@wopr-network/platform-core 1.42.3 → 1.44.0

package/dist/billing/crypto/key-server.js

@@ -0,0 +1,263 @@
+/**
+ * Crypto Key Server — shared address derivation + charge management.
+ *
+ * Deploys on the chain server (pay.wopr.bot) alongside bitcoind.
+ * Products don't run watchers or hold xpubs. They request addresses
+ * and receive webhooks.
+ *
+ * ~200 lines of new code wrapping platform-core's existing crypto modules.
+ */
+import { eq, sql } from "drizzle-orm";
+import { Hono } from "hono";
+import { derivedAddresses, pathAllocations, paymentMethods } from "../../db/schema/crypto.js";
+import { deriveAddress, deriveP2pkhAddress } from "./btc/address-gen.js";
+import { deriveDepositAddress } from "./evm/address-gen.js";
+import { centsToNative } from "./oracle/convert.js";
+/**
+ * Derive the next unused address for a chain.
+ * Atomically increments next_index and records address in a single transaction.
+ */
+async function deriveNextAddress(db, chainId, tenantId) {
+    // Wrap in transaction: if the address insert fails, next_index is not consumed.
+    return db.transaction(async (tx) => {
+        // Atomic increment: UPDATE ... SET next_index = next_index + 1 RETURNING *
+        const [method] = await tx
+            .update(paymentMethods)
+            .set({ nextIndex: sql `${paymentMethods.nextIndex} + 1` })
+            .where(eq(paymentMethods.id, chainId))
+            .returning();
+        if (!method)
+            throw new Error(`Chain not found: ${chainId}`);
+        if (!method.xpub)
+            throw new Error(`No xpub configured for chain: ${chainId}`);
+        // The index we use is the value BEFORE increment (returned value - 1)
+        const index = method.nextIndex - 1;
+        // Route to the right derivation function
+        let address;
+        if (method.type === "native" && method.chain === "dogecoin") {
+            address = deriveP2pkhAddress(method.xpub, index, "dogecoin");
+        }
+        else if (method.type === "native" && (method.chain === "bitcoin" || method.chain === "litecoin")) {
+            address = deriveAddress(method.xpub, index, "mainnet", method.chain);
+        }
+        else {
+            // EVM (all ERC20 + native ETH) — same derivation
+            address = deriveDepositAddress(method.xpub, index);
+        }
+        // Record in immutable log (inside same transaction)
+        await tx.insert(derivedAddresses).values({
+            chainId,
+            derivationIndex: index,
+            address: address.toLowerCase(),
+            tenantId,
+        });
+        return { address, index, chain: method.chain, token: method.token };
+    });
+}
+/** Validate Bearer token from Authorization header. */
+function requireAuth(header, expected) {
+    if (!expected)
+        return true; // auth disabled
+    return header === `Bearer ${expected}`;
+}
+/**
+ * Create the Hono app for the crypto key server.
+ * Mount this on the chain server at the root.
+ */
+export function createKeyServerApp(deps) {
+    const app = new Hono();
+    // --- Auth middleware for product routes ---
+    app.use("/address", async (c, next) => {
+        if (deps.serviceKey && !requireAuth(c.req.header("Authorization"), deps.serviceKey)) {
+            return c.json({ error: "Unauthorized" }, 401);
+        }
+        await next();
+    });
+    app.use("/charges/*", async (c, next) => {
+        if (deps.serviceKey && !requireAuth(c.req.header("Authorization"), deps.serviceKey)) {
+            return c.json({ error: "Unauthorized" }, 401);
+        }
+        await next();
+    });
+    app.use("/charges", async (c, next) => {
+        if (deps.serviceKey && !requireAuth(c.req.header("Authorization"), deps.serviceKey)) {
+            return c.json({ error: "Unauthorized" }, 401);
+        }
+        await next();
+    });
+    // --- Auth middleware for admin routes ---
+    app.use("/admin/*", async (c, next) => {
+        if (!deps.adminToken)
+            return c.json({ error: "Admin API disabled" }, 403);
+        if (!requireAuth(c.req.header("Authorization"), deps.adminToken)) {
+            return c.json({ error: "Unauthorized" }, 401);
+        }
+        await next();
+    });
+    // --- Product API ---
+    /** POST /address — derive next unused address */
+    app.post("/address", async (c) => {
+        const body = await c.req.json();
+        if (!body.chain)
+            return c.json({ error: "chain is required" }, 400);
+        const tenantId = c.req.header("X-Tenant-Id");
+        const result = await deriveNextAddress(deps.db, body.chain, tenantId ?? undefined);
+        return c.json(result, 201);
+    });
+    /** POST /charges — create charge + derive address + start watching */
+    app.post("/charges", async (c) => {
+        const body = await c.req.json();
+        if (!body.chain || typeof body.amountUsd !== "number" || !Number.isFinite(body.amountUsd) || body.amountUsd <= 0) {
+            return c.json({ error: "chain is required and amountUsd must be a positive finite number" }, 400);
+        }
+        const tenantId = c.req.header("X-Tenant-Id") ?? "unknown";
+        const { address, index, chain, token } = await deriveNextAddress(deps.db, body.chain, tenantId);
+        // Look up payment method for decimals + oracle config
+        const method = await deps.methodStore.getById(body.chain);
+        if (!method)
+            return c.json({ error: `Unknown chain: ${body.chain}` }, 400);
+        const amountUsdCents = Math.round(body.amountUsd * 100);
+        // Compute expected crypto amount in native base units.
