openttt 0.2.11 → 0.2.12

package/dist/integrity_client.js

@@ -1,122 +0,0 @@
-"use strict";
-/**
- * Integrity Client — replaces local integrity computation with server-side API call.
- * Core pipeline source code stays in Helm private repo. Only API calls go through npm SDK.
- *
- * Drop-in replacement interface for local encode() and verify() operations.
- */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.IntegrityClient = void 0;
-exports.getDefaultIntegrityClient = getDefaultIntegrityClient;
-exports.setDefaultIntegrityClient = setDefaultIntegrityClient;
-class IntegrityClient {
-    baseUrl;
-    timeoutMs;
-    apiKey;
-    constructor(baseUrl = "https://integrity.helmprotocol.com/api/v1", options) {
-        this.baseUrl = baseUrl.replace(/\/$/, "");
-        this.timeoutMs = options?.timeoutMs ?? 5000;
-        this.apiKey = options?.apiKey ?? (typeof process !== "undefined" ? process.env["INTEGRITY_API_KEY"] : undefined);
-    }
-    /**
-     * Forward pass: encode data through integrity pipeline (server-side).
-     *
-     * @returns Array of Uint8Array shards
-     */
-    async encode(data, chainId, poolAddress) {
-        const controller = new AbortController();
-        const timer = setTimeout(() => controller.abort(), this.timeoutMs);
-        try {
-            const resp = await fetch(`${this.baseUrl}/encode`, {
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/json",
-                    ...(this.apiKey ? { "X-Integrity-Key": this.apiKey } : {}),
-                },
-                body: JSON.stringify({
-                    data: Buffer.from(data).toString("hex"),
-                    chainId: chainId,
-                    poolAddress,
-                }),
-                signal: controller.signal,
-            });
-            if (!resp.ok) {
-                throw new Error(`Integrity API error: ${resp.status} ${resp.statusText}`);
-            }
-            const result = await resp.json();
-            return result.shards.map((hex) => Buffer.from(hex, "hex"));
-        }
-        finally {
-            clearTimeout(timer);
-        }
-    }
-    /**
-     * Verify: check data integrity (server-side).
-     *
-     * @returns boolean — true if data matches the original shards
-     */
-    async verify(data, originalShards, chainId, poolAddress) {
-        const controller = new AbortController();
-        const timer = setTimeout(() => controller.abort(), this.timeoutMs);
-        try {
-            const resp = await fetch(`${this.baseUrl}/verify`, {
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/json",
-                    ...(this.apiKey ? { "X-Integrity-Key": this.apiKey } : {}),
-                },
-                body: JSON.stringify({
-                    data: Buffer.from(data).toString("hex"),
-                    shards: originalShards.map((s) => Buffer.from(s).toString("hex")),
-                    chainId: chainId,
-                    poolAddress,
-                }),
-                signal: controller.signal,
-            });
-            if (!resp.ok) {
-                throw new Error(`Integrity API error: ${resp.status} ${resp.statusText}`);
-            }
-            const result = await resp.json();
-            return result.valid;
-        }
-        finally {
-            clearTimeout(timer);
-        }
-    }
-    /**
-     * Health check — ping the integrity API server.
-     * Returns true if reachable within timeoutMs.
-     */
-    async isReachable() {
-        const controller = new AbortController();
-        const timer = setTimeout(() => controller.abort(), this.timeoutMs);
-        try {
-            const resp = await fetch(`${this.baseUrl}/health`, {
-                method: "GET",
-                signal: controller.signal,
-            });
-            return resp.ok;
-        }
-        catch {
-            return false;
-        }
-        finally {
-            clearTimeout(timer);
-        }
-    }
-}
-exports.IntegrityClient = IntegrityClient;
-/**
- * Singleton default client — uses production integrity API endpoint.
- * Can be overridden via setDefaultIntegrityClient() for testing/staging.
- */
-let _defaultClient = null;
-function getDefaultIntegrityClient() {
-    if (!_defaultClient) {
-        _defaultClient = new IntegrityClient();
-    }
-    return _defaultClient;
-}
-function setDefaultIntegrityClient(client) {
-    _defaultClient = client;
-}

