@wopr-network/platform-core 1.49.2 → 1.49.4

package/dist/billing/crypto/__tests__/key-server.test.js

@@ -10,6 +10,7 @@ function createMockDb() {
         xpub: "xpub6CUGRUonZSQ4TWtTMmzXdrXDtypWKiKrhko4egpiMZbpiaQL2jkwSB1icqYh2cfDfVxdx4df189oLKnC5fSwqPfgyP3hooxujYzAu3fDVmz",
         nextIndex: 1,
         decimals: 8,
+        addressType: "bech32",
         confirmations: 6,
     };
     const db = {
@@ -161,6 +162,115 @@ describe("key-server routes", () => {
         });
         expect(res.status).toBe(400);
     });
+    it("POST /address retries on shared-xpub address collision", async () => {
+        const collision = Object.assign(new Error("unique_violation"), { code: "23505" });
+        let callCount = 0;
+        const mockMethod = {
+            id: "eth",
+            type: "native",
+            token: "ETH",
+            chain: "base",
+            xpub: "xpub6CUGRUonZSQ4TWtTMmzXdrXDtypWKiKrhko4egpiMZbpiaQL2jkwSB1icqYh2cfDfVxdx4df189oLKnC5fSwqPfgyP3hooxujYzAu3fDVmz",
+            nextIndex: 0,
+            decimals: 18,
+            addressType: "evm",
+            confirmations: 1,
+        };
+        const db = {
+            // Each update call increments nextIndex
+            update: vi.fn().mockImplementation(() => ({
+                set: vi.fn().mockReturnValue({
+                    where: vi.fn().mockReturnValue({
+                        returning: vi.fn().mockImplementation(() => {
+                            callCount++;
+                            return Promise.resolve([{ ...mockMethod, nextIndex: callCount }]);
+                        }),
+                    }),
+                }),
+            })),
+            insert: vi.fn().mockImplementation(() => ({
+                values: vi.fn().mockImplementation(() => {
+                    // First insert collides, second succeeds
+                    if (callCount <= 1)
+                        throw collision;
+                    return { onConflictDoNothing: vi.fn().mockResolvedValue({ rowCount: 1 }) };
+                }),
+            })),
+            select: vi.fn().mockReturnValue({
+                from: vi.fn().mockReturnValue({
+                    where: vi.fn().mockResolvedValue([]),
+                }),
+            }),
+            transaction: vi.fn().mockImplementation(async (fn) => fn(db)),
+        };
+        const deps = mockDeps();
+        deps.db = db;
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/address", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ chain: "eth" }),
+        });
+        expect(res.status).toBe(201);
+        const body = await res.json();
+        expect(body.address).toMatch(/^0x/);
+        // Should have called update twice (first collision, then success)
+        expect(callCount).toBe(2);
+        expect(body.index).toBe(1); // skipped index 0
+    });
+    it("POST /address retries on Drizzle-wrapped collision error (cause.code)", async () => {
+        // Drizzle wraps PG errors: err.code is undefined, err.cause.code has "23505"
+        const pgError = Object.assign(new Error("unique_violation"), { code: "23505" });
+        const drizzleError = Object.assign(new Error("DrizzleQueryError"), { cause: pgError });
+        let callCount = 0;
+        const mockMethod = {
+            id: "eth",
+            type: "native",
+            token: "ETH",
+            chain: "base",
+            xpub: "xpub6CUGRUonZSQ4TWtTMmzXdrXDtypWKiKrhko4egpiMZbpiaQL2jkwSB1icqYh2cfDfVxdx4df189oLKnC5fSwqPfgyP3hooxujYzAu3fDVmz",
+            nextIndex: 0,
+            decimals: 18,
+            addressType: "evm",
+            confirmations: 1,
+        };
+        const db = {
+            update: vi.fn().mockImplementation(() => ({
+                set: vi.fn().mockReturnValue({
+                    where: vi.fn().mockReturnValue({
+                        returning: vi.fn().mockImplementation(() => {
+                            callCount++;
+                            return Promise.resolve([{ ...mockMethod, nextIndex: callCount }]);
+                        }),
+                    }),
+                }),
+            })),
+            insert: vi.fn().mockImplementation(() => ({
+                values: vi.fn().mockImplementation(() => {
+                    if (callCount <= 1)
+                        throw drizzleError;
+                    return { onConflictDoNothing: vi.fn().mockResolvedValue({ rowCount: 1 }) };
+                }),
+            })),
+            select: vi.fn().mockReturnValue({
+                from: vi.fn().mockReturnValue({ where: vi.fn().mockResolvedValue([]) }),
+            }),
+            transaction: vi.fn().mockImplementation(async (fn) => fn(db)),
+        };
+        const deps = mockDeps();
+        deps.db = db;
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/address", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ chain: "eth" }),
+        });
+        expect(res.status).toBe(201);
+        const body = await res.json();
+        expect(body.address).toMatch(/^0x/);
+        expect(callCount).toBe(2);
+        expect(body.index).toBe(1);
+    });
     it("POST /charges creates a charge", async () => {
         const app = createKeyServerApp(mockDeps());
         const res = await app.request("/charges", {

