@wopr-network/platform-core 1.66.0 → 1.67.0

package/drizzle/migrations/0014_crypto_key_server.sql

@@ -2,11 +2,11 @@
 -- Adds atomic derivation counter + path registry + address log.
 
 -- 1. Add network column to payment_methods (parallel to chain)
-ALTER TABLE "payment_methods" ADD COLUMN "network" text NOT NULL DEFAULT 'mainnet';
+ALTER TABLE "payment_methods" ADD COLUMN IF NOT EXISTS "network" text NOT NULL DEFAULT 'mainnet';
 --> statement-breakpoint
 
 -- 2. Add next_index atomic counter to payment_methods
-ALTER TABLE "payment_methods" ADD COLUMN "next_index" integer NOT NULL DEFAULT 0;
+ALTER TABLE "payment_methods" ADD COLUMN IF NOT EXISTS "next_index" integer NOT NULL DEFAULT 0;
 --> statement-breakpoint
 
 -- 3. BIP-44 path allocation registry

package/drizzle/migrations/0015_callback_url.sql

@@ -1,15 +1,15 @@
 -- Watcher service schema additions: webhook outbox + charge amount tracking.
 
 -- 1. callback_url for webhook delivery
-ALTER TABLE "crypto_charges" ADD COLUMN "callback_url" text;
+ALTER TABLE "crypto_charges" ADD COLUMN IF NOT EXISTS "callback_url" text;
 --> statement-breakpoint
 
 -- 2. Expected crypto amount in native base units (locked at charge creation)
-ALTER TABLE "crypto_charges" ADD COLUMN "expected_amount" text;
+ALTER TABLE "crypto_charges" ADD COLUMN IF NOT EXISTS "expected_amount" text;
 --> statement-breakpoint
 
 -- 3. Running total of received crypto in native base units (partial payments)
-ALTER TABLE "crypto_charges" ADD COLUMN "received_amount" text;
+ALTER TABLE "crypto_charges" ADD COLUMN IF NOT EXISTS "received_amount" text;
 --> statement-breakpoint
 
 -- 4. Webhook delivery outbox — durable retry for payment callbacks

package/drizzle/migrations/0016_charge_progress_columns.sql

@@ -1,4 +1,4 @@
-ALTER TABLE "crypto_charges" ADD COLUMN "confirmations" integer DEFAULT 0 NOT NULL;--> statement-breakpoint
-ALTER TABLE "crypto_charges" ADD COLUMN "confirmations_required" integer DEFAULT 1 NOT NULL;--> statement-breakpoint
-ALTER TABLE "crypto_charges" ADD COLUMN "tx_hash" text;--> statement-breakpoint
-ALTER TABLE "crypto_charges" ADD COLUMN "amount_received_cents" integer DEFAULT 0 NOT NULL;
+ALTER TABLE "crypto_charges" ADD COLUMN IF NOT EXISTS "confirmations" integer DEFAULT 0 NOT NULL;--> statement-breakpoint
+ALTER TABLE "crypto_charges" ADD COLUMN IF NOT EXISTS "confirmations_required" integer DEFAULT 1 NOT NULL;--> statement-breakpoint
+ALTER TABLE "crypto_charges" ADD COLUMN IF NOT EXISTS "tx_hash" text;--> statement-breakpoint
+ALTER TABLE "crypto_charges" ADD COLUMN IF NOT EXISTS "amount_received_cents" integer DEFAULT 0 NOT NULL;

package/drizzle/migrations/0020_encoding_params_column.sql

@@ -1,4 +1,4 @@
-ALTER TABLE "payment_methods" ADD COLUMN "encoding_params" text DEFAULT '{}' NOT NULL;
+ALTER TABLE "payment_methods" ADD COLUMN IF NOT EXISTS "encoding_params" text DEFAULT '{}' NOT NULL;
 --> statement-breakpoint
 UPDATE "payment_methods" SET "encoding_params" = '{"hrp":"bc"}' WHERE "address_type" = 'bech32' AND "chain" = 'bitcoin';
 --> statement-breakpoint

