@wopr-network/platform-core 1.67.0 → 1.67.1

package/dist/billing/crypto/key-server.js

@@ -1,472 +0,0 @@
-/**
- * Crypto Key Server — shared address derivation + charge management.
- *
- * Deploys on the chain server (pay.wopr.bot) alongside bitcoind.
- * Products don't run watchers or hold xpubs. They request addresses
- * and receive webhooks.
- *
- * ~200 lines of new code wrapping platform-core's existing crypto modules.
- */
-import { HDKey } from "@scure/bip32";
-import { and, eq, isNull, sql } from "drizzle-orm";
-import { Hono } from "hono";
-import { addressPool, derivedAddresses, keyRings, pathAllocations, paymentMethods } from "../../db/schema/crypto.js";
-import { deriveAddress } from "./address-gen.js";
-import { centsToNative } from "./oracle/convert.js";
-import { AssetNotSupportedError } from "./oracle/types.js";
-/**
- * Claim the next address from the pre-derived address pool.
- * Used for Ed25519 chains (Solana, etc.) that can't derive from an xpub.
- */
-async function claimFromPool(db, keyRingId, chainId, tenantId) {
-    const dbWithTx = db;
-    const result = await dbWithTx.transaction(async (tx) => {
-        // Find the next unassigned address (lowest index first)
-        const [poolEntry] = await tx
-            .select()
-            .from(addressPool)
-            .where(and(eq(addressPool.keyRingId, keyRingId), isNull(addressPool.assignedTo)))
-            .orderBy(addressPool.derivationIndex)
-            .limit(1);
-        if (!poolEntry) {
-            throw new Error(`No available addresses in pool for ${keyRingId}. Run crypto-sweep replenish.`);
-        }
-        // Mark as assigned
-        const assignmentId = tenantId ? `${chainId}:${tenantId}` : chainId;
-        await tx.update(addressPool).set({ assignedTo: assignmentId }).where(eq(addressPool.id, poolEntry.id));
-        // Record in derived_addresses for tracking
-        await tx.insert(derivedAddresses).values({
-            chainId,
-            derivationIndex: poolEntry.derivationIndex,
-            address: poolEntry.address,
-            tenantId,
-        });
-        return { address: poolEntry.address, index: poolEntry.derivationIndex };
-    });
-    return result;
-}
-/**
- * Derive the next unused address for a chain.
- *
- * For Ed25519 chains with a key ring in "pre-derived" mode (or no xpub),
- * claims from the address pool instead of deriving from an xpub.
- *
- * For xpub-based chains, atomically increments next_index and records
- * the address in a single transaction. EVM chains share an xpub (coin type 60),
- * so the unique constraint on derived_addresses.address prevents reuse.
- * On collision, we skip the index and retry (up to maxRetries).
- */
-async function deriveNextAddress(db, chainId, tenantId, registry) {
-    const maxRetries = 10;
-    const dbWithTx = db;
-    // Check if this payment method uses pool-based derivation (Ed25519 chains).
-    // Look up the method first to check for key_ring_id with derivation_mode = 'pre-derived'.
-    const [methodCheck] = await db.select().from(paymentMethods).where(eq(paymentMethods.id, chainId));
-    if (methodCheck?.keyRingId) {
-        // Check the key ring's derivation mode
-        const [ring] = await db.select().from(keyRings).where(eq(keyRings.id, methodCheck.keyRingId));
-        if (ring?.derivationMode === "pre-derived" || (!methodCheck.xpub && ring)) {
-            // Pool mode: claim from pre-derived addresses
-            const { address, index } = await claimFromPool(db, methodCheck.keyRingId, chainId, tenantId);
-            return { address, index, chain: methodCheck.chain, token: methodCheck.token };
-        }
-    }
-    for (let attempt = 0; attempt <= maxRetries; attempt++) {
-        // Step 1: Atomically claim the next index OUTSIDE the transaction.
-        // This survives even if the transaction below rolls back on address collision.
-        const [method] = await db
-            .update(paymentMethods)
-            .set({ nextIndex: sql `${paymentMethods.nextIndex} + 1` })
-            .where(eq(paymentMethods.id, chainId))
-            .returning();
-        if (!method)
-            throw new Error(`Chain not found: ${chainId}`);
-        if (!method.xpub)
-            throw new Error(`No xpub configured for chain: ${chainId}`);
-        const index = method.nextIndex - 1;
-        // Universal address derivation — encoding type + params are DB-driven.
