@wopr-network/platform-core 1.42.2 → 1.43.0

package/dist/billing/crypto/client.test.js

@@ -1,100 +1,93 @@
 import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import { BTCPayClient, loadCryptoConfig } from "./client.js";
-describe("BTCPayClient", () => {
-    it("createInvoice sends correct request and returns id + checkoutLink", async () => {
-        const mockResponse = { id: "inv-001", checkoutLink: "https://btcpay.example.com/i/inv-001" };
-        const fetchSpy = vi
-            .spyOn(globalThis, "fetch")
-            .mockResolvedValue(new Response(JSON.stringify(mockResponse), { status: 200 }));
-        const client = new BTCPayClient({
-            apiKey: "test-key",
-            baseUrl: "https://btcpay.example.com",
-            storeId: "store-abc",
-        });
-        const result = await client.createInvoice({
-            amountUsd: 25,
-            orderId: "order-123",
-            buyerEmail: "test@example.com",
-        });
-        expect(result.id).toBe("inv-001");
-        expect(result.checkoutLink).toBe("https://btcpay.example.com/i/inv-001");
-        expect(fetchSpy).toHaveBeenCalledOnce();
-        const [url, opts] = fetchSpy.mock.calls[0];
-        expect(url).toBe("https://btcpay.example.com/api/v1/stores/store-abc/invoices");
+import { BTCPayClient, CryptoServiceClient, loadCryptoConfig } from "./client.js";
+describe("CryptoServiceClient", () => {
+    afterEach(() => vi.restoreAllMocks());
+    it("deriveAddress sends POST /address with chain", async () => {
+        const mockResponse = { address: "bc1q...", index: 42, chain: "bitcoin", token: "BTC" };
+        vi.spyOn(globalThis, "fetch").mockResolvedValue(new Response(JSON.stringify(mockResponse), { status: 201 }));
+        const client = new CryptoServiceClient({ baseUrl: "http://localhost:3100" });
+        const result = await client.deriveAddress("btc");
+        expect(result.address).toBe("bc1q...");
+        expect(result.index).toBe(42);
+        const [url, opts] = vi.mocked(fetch).mock.calls[0];
+        expect(url).toBe("http://localhost:3100/address");
         expect(opts?.method).toBe("POST");
+        expect(JSON.parse(opts?.body)).toEqual({ chain: "btc" });
+    });
+    it("createCharge sends POST /charges", async () => {
+        const mockResponse = {
+            chargeId: "btc:bc1q...",
+            address: "bc1q...",
+            chain: "btc",
+            token: "BTC",
+            amountUsd: 50,
+            derivationIndex: 42,
+            expiresAt: "2026-03-20T04:00:00Z",
+        };
+        vi.spyOn(globalThis, "fetch").mockResolvedValue(new Response(JSON.stringify(mockResponse), { status: 201 }));
+        const client = new CryptoServiceClient({
+            baseUrl: "http://localhost:3100",
+            serviceKey: "sk-test",
+            tenantId: "tenant-1",
+        });
+        const result = await client.createCharge({ chain: "btc", amountUsd: 50 });
+        expect(result.chargeId).toBe("btc:bc1q...");
+        expect(result.address).toBe("bc1q...");
+        const [, opts] = vi.mocked(fetch).mock.calls[0];
         const headers = opts?.headers;
-        expect(headers.Authorization).toBe("token test-key");
-        expect(headers["Content-Type"]).toBe("application/json");
-        const body = JSON.parse(opts?.body);
-        expect(body.amount).toBe("25");
-        expect(body.currency).toBe("USD");
-        expect(body.metadata.orderId).toBe("order-123");
-        expect(body.metadata.buyerEmail).toBe("test@example.com");
-        expect(body.checkout.speedPolicy).toBe("MediumSpeed");
-        fetchSpy.mockRestore();
+        expect(headers.Authorization).toBe("Bearer sk-test");
+        expect(headers["X-Tenant-Id"]).toBe("tenant-1");
     });
-    it("createInvoice includes redirectURL when provided", async () => {
-        const fetchSpy = vi.spyOn(globalThis, "fetch").mockResolvedValue(new Response(JSON.stringify({ id: "inv-002", checkoutLink: "https://btcpay.example.com/i/inv-002" }), {
-            status: 200,
-        }));
-        const client = new BTCPayClient({ apiKey: "k", baseUrl: "https://btcpay.example.com", storeId: "s" });
-        await client.createInvoice({ amountUsd: 10, orderId: "o", redirectURL: "https://app.example.com/success" });
-        const body = JSON.parse(fetchSpy.mock.calls[0][1]?.body);
-        expect(body.checkout.redirectURL).toBe("https://app.example.com/success");
-        fetchSpy.mockRestore();
+    it("getCharge sends GET /charges/:id", async () => {
+        const mockResponse = { chargeId: "btc:bc1q...", status: "confirmed" };
+        vi.spyOn(globalThis, "fetch").mockResolvedValue(new Response(JSON.stringify(mockResponse), { status: 200 }));
+        const client = new CryptoServiceClient({ baseUrl: "http://localhost:3100" });
+        const result = await client.getCharge("btc:bc1q...");
