moltspay 1.3.0 → 1.4.1

package/dist/facilitators/index.mjs

@@ -331,6 +331,63 @@ var CHAINS = {
     explorerTx: "https://explore.testnet.tempo.xyz/tx/",
     avgBlockTime: 0.5
     // ~500ms finality
+  },
+  // ============ BNB Chain Testnet ============
+  bnb_testnet: {
+    name: "BNB Testnet",
+    chainId: 97,
+    rpc: "https://data-seed-prebsc-1-s1.binance.org:8545",
+    tokens: {
+      // Note: BNB uses 18 decimals for stablecoins (unlike Base/Polygon which use 6)
+      // Using official Binance-Peg testnet tokens
+      USDC: {
+        address: "0x64544969ed7EBf5f083679233325356EbE738930",
+        // Testnet USDC
+        decimals: 18,
+        symbol: "USDC",
+        eip712Name: "USD Coin"
+      },
+      USDT: {
+        address: "0x337610d27c682E347C9cD60BD4b3b107C9d34dDd",
+        // Testnet USDT
+        decimals: 18,
+        symbol: "USDT",
+        eip712Name: "Tether USD"
+      }
+    },
+    usdc: "0x64544969ed7EBf5f083679233325356EbE738930",
+    explorer: "https://testnet.bscscan.com/address/",
+    explorerTx: "https://testnet.bscscan.com/tx/",
+    avgBlockTime: 3,
+    // BNB-specific: requires approval for pay-for-success flow
+    requiresApproval: true
+  },
+  // ============ BNB Chain Mainnet ============
+  bnb: {
+    name: "BNB Smart Chain",
+    chainId: 56,
+    rpc: "https://bsc-dataseed.binance.org",
+    tokens: {
+      // Note: BNB uses 18 decimals for stablecoins
+      USDC: {
+        address: "0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",
+        decimals: 18,
+        symbol: "USDC",
+        eip712Name: "USD Coin"
+      },
+      USDT: {
+        address: "0x55d398326f99059fF775485246999027B3197955",
+        decimals: 18,
+        symbol: "USDT",
+        eip712Name: "Tether USD"
+      }
+    },
+    usdc: "0x8AC76a51cc950d9822D68b83fE1Ad97B32Cd580d",
+    explorer: "https://bscscan.com/address/",
+    explorerTx: "https://bscscan.com/tx/",
+    avgBlockTime: 3,
+    // BNB-specific: requires approval for pay-for-success flow
+    requiresApproval: true
   }
 };
 
@@ -454,7 +511,602 @@ var TempoFacilitator = class extends BaseFacilitator {
   }
 };
 
+// src/facilitators/bnb.ts
+import { privateKeyToAccount } from "viem/accounts";
+var TRANSFER_EVENT_TOPIC2 = "0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef";
+var EIP712_DOMAIN = {
+  name: "MoltsPay",
+  version: "1"
+};
+var INTENT_TYPES = {
+  PaymentIntent: [
+    { name: "from", type: "address" },
+    { name: "to", type: "address" },
+    { name: "amount", type: "uint256" },
+    { name: "token", type: "address" },
+    { name: "service", type: "string" },
+    { name: "nonce", type: "uint256" },
+    { name: "deadline", type: "uint256" }
+  ]
+};
+var BNBFacilitator = class extends BaseFacilitator {
+  name = "bnb";
+  displayName = "BNB Smart Chain";
+  supportedNetworks = ["eip155:56", "eip155:97"];
+  // Mainnet + Testnet
+  serverPrivateKey;
+  spenderAddress = null;
+  chainConfigs;
+  constructor(serverPrivateKey) {
+    super();
+    this.serverPrivateKey = serverPrivateKey || process.env.BNB_SERVER_PRIVATE_KEY || "";
+    if (this.serverPrivateKey) {
+      const key = this.serverPrivateKey.startsWith("0x") ? this.serverPrivateKey : `0x${this.serverPrivateKey}`;
+      const account = privateKeyToAccount(key);
+      this.spenderAddress = account.address;
+    }
+    this.chainConfigs = {