+        // Price is locked NOW — this is what the user must send.
+        let expectedAmount;
+        if (method.oracleAddress) {
+            // Volatile asset (BTC, ETH, DOGE) — oracle-priced
+            const { priceCents } = await deps.oracle.getPrice(token);
+            expectedAmount = centsToNative(amountUsdCents, priceCents, method.decimals);
+        }
+        else {
+            // Stablecoin (1:1 USD) — e.g. $50 USDC = 50_000_000 base units (6 decimals)
+            expectedAmount = (BigInt(amountUsdCents) * 10n ** BigInt(method.decimals)) / 100n;
+        }
+        const referenceId = `${token.toLowerCase()}:${address.toLowerCase()}`;
+        await deps.chargeStore.createStablecoinCharge({
+            referenceId,
+            tenantId,
+            amountUsdCents,
+            chain,
+            token,
+            depositAddress: address,
+            derivationIndex: index,
+            callbackUrl: body.callbackUrl,
+            expectedAmount: expectedAmount.toString(),
+        });
+        // Format display amount for the client
+        const divisor = 10 ** method.decimals;
+        const displayAmount = `${(Number(expectedAmount) / divisor).toFixed(Math.min(method.decimals, 8))} ${token}`;
+        return c.json({
+            chargeId: referenceId,
+            address,
+            chain,
+            token,
+            amountUsd: body.amountUsd,
+            expectedAmount: expectedAmount.toString(),
+            displayAmount,
+            derivationIndex: index,
+            expiresAt: new Date(Date.now() + 30 * 60 * 1000).toISOString(), // 30 min
+        }, 201);
+    });
+    /** GET /charges/:id — check charge status */
+    app.get("/charges/:id", async (c) => {
+        const charge = await deps.chargeStore.getByReferenceId(c.req.param("id"));
+        if (!charge)
+            return c.json({ error: "Charge not found" }, 404);
+        return c.json({
+            chargeId: charge.referenceId,
+            status: charge.status,
+            address: charge.depositAddress,
+            chain: charge.chain,
+            token: charge.token,
+            amountUsdCents: charge.amountUsdCents,
+            creditedAt: charge.creditedAt,
+        });
+    });
+    /** GET /chains — list enabled payment methods (for checkout UI) */
+    app.get("/chains", async (c) => {
+        const methods = await deps.methodStore.listEnabled();
+        return c.json(methods.map((m) => ({
+            id: m.id,
+            token: m.token,
+            chain: m.chain,
+            decimals: m.decimals,
+            displayName: m.displayName,
+            contractAddress: m.contractAddress,
+            confirmations: m.confirmations,
+        })));
+    });
+    // --- Admin API ---
+    /** GET /admin/next-path — which derivation path to use for a coin type */
+    app.get("/admin/next-path", async (c) => {
+        const coinType = Number(c.req.query("coin_type"));
+        if (!Number.isInteger(coinType))
+            return c.json({ error: "coin_type must be an integer" }, 400);
+        // Find all allocations for this coin type
+        const existing = await deps.db.select().from(pathAllocations).where(eq(pathAllocations.coinType, coinType));
+        if (existing.length === 0) {
+            return c.json({
+                coin_type: coinType,
+                account_index: 0,
+                path: `m/44'/${coinType}'/0'`,
+                status: "available",
+            });
+        }
+        // If already allocated, return info about existing allocation
+        const latest = existing.sort((a, b) => b.accountIndex - a.accountIndex)[0];
+        // Find chains using this coin type's allocations
+        const chainIds = existing.map((a) => a.chainId).filter(Boolean);
+        return c.json({
+            coin_type: coinType,
+            account_index: latest.accountIndex,
+            path: `m/44'/${coinType}'/${latest.accountIndex}'`,