-        // Adding a new chain is a DB INSERT, not a code change.
-        let encodingParams = {};
-        try {
-            encodingParams = JSON.parse(method.encodingParams ?? "{}");
-        }
-        catch {
-            throw new Error(`Invalid encoding_params JSON for chain ${chainId}: ${method.encodingParams}`);
-        }
-        // Plugin-driven encoding: look up the plugin, use its encoder.
-        // Falls back to legacy deriveAddress() when no registry or no matching plugin.
-        let address;
-        const pluginId = method.pluginId ?? (method.watcherType === "utxo" ? "bitcoin" : method.watcherType);
-        const plugin = registry?.get(pluginId ?? "");
-        const encodingKey = method.encoding ?? method.addressType;
-        const encoder = plugin?.encoders[encodingKey];
-        if (encoder) {
-            const master = HDKey.fromExtendedKey(method.xpub);
-            const child = master.deriveChild(0).deriveChild(index);
-            if (!child.publicKey)
-                throw new Error("Failed to derive public key");
-            address = encoder.encode(child.publicKey, encodingParams);
-        }
-        else {
-            address = deriveAddress(method.xpub, index, method.addressType, encodingParams);
-        }
-        // Step 2: Record in immutable log. If this address was already derived by a
-        // sibling chain (shared xpub), the unique constraint fires and we retry
-        // with the next index (which is already incremented above).
-        try {
-            await dbWithTx.transaction(async (tx) => {
-                // bech32/evm addresses are case-insensitive (lowercase by spec).
-                // p2pkh (Base58Check) addresses are case-sensitive — do NOT lowercase.
-                const normalizedAddress = method.addressType === "p2pkh" ? address : address.toLowerCase();
-                await tx.insert(derivedAddresses).values({
-                    chainId,
-                    derivationIndex: index,
-                    address: normalizedAddress,
-                    tenantId,
-                });
-            });
-            return { address, index, chain: method.chain, token: method.token };
-        }
-        catch (err) {
-            // Drizzle wraps PG errors — check both top-level and cause for the constraint violation code
-            const code = err.code ?? err.cause?.code;
-            if (code === "23505" && attempt < maxRetries)
-                continue; // collision — index already advanced, retry
-            throw err;
-        }
-    }
-    throw new Error(`Failed to derive unique address for ${chainId} after ${maxRetries} retries`);
-}
-/** Validate Bearer token from Authorization header. */
-function requireAuth(header, expected) {
-    if (!expected)
-        return true; // auth disabled
-    return header === `Bearer ${expected}`;
-}
-/**
- * Create the Hono app for the crypto key server.
- * Mount this on the chain server at the root.
- */
-export function createKeyServerApp(deps) {
-    const app = new Hono();
-    // --- Auth middleware for product routes ---
-    app.use("/address", async (c, next) => {
-        if (deps.serviceKey && !requireAuth(c.req.header("Authorization"), deps.serviceKey)) {
-            return c.json({ error: "Unauthorized" }, 401);
-        }
-        await next();
-    });
-    app.use("/charges/*", async (c, next) => {
-        if (deps.serviceKey && !requireAuth(c.req.header("Authorization"), deps.serviceKey)) {
-            return c.json({ error: "Unauthorized" }, 401);
-        }
-        await next();
-    });
-    app.use("/charges", async (c, next) => {
-        if (deps.serviceKey && !requireAuth(c.req.header("Authorization"), deps.serviceKey)) {
-            return c.json({ error: "Unauthorized" }, 401);
-        }
-        await next();
-    });
-    // --- Auth middleware for admin routes ---
-    app.use("/admin/*", async (c, next) => {
-        if (!deps.adminToken)
-            return c.json({ error: "Admin API disabled" }, 403);
-        if (!requireAuth(c.req.header("Authorization"), deps.adminToken)) {
-            return c.json({ error: "Unauthorized" }, 401);
-        }
-        await next();
-    });
-    // --- Product API ---
-    /** POST /address — derive next unused address */
-    app.post("/address", async (c) => {
-        const body = await c.req.json();
-        if (!body.chain)
-            return c.json({ error: "chain is required" }, 400);
-        const tenantId = c.req.header("X-Tenant-Id");
-        const result = await deriveNextAddress(deps.db, body.chain, tenantId ?? undefined, deps.registry);
-        return c.json(result, 201);
-    });
-    /** POST /charges — create charge + derive address + start watching */
-    app.post("/charges", async (c) => {
-        const body = await c.req.json();
-        if (!body.chain || typeof body.amountUsd !== "number" || !Number.isFinite(body.amountUsd) || body.amountUsd <= 0) {
-            return c.json({ error: "chain is required and amountUsd must be a positive finite number" }, 400);
-        }
-        const tenantId = c.req.header("X-Tenant-Id") ?? "unknown";
-        const { address, index, chain, token } = await deriveNextAddress(deps.db, body.chain, tenantId, deps.registry);
-        // Look up payment method for decimals + oracle config
-        const method = await deps.methodStore.getById(body.chain);
-        if (!method)
-            return c.json({ error: `Unknown chain: ${body.chain}` }, 400);
-        const amountUsdCents = Math.round(body.amountUsd * 100);
-        // Compute expected crypto amount in native base units.
