@wopr-network/platform-core 1.42.2 → 1.43.0

package/dist/db/schema/crypto.d.ts

@@ -300,6 +300,9 @@ export declare const watcherCursors: import("drizzle-orm/pg-core").PgTableWithCo
  * Payment method registry — runtime-configurable tokens/chains.
  * Admin inserts a row to enable a new payment method. No deploy needed.
  * Contract addresses are immutable on-chain but configurable here.
+ *
+ * nextIndex is an atomic counter for HD derivation — never reuses an index.
+ * Increment via UPDATE ... SET next_index = next_index + 1 RETURNING next_index.
  */
 export declare const paymentMethods: import("drizzle-orm/pg-core").PgTableWithColumns<{
     name: "payment_methods";
@@ -373,6 +376,23 @@ export declare const paymentMethods: import("drizzle-orm/pg-core").PgTableWithCo
             identity: undefined;
             generated: undefined;
         }, {}, {}>;
+        network: import("drizzle-orm/pg-core").PgColumn<{
+            name: "network";
+            tableName: "payment_methods";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
         contractAddress: import("drizzle-orm/pg-core").PgColumn<{
             name: "contract_address";
             tableName: "payment_methods";
@@ -526,6 +546,23 @@ export declare const paymentMethods: import("drizzle-orm/pg-core").PgTableWithCo
             identity: undefined;
             generated: undefined;
         }, {}, {}>;
+        nextIndex: import("drizzle-orm/pg-core").PgColumn<{
+            name: "next_index";
+            tableName: "payment_methods";
+            dataType: "number";
+            columnType: "PgInteger";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
         createdAt: import("drizzle-orm/pg-core").PgColumn<{
             name: "created_at";
             tableName: "payment_methods";
@@ -546,6 +583,216 @@ export declare const paymentMethods: import("drizzle-orm/pg-core").PgTableWithCo
     };
     dialect: "pg";
 }>;
+/**
+ * BIP-44 path allocation registry — tracks which derivation paths are in use.
+ * The server knows which paths are allocated so you never collide.
+ * The seed phrase never touches the server — only xpubs.
+ */
+export declare const pathAllocations: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "path_allocations";
+    schema: undefined;
+    columns: {
+        coinType: import("drizzle-orm/pg-core").PgColumn<{
+            name: "coin_type";
+            tableName: "path_allocations";
+            dataType: "number";
+            columnType: "PgInteger";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        accountIndex: import("drizzle-orm/pg-core").PgColumn<{
+            name: "account_index";
+            tableName: "path_allocations";
+            dataType: "number";
+            columnType: "PgInteger";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        chainId: import("drizzle-orm/pg-core").PgColumn<{
+            name: "chain_id";
+            tableName: "path_allocations";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        xpub: import("drizzle-orm/pg-core").PgColumn<{
+            name: "xpub";
+            tableName: "path_allocations";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        allocatedAt: import("drizzle-orm/pg-core").PgColumn<{
+            name: "allocated_at";
+            tableName: "path_allocations";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+    };
+    dialect: "pg";
+}>;
+/**
+ * Every address ever derived — immutable append-only log.
+ * Used for auditing and ensuring no address is ever reused.
+ */
+export declare const derivedAddresses: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "derived_addresses";
+    schema: undefined;
+    columns: {
+        id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "id";
+            tableName: "derived_addresses";
+            dataType: "number";
+            columnType: "PgInteger";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: true;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: "always";
+            generated: undefined;
+        }, {}, {}>;
+        chainId: import("drizzle-orm/pg-core").PgColumn<{
+            name: "chain_id";
+            tableName: "derived_addresses";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        derivationIndex: import("drizzle-orm/pg-core").PgColumn<{
+            name: "derivation_index";
+            tableName: "derived_addresses";
+            dataType: "number";
+            columnType: "PgInteger";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        address: import("drizzle-orm/pg-core").PgColumn<{
+            name: "address";
+            tableName: "derived_addresses";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        tenantId: import("drizzle-orm/pg-core").PgColumn<{
+            name: "tenant_id";
+            tableName: "derived_addresses";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        createdAt: import("drizzle-orm/pg-core").PgColumn<{
+            name: "created_at";
+            tableName: "derived_addresses";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+    };
+    dialect: "pg";
+}>;
 /** Processed transaction IDs for watchers without block cursors (e.g. BTC). */
 export declare const watcherProcessed: import("drizzle-orm/pg-core").PgTableWithColumns<{
     name: "watcher_processed";