+      56: { rpc: CHAINS.bnb.rpc, chain: CHAINS.bnb },
+      97: { rpc: CHAINS.bnb_testnet.rpc, chain: CHAINS.bnb_testnet }
+    };
+  }
+  async healthCheck() {
+    const start = Date.now();
+    try {
+      const response = await fetch(this.chainConfigs[56].rpc, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          method: "eth_chainId",
+          params: [],
+          id: 1
+        })
+      });
+      const data = await response.json();
+      const chainId = parseInt(data.result, 16);
+      if (chainId !== 56) {
+        return { healthy: false, error: `Wrong chainId: ${chainId}` };
+      }
+      return { healthy: true, latencyMs: Date.now() - start };
+    } catch (error) {
+      return { healthy: false, error: String(error) };
+    }
+  }
+  /**
+   * Verify a payment intent signature (before service execution)
+   * 
+   * This verifies:
+   * 1. Signature is valid for the intent
+   * 2. Client has approved server wallet
+   * 3. Client has sufficient balance
+   * 4. Intent hasn't expired
+   */
+  async verify(paymentPayload, requirements) {
+    try {
+      const bnbPayload = paymentPayload.payload;
+      if (!bnbPayload?.intent) {
+        return { valid: false, error: "Missing intent in payment payload" };
+      }
+      const { intent, chainId } = bnbPayload;
+      const config = this.chainConfigs[chainId];
+      if (!config) {
+        return { valid: false, error: `Unsupported chainId: ${chainId}` };
+      }
+      if (intent.deadline < Date.now()) {
+        return { valid: false, error: "Intent expired" };
+      }
+      const recoveredAddress = await this.recoverIntentSigner(intent, chainId);
+      if (recoveredAddress.toLowerCase() !== intent.from.toLowerCase()) {
+        return { valid: false, error: "Invalid signature" };
+      }
+      if (intent.to.toLowerCase() !== requirements.payTo.toLowerCase()) {
+        return { valid: false, error: `Wrong recipient: ${intent.to}` };
+      }
+      if (BigInt(intent.amount) < BigInt(requirements.amount)) {
+        return { valid: false, error: `Insufficient amount: ${intent.amount}` };
+      }
+      if (intent.token.toLowerCase() !== requirements.asset.toLowerCase()) {
+        return { valid: false, error: `Wrong token: ${intent.token}` };
+      }
+      const serverAddress = await this.getServerAddress();
+      const allowance = await this.getAllowance(intent.from, serverAddress, intent.token, config.rpc);
+      if (BigInt(allowance) < BigInt(intent.amount)) {
+        return { valid: false, error: "Insufficient allowance. Run: npx moltspay init --chain bnb" };
+      }
+      const balance = await this.getBalance(intent.from, intent.token, config.rpc);
+      if (BigInt(balance) < BigInt(intent.amount)) {
+        return { valid: false, error: "Insufficient balance" };
+      }
+      return {
+        valid: true,
+        details: {
+          from: intent.from,
+          to: intent.to,
+          amount: intent.amount,
+          token: intent.token,
+          service: intent.service,
+          nonce: intent.nonce,
+          deadline: intent.deadline
+        }
+      };
+    } catch (error) {
+      return { valid: false, error: `Verification failed: ${error}` };
+    }
+  }
+  /**
+   * Settle a payment by executing transferFrom
+   * 
+   * This is called AFTER the service has been successfully delivered.
+   * Server pays gas, transfers tokens from client to provider.