+        expect(result.status).toBe("confirmed");
+        expect(vi.mocked(fetch).mock.calls[0][0]).toBe("http://localhost:3100/charges/btc%3Abc1q...");
     });
-    it("createInvoice throws on non-ok response", async () => {
-        const fetchSpy = vi.spyOn(globalThis, "fetch").mockResolvedValue(new Response("Unauthorized", { status: 401 }));
-        const client = new BTCPayClient({ apiKey: "bad-key", baseUrl: "https://btcpay.example.com", storeId: "s" });
-        await expect(client.createInvoice({ amountUsd: 10, orderId: "o" })).rejects.toThrow("BTCPay createInvoice failed (401)");
-        fetchSpy.mockRestore();
+    it("listChains sends GET /chains", async () => {
+        const mockResponse = [{ id: "btc", token: "BTC", chain: "bitcoin", decimals: 8 }];
+        vi.spyOn(globalThis, "fetch").mockResolvedValue(new Response(JSON.stringify(mockResponse), { status: 200 }));
+        const client = new CryptoServiceClient({ baseUrl: "http://localhost:3100" });
+        const result = await client.listChains();
+        expect(result).toHaveLength(1);
+        expect(result[0].token).toBe("BTC");
     });
-    it("getInvoice sends correct request", async () => {
-        const fetchSpy = vi.spyOn(globalThis, "fetch").mockResolvedValue(new Response(JSON.stringify({ id: "inv-001", status: "Settled", amount: "25", currency: "USD" }), {
-            status: 200,
-        }));
-        const client = new BTCPayClient({ apiKey: "k", baseUrl: "https://btcpay.example.com", storeId: "store-abc" });
-        const result = await client.getInvoice("inv-001");
-        expect(result.status).toBe("Settled");
-        expect(fetchSpy.mock.calls[0][0]).toBe("https://btcpay.example.com/api/v1/stores/store-abc/invoices/inv-001");
-        fetchSpy.mockRestore();
+    it("throws on non-ok response", async () => {
+        vi.spyOn(globalThis, "fetch").mockResolvedValue(new Response("Not found", { status: 404 }));
+        const client = new CryptoServiceClient({ baseUrl: "http://localhost:3100" });
+        await expect(client.getCharge("missing")).rejects.toThrow("CryptoService getCharge failed (404)");
     });
 });
-describe("loadCryptoConfig", () => {
-    beforeEach(() => {
-        delete process.env.BTCPAY_API_KEY;
-        delete process.env.BTCPAY_BASE_URL;
-        delete process.env.BTCPAY_STORE_ID;
-    });
-    afterEach(() => {
-        vi.unstubAllEnvs();
+describe("BTCPayClient (deprecated)", () => {
+    it("throws on createInvoice", async () => {
+        const client = new BTCPayClient({ apiKey: "k", baseUrl: "https://example.com", storeId: "s" });
+        await expect(client.createInvoice({ amountUsd: 10, orderId: "o" })).rejects.toThrow("deprecated");
     });
-    it("returns null when BTCPAY_API_KEY is missing", () => {
-        vi.stubEnv("BTCPAY_BASE_URL", "https://btcpay.test");
-        vi.stubEnv("BTCPAY_STORE_ID", "store-1");
-        expect(loadCryptoConfig()).toBeNull();
-    });
-    it("returns null when BTCPAY_BASE_URL is missing", () => {
-        vi.stubEnv("BTCPAY_API_KEY", "test-key");
-        vi.stubEnv("BTCPAY_STORE_ID", "store-1");
-        expect(loadCryptoConfig()).toBeNull();
+    it("throws on getInvoice", async () => {
+        const client = new BTCPayClient({ apiKey: "k", baseUrl: "https://example.com", storeId: "s" });
+        await expect(client.getInvoice("inv-1")).rejects.toThrow("deprecated");
     });
-    it("returns null when BTCPAY_STORE_ID is missing", () => {
-        vi.stubEnv("BTCPAY_API_KEY", "test-key");
-        vi.stubEnv("BTCPAY_BASE_URL", "https://btcpay.test");
-        expect(loadCryptoConfig()).toBeNull();
+});
+describe("loadCryptoConfig", () => {
+    beforeEach(() => {
+        delete process.env.CRYPTO_SERVICE_URL;
+        delete process.env.CRYPTO_SERVICE_KEY;
+        delete process.env.TENANT_ID;
     });
-    it("returns config when all env vars are set", () => {
-        vi.stubEnv("BTCPAY_API_KEY", "test-key");
-        vi.stubEnv("BTCPAY_BASE_URL", "https://btcpay.test");
-        vi.stubEnv("BTCPAY_STORE_ID", "store-1");
+    afterEach(() => vi.unstubAllEnvs());
+    it("returns config when CRYPTO_SERVICE_URL is set", () => {
+        vi.stubEnv("CRYPTO_SERVICE_URL", "http://10.120.0.5:3100");
+        vi.stubEnv("CRYPTO_SERVICE_KEY", "sk-test");
+        vi.stubEnv("TENANT_ID", "tenant-1");
         expect(loadCryptoConfig()).toEqual({
-            apiKey: "test-key",
-            baseUrl: "https://btcpay.test",
-            storeId: "store-1",
+            baseUrl: "http://10.120.0.5:3100",
+            serviceKey: "sk-test",
+            tenantId: "tenant-1",
         });
     });
-    it("returns null when all env vars are missing", () => {
+    it("returns null when CRYPTO_SERVICE_URL is missing", () => {
         expect(loadCryptoConfig()).toBeNull();
     });
 });