package/dist/osnma_source.d.ts

@@ -1,82 +0,0 @@
-/**
- * OSNMA (Galileo Open Service Navigation Message Authentication) Time Source
- *
- * Integrates Galileo OSNMA public key verification into the TTT SDK TimeSource interface.
- * OSNMA provides satellite-grade time authentication via ECDSA P-256/SHA-256.
- *
- * Key data sourced from GSC Europa portal (gsc-europa.eu):
- *   - PKID: 2, point: 02219204B5CA6C46B623EEED6CDD2CDDB1F7D6A7532767E5B8DA0DE1EBD695FC99
- *   - Merkle Tree root: 7B944FA20915C7931D48DD016D94F9C6381FD37DC6C125D97015272FDDE41393
- *   - Hash function: SHA-256, N=16
- *   - Applicability: 2025-12-10T10:00:00Z
- *
- * SECURITY MODEL:
- *   - Public key is hardcoded from GSC portal (authenticated via EUSPA PKI chain)
- *   - Merkle tree root anchors the key — any key change requires new root proof
- *   - Stratum is set to 1 (satellite direct, equivalent to GPS timing receiver)
- *   - Uncertainty: 50ms base (conservative — actual Galileo timing is ±100ns,
- *     but edge SDK without hardware PPS uses NTP-level cross-check)
- */
-import { TimeReading } from './types';
-import { TimeSource } from './time_synthesis';
-export interface OsnmaKeyMaterial {
-    pkid: number;
-    publicKeyHex: string;
-    merkleRootHex: string;
-    hashFunction: string;
-    applicabilityMs: number;
-}
-export interface OsnmaVerificationResult {
-    valid: boolean;
-    pkid: number;
-    merkleRootHex: string;
-    keyFingerprint: string;
-    applicabilityMs: number;
-    checkedAt: number;
-}
-/**
- * Verifies OSNMA key material integrity:
- * 1. Public key point length (compressed P-256 = 33 bytes)
- * 2. Merkle root length (SHA-256 = 32 bytes)
- * 3. Applicability date is in the past (key is active)
- * 4. Computes key fingerprint for audit trail
- */
-export declare function verifyOsnmaKeyMaterial(key: OsnmaKeyMaterial): OsnmaVerificationResult;
-/**
- * OsnmaTimeSource — implements TimeSource interface for TimeSynthesis integration.
- *
- * In a full hardware integration, this would parse OSNMA navigation messages
- * from a Galileo receiver and verify the TESLA chain + ECDSA signature.
- *
- * In this edge SDK integration:
- *   - Key material is verified against the hardcoded GSC anchor
- *   - Time is sourced from system clock (same as HTTPS sources)
- *   - Stratum is set to 1 to reflect satellite-grade authority
- *   - This establishes the OSNMA trust anchor in the SDK trust chain,
- *     ready for hardware receiver integration (UART/SPI/USB NMEA feed)
- */
-export declare class OsnmaTimeSource implements TimeSource {
-    readonly name = "osnma";
-    private keyMaterial;
-    private verificationResult;
-    constructor(keyMaterial?: Partial<OsnmaKeyMaterial>);
-    /**
-     * Verifies key material and returns a TimeReading.
-     * Stratum 1 — satellite-grade authority.
-     * Uncertainty 50ms — conservative edge estimate without hardware PPS.
-     */
-    getTime(): Promise<TimeReading>;
-    /**
-     * Returns the verified key material for audit/logging.
-     */
-    getVerificationResult(): OsnmaVerificationResult | null;
-    /**
-     * Returns the raw key material (public key hex, merkle root, pkid).
-     */
-    getKeyMaterial(): Readonly<OsnmaKeyMaterial>;
-}
-/**
- * Default OSNMA key material from GSC Europa portal.
- * PKID=2, applicable from 2025-12-10T10:00:00Z.
- */
-export declare const DEFAULT_OSNMA_KEY: OsnmaKeyMaterial;