+            status: "allocated",
+            allocated_to: chainIds,
+            note: "xpub already registered — reuse for new chains with same key type",
+            next_available: {
+                account_index: latest.accountIndex + 1,
+                path: `m/44'/${coinType}'/${latest.accountIndex + 1}'`,
+            },
+        });
+    });
+    /** POST /admin/chains — register a new chain with its xpub */
+    app.post("/admin/chains", async (c) => {
+        const body = await c.req.json();
+        if (!body.id || !body.xpub || !body.token) {
+            return c.json({ error: "id, xpub, and token are required" }, 400);
+        }
+        // Record the path allocation (idempotent — ignore if already exists)
+        const inserted = (await deps.db
+            .insert(pathAllocations)
+            .values({
+            coinType: body.coin_type,
+            accountIndex: body.account_index,
+            chainId: body.id,
+            xpub: body.xpub,
+        })
+            .onConflictDoNothing());
+        if (inserted.rowCount === 0) {
+            return c.json({ error: "Path allocation already exists", path: `m/44'/${body.coin_type}'/${body.account_index}'` }, 409);
+        }
+        // Upsert the payment method
+        await deps.methodStore.upsert({
+            id: body.id,
+            type: body.type ?? "native",
+            token: body.token,
+            chain: body.chain ?? body.network,
+            contractAddress: body.contract ?? null,
+            decimals: body.decimals,
+            displayName: body.display_name ?? `${body.token} on ${body.network}`,
+            enabled: true,
+            displayOrder: 0,
+            rpcUrl: body.rpc_url,
+            oracleAddress: body.oracle_address ?? null,
+            xpub: body.xpub,
+            confirmations: body.confirmations ?? 6,
+        });
+        return c.json({ id: body.id, path: `m/44'/${body.coin_type}'/${body.account_index}'` }, 201);
+    });
+    /** DELETE /admin/chains/:id — soft disable */
+    app.delete("/admin/chains/:id", async (c) => {
+        await deps.methodStore.setEnabled(c.req.param("id"), false);
+        return c.body(null, 204);
+    });
+    return app;
+}

package/dist/billing/crypto/watcher-service.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Watcher Service — boots chain watchers and sends webhook callbacks.
+ *
+ * Payment flow:
+ *   1. Watcher detects payment → handlePayment()
+ *   2. Accumulate native amount (supports partial payments)
+ *   3. When totalReceived >= expectedAmount → settle + credit
+ *   4. Every payment (partial or full) enqueues a webhook delivery
+ *   5. Outbox processor retries failed deliveries with exponential backoff
+ *
+ * Amount comparison is ALWAYS in native crypto units (sats, wei, token base units).
+ * The exchange rate is locked at charge creation — no live price comparison.
+ */
+import type { DrizzleDb } from "../../db/index.js";
+import type { ICryptoChargeRepository } from "./charge-store.js";
+import type { IWatcherCursorStore } from "./cursor-store.js";
+import type { IPriceOracle } from "./oracle/types.js";
+import type { IPaymentMethodStore } from "./payment-method-store.js";
+export interface WatcherServiceOpts {
+    db: DrizzleDb;
+    chargeStore: ICryptoChargeRepository;
+    methodStore: IPaymentMethodStore;
+    cursorStore: IWatcherCursorStore;
+    oracle: IPriceOracle;
+    bitcoindUser?: string;
+    bitcoindPassword?: string;
+    pollIntervalMs?: number;
+    deliveryIntervalMs?: number;
+    log?: (msg: string, meta?: Record<string, unknown>) => void;
+    /** Allowed callback URL prefixes. Default: ["https://"] — enforces HTTPS. */
+    allowedCallbackPrefixes?: string[];
+}
+export declare function startWatchers(opts: WatcherServiceOpts): Promise<() => void>;

package/dist/billing/crypto/watcher-service.js

@@ -0,0 +1,295 @@
+/**
+ * Watcher Service — boots chain watchers and sends webhook callbacks.