package/dist/billing/crypto/key-server.js

@@ -17,12 +17,18 @@ import { AssetNotSupportedError } from "./oracle/types.js";
 /**
  * Derive the next unused address for a chain.
  * Atomically increments next_index and records address in a single transaction.
+ *
+ * EVM chains share an xpub (coin type 60), so ETH index 0 = USDC index 0 = same
+ * address. The unique constraint on derived_addresses.address prevents reuse.
+ * On collision, we skip the index and retry (up to maxRetries).
  */
 async function deriveNextAddress(db, chainId, tenantId) {
-    // Wrap in transaction: if the address insert fails, next_index is not consumed.
-    return db.transaction(async (tx) => {
-        // Atomic increment: UPDATE ... SET next_index = next_index + 1 RETURNING *
-        const [method] = await tx
+    const maxRetries = 10;
+    const dbWithTx = db;
+    for (let attempt = 0; attempt <= maxRetries; attempt++) {
+        // Step 1: Atomically claim the next index OUTSIDE the transaction.
+        // This survives even if the transaction below rolls back on address collision.
+        const [method] = await db
             .update(paymentMethods)
             .set({ nextIndex: sql `${paymentMethods.nextIndex} + 1` })
             .where(eq(paymentMethods.id, chainId))
@@ -31,29 +37,48 @@ async function deriveNextAddress(db, chainId, tenantId) {
             throw new Error(`Chain not found: ${chainId}`);
         if (!method.xpub)
             throw new Error(`No xpub configured for chain: ${chainId}`);
-        // The index we use is the value BEFORE increment (returned value - 1)
         const index = method.nextIndex - 1;
-        // Route to the right derivation function
+        // Route to the right derivation function via address_type (DB-driven, no hardcoded chains)
         let address;
-        if (method.type === "native" && method.chain === "dogecoin") {
-            address = deriveP2pkhAddress(method.xpub, index, "dogecoin");
+        switch (method.addressType) {
+            case "bech32":
+                address = deriveAddress(method.xpub, index, (method.network ?? "mainnet"), method.chain);
+                break;
+            case "p2pkh":
+                address = deriveP2pkhAddress(method.xpub, index, method.chain);
+                break;
+            case "evm":
+                address = deriveDepositAddress(method.xpub, index);
+                break;
+            default:
+                throw new Error(`Unknown address type: ${method.addressType}`);
         }
-        else if (method.type === "native" && (method.chain === "bitcoin" || method.chain === "litecoin")) {
-            address = deriveAddress(method.xpub, index, "mainnet", method.chain);
+        // Step 2: Record in immutable log. If this address was already derived by a
+        // sibling chain (shared xpub), the unique constraint fires and we retry
+        // with the next index (which is already incremented above).
+        try {
+            await dbWithTx.transaction(async (tx) => {
+                // bech32/evm addresses are case-insensitive (lowercase by spec).
+                // p2pkh (Base58Check) addresses are case-sensitive — do NOT lowercase.
+                const normalizedAddress = method.addressType === "p2pkh" ? address : address.toLowerCase();
+                await tx.insert(derivedAddresses).values({
+                    chainId,
+                    derivationIndex: index,
+                    address: normalizedAddress,
+                    tenantId,
+                });
+            });
+            return { address, index, chain: method.chain, token: method.token };
         }
-        else {
-            // EVM (all ERC20 + native ETH) — same derivation
-            address = deriveDepositAddress(method.xpub, index);
+        catch (err) {
+            // Drizzle wraps PG errors — check both top-level and cause for the constraint violation code
+            const code = err.code ?? err.cause?.code;
+            if (code === "23505" && attempt < maxRetries)
+                continue; // collision — index already advanced, retry
+            throw err;
         }
-        // Record in immutable log (inside same transaction)
-        await tx.insert(derivedAddresses).values({
-            chainId,
-            derivationIndex: index,
-            address: address.toLowerCase(),
-            tenantId,
-        });
-        return { address, index, chain: method.chain, token: method.token };
-    });
+    }
+    throw new Error(`Failed to derive unique address for ${chainId} after ${maxRetries} retries`);
 }
 /** Validate Bearer token from Authorization header. */
 function requireAuth(header, expected) {
@@ -261,6 +286,7 @@ export function createKeyServerApp(deps) {
             rpcUrl: body.rpc_url,
             oracleAddress: body.oracle_address ?? null,
             xpub: body.xpub,
+            addressType: body.address_type ?? "evm",
             confirmations: body.confirmations ?? 6,
         });
         return c.json({ id: body.id, path: `m/44'/${body.coin_type}'/${body.account_index}'` }, 201);

