).toBe(0);
+    });
+  });
+
+  describe("InvoiceInvalid", () => {
+    it("does NOT credit the ledger", async () => {
+      const result = await handleCryptoWebhook(deps, makePayload({ type: "InvoiceInvalid" }));
+
+      expect(result.handled).toBe(true);
+      expect(result.creditedCents).toBeUndefined();
+      expect((await creditLedger.balance("tenant-a")).toCents()).toBe(0);
+    });
+  });
+
+  // ---------------------------------------------------------------------------
+  // Unknown invoiceId — returns handled:false
+  // ---------------------------------------------------------------------------
+
+  describe("missing charge", () => {
+    it("returns handled:false when invoiceId is not in the charge store", async () => {
+      const result = await handleCryptoWebhook(deps, makePayload({ invoiceId: "inv-unknown-999" }));
+
+      expect(result.handled).toBe(false);
+      expect(result.tenant).toBeUndefined();
+    });
+  });
+
+  // ---------------------------------------------------------------------------
+  // Status mapping for all known event types
+  // ---------------------------------------------------------------------------
+
+  describe("status mapping", () => {
+    it.each([
+      ["InvoiceCreated", "New"],
+      ["InvoiceProcessing", "Processing"],
+      ["InvoiceReceivedPayment", "Processing"],
+      ["InvoiceSettled", "Settled"],
+      ["InvoicePaymentSettled", "Settled"],
+      ["InvoiceExpired", "Expired"],
+      ["InvoiceInvalid", "Invalid"],
+    ] as const)("maps %s event to %s status", async (eventType, expectedStatus) => {
+      const result = await handleCryptoWebhook(deps, makePayload({ type: eventType }));
+      expect(result.status).toBe(expectedStatus);
+    });
+
+    it("throws on unknown event types", async () => {
+      await expect(handleCryptoWebhook(deps, makePayload({ type: "InvoiceSomeUnknownEvent" }))).rejects.toThrow(
+        "Unknown BTCPay event type: InvoiceSomeUnknownEvent",
+      );
+    });
+  });
+
+  // ---------------------------------------------------------------------------
+  // Charge store status updates
+  // ---------------------------------------------------------------------------
+
+  describe("charge store updates", () => {
+    it("updates charge status on every webhook call", async () => {
+      await handleCryptoWebhook(deps, makePayload({ type: "InvoiceProcessing" }));
+
+      const charge = await chargeStore.getByReferenceId("inv-test-001");
+      expect(charge?.status).toBe("Processing");
+    });
+  });
+
+  // ---------------------------------------------------------------------------
+  // Replay guard / idempotency
+  // ---------------------------------------------------------------------------
+
+  describe("replay guard", () => {
+    it("blocks duplicate invoiceId + event type combinations", async () => {
+      const replayGuard = new DrizzleWebhookSeenRepository(db);
+      const depsWithGuard: CryptoWebhookDeps = { ...deps, replayGuard };
+
+      const first = await handleCryptoWebhook(depsWithGuard, makePayload({ type: "InvoiceSettled" }));
+      expect(first.handled).toBe(true);
+      expect(first.creditedCents).toBe(2500);
+      expect(first.duplicate).toBeUndefined();
+
+      const second = await handleCryptoWebhook(depsWithGuard, makePayload({ type: "InvoiceSettled" }));
+      expect(second.handled).toBe(true);
+      expect(second.duplicate).toBe(true);
+      expect(second.creditedCents).toBeUndefined();
+
+      // Balance is still $25, not $50
+      expect((await creditLedger.balance("tenant-a")).toCents()).toBe(2500);
+    });
+
+    it("same invoice with a different event type is not blocked", async () => {
+      const replayGuard = new DrizzleWebhookSeenRepository(db);
+      const depsWithGuard: CryptoWebhookDeps = { ...deps, replayGuard };
+
+      await handleCryptoWebhook(depsWithGuard, makePayload({ type: "InvoiceProcessing" }));
+      const result = await handleCryptoWebhook(depsWithGuard, makePayload({ type: "InvoiceSettled" }));
+
+      expect(result.duplicate).toBeUndefined();