+ *
+ * Payment flow:
+ *   1. Watcher detects payment → handlePayment()
+ *   2. Accumulate native amount (supports partial payments)
+ *   3. When totalReceived >= expectedAmount → settle + credit
+ *   4. Every payment (partial or full) enqueues a webhook delivery
+ *   5. Outbox processor retries failed deliveries with exponential backoff
+ *
+ * Amount comparison is ALWAYS in native crypto units (sats, wei, token base units).
+ * The exchange rate is locked at charge creation — no live price comparison.
+ */
+import { and, eq, isNull, lte, or } from "drizzle-orm";
+import { cryptoCharges, webhookDeliveries } from "../../db/schema/crypto.js";
+import { BtcWatcher, createBitcoindRpc } from "./btc/watcher.js";
+import { createRpcCaller, EvmWatcher } from "./evm/watcher.js";
+const MAX_DELIVERY_ATTEMPTS = 10;
+const BACKOFF_BASE_MS = 5_000;
+// --- SSRF validation ---
+function isValidCallbackUrl(url, allowedPrefixes) {
+    try {
+        const parsed = new URL(url);
+        if (parsed.protocol !== "https:" && parsed.protocol !== "http:")
+            return false;
+        const host = parsed.hostname;
+        if (host === "localhost" || host === "127.0.0.1" || host === "0.0.0.0" || host === "::1")
+            return false;
+        if (host.startsWith("10.") || host.startsWith("192.168.") || host.startsWith("169.254."))
+            return false;
+        return allowedPrefixes.some((prefix) => url.startsWith(prefix));
+    }
+    catch {
+        return false;
+    }
+}
+// --- Webhook outbox ---
+async function enqueueWebhook(db, chargeId, callbackUrl, payload) {
+    await db.insert(webhookDeliveries).values({
+        chargeId,
+        callbackUrl,
+        payload: JSON.stringify(payload),
+    });
+}
+async function processDeliveries(db, allowedPrefixes, log) {
+    const now = new Date().toISOString();
+    const pending = await db
+        .select()
+        .from(webhookDeliveries)
+        .where(and(eq(webhookDeliveries.status, "pending"), or(isNull(webhookDeliveries.nextRetryAt), lte(webhookDeliveries.nextRetryAt, now))))
+        .limit(50);
+    let delivered = 0;
+    for (const row of pending) {
+        if (!isValidCallbackUrl(row.callbackUrl, allowedPrefixes)) {
+            await db
+                .update(webhookDeliveries)
+                .set({ status: "failed", lastError: "Invalid callbackUrl (SSRF blocked)" })
+                .where(eq(webhookDeliveries.id, row.id));
+            continue;
+        }
+        try {
+            const res = await fetch(row.callbackUrl, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: row.payload,
+            });
+            if (!res.ok)
+                throw new Error(`HTTP ${res.status}`);
+            await db.update(webhookDeliveries).set({ status: "delivered" }).where(eq(webhookDeliveries.id, row.id));
+            delivered++;
+        }
+        catch (err) {
+            const attempts = row.attempts + 1;
+            if (attempts >= MAX_DELIVERY_ATTEMPTS) {
+                await db
+                    .update(webhookDeliveries)
+                    .set({ status: "failed", attempts, lastError: String(err) })
+                    .where(eq(webhookDeliveries.id, row.id));
+                log("Webhook permanently failed", { chargeId: row.chargeId, attempts });
+            }
+            else {
+                const backoffMs = BACKOFF_BASE_MS * 2 ** (attempts - 1);
+                const nextRetry = new Date(Date.now() + backoffMs).toISOString();
+                await db
+                    .update(webhookDeliveries)
+                    .set({ attempts, nextRetryAt: nextRetry, lastError: String(err) })
+                    .where(eq(webhookDeliveries.id, row.id));
+            }
+        }
+    }
+    return delivered;
+}
+// --- Payment handling (partial + full) ---
+/**
+ * Handle a payment event. Accumulates partial payments in native units.
+ * Settles when totalReceived >= expectedAmount. Fires webhook on every payment.