package/dist/billing/crypto/index.d.ts

@@ -2,11 +2,13 @@ export * from "./btc/index.js";
 export type { CryptoChargeRecord, CryptoDepositChargeInput, ICryptoChargeRepository } from "./charge-store.js";
 export { CryptoChargeRepository, DrizzleCryptoChargeRepository } from "./charge-store.js";
 export { createCryptoCheckout, MIN_PAYMENT_USD } from "./checkout.js";
-export type { CryptoConfig } from "./client.js";
-export { BTCPayClient, loadCryptoConfig } from "./client.js";
+export type { ChainInfo, ChargeStatus, CreateChargeResult, CryptoConfig, CryptoServiceConfig, DeriveAddressResult, } from "./client.js";
+export { BTCPayClient, CryptoServiceClient, loadCryptoConfig } from "./client.js";
 export type { IWatcherCursorStore } from "./cursor-store.js";
 export { DrizzleWatcherCursorStore } from "./cursor-store.js";
 export * from "./evm/index.js";
+export type { KeyServerDeps } from "./key-server.js";
+export { createKeyServerApp } from "./key-server.js";
 export * from "./oracle/index.js";
 export type { IPaymentMethodStore, PaymentMethodRecord } from "./payment-method-store.js";
 export { DrizzlePaymentMethodStore } from "./payment-method-store.js";

package/dist/billing/crypto/index.js

@@ -1,9 +1,10 @@
 export * from "./btc/index.js";
 export { CryptoChargeRepository, DrizzleCryptoChargeRepository } from "./charge-store.js";
 export { createCryptoCheckout, MIN_PAYMENT_USD } from "./checkout.js";
-export { BTCPayClient, loadCryptoConfig } from "./client.js";
+export { BTCPayClient, CryptoServiceClient, loadCryptoConfig } from "./client.js";
 export { DrizzleWatcherCursorStore } from "./cursor-store.js";
 export * from "./evm/index.js";
+export { createKeyServerApp } from "./key-server.js";
 export * from "./oracle/index.js";
 export { DrizzlePaymentMethodStore } from "./payment-method-store.js";
 export { mapBtcPayEventToStatus } from "./types.js";

package/dist/billing/crypto/key-server-entry.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/billing/crypto/key-server-entry.js