+   */
+  async settle(paymentPayload, requirements) {
+    if (!this.serverPrivateKey) {
+      return { success: false, error: "Server wallet not configured (BNB_SERVER_PRIVATE_KEY)" };
+    }
+    try {
+      const verifyResult = await this.verify(paymentPayload, requirements);
+      if (!verifyResult.valid) {
+        return { success: false, error: verifyResult.error };
+      }
+      const bnbPayload = paymentPayload.payload;
+      const { intent, chainId } = bnbPayload;
+      const config = this.chainConfigs[chainId];
+      const txHash = await this.executeTransferFrom(
+        intent.from,
+        intent.to,
+        intent.amount,
+        intent.token,
+        config.rpc
+      );
+      return {
+        success: true,
+        transaction: txHash,
+        status: "settled"
+      };
+    } catch (error) {
+      return { success: false, error: `Settlement failed: ${error}` };
+    }
+  }
+  /**
+   * Check if client has approved the server wallet
+   */
+  async checkApproval(clientAddress, token, chainId) {
+    const config = this.chainConfigs[chainId];
+    if (!config) {
+      throw new Error(`Unsupported chainId: ${chainId}`);
+    }
+    const serverAddress = await this.getServerAddress();
+    const allowance = await this.getAllowance(clientAddress, serverAddress, token, config.rpc);
+    const minAllowance = BigInt("1000000000000000000000");
+    return {
+      approved: BigInt(allowance) >= minAllowance,
+      allowance
+    };
+  }
+  /**
+   * Verify a completed transaction (for checking past payments)
+   */
+  async verifyTransaction(txHash, expected, chainId) {
+    const config = this.chainConfigs[chainId];
+    if (!config) {
+      return { valid: false, error: `Unsupported chainId: ${chainId}` };
+    }
+    try {
+      const receipt = await this.getTransactionReceipt(txHash, config.rpc);
+      if (!receipt) {
+        return { valid: false, error: "Transaction not found" };
+      }
+      if (receipt.status !== "0x1") {
+        return { valid: false, error: "Transaction failed" };
+      }
+      const transferLog = receipt.logs.find(
+        (log) => log.topics[0] === TRANSFER_EVENT_TOPIC2 && log.address.toLowerCase() === expected.token.toLowerCase()
+      );
+      if (!transferLog) {
+        return { valid: false, error: "No Transfer event found" };
+      }
+      const toAddress = "0x" + transferLog.topics[2].slice(26).toLowerCase();
+      if (toAddress !== expected.to.toLowerCase()) {
+        return { valid: false, error: `Wrong recipient: ${toAddress}` };
+      }
+      const amount = BigInt(transferLog.data);
+      if (amount < BigInt(expected.amount)) {
+        return { valid: false, error: `Insufficient amount: ${amount}` };
+      }
+      return {
+        valid: true,
+        details: {
+          txHash,
+          from: "0x" + transferLog.topics[1].slice(26),
+          to: toAddress,
+          amount: amount.toString(),
+          token: transferLog.address
+        }
+      };
+    } catch (error) {
+      return { valid: false, error: `Verification failed: ${error}` };
+    }
+  }
+  // ==================== Private Methods ====================
+  /**
+   * Get the server's spender address (public, for 402 responses)
+   * Returns cached value computed at construction time.
+   */
+  getSpenderAddress() {
+    return this.spenderAddress;
+  }
+  async getServerAddress() {
+    const { ethers } = await import("ethers");
+    const wallet = new ethers.Wallet(this.serverPrivateKey);
+    return wallet.address;
+  }
+  async recoverIntentSigner(intent, chainId) {
+    const { ethers } = await import("ethers");
+    const domain = {
+      ...EIP712_DOMAIN,
+      chainId
+    };
+    const message = {
+      from: intent.from,
+      to: intent.to,