package/dist/osnma_source.js

@@ -1,169 +0,0 @@
-"use strict";
-/**
- * OSNMA (Galileo Open Service Navigation Message Authentication) Time Source
- *
- * Integrates Galileo OSNMA public key verification into the TTT SDK TimeSource interface.
- * OSNMA provides satellite-grade time authentication via ECDSA P-256/SHA-256.
- *
- * Key data sourced from GSC Europa portal (gsc-europa.eu):
- *   - PKID: 2, point: 02219204B5CA6C46B623EEED6CDD2CDDB1F7D6A7532767E5B8DA0DE1EBD695FC99
- *   - Merkle Tree root: 7B944FA20915C7931D48DD016D94F9C6381FD37DC6C125D97015272FDDE41393
- *   - Hash function: SHA-256, N=16
- *   - Applicability: 2025-12-10T10:00:00Z
- *
- * SECURITY MODEL:
- *   - Public key is hardcoded from GSC portal (authenticated via EUSPA PKI chain)
- *   - Merkle tree root anchors the key — any key change requires new root proof
- *   - Stratum is set to 1 (satellite direct, equivalent to GPS timing receiver)
- *   - Uncertainty: 50ms base (conservative — actual Galileo timing is ±100ns,
- *     but edge SDK without hardware PPS uses NTP-level cross-check)
- */
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.DEFAULT_OSNMA_KEY = exports.OsnmaTimeSource = void 0;
-exports.verifyOsnmaKeyMaterial = verifyOsnmaKeyMaterial;
-const crypto = __importStar(require("crypto"));
-const errors_1 = require("./errors");
-// OSNMA Public Key — ECDSA P-256, PKID=2
-// Sourced from GSC Europa OSNMA/PKI, applicability: 2025-12-10T10:00:00Z
-const OSNMA_PUBLIC_KEY_HEX = '02219204B5CA6C46B623EEED6CDD2CDDB1F7D6A7532767E5B8DA0DE1EBD695FC99';
-const OSNMA_MERKLE_ROOT_HEX = '7B944FA20915C7931D48DD016D94F9C6381FD37DC6C125D97015272FDDE41393';
-const OSNMA_PKID = 2;
-const OSNMA_HASH_FUNCTION = 'SHA-256';
-const OSNMA_APPLICABILITY = new Date('2025-12-10T10:00:00Z').getTime();
-/**
- * Verifies OSNMA key material integrity:
- * 1. Public key point length (compressed P-256 = 33 bytes)
- * 2. Merkle root length (SHA-256 = 32 bytes)
- * 3. Applicability date is in the past (key is active)
- * 4. Computes key fingerprint for audit trail
- */
-function verifyOsnmaKeyMaterial(key) {
-    const pubKeyBytes = Buffer.from(key.publicKeyHex, 'hex');
-    if (pubKeyBytes.length !== 33) {
-        throw new errors_1.TTTTimeSynthesisError('OSNMA_KEY_LENGTH_INVALID', `Public key must be 33 bytes (compressed P-256), got ${pubKeyBytes.length}`, 'Check OSNMA key format from GSC Europa portal');
-    }
-    // Compressed point prefix must be 02 or 03
-    if (pubKeyBytes[0] !== 0x02 && pubKeyBytes[0] !== 0x03) {
-        throw new errors_1.TTTTimeSynthesisError('OSNMA_KEY_PREFIX_INVALID', `Compressed P-256 point must start with 02 or 03, got ${pubKeyBytes[0].toString(16)}`, 'OSNMA public key is not a valid compressed EC point');
-    }
-    const merkleBytes = Buffer.from(key.merkleRootHex, 'hex');
-    if (merkleBytes.length !== 32) {
-        throw new errors_1.TTTTimeSynthesisError('OSNMA_MERKLE_LENGTH_INVALID', `Merkle root must be 32 bytes (SHA-256), got ${merkleBytes.length}`, 'Check OSNMA Merkle Tree XML from GSC Europa portal');
-    }
-    const now = Date.now();
-    if (now < key.applicabilityMs) {
-        throw new errors_1.TTTTimeSynthesisError('OSNMA_KEY_NOT_YET_APPLICABLE', `Key PKID=${key.pkid} not applicable until ${new Date(key.applicabilityMs).toISOString()}`, 'Use a key with an applicability date in the past');
-    }
-    // SHA-256 fingerprint of the raw public key bytes
-    const fingerprint = crypto.createHash('sha256').update(pubKeyBytes).digest('hex');
-    return {
-        valid: true,
-        pkid: key.pkid,
-        merkleRootHex: key.merkleRootHex,
-        keyFingerprint: fingerprint,
-        applicabilityMs: key.applicabilityMs,
-        checkedAt: now,
-    };
-}
-/**
- * OsnmaTimeSource — implements TimeSource interface for TimeSynthesis integration.
- *
- * In a full hardware integration, this would parse OSNMA navigation messages
- * from a Galileo receiver and verify the TESLA chain + ECDSA signature.
- *
- * In this edge SDK integration:
- *   - Key material is verified against the hardcoded GSC anchor
- *   - Time is sourced from system clock (same as HTTPS sources)
- *   - Stratum is set to 1 to reflect satellite-grade authority
- *   - This establishes the OSNMA trust anchor in the SDK trust chain,
- *     ready for hardware receiver integration (UART/SPI/USB NMEA feed)
- */
-class OsnmaTimeSource {
-    name = 'osnma';
-    keyMaterial;
-    verificationResult = null;
-    constructor(keyMaterial) {
-        this.keyMaterial = {
-            pkid: keyMaterial?.pkid ?? OSNMA_PKID,
-            publicKeyHex: keyMaterial?.publicKeyHex ?? OSNMA_PUBLIC_KEY_HEX,
-            merkleRootHex: keyMaterial?.merkleRootHex ?? OSNMA_MERKLE_ROOT_HEX,
-            hashFunction: keyMaterial?.hashFunction ?? OSNMA_HASH_FUNCTION,
-            applicabilityMs: keyMaterial?.applicabilityMs ?? OSNMA_APPLICABILITY,
-        };
-    }
-    /**
-     * Verifies key material and returns a TimeReading.
-     * Stratum 1 — satellite-grade authority.
-     * Uncertainty 50ms — conservative edge estimate without hardware PPS.
-     */
-    async getTime() {
-        // Verify key material on first call (or re-verify if not yet done)
-        if (!this.verificationResult) {
-            this.verificationResult = verifyOsnmaKeyMaterial(this.keyMaterial);
-        }
-        const timestamp = BigInt(Date.now()) * 1000000n; // ns
-        return {
-            timestamp,
-            uncertainty: 50, // 50ms conservative edge estimate
-            stratum: 1, // satellite-grade (equivalent to GPS timing)
-            source: 'osnma',
-        };
-    }
-    /**
-     * Returns the verified key material for audit/logging.
-     */
-    getVerificationResult() {
-        return this.verificationResult;
-    }
-    /**
-     * Returns the raw key material (public key hex, merkle root, pkid).
-     */
-    getKeyMaterial() {
-        return { ...this.keyMaterial };
-    }
-}
-exports.OsnmaTimeSource = OsnmaTimeSource;
-/**
- * Default OSNMA key material from GSC Europa portal.
- * PKID=2, applicable from 2025-12-10T10:00:00Z.
- */
-exports.DEFAULT_OSNMA_KEY = {
-    pkid: OSNMA_PKID,
-    publicKeyHex: OSNMA_PUBLIC_KEY_HEX,
-    merkleRootHex: OSNMA_MERKLE_ROOT_HEX,
-    hashFunction: OSNMA_HASH_FUNCTION,
-    applicabilityMs: OSNMA_APPLICABILITY,
-};