+ *
+ * @param nativeAmount — received amount in native base units (sats for BTC/DOGE, raw token units for ERC20)
+ */
+async function handlePayment(db, chargeStore, address, nativeAmount, payload, log) {
+    const charge = await chargeStore.getByDepositAddress(address);
+    if (!charge) {
+        log("Payment to unknown address", { address });
+        return;
+    }
+    if (charge.creditedAt) {
+        return; // Already fully paid and credited
+    }
+    // Accumulate: add this payment to the running total
+    const prevReceived = BigInt(charge.receivedAmount ?? "0");
+    const thisPayment = BigInt(nativeAmount);
+    const totalReceived = (prevReceived + thisPayment).toString();
+    const expected = BigInt(charge.expectedAmount ?? "0");
+    const isFull = expected > 0n && BigInt(totalReceived) >= expected;
+    // Update received_amount in DB
+    await db
+        .update(cryptoCharges)
+        .set({ receivedAmount: totalReceived, filledAmount: totalReceived })
+        .where(eq(cryptoCharges.referenceId, charge.referenceId));
+    if (isFull) {
+        const settled = "Settled";
+        await chargeStore.updateStatus(charge.referenceId, settled, charge.token ?? undefined, totalReceived);
+        await chargeStore.markCredited(charge.referenceId);
+        log("Charge settled", { chargeId: charge.referenceId, expected: expected.toString(), received: totalReceived });
+    }
+    else {
+        const processing = "Processing";
+        await chargeStore.updateStatus(charge.referenceId, processing, charge.token ?? undefined, totalReceived);
+        log("Partial payment", { chargeId: charge.referenceId, expected: expected.toString(), received: totalReceived });
+    }
+    // Webhook on every payment — product shows progress to user
+    if (charge.callbackUrl) {
+        await enqueueWebhook(db, charge.referenceId, charge.callbackUrl, {
+            chargeId: charge.referenceId,
+            chain: charge.chain,
+            address: charge.depositAddress,
+            expectedAmount: expected.toString(),
+            receivedAmount: totalReceived,
+            amountUsdCents: charge.amountUsdCents,
+            status: isFull ? "confirmed" : "partial",
+            ...payload,
+        });
+    }
+}
+// --- Watcher boot ---
+export async function startWatchers(opts) {
+    const { db, chargeStore, methodStore, cursorStore, oracle } = opts;
+    const pollMs = opts.pollIntervalMs ?? 15_000;
+    const deliveryMs = opts.deliveryIntervalMs ?? 10_000;
+    const log = opts.log ?? (() => { });
+    const allowedPrefixes = opts.allowedCallbackPrefixes ?? ["https://"];
+    const timers = [];
+    const methods = await methodStore.listEnabled();
+    const utxoMethods = methods.filter((m) => m.type === "native" && (m.chain === "bitcoin" || m.chain === "litecoin" || m.chain === "dogecoin"));
+    const evmMethods = methods.filter((m) => m.type === "erc20" ||
+        (m.type === "native" && m.chain !== "bitcoin" && m.chain !== "litecoin" && m.chain !== "dogecoin"));
+    // --- UTXO Watchers (BTC, LTC, DOGE) ---
+    for (const method of utxoMethods) {
+        if (!method.rpcUrl)
+            continue;
+        const rpcCall = createBitcoindRpc({
+            rpcUrl: method.rpcUrl,
+            rpcUser: opts.bitcoindUser ?? "btcpay",
+            rpcPassword: opts.bitcoindPassword ?? "",
+            network: "mainnet",
+            confirmations: method.confirmations,
+        });
+        const activeAddresses = await chargeStore.listActiveDepositAddresses();
+        const chainAddresses = activeAddresses.filter((a) => a.chain === method.chain).map((a) => a.address);
+        const watcher = new BtcWatcher({
+            config: {
+                rpcUrl: method.rpcUrl,
+                rpcUser: opts.bitcoindUser ?? "btcpay",
+                rpcPassword: opts.bitcoindPassword ?? "",
+                network: "mainnet",
+                confirmations: method.confirmations,
+            },
+            chainId: method.chain,
+            rpcCall,
+            watchedAddresses: chainAddresses,
+            oracle,
+            cursorStore,
+            onPayment: async (event) => {
+                log("UTXO payment", { chain: method.chain, address: event.address, txid: event.txid, sats: event.amountSats });
+                // Pass native amount (sats) — NOT USD cents
+                await handlePayment(db, chargeStore, event.address, String(event.amountSats), {
+                    txHash: event.txid,
+                    confirmations: event.confirmations,
+                }, log);
+            },
+        });
+        const importedAddresses = new Set();
+        for (const addr of chainAddresses) {