+      amount: intent.amount,
+      token: intent.token,
+      service: intent.service,
+      nonce: intent.nonce,
+      deadline: intent.deadline
+    };
+    const recoveredAddress = ethers.verifyTypedData(
+      domain,
+      INTENT_TYPES,
+      message,
+      intent.signature
+    );
+    return recoveredAddress;
+  }
+  async getAllowance(owner, spender, token, rpcUrl) {
+    const selector = "0xdd62ed3e";
+    const ownerPadded = owner.toLowerCase().replace("0x", "").padStart(64, "0");
+    const spenderPadded = spender.toLowerCase().replace("0x", "").padStart(64, "0");
+    const data = selector + ownerPadded + spenderPadded;
+    const response = await fetch(rpcUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        method: "eth_call",
+        params: [{ to: token, data }, "latest"],
+        id: 1
+      })
+    });
+    const result = await response.json();
+    return result.result || "0x0";
+  }
+  async getBalance(account, token, rpcUrl) {
+    const selector = "0x70a08231";
+    const accountPadded = account.toLowerCase().replace("0x", "").padStart(64, "0");
+    const data = selector + accountPadded;
+    const response = await fetch(rpcUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        method: "eth_call",
+        params: [{ to: token, data }, "latest"],
+        id: 1
+      })
+    });
+    const result = await response.json();
+    return result.result || "0x0";
+  }
+  async executeTransferFrom(from, to, amount, token, rpcUrl) {
+    const { ethers } = await import("ethers");
+    const provider = new ethers.JsonRpcProvider(rpcUrl);
+    const wallet = new ethers.Wallet(this.serverPrivateKey, provider);
+    const tokenContract = new ethers.Contract(token, [
+      "function transferFrom(address from, address to, uint256 amount) returns (bool)"
+    ], wallet);
+    const tx = await tokenContract.transferFrom(from, to, amount);
+    const receipt = await tx.wait();
+    return receipt.hash;
+  }
+  async getTransactionReceipt(txHash, rpcUrl) {
+    const response = await fetch(rpcUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        method: "eth_getTransactionReceipt",
+        params: [txHash],
+        id: 1
+      })
+    });
+    const data = await response.json();
+    return data.result;
+  }
+};
+function createIntentTypedData(intent, chainId) {
+  return {
+    domain: {
+      ...EIP712_DOMAIN,
+      chainId
+    },
+    types: INTENT_TYPES,
+    primaryType: "PaymentIntent",
+    message: {
+      from: intent.from,
+      to: intent.to,
+      amount: intent.amount,
+      token: intent.token,
+      service: intent.service,
+      nonce: intent.nonce,
+      deadline: intent.deadline
+    }
+  };
+}
+
+// src/facilitators/solana.ts
+import {
+  Connection as Connection2,
+  PublicKey as PublicKey2,
+  Transaction,
+  VersionedTransaction
+} from "@solana/web3.js";
+import {
+  getAssociatedTokenAddress,
+  createTransferCheckedInstruction,
+  getAccount,
+  createAssociatedTokenAccountInstruction
+} from "@solana/spl-token";
+
+// src/chains/solana.ts
+import { Connection, PublicKey } from "@solana/web3.js";
+var SOLANA_CHAINS = {
+  solana: {
+    name: "Solana Mainnet",
+    cluster: "mainnet-beta",
+    rpc: "https://api.mainnet-beta.solana.com",
+    explorer: "https://solscan.io/account/",
+    explorerTx: "https://solscan.io/tx/",
+    tokens: {
+      USDC: {
+        mint: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
+        // Circle official USDC
+        decimals: 6
+      }
+    }
+  },
+  solana_devnet: {
+    name: "Solana Devnet",
+    cluster: "devnet",
+    rpc: "https://api.devnet.solana.com",
+    explorer: "https://solscan.io/account/",
+    explorerTx: "https://solscan.io/tx/",
+    tokens: {
+      USDC: {