package/dist/protocol_fee.d.ts

@@ -1,72 +0,0 @@
-import { FeeCalculation } from "./dynamic_fee";
-import { EVMConnector } from "./evm_connector";
-/**
- * Pluggable replay cache interface for signature deduplication.
- * Implement this to use Redis, database, or other external stores.
- */
-export interface ReplayCache {
-    has(key: string): Promise<boolean>;
-    set(key: string, ttlMs: number): Promise<void>;
-}
-/**
- * Default in-memory replay cache with bounded size and TTL eviction.
- * Suitable for single-process deployments; use a distributed ReplayCache
- * implementation (e.g., Redis) for multi-node setups.
- */
-export declare class InMemoryReplayCache implements ReplayCache {
-    private entries;
-    private readonly maxEntries;
-    private readonly defaultTtlMs;
-    private lastPruneTime;
-    private static readonly PRUNE_INTERVAL_MS;
-    constructor(maxEntries?: number, defaultTtlMs?: number);
-    has(key: string): Promise<boolean>;
-    set(key: string, ttlMs: number): Promise<void>;
-    private pruneIfNeeded;
-}
-/**
- * ProtocolFeeCollector - Handles Helm protocol fee collection and verification.
- * Includes EIP-712 signature verification for x402 compliance.
- */
-export declare class ProtocolFeeCollector {
-    private totalCollected;
-    private chainId;
-    private verifyingContract;
-    private replayCache;
-    private evmConnector;
-    private protocolFeeRecipient;
-    private feeContract;
-    constructor(chainId: number, verifyingContract: string, evmConnector: EVMConnector, protocolFeeRecipient: string, replayCache?: ReplayCache);
-    /**
-     * R3-P0-2: Verify chainId matches the actual connected network.
-     * Must be called after EVMConnector.connect() to prevent cross-chain signature replay.
-     */
-    validateChainId(): Promise<void>;
-    private getFeeContract;
-    /**
-     * Collect minting fee (Stablecoin).
-     * @param feeCalc - Fee calculation result from DynamicFeeEngine.
-     * @param signature - EIP-712 signature (required, for x402 verification).
-     * @param user - Signer address.
-     * @param nonce - Anti-replay nonce.
-     * @param deadline - Signature expiration timestamp.
-     */
-    collectMintFee(feeCalc: FeeCalculation, signature: string, user: string, nonce: bigint, deadline: number): Promise<void>;
-    /**
-     * Collect burn fee.
-     * @param feeCalc - Fee calculation result from DynamicFeeEngine.
-     * @param signature - EIP-712 signature (required).
-     * @param user - Signer address.
-     * @param nonce - Anti-replay nonce.
-     * @param deadline - Signature expiration timestamp.
-     */
-    collectBurnFee(feeCalc: FeeCalculation, signature: string, user: string, nonce: bigint, deadline: number): Promise<void>;
-    /**
-     * Return total fees collected so far.
-     */
-    getCollectedFees(): Promise<bigint>;
-    /**
-     * EIP-712 signature verification (x402 compliance).
-     */
-    private verifySignature;
-}

