moltlaunch 2.0.0 → 2.0.2

package/worker/src/auth.ts

@@ -1,126 +0,0 @@
-// Wallet signature verification for agent/client actions
-// EIP-191 personal sign: moltlaunch:<action>:<taskId>:<timestamp>:<nonce>
-
-import { recoverMessageAddress, keccak256, toBytes } from 'viem';
-import type { Env } from './types';
-
-const IDENTITY_REGISTRY = '0x8004A169FB4a3325136EB29fA0ceB6D2e539a432';
-const ESCROW_ADDRESS = '0x2c46054b4577b4fcdde28cb613dc2ba4b1127b0c';
-const OWNER_SELECTOR = '0x6352211e'; // ownerOf(uint256)
-const GET_ESCROW_SELECTOR = '0xf023b811'; // getEscrow(bytes32)
-const MAX_TIMESTAMP_DRIFT = 300; // 5 minutes
-const OWNER_CACHE_PREFIX = 'owner:';
-const OWNER_CACHE_TTL = 86400; // 24 hours
-const NONCE_PREFIX = 'nonce:';
-
-/** Build the message that must be signed */
-export function buildAuthMessage(action: string, taskId: string, timestamp: number, nonce: string): string {
-  return `moltlaunch:${action}:${taskId}:${timestamp}:${nonce}`;
-}
-
-/** Verify signature, check nonce for replay protection, return recovered signer (lowercase) */
-export async function verifySigner(
-  env: Env,
-  action: string,
-  taskId: string,
-  timestamp: number,
-  signature: string,
-  nonce: string,
-): Promise<string> {
-  const now = Math.floor(Date.now() / 1000);
-  if (Math.abs(now - timestamp) > MAX_TIMESTAMP_DRIFT) {
-    throw new Error('Signature expired');
-  }
-
-  if (!nonce) {
-    throw new Error('Missing nonce');
-  }
-
-  const message = buildAuthMessage(action, taskId, timestamp, nonce);
-  const address = await recoverMessageAddress({
-    message,
-    signature: signature as `0x${string}`,
-  });
-
-  // Replay protection: check if nonce was already used
-  const nonceKey = `${NONCE_PREFIX}${keccak256(toBytes(nonce))}`;
-  const existing = await env.TASKS_KV.get(nonceKey);
-  if (existing) {
-    throw new Error('Nonce already used (replay detected)');
-  }
-
-  // Store nonce with TTL matching timestamp drift window
-  await env.TASKS_KV.put(nonceKey, '1', { expirationTtl: MAX_TIMESTAMP_DRIFT });
-
-  return address.toLowerCase();
-}
-
-/** Get agent owner address via ownerOf() call (cached in KV for 24h) */
-export async function getAgentOwner(env: Env, agentId: string): Promise<string> {
-  const cacheKey = `${OWNER_CACHE_PREFIX}${agentId}`;
-  const cached = await env.TASKS_KV.get(cacheKey);
-  if (cached) return cached.toLowerCase();
-
-  const rpcUrl = env.ALCHEMY_RPC || env.BASE_RPC || 'https://mainnet.base.org';
-  const id = agentId.startsWith('0x') ? BigInt(agentId) : BigInt(agentId);
-  const agentIdHex = id.toString(16).padStart(64, '0');
-
-  const res = await fetch(rpcUrl, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({
-      jsonrpc: '2.0',
-      method: 'eth_call',
-      params: [{ to: IDENTITY_REGISTRY, data: OWNER_SELECTOR + agentIdHex }, 'latest'],
-      id: 1,
-    }),
-  });
-
-  const json = await res.json() as { result?: string; error?: { message: string } };
-  if (json.error || !json.result || json.result === '0x') {
-    throw new Error('Failed to get agent owner');
-  }
-
-  const owner = ('0x' + json.result.slice(-40)).toLowerCase();
-  await env.TASKS_KV.put(cacheKey, owner, { expirationTtl: OWNER_CACHE_TTL });
-  return owner;
-}
-
-/**
- * Verify that escrow deposit exists on-chain for a task.
- * Returns the deposited amount in wei, or 0 if no deposit or already released.
- * getEscrow returns: (client, agent, token, amount, depositedAt, submittedAt, disputeFee, status)
- */
-export async function verifyEscrowDeposit(env: Env, taskId: string): Promise<bigint> {
-  const rpcUrl = env.ALCHEMY_RPC || env.BASE_RPC || 'https://mainnet.base.org';
-  const taskIdBytes32 = keccak256(toBytes(taskId));
-  const taskIdHex = taskIdBytes32.slice(2);
-
-  const res = await fetch(rpcUrl, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({
-      jsonrpc: '2.0',
-      method: 'eth_call',
-      params: [{ to: ESCROW_ADDRESS, data: GET_ESCROW_SELECTOR + taskIdHex }, 'latest'],
-      id: 1,
-    }),
-  });
-
-  const json = await res.json() as { result?: string; error?: { message: string } };
-  if (json.error || !json.result || json.result === '0x') {
-    return 0n;
-  }
-
-  // V4: status is the 8th 32-byte word (offset 224 bytes = 448 hex chars) — uint8 enum
-  // Active=0, Submitted=1, Disputed=2, Resolved=3, Released=4, Refunded=5
-  const statusHex = json.result.slice(2 + 64 * 7, 2 + 64 * 8);
-  const status = Number(BigInt('0x' + (statusHex || '0')));
-  if (status >= 4) {
-    return 0n; // Released or Refunded, treat as no deposit
-  }
-
-  // amount is the 4th 32-byte word (offset 96 bytes = 192 hex chars)
-  const amountHex = json.result.slice(2 + 64 * 3, 2 + 64 * 4);
-  return BigInt('0x' + (amountHex || '0'));
-}

package/worker/src/files.ts

@@ -1,40 +0,0 @@
-// R2 file upload/download handlers for task file exchange
-// Files stored at key: tasks/<taskId>/<timestamp>-<filename>
-
-import type { Env, TaskFile } from './types';
-
-const MAX_FILE_SIZE = 25 * 1024 * 1024; // 25MB
-
-/** Upload a file to R2, return metadata */
-export async function uploadFile(
-  env: Env,
-  taskId: string,
-  filename: string,
-  body: ReadableStream | ArrayBuffer,
-  contentType: string,
-  size: number,
-): Promise<TaskFile> {
-  if (size > MAX_FILE_SIZE) {
-    throw new Error(`File too large: ${size} bytes (max ${MAX_FILE_SIZE})`);
-  }
-
-  const timestamp = Date.now();
-  // Sanitize filename to prevent path traversal
-  const safeName = filename.replace(/[^a-zA-Z0-9._-]/g, '_');
-  const key = `tasks/${taskId}/${timestamp}-${safeName}`;
-
-  await env.TASK_FILES.put(key, body, {
-    httpMetadata: { contentType },
-    customMetadata: { taskId, originalName: filename },
-  });
-
-  return { key, name: filename, size, uploadedAt: timestamp };
-}
-
-/** Download a file from R2, return the R2 object (or null) */
-export async function downloadFile(
-  env: Env,
-  key: string,
-): Promise<R2ObjectBody | null> {
-  return env.TASK_FILES.get(key);
-}