+      expect(result.creditedCents).toBe(2500);
+    });
+  });
+
+  // ---------------------------------------------------------------------------
+  // BotBilling reactivation — WOPR-specific behaviour
+  // ---------------------------------------------------------------------------
+
+  describe("BotBilling reactivation", () => {
+    it("calls botBilling.checkReactivation on InvoiceSettled and returns reactivatedBots", async () => {
+      const mockBotBilling = {
+        checkReactivation: vi.fn().mockResolvedValue(["bot-1", "bot-2"]),
+      } as unknown as BotBilling;
+      const depsWithBots: CryptoWebhookDeps = { ...deps, botBilling: mockBotBilling };
+
+      const result = await handleCryptoWebhook(depsWithBots, makePayload({ type: "InvoiceSettled" }));
+
+      expect(mockBotBilling.checkReactivation).toHaveBeenCalledWith("tenant-a", creditLedger);
+      expect(result.reactivatedBots).toEqual(["bot-1", "bot-2"]);
+    });
+
+    it("omits reactivatedBots when no bots are reactivated", async () => {
+      const mockBotBilling = {
+        checkReactivation: vi.fn().mockResolvedValue([]),
+      } as unknown as BotBilling;
+      const depsWithBots: CryptoWebhookDeps = { ...deps, botBilling: mockBotBilling };
+
+      const result = await handleCryptoWebhook(depsWithBots, makePayload({ type: "InvoiceSettled" }));
+
+      expect(result.reactivatedBots).toBeUndefined();
+    });
+
+    it("does NOT call botBilling on non-settled events", async () => {
+      const mockBotBilling = {
+        checkReactivation: vi.fn().mockResolvedValue(["bot-1"]),
+      } as unknown as BotBilling;
+      const depsWithBots: CryptoWebhookDeps = { ...deps, botBilling: mockBotBilling };
+
+      await handleCryptoWebhook(depsWithBots, makePayload({ type: "InvoiceProcessing" }));
+
+      expect(mockBotBilling.checkReactivation).not.toHaveBeenCalled();
+    });
+
+    it("does NOT call botBilling when charge is already credited (idempotency path)", async () => {
+      const mockBotBilling = {
+        checkReactivation: vi.fn().mockResolvedValue(["bot-1"]),
+      } as unknown as BotBilling;
+      const depsWithBots: CryptoWebhookDeps = { ...deps, botBilling: mockBotBilling };
+
+      // First settlement — should call reactivation
+      await handleCryptoWebhook(depsWithBots, makePayload({ type: "InvoiceSettled" }));
+      expect(mockBotBilling.checkReactivation).toHaveBeenCalledTimes(1);
+
+      // Second settlement — charge already credited, should NOT call reactivation again
+      await handleCryptoWebhook(depsWithBots, makePayload({ type: "InvoiceSettled" }));
+      expect(mockBotBilling.checkReactivation).toHaveBeenCalledTimes(1);
+    });
+
+    it("operates correctly when botBilling is not provided", async () => {
+      // No botBilling dependency — should complete without error
+      const result = await handleCryptoWebhook(deps, makePayload({ type: "InvoiceSettled" }));
+
+      expect(result.handled).toBe(true);
+      expect(result.creditedCents).toBe(2500);
+      expect(result.reactivatedBots).toBeUndefined();
+    });
+  });
+
+  // ---------------------------------------------------------------------------
+  // Multiple tenants — independent processing
+  // ---------------------------------------------------------------------------
+
+  describe("multiple tenants", () => {
+    it("processes invoices for different tenants independently", async () => {
+      await chargeStore.create("inv-b-001", "tenant-b", 5000);
+      await chargeStore.create("inv-c-001", "tenant-c", 1500);
+
+      await handleCryptoWebhook(deps, makePayload({ invoiceId: "inv-b-001", type: "InvoiceSettled" }));
+      await handleCryptoWebhook(deps, makePayload({ invoiceId: "inv-c-001", type: "InvoiceSettled" }));
+
+      expect((await creditLedger.balance("tenant-b")).toCents()).toBe(5000);
+      expect((await creditLedger.balance("tenant-c")).toCents()).toBe(1500);
+      // Original tenant-a was not settled in this test
+      expect((await creditLedger.balance("tenant-a")).toCents()).toBe(0);
+    });
+  });
+});