package/drizzle/migrations/0021_watcher_type_column.sql

@@ -1,3 +1,3 @@
-ALTER TABLE "payment_methods" ADD COLUMN "watcher_type" text DEFAULT 'evm' NOT NULL;
+ALTER TABLE "payment_methods" ADD COLUMN IF NOT EXISTS "watcher_type" text DEFAULT 'evm' NOT NULL;
 --> statement-breakpoint
 UPDATE "payment_methods" SET "watcher_type" = 'utxo' WHERE "chain" IN ('bitcoin', 'litecoin', 'dogecoin');

package/drizzle/migrations/0022_oracle_asset_id_column.sql

@@ -1,4 +1,4 @@
-ALTER TABLE "payment_methods" ADD COLUMN "oracle_asset_id" text;
+ALTER TABLE "payment_methods" ADD COLUMN IF NOT EXISTS "oracle_asset_id" text;
 --> statement-breakpoint
 UPDATE "payment_methods" SET "oracle_asset_id" = 'bitcoin' WHERE "token" = 'BTC';
 --> statement-breakpoint

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wopr-network/platform-core",
-  "version": "1.66.0",
+  "version": "1.67.0",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/billing/crypto/__tests__/key-server.test.ts

@@ -3,6 +3,7 @@ import type { ICryptoChargeRepository } from "../charge-store.js";
 import type { KeyServerDeps } from "../key-server.js";
 import { createKeyServerApp } from "../key-server.js";
 import type { IPaymentMethodStore } from "../payment-method-store.js";
+import type { PluginRegistry } from "../plugin/registry.js";
 
 /** Create a mock db that supports transaction() by passing itself to the callback. */
 function createMockDb() {
@@ -350,6 +351,433 @@ describe("key-server routes", () => {
   });
 });
 