package/dist/billing/crypto/payment-method-store.d.ts

@@ -12,6 +12,7 @@ export interface PaymentMethodRecord {
     rpcUrl: string | null;
     oracleAddress: string | null;
     xpub: string | null;
+    addressType: string;
     confirmations: number;
 }
 export interface IPaymentMethodStore {

package/dist/billing/crypto/payment-method-store.js

@@ -45,6 +45,7 @@ export class DrizzlePaymentMethodStore {
             rpcUrl: method.rpcUrl,
             oracleAddress: method.oracleAddress,
             xpub: method.xpub,
+            addressType: method.addressType,
             confirmations: method.confirmations,
         })
             .onConflictDoUpdate({
@@ -61,6 +62,7 @@ export class DrizzlePaymentMethodStore {
                 rpcUrl: method.rpcUrl,
                 oracleAddress: method.oracleAddress,
                 xpub: method.xpub,
+                addressType: method.addressType,
                 confirmations: method.confirmations,
             },
         });
@@ -83,6 +85,7 @@ function toRecord(row) {
         rpcUrl: row.rpcUrl,
         oracleAddress: row.oracleAddress,
         xpub: row.xpub,
+        addressType: row.addressType,
         confirmations: row.confirmations,
     };
 }

package/dist/db/schema/crypto.d.ts

@@ -648,6 +648,23 @@ export declare const paymentMethods: import("drizzle-orm/pg-core").PgTableWithCo
             identity: undefined;
             generated: undefined;
         }, {}, {}>;
+        addressType: import("drizzle-orm/pg-core").PgColumn<{
+            name: "address_type";
+            tableName: "payment_methods";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
         confirmations: import("drizzle-orm/pg-core").PgColumn<{
             name: "confirmations";
             tableName: "payment_methods";

package/dist/db/schema/crypto.js

@@ -74,6 +74,7 @@ export const paymentMethods = pgTable("payment_methods", {
     rpcUrl: text("rpc_url"), // chain node RPC endpoint
     oracleAddress: text("oracle_address"), // Chainlink feed address for price (null = 1:1 stablecoin)
     xpub: text("xpub"), // HD wallet extended public key for deposit address derivation
+    addressType: text("address_type").notNull().default("evm"), // "bech32" (BTC/LTC), "p2pkh" (DOGE), "evm" (ETH/ERC20)
     confirmations: integer("confirmations").notNull().default(1),
     nextIndex: integer("next_index").notNull().default(0), // atomic derivation counter, never reuses
     createdAt: text("created_at").notNull().default(sql `(now())`),

package/drizzle/migrations/0018_address_type_column.sql

@@ -0,0 +1,12 @@
+-- Add address_type column to payment_methods.
+-- Drives derivation routing: "bech32" (BTC/LTC), "p2pkh" (DOGE), "evm" (ETH/ERC20).
+-- Eliminates hardcoded chain names in deriveNextAddress.
+
+ALTER TABLE "payment_methods" ADD COLUMN IF NOT EXISTS "address_type" text NOT NULL DEFAULT 'evm';
+--> statement-breakpoint
+
+-- Set correct values for existing chains
+UPDATE "payment_methods" SET "address_type" = 'bech32' WHERE "chain" IN ('bitcoin', 'litecoin');
+--> statement-breakpoint
+
+UPDATE "payment_methods" SET "address_type" = 'p2pkh' WHERE "chain" = 'dogecoin';

package/drizzle/migrations/meta/_journal.json

@@ -127,6 +127,13 @@
       "when": 1743091200000,
       "tag": "0017_fix_derivation_index_constraint",
       "breakpoints": true
+    },
+    {
+      "idx": 18,
+      "version": "7",
+      "when": 1743177600000,
+      "tag": "0018_address_type_column",
+      "breakpoints": true
     }
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wopr-network/platform-core",
-  "version": "1.49.2",
+  "version": "1.49.4",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/billing/crypto/__tests__/key-server.test.ts