-        // Price is locked NOW — this is what the user must send.
-        let expectedAmount;
-        const feedAddress = method.oracleAddress ? method.oracleAddress : undefined;
-        try {
-            // Try oracle pricing (Chainlink for BTC/ETH, CoinGecko for DOGE/LTC).
-            // feedAddress is a hint for Chainlink — undefined is fine, CompositeOracle
-            // falls through to CoinGecko or built-in feed maps.
-            const { priceMicros } = await deps.oracle.getPrice(token, feedAddress);
-            expectedAmount = centsToNative(amountUsdCents, priceMicros, method.decimals);
-        }
-        catch (err) {
-            if (err instanceof AssetNotSupportedError) {
-                // No oracle knows this token (e.g. USDC, DAI) — stablecoin 1:1 USD.
-                expectedAmount = (BigInt(amountUsdCents) * 10n ** BigInt(method.decimals)) / 100n;
-            }
-            else {
-                // Transient oracle failure (network, rate limit, stale feed).
-                // Reject the charge — silently pricing BTC at $1 would be catastrophic.
-                return c.json({ error: `Price oracle unavailable for ${token}: ${err.message}` }, 503);
-            }
-        }
-        const referenceId = `${token.toLowerCase()}:${address.toLowerCase()}`;
-        await deps.chargeStore.createStablecoinCharge({
-            referenceId,
-            tenantId,
-            amountUsdCents,
-            chain,
-            token,
-            depositAddress: address,
-            derivationIndex: index,
-            callbackUrl: body.callbackUrl,
-            expectedAmount: expectedAmount.toString(),
-        });
-        // Format display amount for the client (BigInt-safe, no Number overflow)
-        const divisor = 10n ** BigInt(method.decimals);
-        const whole = expectedAmount / divisor;
-        const frac = expectedAmount % divisor;
-        const fracStr = frac.toString().padStart(method.decimals, "0").slice(0, 8).replace(/0+$/, "");
-        const displayAmount = `${whole}${fracStr ? `.${fracStr}` : ""} ${token}`;
-        return c.json({
-            chargeId: referenceId,
-            address,
-            chain,
-            token,
-            amountUsd: body.amountUsd,
-            expectedAmount: expectedAmount.toString(),
-            displayAmount,
-            derivationIndex: index,
-            expiresAt: new Date(Date.now() + 30 * 60 * 1000).toISOString(), // 30 min
-        }, 201);
-    });
-    /** GET /charges/:id — check charge status */
-    app.get("/charges/:id", async (c) => {
-        const charge = await deps.chargeStore.getByReferenceId(c.req.param("id"));
-        if (!charge)
-            return c.json({ error: "Charge not found" }, 404);
-        return c.json({
-            chargeId: charge.referenceId,
-            status: charge.status,
-            address: charge.depositAddress,
-            chain: charge.chain,
-            token: charge.token,
-            amountUsdCents: charge.amountUsdCents,
-            creditedAt: charge.creditedAt,
-        });
-    });
-    /** GET /chains — list enabled payment methods (for checkout UI) */
-    app.get("/chains", async (c) => {
-        const methods = await deps.methodStore.listEnabled();
-        return c.json(methods.map((m) => ({
-            id: m.id,
-            token: m.token,
-            chain: m.chain,
-            decimals: m.decimals,
-            displayName: m.displayName,
-            contractAddress: m.contractAddress,
-            confirmations: m.confirmations,
-            iconUrl: m.iconUrl,
-        })));
-    });
-    // --- Admin API ---
-    /** GET /admin/next-path — which derivation path to use for a coin type */
-    app.get("/admin/next-path", async (c) => {
-        const coinType = Number(c.req.query("coin_type"));
-        if (!Number.isInteger(coinType))
-            return c.json({ error: "coin_type must be an integer" }, 400);
-        // Find all allocations for this coin type
-        const existing = await deps.db.select().from(pathAllocations).where(eq(pathAllocations.coinType, coinType));
-        if (existing.length === 0) {
-            return c.json({
-                coin_type: coinType,
-                account_index: 0,