package/src/monetization/crypto/index.ts

@@ -0,0 +1,23 @@
+// Re-export everything from the billing/crypto module.
+export type {
+  CryptoBillingConfig,
+  CryptoChargeRecord,
+  CryptoCheckoutOpts,
+  CryptoConfig,
+  CryptoPaymentState,
+  CryptoWebhookPayload,
+  CryptoWebhookResult,
+  ICryptoChargeRepository,
+} from "@wopr-network/platform-core/billing";
+export {
+  BTCPayClient,
+  CryptoChargeRepository,
+  createCryptoCheckout,
+  DrizzleCryptoChargeRepository,
+  loadCryptoConfig,
+  MIN_PAYMENT_USD,
+  mapBtcPayEventToStatus,
+  verifyCryptoWebhookSignature,
+} from "@wopr-network/platform-core/billing";
+export type { CryptoWebhookDeps } from "./webhook.js";
+export { handleCryptoWebhook } from "./webhook.js";

package/src/monetization/crypto/webhook.ts

@@ -0,0 +1,115 @@
+import type {
+  CryptoWebhookPayload,
+  CryptoWebhookResult,
+  ICryptoChargeRepository,
+  IWebhookSeenRepository,
+} from "@wopr-network/platform-core/billing";
+import { mapBtcPayEventToStatus } from "@wopr-network/platform-core/billing";
+import type { ILedger } from "@wopr-network/platform-core/credits";
+import { Credit } from "@wopr-network/platform-core/credits";
+import type { BotBilling } from "../credits/bot-billing.js";
+
+export interface CryptoWebhookDeps {
+  chargeStore: ICryptoChargeRepository;
+  creditLedger: ILedger;
+  botBilling?: BotBilling;
+  replayGuard: IWebhookSeenRepository;
+}
+
+/**
+ * Process a BTCPay Server webhook event (WOPR-specific version).
+ *
+ * Only credits the ledger on InvoiceSettled.
+ * Uses botBilling.checkReactivation for WOPR bot suspension recovery.
+ *
+ * Idempotency strategy (matches Stripe webhook pattern):
+ *   Primary: `creditLedger.hasReferenceId("crypto:<invoiceId>")` — atomic,
+ *   checked inside the ledger's serialized transaction.
+ *   Secondary: `chargeStore.markCredited()` — advisory flag for queries.
+ *
+ * CRITICAL: charge.amountUsdCents is in USD cents (integer).
+ * Credit.fromCents() converts cents → nanodollars for the ledger.
+ */
+export async function handleCryptoWebhook(
+  deps: CryptoWebhookDeps,
+  payload: CryptoWebhookPayload,
+): Promise<CryptoWebhookResult> {
+  const { chargeStore, creditLedger } = deps;
+
+  // Replay guard FIRST: deduplicate by invoiceId + event type.
+  // Must run before mapBtcPayEventToStatus() — unknown event types throw,
+  // and BTCPay retries webhooks on failure. Without this ordering, an unknown
+  // event type causes an infinite retry loop.
+  const dedupeKey = `${payload.invoiceId}:${payload.type}`;
+  if (await deps.replayGuard.isDuplicate(dedupeKey, "crypto")) {
+    return { handled: true, status: "New", duplicate: true };
+  }
+
+  // Map BTCPay event type to a CryptoPaymentState (throws on unknown types).
+  const status = mapBtcPayEventToStatus(payload.type);
+
+  // Look up the charge record to find the tenant.
+  const charge = await chargeStore.getByReferenceId(payload.invoiceId);
+  if (!charge) {
+    return { handled: false, status };
+  }
+
+  // Update charge status regardless of event type.
+  await chargeStore.updateStatus(payload.invoiceId, status);
+
+  let result: CryptoWebhookResult;
+
+  if (payload.type === "InvoiceSettled") {
+    // Idempotency: use ledger referenceId check (same pattern as Stripe webhook).
+    // This is atomic — the referenceId is checked inside the ledger's serialized
+    // transaction, eliminating the TOCTOU race of isCredited() + creditLedger().
+    const creditRef = `crypto:${payload.invoiceId}`;
+    if (await creditLedger.hasReferenceId(creditRef)) {
+      result = {
+        handled: true,
+        status,
+        tenant: charge.tenantId,
+        creditedCents: 0,
+      };
+    } else {
+      // Credit the original USD amount requested (not the crypto amount).
+      // charge.amountUsdCents is in USD cents (integer).
+      // Credit.fromCents() converts to nanodollars for the ledger.
+      const creditCents = charge.amountUsdCents;
+
+      await creditLedger.credit(charge.tenantId, Credit.fromCents(creditCents), "purchase", {
+        description: `Crypto credit purchase via BTCPay (invoice: ${payload.invoiceId})`,
+        referenceId: creditRef,
+        fundingSource: "crypto",
+      });
+
+      // Mark credited (advisory — primary idempotency is the ledger referenceId above).
+      await chargeStore.markCredited(payload.invoiceId);
+
+      // Reactivate suspended bots (same as Stripe webhook).
+      let reactivatedBots: string[] | undefined;
+      if (deps.botBilling) {
+        reactivatedBots = await deps.botBilling.checkReactivation(charge.tenantId, creditLedger);
+        if (reactivatedBots.length === 0) reactivatedBots = undefined;
+      }
+
+      result = {
+        handled: true,
+        status,
+        tenant: charge.tenantId,
+        creditedCents: creditCents,
+        reactivatedBots,
+      };
+    }
+  } else {
+    // New, Processing, Expired, Invalid — just track status.
+    result = {
+      handled: true,
+      status,
+      tenant: charge.tenantId,
+    };
+  }
+
+  await deps.replayGuard.markSeen(dedupeKey, "crypto");
+  return result;
+}