@@ -14,6 +14,7 @@ function createMockDb() {
     xpub: "xpub6CUGRUonZSQ4TWtTMmzXdrXDtypWKiKrhko4egpiMZbpiaQL2jkwSB1icqYh2cfDfVxdx4df189oLKnC5fSwqPfgyP3hooxujYzAu3fDVmz",
     nextIndex: 1,
     decimals: 8,
+    addressType: "bech32",
     confirmations: 6,
   };
 
@@ -177,6 +178,125 @@ describe("key-server routes", () => {
     expect(res.status).toBe(400);
   });
 
+  it("POST /address retries on shared-xpub address collision", async () => {
+    const collision = Object.assign(new Error("unique_violation"), { code: "23505" });
+    let callCount = 0;
+
+    const mockMethod = {
+      id: "eth",
+      type: "native",
+      token: "ETH",
+      chain: "base",
+      xpub: "xpub6CUGRUonZSQ4TWtTMmzXdrXDtypWKiKrhko4egpiMZbpiaQL2jkwSB1icqYh2cfDfVxdx4df189oLKnC5fSwqPfgyP3hooxujYzAu3fDVmz",
+      nextIndex: 0,
+      decimals: 18,
+      addressType: "evm",
+      confirmations: 1,
+    };
+
+    const db = {
+      // Each update call increments nextIndex
+      update: vi.fn().mockImplementation(() => ({
+        set: vi.fn().mockReturnValue({
+          where: vi.fn().mockReturnValue({
+            returning: vi.fn().mockImplementation(() => {
+              callCount++;
+              return Promise.resolve([{ ...mockMethod, nextIndex: callCount }]);
+            }),
+          }),
+        }),
+      })),
+      insert: vi.fn().mockImplementation(() => ({
+        values: vi.fn().mockImplementation(() => {
+          // First insert collides, second succeeds
+          if (callCount <= 1) throw collision;
+          return { onConflictDoNothing: vi.fn().mockResolvedValue({ rowCount: 1 }) };
+        }),
+      })),
+      select: vi.fn().mockReturnValue({
+        from: vi.fn().mockReturnValue({
+          where: vi.fn().mockResolvedValue([]),
+        }),
+      }),
+      transaction: vi.fn().mockImplementation(async (fn: (tx: unknown) => unknown) => fn(db)),
+    };
+
+    const deps = mockDeps();
+    (deps as unknown as { db: unknown }).db = db;
+    const app = createKeyServerApp(deps);
+
+    const res = await app.request("/address", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ chain: "eth" }),
+    });
+
+    expect(res.status).toBe(201);
+    const body = await res.json();
+    expect(body.address).toMatch(/^0x/);
+    // Should have called update twice (first collision, then success)
+    expect(callCount).toBe(2);
+    expect(body.index).toBe(1); // skipped index 0
+  });
+
+  it("POST /address retries on Drizzle-wrapped collision error (cause.code)", async () => {
+    // Drizzle wraps PG errors: err.code is undefined, err.cause.code has "23505"
+    const pgError = Object.assign(new Error("unique_violation"), { code: "23505" });
+    const drizzleError = Object.assign(new Error("DrizzleQueryError"), { cause: pgError });
+    let callCount = 0;
+
+    const mockMethod = {
+      id: "eth",
+      type: "native",
+      token: "ETH",
+      chain: "base",
+      xpub: "xpub6CUGRUonZSQ4TWtTMmzXdrXDtypWKiKrhko4egpiMZbpiaQL2jkwSB1icqYh2cfDfVxdx4df189oLKnC5fSwqPfgyP3hooxujYzAu3fDVmz",
+      nextIndex: 0,
+      decimals: 18,
+      addressType: "evm",
+      confirmations: 1,
+    };
+
+    const db = {
+      update: vi.fn().mockImplementation(() => ({
+        set: vi.fn().mockReturnValue({
+          where: vi.fn().mockReturnValue({
+            returning: vi.fn().mockImplementation(() => {
+              callCount++;
+              return Promise.resolve([{ ...mockMethod, nextIndex: callCount }]);
+            }),
+          }),
+        }),
+      })),
+      insert: vi.fn().mockImplementation(() => ({
+        values: vi.fn().mockImplementation(() => {
+          if (callCount <= 1) throw drizzleError;
+          return { onConflictDoNothing: vi.fn().mockResolvedValue({ rowCount: 1 }) };
+        }),
+      })),
+      select: vi.fn().mockReturnValue({
+        from: vi.fn().mockReturnValue({ where: vi.fn().mockResolvedValue([]) }),
+      }),
+      transaction: vi.fn().mockImplementation(async (fn: (tx: unknown) => unknown) => fn(db)),
+    };
+
+    const deps = mockDeps();
+    (deps as unknown as { db: unknown }).db = db;
+    const app = createKeyServerApp(deps);
+
+    const res = await app.request("/address", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ chain: "eth" }),
+    });
+
+    expect(res.status).toBe(201);
+    const body = await res.json();
+    expect(body.address).toMatch(/^0x/);
+    expect(callCount).toBe(2);
+    expect(body.index).toBe(1);
+  });
+
   it("POST /charges creates a charge", async () => {
     const app = createKeyServerApp(mockDeps());
     const res = await app.request("/charges", {