+describe("key-server pool endpoints", () => {
+  /** Create a mock db that supports pool queries. */
+  function createPoolMockDb(opts?: {
+    keyRing?: { id: string; derivationMode: string } | null;
+    poolEntries?: Array<{
+      id: number;
+      keyRingId: string;
+      derivationIndex: number;
+      publicKey: string;
+      address: string;
+      assignedTo: string | null;
+    }>;
+    allKeyRings?: Array<{ id: string }>;
+  }) {
+    const keyRing = opts?.keyRing ?? null;
+    const poolEntries = opts?.poolEntries ?? [];
+    const allKeyRings = opts?.allKeyRings ?? (keyRing ? [keyRing] : []);
+
+    const db: Record<string, unknown> = {};
+
+    // Track which table is being queried via from()
+    db.select = vi.fn().mockReturnValue({
+      from: vi.fn().mockImplementation((table: unknown) => {
+        const tableName = (table as Record<symbol, string>)[Symbol.for("drizzle:Name")];
+        if (tableName === "key_rings") {
+          return {
+            where: vi.fn().mockResolvedValue(keyRing ? [keyRing] : []),
+            orderBy: vi.fn().mockResolvedValue(allKeyRings),
+          };
+        }
+        if (tableName === "address_pool") {
+          return {
+            where: vi.fn().mockImplementation(() => ({
+              orderBy: vi.fn().mockImplementation(() => ({
+                limit: vi.fn().mockResolvedValue(poolEntries.filter((e) => e.assignedTo === null).slice(0, 1)),
+              })),
+              // For counting all pool entries for a key ring
+              length: poolEntries.length,
+              filter: (fn: (e: unknown) => boolean) => poolEntries.filter(fn),
+              [Symbol.iterator]: function* () {
+                yield* poolEntries;
+              },
+            })),
+          };
+        }
+        // Default: payment_methods
+        return {
+          where: vi.fn().mockResolvedValue([]),
+        };
+      }),
+    });
+
+    db.insert = vi.fn().mockReturnValue({
+      values: vi.fn().mockReturnValue({
+        onConflictDoNothing: vi.fn().mockResolvedValue({ rowCount: 1 }),
+      }),
+    });
+
+    db.update = vi.fn().mockReturnValue({
+      set: vi.fn().mockReturnValue({
+        where: vi.fn().mockReturnValue({
+          returning: vi.fn().mockResolvedValue([]),
+        }),
+      }),
+    });
+
+    db.transaction = vi.fn().mockImplementation(async (fn: (tx: unknown) => unknown) => fn(db));
+
+    return db;
+  }
+
+  it("POST /admin/pool/replenish validates required fields", async () => {
+    const deps = mockDeps();
+    deps.adminToken = "test-admin";
+    const app = createKeyServerApp(deps);
+    const res = await app.request("/admin/pool/replenish", {
+      method: "POST",
+      headers: { "Content-Type": "application/json", Authorization: "Bearer test-admin" },
+      body: JSON.stringify({}),
+    });
+    expect(res.status).toBe(400);
+  });
+
+  it("POST /admin/pool/replenish returns 404 for unknown key ring", async () => {
+    const db = createPoolMockDb({ keyRing: null });
+    const deps = mockDeps();
+    deps.adminToken = "test-admin";
+    (deps as unknown as { db: unknown }).db = db;
+    const app = createKeyServerApp(deps);
+    const res = await app.request("/admin/pool/replenish", {
+      method: "POST",
+      headers: { "Content-Type": "application/json", Authorization: "Bearer test-admin" },
+      body: JSON.stringify({
+        key_ring_id: "sol-main",
+        plugin_id: "solana",
+        encoding: "base58-solana",
+        addresses: [{ index: 0, public_key: "abcd", address: "SolAddr1" }],
+      }),
+    });
+    expect(res.status).toBe(404);
+  });
+
+  it("POST /admin/pool/replenish inserts validated addresses", async () => {
+    const db = createPoolMockDb({
+      keyRing: { id: "sol-main", derivationMode: "pre-derived" },
+      poolEntries: [],
+    });
+
+    // Override select().from() to handle both keyRings query and the count query
+    const selectMock = vi.fn().mockReturnValue({
+      from: vi.fn().mockImplementation((table: unknown) => {
+        const tableName = (table as Record<symbol, string>)[Symbol.for("drizzle:Name")];
+        if (tableName === "key_rings") {
+          return {
+            where: vi.fn().mockResolvedValue([{ id: "sol-main", derivationMode: "pre-derived" }]),
+          };
+        }
+        // address_pool count query (after insert)
+        return {
+          where: vi.fn().mockResolvedValue([
+            {
+              id: 1,
+              keyRingId: "sol-main",
+              derivationIndex: 0,
+              publicKey: "ab",
+              address: "SolAddr0",
+              assignedTo: null,
+            },
+            {
+              id: 2,
+              keyRingId: "sol-main",
+              derivationIndex: 1,
+              publicKey: "cd",