-                path: `m/44'/${coinType}'/0'`,
-                status: "available",
-            });
-        }
-        // If already allocated, return info about existing allocation
-        const latest = existing.sort((a, b) => b.accountIndex - a.accountIndex)[0];
-        // Find chains using this coin type's allocations
-        const chainIds = existing.map((a) => a.chainId).filter(Boolean);
-        return c.json({
-            coin_type: coinType,
-            account_index: latest.accountIndex,
-            path: `m/44'/${coinType}'/${latest.accountIndex}'`,
-            status: "allocated",
-            allocated_to: chainIds,
-            note: "xpub already registered — reuse for new chains with same key type",
-            next_available: {
-                account_index: latest.accountIndex + 1,
-                path: `m/44'/${coinType}'/${latest.accountIndex + 1}'`,
-            },
-        });
-    });
-    /** POST /admin/chains — register a new chain with its xpub */
-    app.post("/admin/chains", async (c) => {
-        const body = await c.req.json();
-        if (!body.id || !body.xpub || !body.token) {
-            return c.json({ error: "id, xpub, and token are required" }, 400);
-        }
-        // Validate encoding_params match address_type requirements
-        const addrType = body.address_type ?? "evm";
-        const encParams = body.encoding_params ?? {};
-        if (addrType === "bech32" && !encParams.hrp) {
-            return c.json({ error: "bech32 address_type requires encoding_params.hrp" }, 400);
-        }
-        if (addrType === "p2pkh" && !encParams.version) {
-            return c.json({ error: "p2pkh address_type requires encoding_params.version" }, 400);
-        }
-        // Upsert payment method FIRST (path_allocations has FK to payment_methods.id)
-        await deps.methodStore.upsert({
-            id: body.id,
-            type: body.type ?? "native",
-            token: body.token,
-            chain: body.chain ?? body.network,
-            contractAddress: body.contract ?? null,
-            decimals: body.decimals,
-            displayName: body.display_name ?? `${body.token} on ${body.network}`,
-            enabled: true,
-            displayOrder: body.display_order ?? 0,
-            iconUrl: body.icon_url ?? null,
-            rpcUrl: body.rpc_url,
-            rpcHeaders: JSON.stringify(body.rpc_headers ?? {}),
-            oracleAddress: body.oracle_address ?? null,
-            xpub: body.xpub,
-            addressType: body.address_type ?? "evm",
-            encodingParams: JSON.stringify(body.encoding_params ?? {}),
-            watcherType: body.watcher_type ?? "evm",
-            oracleAssetId: body.oracle_asset_id ?? null,
-            confirmations: body.confirmations ?? 6,
-            keyRingId: null,
-            encoding: null,
-            pluginId: null,
-        });
-        // Record the path allocation (idempotent — ignore if already exists)
-        const inserted = (await deps.db
-            .insert(pathAllocations)
-            .values({
-            coinType: body.coin_type,
-            accountIndex: body.account_index,
-            chainId: body.id,
-            xpub: body.xpub,
-        })
-            .onConflictDoNothing());
-        if (inserted.rowCount === 0) {
-            return c.json({
-                message: "Path allocation already exists, payment method updated",
-                path: `m/44'/${body.coin_type}'/${body.account_index}'`,
-            }, 200);
-        }
-        return c.json({ id: body.id, path: `m/44'/${body.coin_type}'/${body.account_index}'` }, 201);
-    });
-    /** PATCH /admin/chains/:id — update metadata (icon_url, display_order, display_name) */
-    app.patch("/admin/chains/:id", async (c) => {
-        const id = c.req.param("id");
-        const body = await c.req.json();
-        const updated = await deps.methodStore.patchMetadata(id, {
-            iconUrl: body.icon_url,
-            displayOrder: body.display_order,
-            displayName: body.display_name,
-        });
-        if (!updated)
-            return c.json({ id, updated: false }, 200);
-        return c.json({ id, updated: true });
-    });