package/src/billing/crypto/key-server.ts

@@ -33,50 +33,78 @@ export interface KeyServerDeps {
 /**
  * Derive the next unused address for a chain.
  * Atomically increments next_index and records address in a single transaction.
+ *
+ * EVM chains share an xpub (coin type 60), so ETH index 0 = USDC index 0 = same
+ * address. The unique constraint on derived_addresses.address prevents reuse.
+ * On collision, we skip the index and retry (up to maxRetries).
  */
 async function deriveNextAddress(
   db: DrizzleDb,
   chainId: string,
   tenantId?: string,
 ): Promise<{ address: string; index: number; chain: string; token: string }> {
-  // Wrap in transaction: if the address insert fails, next_index is not consumed.
-  return (db as unknown as { transaction: (fn: (tx: DrizzleDb) => Promise<unknown>) => Promise<unknown> }).transaction(
-    async (tx: DrizzleDb) => {
-      // Atomic increment: UPDATE ... SET next_index = next_index + 1 RETURNING *
-      const [method] = await tx
-        .update(paymentMethods)
-        .set({ nextIndex: sql`${paymentMethods.nextIndex} + 1` })
-        .where(eq(paymentMethods.id, chainId))
-        .returning();
-
-      if (!method) throw new Error(`Chain not found: ${chainId}`);
-      if (!method.xpub) throw new Error(`No xpub configured for chain: ${chainId}`);
-
-      // The index we use is the value BEFORE increment (returned value - 1)
-      const index = method.nextIndex - 1;
-
-      // Route to the right derivation function
-      let address: string;
-      if (method.type === "native" && method.chain === "dogecoin") {
-        address = deriveP2pkhAddress(method.xpub, index, "dogecoin");
-      } else if (method.type === "native" && (method.chain === "bitcoin" || method.chain === "litecoin")) {
-        address = deriveAddress(method.xpub, index, "mainnet", method.chain as "bitcoin" | "litecoin");
-      } else {
-        // EVM (all ERC20 + native ETH) — same derivation
+  const maxRetries = 10;
+  const dbWithTx = db as unknown as { transaction: (fn: (tx: DrizzleDb) => Promise<unknown>) => Promise<unknown> };
+
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    // Step 1: Atomically claim the next index OUTSIDE the transaction.
+    // This survives even if the transaction below rolls back on address collision.
+    const [method] = await db
+      .update(paymentMethods)
+      .set({ nextIndex: sql`${paymentMethods.nextIndex} + 1` })
+      .where(eq(paymentMethods.id, chainId))
+      .returning();
+
+    if (!method) throw new Error(`Chain not found: ${chainId}`);
+    if (!method.xpub) throw new Error(`No xpub configured for chain: ${chainId}`);
+
+    const index = method.nextIndex - 1;
+
+    // Route to the right derivation function via address_type (DB-driven, no hardcoded chains)
+    let address: string;
+    switch (method.addressType) {
+      case "bech32":
+        address = deriveAddress(
+          method.xpub,
+          index,
+          (method.network ?? "mainnet") as "mainnet" | "testnet" | "regtest",
+          method.chain as "bitcoin" | "litecoin",
+        );
+        break;
+      case "p2pkh":
+        address = deriveP2pkhAddress(method.xpub, index, method.chain);
+        break;
+      case "evm":
         address = deriveDepositAddress(method.xpub, index);
-      }
+        break;
+      default:
+        throw new Error(`Unknown address type: ${method.addressType}`);
+    }
 