+              address: "SolAddr1",
+              assignedTo: null,
+            },
+          ]),
+        };
+      }),
+    });
+    (db as Record<string, unknown>).select = selectMock;
+
+    const deps = mockDeps();
+    deps.adminToken = "test-admin";
+    (deps as unknown as { db: unknown }).db = db;
+    // No registry — skip re-encoding validation
+    deps.registry = undefined;
+
+    const app = createKeyServerApp(deps);
+    const res = await app.request("/admin/pool/replenish", {
+      method: "POST",
+      headers: { "Content-Type": "application/json", Authorization: "Bearer test-admin" },
+      body: JSON.stringify({
+        key_ring_id: "sol-main",
+        plugin_id: "solana",
+        encoding: "base58-solana",
+        addresses: [
+          { index: 0, public_key: "ab", address: "SolAddr0" },
+          { index: 1, public_key: "cd", address: "SolAddr1" },
+        ],
+      }),
+    });
+
+    expect(res.status).toBe(201);
+    const body = await res.json();
+    expect(body.inserted).toBe(2);
+    expect(body.total).toBe(2);
+  });
+
+  it("POST /admin/pool/replenish rejects mismatched address when encoder present", async () => {
+    const mockEncoder = {
+      encode: vi.fn().mockReturnValue("CorrectAddress"),
+      encodingType: vi.fn().mockReturnValue("base58-solana"),
+    };
+    const mockPlugin = {
+      pluginId: "solana",
+      supportedCurve: "ed25519" as const,
+      encoders: { "base58-solana": mockEncoder },
+      createWatcher: vi.fn(),
+      createSweeper: vi.fn(),
+      version: 1,
+    };
+    const mockRegistry = {
+      get: vi.fn().mockReturnValue(mockPlugin),
+      getOrThrow: vi.fn(),
+      list: vi.fn(),
+      register: vi.fn(),
+    };
+
+    const db = createPoolMockDb({
+      keyRing: { id: "sol-main", derivationMode: "pre-derived" },
+    });
+
+    const deps = mockDeps();
+    deps.adminToken = "test-admin";
+    (deps as unknown as { db: unknown }).db = db;
+    deps.registry = mockRegistry as unknown as PluginRegistry;
+
+    const app = createKeyServerApp(deps);
+    const res = await app.request("/admin/pool/replenish", {
+      method: "POST",
+      headers: { "Content-Type": "application/json", Authorization: "Bearer test-admin" },
+      body: JSON.stringify({
+        key_ring_id: "sol-main",
+        plugin_id: "solana",
+        encoding: "base58-solana",
+        addresses: [{ index: 0, public_key: "abcd1234", address: "WrongAddress" }],
+      }),
+    });
+
+    expect(res.status).toBe(400);
+    const body = await res.json();
+    expect(body.error).toContain("Address mismatch");
+  });
+
+  it("GET /admin/pool/status returns pool stats", async () => {
+    const db = createPoolMockDb({
+      allKeyRings: [{ id: "sol-main" }],
+      poolEntries: [
+        { id: 1, keyRingId: "sol-main", derivationIndex: 0, publicKey: "a", address: "A", assignedTo: null },
+        { id: 2, keyRingId: "sol-main", derivationIndex: 1, publicKey: "b", address: "B", assignedTo: "tenant:1" },
+        { id: 3, keyRingId: "sol-main", derivationIndex: 2, publicKey: "c", address: "C", assignedTo: null },
+      ],
+    });
+
+    // Override select to handle the two different query patterns in pool/status
+    let selectCallCount = 0;
+    const poolEntries = [
+      { id: 1, keyRingId: "sol-main", derivationIndex: 0, publicKey: "a", address: "A", assignedTo: null },
+      { id: 2, keyRingId: "sol-main", derivationIndex: 1, publicKey: "b", address: "B", assignedTo: "tenant:1" },
+      { id: 3, keyRingId: "sol-main", derivationIndex: 2, publicKey: "c", address: "C", assignedTo: null },
+    ];
+    (db as Record<string, unknown>).select = vi.fn().mockReturnValue({
+      from: vi.fn().mockImplementation(() => {
+        selectCallCount++;
+        if (selectCallCount === 1) {
+          // First call: select from keyRings (no where clause)
+          return [{ id: "sol-main" }];
+        }
+        // Second call: select from addressPool where keyRingId = ring.id
+        return {
+          where: vi.fn().mockResolvedValue(poolEntries),
+        };
+      }),
+    });
+
+    const deps = mockDeps();
+    deps.adminToken = "test-admin";
+    (deps as unknown as { db: unknown }).db = db;
+    const app = createKeyServerApp(deps);
+
+    const res = await app.request("/admin/pool/status", {
+      headers: { Authorization: "Bearer test-admin" },
+    });
+
+    expect(res.status).toBe(200);
+    const body = await res.json();
+    expect(body.pools).toHaveLength(1);
+    expect(body.pools[0].key_ring_id).toBe("sol-main");
+    expect(body.pools[0].total).toBe(3);
+    expect(body.pools[0].available).toBe(2);
+    expect(body.pools[0].assigned).toBe(1);
+  });
+
+  it("POST /address uses pool for pre-derived key ring", async () => {
+    const poolEntry = {