-    /** DELETE /admin/chains/:id — soft disable */
-    app.delete("/admin/chains/:id", async (c) => {
-        await deps.methodStore.setEnabled(c.req.param("id"), false);
-        return c.body(null, 204);
-    });
-    /** POST /admin/pool/replenish — upload pre-derived addresses for Ed25519 chains */
-    app.post("/admin/pool/replenish", async (c) => {
-        const body = await c.req.json();
-        if (!body.key_ring_id ||
-            !body.plugin_id ||
-            !body.encoding ||
-            !Array.isArray(body.addresses) ||
-            body.addresses.length === 0) {
-            return c.json({ error: "key_ring_id, plugin_id, encoding, and a non-empty addresses array are required" }, 400);
-        }
-        // Validate the key ring exists
-        const [ring] = await deps.db.select().from(keyRings).where(eq(keyRings.id, body.key_ring_id));
-        if (!ring) {
-            return c.json({ error: `Key ring not found: ${body.key_ring_id}` }, 404);
-        }
-        // Look up the plugin encoder for validation
-        const plugin = deps.registry?.get(body.plugin_id);
-        const encoder = plugin?.encoders[body.encoding];
-        // Validate each address against the public key
-        for (const entry of body.addresses) {
-            if (typeof entry.index !== "number" || !entry.public_key || !entry.address) {
-                return c.json({ error: `Invalid entry at index ${entry.index}: index, public_key, and address are required` }, 400);
-            }
-            // If we have an encoder, validate the address by re-encoding the public key
-            if (encoder) {
-                const pubKeyBytes = hexToBytes(entry.public_key);
-                const reEncoded = encoder.encode(pubKeyBytes, {});
-                if (reEncoded !== entry.address) {
-                    return c.json({
-                        error: `Address mismatch at index ${entry.index}: expected ${reEncoded}, got ${entry.address}`,
-                    }, 400);
-                }
-            }
-        }
-        // Insert validated addresses into the pool
-        let inserted = 0;
-        for (const entry of body.addresses) {
-            const result = (await deps.db
-                .insert(addressPool)
-                .values({
-                keyRingId: body.key_ring_id,
-                derivationIndex: entry.index,
-                publicKey: entry.public_key,
-                address: entry.address,
-            })
-                .onConflictDoNothing());
-            inserted += result.rowCount;
-        }
-        // Get total pool size for this key ring
-        const totalRows = await deps.db.select().from(addressPool).where(eq(addressPool.keyRingId, body.key_ring_id));
-        return c.json({ inserted, total: totalRows.length }, 201);
-    });
-    /** GET /admin/pool/status — pool stats per key ring */
-    app.get("/admin/pool/status", async (c) => {
-        // Get all key rings
-        const rings = await deps.db.select().from(keyRings);
-        const pools = await Promise.all(rings.map(async (ring) => {
-            const allEntries = await deps.db.select().from(addressPool).where(eq(addressPool.keyRingId, ring.id));
-            const available = allEntries.filter((e) => e.assignedTo === null).length;
-            const assigned = allEntries.length - available;
-            return {
-                key_ring_id: ring.id,
-                total: allEntries.length,
-                available,
-                assigned,
-            };
-        }));
-        return c.json({ pools });
-    });
-    return app;
-}
-/** Convert a hex string to Uint8Array. */
-function hexToBytes(hex) {
-    const clean = hex.startsWith("0x") ? hex.slice(2) : hex;
-    const bytes = new Uint8Array(clean.length / 2);
-    for (let i = 0; i < bytes.length; i++) {
-        bytes[i] = Number.parseInt(clean.slice(i * 2, i * 2 + 2), 16);
-    }
-    return bytes;
-}

package/dist/billing/crypto/oracle/__tests__/chainlink.test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/billing/crypto/oracle/__tests__/chainlink.test.js

@@ -1,83 +0,0 @@
-import { describe, expect, it, vi } from "vitest";
-import { ChainlinkOracle } from "../chainlink.js";
-/**
- * Encode a mock latestRoundData() response.