package/src/monetization/index.ts

@@ -158,6 +158,27 @@ export {
   SIGNUP_GRANT,
   SUSPENSION_GRACE_DAYS,
 } from "./credits/index.js";
+// Crypto payments (BTCPay Server)
+export type {
+  CryptoBillingConfig,
+  CryptoCheckoutOpts,
+  CryptoConfig,
+  CryptoPaymentState,
+  CryptoWebhookDeps,
+  CryptoWebhookPayload,
+  CryptoWebhookResult,
+} from "./crypto/index.js";
+export {
+  BTCPayClient,
+  CryptoChargeRepository,
+  createCryptoCheckout,
+  DrizzleCryptoChargeRepository,
+  handleCryptoWebhook,
+  loadCryptoConfig,
+  MIN_PAYMENT_USD,
+  mapBtcPayEventToStatus,
+  verifyCryptoWebhookSignature,
+} from "./crypto/index.js";
 // Feature gating middleware (WOP-384 — replaced tier gates with balance gates)
 export {
   type CreditGateConfig,
@@ -181,25 +202,6 @@ export {
   MeterAggregator,
   MeterEmitter,
 } from "./metering/index.js";
-// PayRam crypto payments (WOP-407)
-export type {
-  PayRamBillingConfig,
-  PayRamCheckoutOpts,
-  PayRamConfig,
-  PayRamPaymentState,
-  PayRamWebhookDeps,
-  PayRamWebhookPayload,
-  PayRamWebhookResult,
-} from "./payram/index.js";
-export {
-  createPayRamCheckout,
-  createPayRamClient,
-  DrizzlePayRamChargeRepository,
-  handlePayRamWebhook,
-  loadPayRamConfig,
-  MIN_PAYMENT_USD,
-  PayRamChargeRepository,
-} from "./payram/index.js";
 export {
   checkInstanceQuota,
   DEFAULT_INSTANCE_LIMITS,
@@ -214,13 +216,13 @@ export {
 } from "./quotas/resource-limits.js";
 // Repository interfaces (WOP-899)
 export type {
+  CryptoChargeRecord,
   IBotBilling,
   IBudgetChecker,
+  ICryptoChargeRepository,
   IMeterAggregator,
   IMeterEmitter,
-  IPayRamChargeRepository,
   ITenantCustomerRepository,
-  PayRamChargeRecord,
 } from "./repository-types.js";
 // Socket layer — adapter orchestrator (WOP-376)
 export { AdapterSocket, type SocketConfig, type SocketRequest } from "./socket/socket.js";

package/src/monetization/repository-types.ts

@@ -1,9 +1,9 @@
 // Re-export all monetization repository interfaces for callers that want a single import point.
 
 export type {
-  IPayRamChargeRepository,
+  CryptoChargeRecord,
+  ICryptoChargeRepository,
   ITenantCustomerRepository,
-  PayRamChargeRecord,
 } from "@wopr-network/platform-core/billing";
 export type { IAutoTopupSettingsRepository, ILedger } from "@wopr-network/platform-core/credits";
 export type { IMeterAggregator, IMeterEmitter } from "@wopr-network/platform-core/metering";

package/src/observability/pagerduty.test.ts

@@ -7,6 +7,7 @@ describe("PagerDutyNotifier", () => {
   });
 
   afterEach(() => {
+    vi.useRealTimers();
     vi.restoreAllMocks();
   });
 

package/src/security/key-validation.test.ts

@@ -1,16 +1,22 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import { PROVIDER_API_URLS } from "../config/provider-endpoints.js";
 import { PROVIDER_ENDPOINTS, validateProviderKey } from "./key-validation.js";
 