+        // Circle's devnet USDC (if not available, we'll deploy our own test token)
+        mint: "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU",
+        decimals: 6
+      }
+    }
+  }
+};
+
+// src/facilitators/solana.ts
+var SolanaFacilitator = class extends BaseFacilitator {
+  name = "solana";
+  displayName = "Solana Direct";
+  supportedNetworks = ["solana:mainnet", "solana:devnet"];
+  connections = /* @__PURE__ */ new Map();
+  feePayerKeypair;
+  constructor(config) {
+    super();
+    this.feePayerKeypair = config?.feePayerKeypair;
+    for (const [chain, config2] of Object.entries(SOLANA_CHAINS)) {
+      this.connections.set(
+        chain,
+        new Connection2(config2.rpc, "confirmed")
+      );
+    }
+    if (this.feePayerKeypair) {
+      console.log(`[SolanaFacilitator] Gasless mode enabled. Fee payer: ${this.feePayerKeypair.publicKey.toBase58()}`);
+    }
+  }
+  /**
+   * Get fee payer public key (for gasless transactions)
+   */
+  getFeePayerPubkey() {
+    return this.feePayerKeypair?.publicKey.toBase58() || null;
+  }
+  getConnection(chain) {
+    const conn = this.connections.get(chain);
+    if (!conn) {
+      throw new Error(`No connection for chain: ${chain}`);
+    }
+    return conn;
+  }
+  /**
+   * Convert our chain name to network identifier
+   */
+  static chainToNetwork(chain) {
+    return chain === "solana" ? "solana:mainnet" : "solana:devnet";
+  }
+  /**
+   * Convert network identifier to chain name
+   */
+  static networkToChain(network) {
+    if (network === "solana:mainnet") return "solana";
+    if (network === "solana:devnet") return "solana_devnet";
+    return null;
+  }
+  async healthCheck() {
+    const start = Date.now();
+    try {
+      const conn = this.getConnection("solana_devnet");
+      await conn.getSlot();
+      return {
+        healthy: true,
+        latencyMs: Date.now() - start
+      };
+    } catch (error) {
+      return {
+        healthy: false,
+        error: error.message
+      };
+    }
+  }
+  /**
+   * Verify a Solana payment
+   * 
+   * Checks:
+   * 1. Transaction is valid and properly signed
+   * 2. Transfer instruction matches expected amount and recipient
+   */
+  async verify(paymentPayload, requirements) {
+    try {
+      const solanaPayload = paymentPayload.payload;
+      if (!solanaPayload || !solanaPayload.signedTransaction) {
+        return { valid: false, error: "Missing signed transaction" };
+      }
+      const chain = solanaPayload.chain || "solana_devnet";
+      const chainConfig = SOLANA_CHAINS[chain];
+      if (!chainConfig) {
+        return { valid: false, error: `Invalid chain: ${chain}` };
+      }
+      const txBuffer = Buffer.from(solanaPayload.signedTransaction, "base64");
+      let tx;
+      try {
+        tx = Transaction.from(txBuffer);
+      } catch {
+        tx = VersionedTransaction.deserialize(txBuffer);
+      }
+      if (tx instanceof Transaction) {
+        const hasAnySignature = tx.signatures.some(
+          (sig) => sig.signature && !sig.signature.every((b) => b === 0)
+        );
+        if (!hasAnySignature) {
+          return { valid: false, error: "Transaction not signed" };
+        }
+      }
+      const expectedAmount = BigInt(requirements.amount);
+      const expectedRecipient = new PublicKey2(requirements.payTo);
+      return {
+        valid: true,
+        details: {
+          chain,
+          sender: solanaPayload.sender,
+          recipient: requirements.payTo,
+          amount: requirements.amount
+        }
+      };
+    } catch (error) {
+      return { valid: false, error: error.message };
+    }
+  }
+  /**
+   * Settle a Solana payment
+   * 
+   * Submits the signed transaction to the network.
+   * In gasless mode, adds fee payer signature before submitting.