-      // Record in immutable log (inside same transaction)
-      await tx.insert(derivedAddresses).values({
-        chainId,
-        derivationIndex: index,
-        address: address.toLowerCase(),
-        tenantId,
+    // Step 2: Record in immutable log. If this address was already derived by a
+    // sibling chain (shared xpub), the unique constraint fires and we retry
+    // with the next index (which is already incremented above).
+    try {
+      await dbWithTx.transaction(async (tx: DrizzleDb) => {
+        // bech32/evm addresses are case-insensitive (lowercase by spec).
+        // p2pkh (Base58Check) addresses are case-sensitive — do NOT lowercase.
+        const normalizedAddress = method.addressType === "p2pkh" ? address : address.toLowerCase();
+        await tx.insert(derivedAddresses).values({
+          chainId,
+          derivationIndex: index,
+          address: normalizedAddress,
+          tenantId,
+        });
       });
-
       return { address, index, chain: method.chain, token: method.token };
-    },
-  ) as Promise<{ address: string; index: number; chain: string; token: string }>;
+    } catch (err: unknown) {
+      // Drizzle wraps PG errors — check both top-level and cause for the constraint violation code
+      const code = (err as { code?: string }).code ?? (err as { cause?: { code?: string } }).cause?.code;
+      if (code === "23505" && attempt < maxRetries) continue; // collision — index already advanced, retry
+      throw err;
+    }
+  }
+  throw new Error(`Failed to derive unique address for ${chainId} after ${maxRetries} retries`);
 }
 
 /** Validate Bearer token from Authorization header. */
@@ -299,6 +327,7 @@ export function createKeyServerApp(deps: KeyServerDeps): Hono {
       confirmations?: number;
       display_name?: string;
       oracle_address?: string;
+      address_type?: string;
     }>();
 
     if (!body.id || !body.xpub || !body.token) {
@@ -337,6 +366,7 @@ export function createKeyServerApp(deps: KeyServerDeps): Hono {
       rpcUrl: body.rpc_url,
       oracleAddress: body.oracle_address ?? null,
       xpub: body.xpub,
+      addressType: body.address_type ?? "evm",
       confirmations: body.confirmations ?? 6,
     });
 

package/src/billing/crypto/payment-method-store.ts

@@ -15,6 +15,7 @@ export interface PaymentMethodRecord {
   rpcUrl: string | null;
   oracleAddress: string | null;
   xpub: string | null;
+  addressType: string;
   confirmations: number;
 }
 
@@ -80,6 +81,7 @@ export class DrizzlePaymentMethodStore implements IPaymentMethodStore {
         rpcUrl: method.rpcUrl,
         oracleAddress: method.oracleAddress,
         xpub: method.xpub,
+        addressType: method.addressType,
         confirmations: method.confirmations,
       })
       .onConflictDoUpdate({
@@ -96,6 +98,7 @@ export class DrizzlePaymentMethodStore implements IPaymentMethodStore {
           rpcUrl: method.rpcUrl,
           oracleAddress: method.oracleAddress,
           xpub: method.xpub,
+          addressType: method.addressType,
           confirmations: method.confirmations,
         },
       });
@@ -120,6 +123,7 @@ function toRecord(row: typeof paymentMethods.$inferSelect): PaymentMethodRecord
     rpcUrl: row.rpcUrl,
     oracleAddress: row.oracleAddress,
     xpub: row.xpub,
+    addressType: row.addressType,
     confirmations: row.confirmations,
   };
 }

package/src/db/schema/crypto.ts

@@ -81,6 +81,7 @@ export const paymentMethods = pgTable("payment_methods", {
   rpcUrl: text("rpc_url"), // chain node RPC endpoint
   oracleAddress: text("oracle_address"), // Chainlink feed address for price (null = 1:1 stablecoin)
   xpub: text("xpub"), // HD wallet extended public key for deposit address derivation
+  addressType: text("address_type").notNull().default("evm"), // "bech32" (BTC/LTC), "p2pkh" (DOGE), "evm" (ETH/ERC20)
   confirmations: integer("confirmations").notNull().default(1),
   nextIndex: integer("next_index").notNull().default(0), // atomic derivation counter, never reuses
   createdAt: text("created_at").notNull().default(sql`(now())`),