@@ -0,0 +1,43 @@
+/**
+ * Standalone entry point for the crypto key server.
+ *
+ * Deploys on the chain server (pay.wopr.bot:3100).
+ * Boots: postgres → migrations → key server routes → watchers → serve.
+ *
+ * Usage: node dist/billing/crypto/key-server-entry.js
+ */
+/* biome-ignore-all lint/suspicious/noConsole: standalone entry point */
+import { serve } from "@hono/node-server";
+import { drizzle } from "drizzle-orm/node-postgres";
+import { migrate } from "drizzle-orm/node-postgres/migrator";
+import pg from "pg";
+import * as schema from "../../db/schema/index.js";
+import { DrizzleCryptoChargeRepository } from "./charge-store.js";
+import { createKeyServerApp } from "./key-server.js";
+import { DrizzlePaymentMethodStore } from "./payment-method-store.js";
+const PORT = Number(process.env.PORT ?? "3100");
+const DATABASE_URL = process.env.DATABASE_URL;
+const SERVICE_KEY = process.env.SERVICE_KEY;
+const ADMIN_TOKEN = process.env.ADMIN_TOKEN;
+if (!DATABASE_URL) {
+    console.error("DATABASE_URL is required");
+    process.exit(1);
+}
+async function main() {
+    const pool = new pg.Pool({ connectionString: DATABASE_URL });
+    // Run migrations FIRST, before creating schema-typed db
+    console.log("[crypto-key-server] Running migrations...");
+    await migrate(drizzle(pool), { migrationsFolder: "./drizzle/migrations" });
+    // Now create the schema-typed db (columns guaranteed to exist)
+    console.log("[crypto-key-server] Connecting...");
+    const db = drizzle(pool, { schema });
+    const chargeStore = new DrizzleCryptoChargeRepository(db);
+    const methodStore = new DrizzlePaymentMethodStore(db);
+    const app = createKeyServerApp({ db, chargeStore, methodStore, serviceKey: SERVICE_KEY, adminToken: ADMIN_TOKEN });
+    console.log(`[crypto-key-server] Listening on :${PORT}`);
+    serve({ fetch: app.fetch, port: PORT });
+}
+main().catch((err) => {
+    console.error("[crypto-key-server] Fatal:", err);
+    process.exit(1);
+});

package/dist/billing/crypto/key-server.d.ts

@@ -0,0 +1,18 @@
+import { Hono } from "hono";
+import type { DrizzleDb } from "../../db/index.js";
+import type { ICryptoChargeRepository } from "./charge-store.js";
+import type { IPaymentMethodStore } from "./payment-method-store.js";
+export interface KeyServerDeps {
+    db: DrizzleDb;
+    chargeStore: ICryptoChargeRepository;
+    methodStore: IPaymentMethodStore;
+    /** Bearer token for product API routes. If unset, auth is disabled. */
+    serviceKey?: string;
+    /** Bearer token for admin routes. If unset, admin routes are disabled. */
+    adminToken?: string;
+}
+/**
+ * Create the Hono app for the crypto key server.
+ * Mount this on the chain server at the root.
+ */
+export declare function createKeyServerApp(deps: KeyServerDeps): Hono;