+            try {
+                await watcher.importAddress(addr);
+                importedAddresses.add(addr);
+            }
+            catch {
+                log("Failed to import address", { chain: method.chain, address: addr });
+            }
+        }
+        log(`UTXO watcher started (${method.chain})`, { addresses: importedAddresses.size });
+        let utxoPolling = false;
+        timers.push(setInterval(async () => {
+            if (utxoPolling)
+                return; // Prevent overlapping polls
+            utxoPolling = true;
+            try {
+                const fresh = await chargeStore.listActiveDepositAddresses();
+                const freshChain = fresh.filter((a) => a.chain === method.chain).map((a) => a.address);
+                for (const addr of freshChain) {
+                    if (!importedAddresses.has(addr)) {
+                        try {
+                            await watcher.importAddress(addr);
+                            importedAddresses.add(addr);
+                        }
+                        catch {
+                            log("Failed to import new address (will retry)", { chain: method.chain, address: addr });
+                        }
+                    }
+                }
+                watcher.setWatchedAddresses(freshChain);
+                await watcher.poll();
+            }
+            catch (err) {
+                log("UTXO poll error", { chain: method.chain, error: String(err) });
+            }
+            finally {
+                utxoPolling = false;
+            }
+        }, pollMs));
+    }
+    // --- EVM Watchers ---
+    for (const method of evmMethods) {
+        if (!method.rpcUrl || !method.contractAddress)
+            continue;
+        const rpcCall = createRpcCaller(method.rpcUrl);
+        const latestHex = (await rpcCall("eth_blockNumber", []));
+        const latestBlock = Number.parseInt(latestHex, 16);
+        const activeAddresses = await chargeStore.listActiveDepositAddresses();
+        const chainAddresses = activeAddresses.filter((a) => a.chain === method.chain).map((a) => a.address);
+        const watcher = new EvmWatcher({
+            chain: method.chain,
+            token: method.token,
+            rpcCall,
+            fromBlock: latestBlock,
+            watchedAddresses: chainAddresses,
+            cursorStore,
+            onPayment: async (event) => {
+                log("EVM payment", { chain: event.chain, token: event.token, to: event.to, txHash: event.txHash });
+                // Pass native amount (raw token units) — NOT USD cents
+                await handlePayment(db, chargeStore, event.to, event.rawAmount, {
+                    txHash: event.txHash,
+                    confirmations: method.confirmations,
+                }, log);
+            },
+        });
+        await watcher.init();
+        log(`EVM watcher started (${method.chain}:${method.token})`, { addresses: chainAddresses.length });
+        let evmPolling = false;
+        timers.push(setInterval(async () => {
+            if (evmPolling)
+                return; // Prevent overlapping polls
+            evmPolling = true;
+            try {
+                const fresh = await chargeStore.listActiveDepositAddresses();
+                const freshChain = fresh.filter((a) => a.chain === method.chain).map((a) => a.address);
+                watcher.setWatchedAddresses(freshChain);
+                await watcher.poll();
+            }
+            catch (err) {
+                log("EVM poll error", { chain: method.chain, token: method.token, error: String(err) });
+            }
+            finally {
+                evmPolling = false;
+            }
+        }, pollMs));
+    }
+    // --- Webhook delivery outbox processor ---
+    timers.push(setInterval(async () => {
+        try {
+            const count = await processDeliveries(db, allowedPrefixes, log);
+            if (count > 0)
+                log("Webhooks delivered", { count });
+        }
+        catch (err) {
+            log("Delivery loop error", { error: String(err) });
+        }
+    }, deliveryMs));
+    log("All watchers started", { utxo: utxoMethods.length, evm: evmMethods.length, pollMs, deliveryMs });
+    return () => {
+        for (const t of timers)
+            clearInterval(t);
+    };
+}

package/dist/billing/index.js

@@ -1,4 +1,4 @@
-// Crypto (BTCPay Server)
+// Crypto (key server — native BTC/EVM watchers)
 export * from "./crypto/index.js";
 export { DrizzleWebhookSeenRepository } from "./drizzle-webhook-seen-repository.js";
 export { PaymentMethodOwnershipError } from "./payment-processor.js";