+      id: 1,
+      keyRingId: "sol-main",
+      derivationIndex: 7,
+      publicKey: "deadbeef",
+      address: "SolanaAddr7",
+      assignedTo: null,
+      createdAt: "2026-01-01",
+    };
+
+    const solMethod = {
+      id: "sol",
+      type: "native",
+      token: "SOL",
+      chain: "solana",
+      xpub: null,
+      keyRingId: "sol-main",
+      nextIndex: 0,
+      decimals: 9,
+      addressType: "base58-solana",
+      encodingParams: "{}",
+      watcherType: "solana",
+      oracleAssetId: "solana",
+      confirmations: 1,
+      pluginId: "solana",
+      encoding: "base58-solana",
+    };
+
+    const keyRing = {
+      id: "sol-main",
+      curve: "ed25519",
+      derivationScheme: "slip10",
+      derivationMode: "pre-derived",
+      keyMaterial: "{}",
+      coinType: 501,
+      accountIndex: 0,
+    };
+
+    // Build a mock that handles the pool flow:
+    // 1. select from paymentMethods where id=sol -> solMethod
+    // 2. select from keyRings where id=sol-main -> keyRing
+    // 3. transaction: select from addressPool -> poolEntry, update addressPool, insert derivedAddresses
+    let selectCallCount = 0;
+    const db = {
+      select: vi.fn().mockImplementation(() => ({
+        from: vi.fn().mockImplementation(() => {
+          selectCallCount++;
+          if (selectCallCount === 1) {
+            // paymentMethods lookup
+            return { where: vi.fn().mockResolvedValue([solMethod]) };
+          }
+          if (selectCallCount === 2) {
+            // keyRings lookup
+            return { where: vi.fn().mockResolvedValue([keyRing]) };
+          }
+          // addressPool query inside transaction
+          return {
+            where: vi.fn().mockReturnValue({
+              orderBy: vi.fn().mockReturnValue({
+                limit: vi.fn().mockResolvedValue([poolEntry]),
+              }),
+            }),
+          };
+        }),
+      })),
+      update: vi.fn().mockReturnValue({
+        set: vi.fn().mockReturnValue({
+          where: vi.fn().mockResolvedValue(undefined),
+        }),
+      }),
+      insert: vi.fn().mockReturnValue({
+        values: vi.fn().mockResolvedValue(undefined),
+      }),
+      transaction: vi.fn().mockImplementation(async (fn: (tx: unknown) => unknown) => fn(db)),
+    };
+
+    const deps = mockDeps();
+    (deps as unknown as { db: unknown }).db = db;
+    const app = createKeyServerApp(deps);
+
+    const res = await app.request("/address", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ chain: "sol" }),
+    });
+
+    expect(res.status).toBe(201);
+    const body = await res.json();
+    expect(body.address).toBe("SolanaAddr7");
+    expect(body.index).toBe(7);
+    expect(body.chain).toBe("solana");
+    expect(body.token).toBe("SOL");
+  });
+
+  it("POST /address throws when pool is empty", async () => {
+    const solMethod = {
+      id: "sol",
+      type: "native",
+      token: "SOL",
+      chain: "solana",
+      xpub: null,
+      keyRingId: "sol-main",
+      nextIndex: 0,
+      decimals: 9,
+      addressType: "base58-solana",
+      encodingParams: "{}",
+      watcherType: "solana",
+      oracleAssetId: "solana",
+      confirmations: 1,
+      pluginId: "solana",
+      encoding: "base58-solana",
+    };
+
+    const keyRing = {
+      id: "sol-main",
+      curve: "ed25519",
+      derivationScheme: "slip10",
+      derivationMode: "pre-derived",
+      keyMaterial: "{}",
+      coinType: 501,
+      accountIndex: 0,
+    };
+
+    let selectCallCount = 0;
+    const db = {
+      select: vi.fn().mockImplementation(() => ({
+        from: vi.fn().mockImplementation(() => {
+          selectCallCount++;
+          if (selectCallCount === 1) {
+            return { where: vi.fn().mockResolvedValue([solMethod]) };
+          }
+          if (selectCallCount === 2) {
+            return { where: vi.fn().mockResolvedValue([keyRing]) };
+          }
+          // Empty pool
+          return {
+            where: vi.fn().mockReturnValue({
+              orderBy: vi.fn().mockReturnValue({
+                limit: vi.fn().mockResolvedValue([]),
+              }),
+            }),
+          };
+        }),
+      })),
+      transaction: vi.fn().mockImplementation(async (fn: (tx: unknown) => unknown) => fn(db)),
+    };
+
+    const deps = mockDeps();
+    (deps as unknown as { db: unknown }).db = db;
+    const app = createKeyServerApp(deps);
+
+    const res = await app.request("/address", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ chain: "sol" }),
+    });
+
+    // Hono catches the thrown error and returns 500
+    expect(res.status).toBe(500);
+  });
+});
+
 describe("key-server auth", () => {
   it("rejects unauthenticated request when serviceKey is set", async () => {
     const deps = mockDeps();