package/dist/db/schema/crypto.js

@@ -43,12 +43,16 @@ export const watcherCursors = pgTable("watcher_cursors", {
  * Payment method registry — runtime-configurable tokens/chains.
  * Admin inserts a row to enable a new payment method. No deploy needed.
  * Contract addresses are immutable on-chain but configurable here.
+ *
+ * nextIndex is an atomic counter for HD derivation — never reuses an index.
+ * Increment via UPDATE ... SET next_index = next_index + 1 RETURNING next_index.
  */
 export const paymentMethods = pgTable("payment_methods", {
-    id: text("id").primaryKey(), // "USDC:base", "ETH:base", "BTC:mainnet"
-    type: text("type").notNull(), // "stablecoin", "eth", "btc"
-    token: text("token").notNull(), // "USDC", "ETH", "BTC"
-    chain: text("chain").notNull(), // "base", "ethereum", "bitcoin"
+    id: text("id").primaryKey(), // "btc", "base-usdc", "arb-usdc", "doge"
+    type: text("type").notNull(), // "erc20", "native", "btc"
+    token: text("token").notNull(), // "USDC", "ETH", "BTC", "DOGE"
+    chain: text("chain").notNull(), // "base", "ethereum", "bitcoin", "arbitrum"
+    network: text("network").notNull().default("mainnet"), // "mainnet", "base", "arbitrum"
     contractAddress: text("contract_address"), // null for native (ETH, BTC)
     decimals: integer("decimals").notNull(),
     displayName: text("display_name").notNull(),
@@ -58,8 +62,35 @@ export const paymentMethods = pgTable("payment_methods", {
     oracleAddress: text("oracle_address"), // Chainlink feed address for price (null = 1:1 stablecoin)
     xpub: text("xpub"), // HD wallet extended public key for deposit address derivation
     confirmations: integer("confirmations").notNull().default(1),
+    nextIndex: integer("next_index").notNull().default(0), // atomic derivation counter, never reuses
     createdAt: text("created_at").notNull().default(sql `(now())`),
 });
+/**
+ * BIP-44 path allocation registry — tracks which derivation paths are in use.
+ * The server knows which paths are allocated so you never collide.
+ * The seed phrase never touches the server — only xpubs.
+ */
+export const pathAllocations = pgTable("path_allocations", {
+    coinType: integer("coin_type").notNull(), // BIP44 coin type (0=BTC, 60=ETH, 3=DOGE, 501=SOL)
+    accountIndex: integer("account_index").notNull(), // m/44'/{coin_type}'/{index}'
+    chainId: text("chain_id").references(() => paymentMethods.id),
+    xpub: text("xpub").notNull(),
+    allocatedAt: text("allocated_at").notNull().default(sql `(now())`),
+}, (table) => [primaryKey({ columns: [table.coinType, table.accountIndex] })]);
+/**
+ * Every address ever derived — immutable append-only log.
+ * Used for auditing and ensuring no address is ever reused.
+ */
+export const derivedAddresses = pgTable("derived_addresses", {
+    id: integer("id").primaryKey().generatedAlwaysAsIdentity(),
+    chainId: text("chain_id")
+        .notNull()
+        .references(() => paymentMethods.id),
+    derivationIndex: integer("derivation_index").notNull(),
+    address: text("address").notNull().unique(),
+    tenantId: text("tenant_id"),
+    createdAt: text("created_at").notNull().default(sql `(now())`),
+}, (table) => [index("idx_derived_addresses_chain").on(table.chainId)]);
 /** Processed transaction IDs for watchers without block cursors (e.g. BTC). */
 export const watcherProcessed = pgTable("watcher_processed", {
     watcherId: text("watcher_id").notNull(),

package/dist/fleet/instance.d.ts

@@ -39,6 +39,8 @@ export declare class Instance {
     /** Simple per-instance mutex to serialize start/stop/restart/remove. */
     private lockPromise;
     constructor(deps: InstanceDeps);
+    /** Serialize to a plain object safe for JSON.stringify / tRPC responses. */
+    toJSON(): Record<string, unknown>;
     /**
      * Remote instances have containerId like "remote:node-3".
      * Local Docker operations are not supported — callers (e.g. wopr-platform)