+   */
+  async settle(paymentPayload, requirements) {
+    try {
+      const solanaPayload = paymentPayload.payload;
+      if (!solanaPayload || !solanaPayload.signedTransaction) {
+        return { success: false, error: "Missing signed transaction" };
+      }
+      const chain = solanaPayload.chain || "solana_devnet";
+      const connection = this.getConnection(chain);
+      const txBuffer = Buffer.from(solanaPayload.signedTransaction, "base64");
+      let txToSend;
+      try {
+        const tx = Transaction.from(txBuffer);
+        if (this.feePayerKeypair && tx.feePayer) {
+          const feePayerPubkey = this.feePayerKeypair.publicKey.toBase58();
+          const txFeePayer = tx.feePayer.toBase58();
+          if (txFeePayer === feePayerPubkey) {
+            console.log(`[SolanaFacilitator] Gasless mode: adding fee payer signature`);
+            tx.partialSign(this.feePayerKeypair);
+          }
+        }
+        txToSend = tx.serialize();
+      } catch (e) {
+        txToSend = txBuffer;
+      }
+      const signature = await connection.sendRawTransaction(txToSend, {
+        skipPreflight: false,
+        preflightCommitment: "confirmed"
+      });
+      const confirmation = await connection.confirmTransaction(signature, "confirmed");
+      if (confirmation.value.err) {
+        return {
+          success: false,
+          error: `Transaction failed: ${JSON.stringify(confirmation.value.err)}`,
+          transaction: signature
+        };
+      }
+      return {
+        success: true,
+        transaction: signature,
+        status: "confirmed"
+      };
+    } catch (error) {
+      return { success: false, error: error.message };
+    }
+  }
+  supportsNetwork(network) {
+    return this.supportedNetworks.includes(network);
+  }
+};
+async function createSolanaPaymentTransaction(senderPubkey, recipientPubkey, amount, chain, feePayerPubkey) {
+  const chainConfig = SOLANA_CHAINS[chain];
+  const connection = new Connection2(chainConfig.rpc, "confirmed");
+  const mint = new PublicKey2(chainConfig.tokens.USDC.mint);
+  const actualFeePayer = feePayerPubkey || senderPubkey;
+  const senderATA = await getAssociatedTokenAddress(mint, senderPubkey);
+  const recipientATA = await getAssociatedTokenAddress(mint, recipientPubkey);
+  const transaction = new Transaction();
+  try {
+    await getAccount(connection, recipientATA);
+  } catch {
+    transaction.add(
+      createAssociatedTokenAccountInstruction(
+        actualFeePayer,
+        // payer (fee payer in gasless mode)
+        recipientATA,
+        // ata to create
+        recipientPubkey,
+        // owner
+        mint
+        // mint
+      )
+    );
+  }
+  transaction.add(
+    createTransferCheckedInstruction(
+      senderATA,
+      // source
+      mint,
+      // mint
+      recipientATA,
+      // destination
+      senderPubkey,
+      // owner (sender still authorizes the transfer)
+      amount,
+      // amount
+      chainConfig.tokens.USDC.decimals
+      // decimals
+    )
+  );
+  const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash();
+  transaction.recentBlockhash = blockhash;
+  transaction.feePayer = actualFeePayer;
+  return transaction;
+}
+
 // src/facilitators/registry.ts
+import { Keypair as Keypair2 } from "@solana/web3.js";
+import bs58 from "bs58";
 var FacilitatorRegistry = class {
   factories = /* @__PURE__ */ new Map();
   instances = /* @__PURE__ */ new Map();
@@ -463,7 +1115,20 @@ var FacilitatorRegistry = class {
   constructor(selection) {
     this.registerFactory("cdp", (config) => new CDPFacilitator(config));
     this.registerFactory("tempo", () => new TempoFacilitator());
-    this.selection = selection || { primary: "cdp", fallback: ["tempo"], strategy: "failover" };
+    this.registerFactory("bnb", (config) => new BNBFacilitator(config?.serverPrivateKey));
+    this.registerFactory("solana", (config) => {
+      let feePayerKeypair;
+      const feePayerKey = config?.feePayerPrivateKey || process.env.SOLANA_FEE_PAYER_KEY;
+      if (feePayerKey) {
+        try {
+          feePayerKeypair = Keypair2.fromSecretKey(bs58.decode(feePayerKey));
+        } catch (e) {
+          console.warn(`[SolanaFacilitator] Invalid fee payer key: ${e.message}`);
+        }
+      }
+      return new SolanaFacilitator({ feePayerKeypair });
+    });
+    this.selection = selection || { primary: "cdp", fallback: ["tempo", "bnb", "solana"], strategy: "failover" };
   }
   /**
    * Register a new facilitator factory
@@ -689,11 +1354,15 @@ function createRegistry(selection) {
   return new FacilitatorRegistry(selection);
 }
 export {
+  BNBFacilitator,
   BaseFacilitator,
   CDPFacilitator,
   FacilitatorRegistry,
+  SolanaFacilitator,
   TempoFacilitator,
+  createIntentTypedData,
   createRegistry,
+  createSolanaPaymentTransaction,
   getDefaultRegistry
 };
 //# sourceMappingURL=index.mjs.map