- * Chainlink returns 5 × 32-byte ABI-encoded words:
- *   roundId, answer, startedAt, updatedAt, answeredInRound
- */
-function encodeRoundData(answer, updatedAtSec) {
-    const pad = (v) => v.toString(16).padStart(64, "0");
-    return ("0x" +
-        pad(1n) + // roundId
-        pad(answer) + // answer (price × 10^8)
-        pad(BigInt(updatedAtSec)) + // startedAt
-        pad(BigInt(updatedAtSec)) + // updatedAt
-        pad(1n) // answeredInRound
-    );
-}
-describe("ChainlinkOracle", () => {
-    const nowSec = Math.floor(Date.now() / 1000);
-    it("decodes ETH/USD price from latestRoundData", async () => {
-        // ETH at $3,500.00 → answer = 3500 × 10^8 = 350_000_000_000
-        const rpc = vi.fn().mockResolvedValue(encodeRoundData(350000000000n, nowSec));
-        const oracle = new ChainlinkOracle({ rpcCall: rpc });
-        const result = await oracle.getPrice("ETH");
-        expect(result.priceMicros).toBe(3_500_000_000); // $3,500.00
-        expect(result.updatedAt).toBeInstanceOf(Date);
-        expect(rpc).toHaveBeenCalledWith("eth_call", [
-            { to: "0x71041dddad3595F9CEd3DcCFBe3D1F4b0a16Bb70", data: "0xfeaf968c" },
-            "latest",
-        ]);
-    });
-    it("decodes BTC/USD price from latestRoundData", async () => {
-        // BTC at $65,000.00 → answer = 65000 × 10^8 = 6_500_000_000_000
-        const rpc = vi.fn().mockResolvedValue(encodeRoundData(6500000000000n, nowSec));
-        const oracle = new ChainlinkOracle({ rpcCall: rpc });
-        const result = await oracle.getPrice("BTC");
-        expect(result.priceMicros).toBe(65_000_000_000); // $65,000.00
-    });
-    it("handles fractional dollar prices correctly", async () => {
-        // ETH at $3,456.78 → answer = 345_678_000_000
-        const rpc = vi.fn().mockResolvedValue(encodeRoundData(345678000000n, nowSec));
-        const oracle = new ChainlinkOracle({ rpcCall: rpc });
-        const result = await oracle.getPrice("ETH");
-        expect(result.priceMicros).toBe(3_456_780_000); // $3,456.78
-    });
-    it("rejects stale prices", async () => {
-        const staleTime = nowSec - 7200; // 2 hours ago
-        const rpc = vi.fn().mockResolvedValue(encodeRoundData(350000000000n, staleTime));
-        const oracle = new ChainlinkOracle({ rpcCall: rpc, maxStalenessMs: 3600_000 });
-        await expect(oracle.getPrice("ETH")).rejects.toThrow("stale");
-    });
-    it("rejects zero price", async () => {
-        const rpc = vi.fn().mockResolvedValue(encodeRoundData(0n, nowSec));
-        const oracle = new ChainlinkOracle({ rpcCall: rpc });
-        await expect(oracle.getPrice("ETH")).rejects.toThrow("Invalid price");
-    });
-    it("rejects malformed response", async () => {
-        const rpc = vi.fn().mockResolvedValue("0xdead");
-        const oracle = new ChainlinkOracle({ rpcCall: rpc });
-        await expect(oracle.getPrice("ETH")).rejects.toThrow("Malformed");
-    });
-    it("accepts custom feed addresses", async () => {
-        const customFeed = "0x1234567890abcdef1234567890abcdef12345678";
-        const rpc = vi.fn().mockResolvedValue(encodeRoundData(350000000000n, nowSec));
-        const oracle = new ChainlinkOracle({
-            rpcCall: rpc,
-            feedAddresses: { ETH: customFeed },
-        });
-        await oracle.getPrice("ETH");
-        expect(rpc).toHaveBeenCalledWith("eth_call", [{ to: customFeed, data: "0xfeaf968c" }, "latest"]);
-    });
-    it("respects custom staleness threshold", async () => {
-        const thirtyMinAgo = nowSec - 1800;
-        const rpc = vi.fn().mockResolvedValue(encodeRoundData(350000000000n, thirtyMinAgo));
-        // 20-minute threshold → stale
-        const strict = new ChainlinkOracle({ rpcCall: rpc, maxStalenessMs: 20 * 60 * 1000 });