package/dist/billing/crypto/key-server.js

@@ -0,0 +1,239 @@
+/**
+ * Crypto Key Server — shared address derivation + charge management.
+ *
+ * Deploys on the chain server (pay.wopr.bot) alongside bitcoind.
+ * Products don't run watchers or hold xpubs. They request addresses
+ * and receive webhooks.
+ *
+ * ~200 lines of new code wrapping platform-core's existing crypto modules.
+ */
+import { eq, sql } from "drizzle-orm";
+import { Hono } from "hono";
+import { derivedAddresses, pathAllocations, paymentMethods } from "../../db/schema/crypto.js";
+import { deriveAddress, deriveP2pkhAddress } from "./btc/address-gen.js";
+import { deriveDepositAddress } from "./evm/address-gen.js";
+/**
+ * Derive the next unused address for a chain.
+ * Atomically increments next_index and records address in a single transaction.
+ */
+async function deriveNextAddress(db, chainId, tenantId) {
+    // Wrap in transaction: if the address insert fails, next_index is not consumed.
+    return db.transaction(async (tx) => {
+        // Atomic increment: UPDATE ... SET next_index = next_index + 1 RETURNING *
+        const [method] = await tx
+            .update(paymentMethods)
+            .set({ nextIndex: sql `${paymentMethods.nextIndex} + 1` })
+            .where(eq(paymentMethods.id, chainId))
+            .returning();
+        if (!method)
+            throw new Error(`Chain not found: ${chainId}`);
+        if (!method.xpub)
+            throw new Error(`No xpub configured for chain: ${chainId}`);
+        // The index we use is the value BEFORE increment (returned value - 1)
+        const index = method.nextIndex - 1;
+        // Route to the right derivation function
+        let address;
+        if (method.type === "native" && method.chain === "dogecoin") {
+            address = deriveP2pkhAddress(method.xpub, index, "dogecoin");
+        }
+        else if (method.type === "native" && (method.chain === "bitcoin" || method.chain === "litecoin")) {
+            address = deriveAddress(method.xpub, index, "mainnet", method.chain);
+        }
+        else {
+            // EVM (all ERC20 + native ETH) — same derivation
+            address = deriveDepositAddress(method.xpub, index);
+        }
+        // Record in immutable log (inside same transaction)
+        await tx.insert(derivedAddresses).values({
+            chainId,
+            derivationIndex: index,
+            address: address.toLowerCase(),
+            tenantId,
+        });
+        return { address, index, chain: method.chain, token: method.token };
+    });
+}
+/** Validate Bearer token from Authorization header. */
+function requireAuth(header, expected) {
+    if (!expected)
+        return true; // auth disabled
+    return header === `Bearer ${expected}`;
+}
+/**
+ * Create the Hono app for the crypto key server.
+ * Mount this on the chain server at the root.
+ */
+export function createKeyServerApp(deps) {
+    const app = new Hono();
+    // --- Auth middleware for product routes ---
+    app.use("/address", async (c, next) => {
+        if (deps.serviceKey && !requireAuth(c.req.header("Authorization"), deps.serviceKey)) {
+            return c.json({ error: "Unauthorized" }, 401);
+        }
+        await next();
+    });
+    app.use("/charges/*", async (c, next) => {
+        if (deps.serviceKey && !requireAuth(c.req.header("Authorization"), deps.serviceKey)) {
+            return c.json({ error: "Unauthorized" }, 401);
+        }
+        await next();
+    });
+    app.use("/charges", async (c, next) => {
+        if (deps.serviceKey && !requireAuth(c.req.header("Authorization"), deps.serviceKey)) {
+            return c.json({ error: "Unauthorized" }, 401);
+        }
+        await next();
+    });
+    // --- Auth middleware for admin routes ---
+    app.use("/admin/*", async (c, next) => {
+        if (!deps.adminToken)
+            return c.json({ error: "Admin API disabled" }, 403);
+        if (!requireAuth(c.req.header("Authorization"), deps.adminToken)) {
+            return c.json({ error: "Unauthorized" }, 401);
+        }
+        await next();
+    });
+    // --- Product API ---
+    /** POST /address — derive next unused address */
+    app.post("/address", async (c) => {
+        const body = await c.req.json();
+        if (!body.chain)
+            return c.json({ error: "chain is required" }, 400);
+        const tenantId = c.req.header("X-Tenant-Id");
+        const result = await deriveNextAddress(deps.db, body.chain, tenantId ?? undefined);
+        return c.json(result, 201);
+    });
+    /** POST /charges — create charge + derive address + start watching */
+    app.post("/charges", async (c) => {
+        const body = await c.req.json();
+        if (!body.chain || typeof body.amountUsd !== "number" || !Number.isFinite(body.amountUsd) || body.amountUsd <= 0) {
+            return c.json({ error: "chain is required and amountUsd must be a positive finite number" }, 400);
+        }
+        const tenantId = c.req.header("X-Tenant-Id") ?? "unknown";
+        const { address, index, chain, token } = await deriveNextAddress(deps.db, body.chain, tenantId);
+        const amountUsdCents = Math.round(body.amountUsd * 100);