package/dist/fleet/instance.js

@@ -25,6 +25,21 @@ export class Instance {
         this.eventEmitter = deps.eventEmitter;
         this.botMetricsTracker = deps.botMetricsTracker;
     }
+    /** Serialize to a plain object safe for JSON.stringify / tRPC responses. */
+    toJSON() {
+        return {
+            id: this.id,
+            containerId: this.containerId,
+            containerName: this.containerName,
+            url: this.url,
+            name: this.profile.name,
+            image: this.profile.image,
+            tenantId: this.profile.tenantId,
+            env: this.profile.env,
+            restartPolicy: this.profile.restartPolicy,
+            nodeId: this.profile.nodeId,
+        };
+    }
     /**
      * Remote instances have containerId like "remote:node-3".
      * Local Docker operations are not supported — callers (e.g. wopr-platform)

package/drizzle/migrations/0014_crypto_key_server.sql

@@ -0,0 +1,60 @@
+-- Crypto Key Server schema additions.
+-- Adds atomic derivation counter + path registry + address log.
+
+-- 1. Add network column to payment_methods (parallel to chain)
+ALTER TABLE "payment_methods" ADD COLUMN "network" text NOT NULL DEFAULT 'mainnet';
+--> statement-breakpoint
+
+-- 2. Add next_index atomic counter to payment_methods
+ALTER TABLE "payment_methods" ADD COLUMN "next_index" integer NOT NULL DEFAULT 0;
+--> statement-breakpoint
+
+-- 3. BIP-44 path allocation registry
+CREATE TABLE IF NOT EXISTS "path_allocations" (
+  "coin_type" integer NOT NULL,
+  "account_index" integer NOT NULL,
+  "chain_id" text REFERENCES "payment_methods"("id"),
+  "xpub" text NOT NULL,
+  "allocated_at" text NOT NULL DEFAULT (now()),
+  CONSTRAINT "path_allocations_pkey" PRIMARY KEY("coin_type","account_index")
+);
+--> statement-breakpoint
+
+-- 4. Immutable derived address log
+CREATE TABLE IF NOT EXISTS "derived_addresses" (
+  "id" integer PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
+  "chain_id" text NOT NULL REFERENCES "payment_methods"("id"),
+  "derivation_index" integer NOT NULL,
+  "address" text NOT NULL UNIQUE,
+  "tenant_id" text,
+  "created_at" text NOT NULL DEFAULT (now())
+);
+--> statement-breakpoint
+
+CREATE INDEX IF NOT EXISTS "idx_derived_addresses_chain" ON "derived_addresses" ("chain_id");
+--> statement-breakpoint
+
+-- 5. Backfill next_index + derived_addresses from existing crypto_charges.
+-- Guarded: only runs if crypto_charges table exists (fresh deploys won't have it).
+DO $$
+BEGIN
+  IF EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name = 'crypto_charges') THEN
+    UPDATE "payment_methods" pm
+    SET "next_index" = sub.max_idx + 1
+    FROM (
+      SELECT "chain", MAX("derivation_index") AS max_idx
+      FROM "crypto_charges"
+      WHERE "derivation_index" IS NOT NULL
+      GROUP BY "chain"
+    ) sub
+    WHERE pm."chain" = sub."chain" AND sub.max_idx >= pm."next_index";
+
+    INSERT INTO "derived_addresses" ("chain_id", "derivation_index", "address", "tenant_id", "created_at")
+    SELECT cc."chain", cc."derivation_index", cc."deposit_address", cc."tenant_id", cc."created_at"
+    FROM "crypto_charges" cc
+    WHERE cc."deposit_address" IS NOT NULL
+      AND cc."derivation_index" IS NOT NULL
+      AND cc."chain" IS NOT NULL
+    ON CONFLICT ("address") DO NOTHING;
+  END IF;
+END $$;

package/drizzle/migrations/meta/_journal.json

@@ -85,6 +85,27 @@
       "when": 1742572800000,
       "tag": "0011_notification_templates",
       "breakpoints": true
+    },
+    {
+      "idx": 12,
+      "version": "7",
+      "when": 1742659200000,
+      "tag": "0012_seed_popular_tokens",
+      "breakpoints": true
+    },
+    {
+      "idx": 13,
+      "version": "7",
+      "when": 1742745600000,
+      "tag": "0013_platform_service_tenant_type",
+      "breakpoints": true
+    },
+    {
+      "idx": 14,
+      "version": "7",
+      "when": 1742832000000,
+      "tag": "0014_crypto_key_server",
+      "breakpoints": true
     }
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wopr-network/platform-core",
-  "version": "1.42.2",
+  "version": "1.43.0",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -128,6 +128,7 @@
   },
   "packageManager": "pnpm@10.31.0",
   "dependencies": {
+    "@hono/node-server": "^1.19.11",
     "@noble/hashes": "^2.0.1",
     "@scure/base": "^2.0.0",
     "@scure/bip32": "^2.0.1",