 describe("key-validation", () => {
   describe("PROVIDER_API_URLS", () => {
-    it("exports a URL for every supported provider", () => {
-      expect(PROVIDER_API_URLS.anthropic).toBe("https://api.anthropic.com/v1/models");
-      expect(PROVIDER_API_URLS.openai).toBe("https://api.openai.com/v1/models");
-      expect(PROVIDER_API_URLS.google).toBe("https://generativelanguage.googleapis.com/v1/models");
-      expect(PROVIDER_API_URLS.discord).toBe("https://discord.com/api/v10/users/@me");
-      expect(PROVIDER_API_URLS.elevenlabs).toBe("https://api.elevenlabs.io/v1/user");
-      expect(PROVIDER_API_URLS.deepgram).toBe("https://api.deepgram.com/v1/projects");
+    afterEach(() => {
+      vi.unstubAllEnvs();
+      vi.resetModules();
+    });
+
+    it("exports a URL for every supported provider", async () => {
+      vi.resetModules();
+      const { PROVIDER_API_URLS: urls } = await import("../config/provider-endpoints.js");
+      expect(urls.anthropic).toBe("https://api.anthropic.com/v1/models");
+      expect(urls.openai).toBe("https://api.openai.com/v1/models");
+      expect(urls.google).toBe("https://generativelanguage.googleapis.com/v1/models");
+      expect(urls.discord).toBe("https://discord.com/api/v10/users/@me");
+      expect(urls.elevenlabs).toBe("https://api.elevenlabs.io/v1/user");
+      expect(urls.deepgram).toBe("https://api.deepgram.com/v1/projects");
     });
   });
 
@@ -108,4 +114,64 @@ describe("key-validation", () => {
       );
     });
   });
+
+  describe("PROVIDER_API_URLS env overrides", () => {
+    afterEach(() => {
+      vi.unstubAllEnvs();
+      vi.resetModules();
+    });
+
+    it("uses ANTHROPIC_API_URL when set", async () => {
+      vi.stubEnv("ANTHROPIC_API_URL", "https://custom-anthropic.example.com/v1/models");
+      vi.resetModules();
+      const { PROVIDER_API_URLS: urls } = await import("../config/provider-endpoints.js");
+      expect(urls.anthropic).toBe("https://custom-anthropic.example.com/v1/models");
+    });
+
+    it("uses OPENAI_API_URL when set", async () => {
+      vi.stubEnv("OPENAI_API_URL", "https://custom-openai.example.com/v1/models");
+      vi.resetModules();
+      const { PROVIDER_API_URLS: urls } = await import("../config/provider-endpoints.js");
+      expect(urls.openai).toBe("https://custom-openai.example.com/v1/models");
+    });
+
+    it("uses GOOGLE_API_URL when set", async () => {
+      vi.stubEnv("GOOGLE_API_URL", "https://custom-google.example.com/v1/models");
+      vi.resetModules();
+      const { PROVIDER_API_URLS: urls } = await import("../config/provider-endpoints.js");
+      expect(urls.google).toBe("https://custom-google.example.com/v1/models");
+    });
+
+    it("uses DISCORD_API_URL when set", async () => {
+      vi.stubEnv("DISCORD_API_URL", "https://custom-discord.example.com/api/v10/users/@me");
+      vi.resetModules();
+      const { PROVIDER_API_URLS: urls } = await import("../config/provider-endpoints.js");
+      expect(urls.discord).toBe("https://custom-discord.example.com/api/v10/users/@me");
+    });
+
+    it("uses ELEVENLABS_API_URL when set", async () => {
+      vi.stubEnv("ELEVENLABS_API_URL", "https://custom-elevenlabs.example.com/v1/user");
+      vi.resetModules();
+      const { PROVIDER_API_URLS: urls } = await import("../config/provider-endpoints.js");
+      expect(urls.elevenlabs).toBe("https://custom-elevenlabs.example.com/v1/user");
+    });
+
+    it("uses DEEPGRAM_API_URL when set", async () => {
+      vi.stubEnv("DEEPGRAM_API_URL", "https://custom-deepgram.example.com/v1/projects");
+      vi.resetModules();
+      const { PROVIDER_API_URLS: urls } = await import("../config/provider-endpoints.js");
+      expect(urls.deepgram).toBe("https://custom-deepgram.example.com/v1/projects");
+    });
+
+    it("falls back to defaults when env vars are not set", async () => {
+      vi.resetModules();
+      const { PROVIDER_API_URLS: urls } = await import("../config/provider-endpoints.js");
+      expect(urls.anthropic).toBe("https://api.anthropic.com/v1/models");
+      expect(urls.openai).toBe("https://api.openai.com/v1/models");
+      expect(urls.google).toBe("https://generativelanguage.googleapis.com/v1/models");
+      expect(urls.discord).toBe("https://discord.com/api/v10/users/@me");
+      expect(urls.elevenlabs).toBe("https://api.elevenlabs.io/v1/user");
+      expect(urls.deepgram).toBe("https://api.deepgram.com/v1/projects");
+    });
+  });
 });