-        await expect(strict.getPrice("ETH")).rejects.toThrow("stale");
-        // 60-minute threshold → fresh
-        const relaxed = new ChainlinkOracle({ rpcCall: rpc, maxStalenessMs: 60 * 60 * 1000 });
-        const result = await relaxed.getPrice("ETH");
-        expect(result.priceMicros).toBe(3_500_000_000);
-    });
-});

package/dist/billing/crypto/oracle/__tests__/coingecko.test.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/billing/crypto/oracle/__tests__/coingecko.test.js

@@ -1,65 +0,0 @@
-import { describe, expect, it, vi } from "vitest";
-import { CoinGeckoOracle } from "../coingecko.js";
-describe("CoinGeckoOracle", () => {
-    const mockFetch = (price) => vi.fn().mockResolvedValue({
-        ok: true,
-        json: () => Promise.resolve({ bitcoin: { usd: price } }),
-    });
-    it("returns price in microdollars from CoinGecko API", async () => {
-        const oracle = new CoinGeckoOracle({ fetchFn: mockFetch(84_532.17) });
-        const result = await oracle.getPrice("BTC");
-        expect(result.priceMicros).toBe(84_532_170_000);
-        expect(result.updatedAt).toBeInstanceOf(Date);
-    });
-    it("caches prices within TTL", async () => {
-        const fn = mockFetch(84_532.17);
-        const oracle = new CoinGeckoOracle({ fetchFn: fn, cacheTtlMs: 60_000 });
-        await oracle.getPrice("BTC");
-        await oracle.getPrice("BTC");
-        expect(fn).toHaveBeenCalledTimes(1);
-    });
-    it("re-fetches after cache expires", async () => {
-        const fn = mockFetch(84_532.17);
-        const oracle = new CoinGeckoOracle({ fetchFn: fn, cacheTtlMs: 0 });
-        await oracle.getPrice("BTC");
-        await oracle.getPrice("BTC");
-        expect(fn).toHaveBeenCalledTimes(2);
-    });
-    it("throws for unknown asset", async () => {
-        const oracle = new CoinGeckoOracle({ fetchFn: mockFetch(100) });
-        await expect(oracle.getPrice("UNKNOWN")).rejects.toThrow("No price oracle supports asset: UNKNOWN");
-    });
-    it("throws on API error", async () => {
-        const fn = vi.fn().mockResolvedValue({ ok: false, status: 429, statusText: "Too Many Requests" });
-        const oracle = new CoinGeckoOracle({ fetchFn: fn });
-        await expect(oracle.getPrice("BTC")).rejects.toThrow("CoinGecko API error");
-    });
-    it("throws on zero price", async () => {
-        const fn = vi.fn().mockResolvedValue({
-            ok: true,
-            json: () => Promise.resolve({ bitcoin: { usd: 0 } }),
-        });
-        const oracle = new CoinGeckoOracle({ fetchFn: fn });
-        await expect(oracle.getPrice("BTC")).rejects.toThrow("Invalid CoinGecko price");
-    });
-    it("resolves DOGE via coingecko ID mapping", async () => {
-        const fn = vi.fn().mockResolvedValue({
-            ok: true,
-            json: () => Promise.resolve({ dogecoin: { usd: 0.1742 } }),
-        });
-        const oracle = new CoinGeckoOracle({ fetchFn: fn });
-        const result = await oracle.getPrice("DOGE");
-        expect(result.priceMicros).toBe(174_200);
-        expect(fn).toHaveBeenCalledWith(expect.stringContaining("ids=dogecoin"));
-    });
-    it("resolves LTC via coingecko ID mapping", async () => {
-        const fn = vi.fn().mockResolvedValue({
-            ok: true,
-            json: () => Promise.resolve({ litecoin: { usd: 92.45 } }),
-        });
-        const oracle = new CoinGeckoOracle({ fetchFn: fn });
-        const result = await oracle.getPrice("LTC");
-        expect(result.priceMicros).toBe(92_450_000);
-        expect(fn).toHaveBeenCalledWith(expect.stringContaining("ids=litecoin"));
-    });
-});

package/dist/billing/crypto/oracle/__tests__/composite.test.d.ts

@@ -1 +0,0 @@
-export {};