+        const referenceId = `${token.toLowerCase()}:${address.toLowerCase()}`;
+        await deps.chargeStore.createStablecoinCharge({
+            referenceId,
+            tenantId,
+            amountUsdCents,
+            chain,
+            token,
+            depositAddress: address,
+            derivationIndex: index,
+        });
+        return c.json({
+            chargeId: referenceId,
+            address,
+            chain: body.chain,
+            token,
+            amountUsd: body.amountUsd,
+            derivationIndex: index,
+            expiresAt: new Date(Date.now() + 30 * 60 * 1000).toISOString(), // 30 min
+        }, 201);
+    });
+    /** GET /charges/:id — check charge status */
+    app.get("/charges/:id", async (c) => {
+        const charge = await deps.chargeStore.getByReferenceId(c.req.param("id"));
+        if (!charge)
+            return c.json({ error: "Charge not found" }, 404);
+        return c.json({
+            chargeId: charge.referenceId,
+            status: charge.status,
+            address: charge.depositAddress,
+            chain: charge.chain,
+            token: charge.token,
+            amountUsdCents: charge.amountUsdCents,
+            creditedAt: charge.creditedAt,
+        });
+    });
+    /** GET /chains — list enabled payment methods (for checkout UI) */
+    app.get("/chains", async (c) => {
+        const methods = await deps.methodStore.listEnabled();
+        return c.json(methods.map((m) => ({
+            id: m.id,
+            token: m.token,
+            chain: m.chain,
+            decimals: m.decimals,
+            displayName: m.displayName,
+            contractAddress: m.contractAddress,
+            confirmations: m.confirmations,
+        })));
+    });
+    // --- Admin API ---
+    /** GET /admin/next-path — which derivation path to use for a coin type */
+    app.get("/admin/next-path", async (c) => {
+        const coinType = Number(c.req.query("coin_type"));
+        if (!Number.isInteger(coinType))
+            return c.json({ error: "coin_type must be an integer" }, 400);
+        // Find all allocations for this coin type
+        const existing = await deps.db.select().from(pathAllocations).where(eq(pathAllocations.coinType, coinType));
+        if (existing.length === 0) {
+            return c.json({
+                coin_type: coinType,
+                account_index: 0,
+                path: `m/44'/${coinType}'/0'`,
+                status: "available",
+            });
+        }
+        // If already allocated, return info about existing allocation
+        const latest = existing.sort((a, b) => b.accountIndex - a.accountIndex)[0];
+        // Find chains using this coin type's allocations
+        const chainIds = existing.map((a) => a.chainId).filter(Boolean);
+        return c.json({
+            coin_type: coinType,
+            account_index: latest.accountIndex,
+            path: `m/44'/${coinType}'/${latest.accountIndex}'`,
+            status: "allocated",
+            allocated_to: chainIds,
+            note: "xpub already registered — reuse for new chains with same key type",
+            next_available: {
+                account_index: latest.accountIndex + 1,
+                path: `m/44'/${coinType}'/${latest.accountIndex + 1}'`,
+            },
+        });
+    });
+    /** POST /admin/chains — register a new chain with its xpub */
+    app.post("/admin/chains", async (c) => {
+        const body = await c.req.json();
+        if (!body.id || !body.xpub || !body.token) {
+            return c.json({ error: "id, xpub, and token are required" }, 400);
+        }
+        // Record the path allocation (idempotent — ignore if already exists)
+        const inserted = (await deps.db
+            .insert(pathAllocations)
+            .values({
+            coinType: body.coin_type,
+            accountIndex: body.account_index,
+            chainId: body.id,
+            xpub: body.xpub,
+        })
+            .onConflictDoNothing());
+        if (inserted.rowCount === 0) {
+            return c.json({ error: "Path allocation already exists", path: `m/44'/${body.coin_type}'/${body.account_index}'` }, 409);
+        }
+        // Upsert the payment method
+        await deps.methodStore.upsert({
+            id: body.id,
+            type: body.type ?? "native",
+            token: body.token,
+            chain: body.chain ?? body.network,
+            contractAddress: body.contract ?? null,
+            decimals: body.decimals,
+            displayName: body.display_name ?? `${body.token} on ${body.network}`,
+            enabled: true,
+            displayOrder: 0,
+            rpcUrl: body.rpc_url,
+            oracleAddress: body.oracle_address ?? null,
+            xpub: body.xpub,
+            confirmations: body.confirmations ?? 6,
+        });
+        return c.json({ id: body.id, path: `m/44'/${body.coin_type}'/${body.account_index}'` }, 201);
+    });
+    /** DELETE /admin/chains/:id — soft disable */
+    app.delete("/admin/chains/:id", async (c) => {
+        await deps.methodStore.setEnabled(c.req.param("id"), false);
+        return c.body(null, 204);
+    });
+    return app;
+}