package/dist/protocol_fee.js

@@ -1,199 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.ProtocolFeeCollector = exports.InMemoryReplayCache = void 0;
-const ethers_1 = require("ethers");
-const logger_1 = require("./logger");
-/**
- * Default in-memory replay cache with bounded size and TTL eviction.
- * Suitable for single-process deployments; use a distributed ReplayCache
- * implementation (e.g., Redis) for multi-node setups.
- */
-class InMemoryReplayCache {
-    entries = new Map();
-    maxEntries;
-    defaultTtlMs;
-    lastPruneTime = 0;
-    static PRUNE_INTERVAL_MS = 60000;
-    constructor(maxEntries = 10000, defaultTtlMs = 3600000) {
-        this.maxEntries = maxEntries;
-        this.defaultTtlMs = defaultTtlMs;
-    }
-    async has(key) {
-        this.pruneIfNeeded();
-        const ts = this.entries.get(key);
-        if (ts === undefined)
-            return false;
-        if (Date.now() - ts > this.defaultTtlMs) {
-            this.entries.delete(key);
-            return false;
-        }
-        return true;
-    }
-    async set(key, ttlMs) {
-        this.pruneIfNeeded();
-        this.entries.set(key, Date.now());
-    }
-    pruneIfNeeded() {
-        const now = Date.now();
-        if (now - this.lastPruneTime < InMemoryReplayCache.PRUNE_INTERVAL_MS &&
-            this.entries.size <= this.maxEntries) {
-            return;
-        }
-        this.lastPruneTime = now;
-        for (const [sig, ts] of this.entries) {
-            if (now - ts > this.defaultTtlMs) {
-                this.entries.delete(sig);
-            }
-        }
-        // If still over limit, remove oldest entries
-        if (this.entries.size > this.maxEntries) {
-            const sorted = [...this.entries.entries()].sort((a, b) => a[1] - b[1]);
-            const toRemove = sorted.slice(0, sorted.length - this.maxEntries);
-            for (const [sig] of toRemove) {
-                this.entries.delete(sig);
-            }
-        }
-    }
-}
-exports.InMemoryReplayCache = InMemoryReplayCache;
-/**
- * ProtocolFeeCollector - Handles Helm protocol fee collection and verification.
- * Includes EIP-712 signature verification for x402 compliance.
- */
-class ProtocolFeeCollector {
-    totalCollected = 0n;
-    chainId;
-    verifyingContract;
-    replayCache;
-    evmConnector;
-    protocolFeeRecipient;
-    feeContract = null;
-    constructor(chainId, verifyingContract, evmConnector, protocolFeeRecipient, replayCache) {
-        // R3-P0-2: Validate chainId is a positive integer to prevent cross-chain replay
-        if (!Number.isInteger(chainId) || chainId <= 0) {
-            throw new Error(`[ProtocolFee] Invalid chainId: ${chainId}. Must be a positive integer.`);
-        }
-        this.chainId = chainId;
-        this.verifyingContract = ethers_1.ethers.getAddress(verifyingContract);
-        this.evmConnector = evmConnector;
-        this.protocolFeeRecipient = ethers_1.ethers.getAddress(protocolFeeRecipient);
-        this.replayCache = replayCache ?? new InMemoryReplayCache();
-    }
-    /**
-     * R3-P0-2: Verify chainId matches the actual connected network.
-     * Must be called after EVMConnector.connect() to prevent cross-chain signature replay.
-     */
-    async validateChainId() {
-        const provider = this.evmConnector.getProvider();
-        const network = await provider.getNetwork();
-        if (Number(network.chainId) !== this.chainId) {
-            throw new Error(`[ProtocolFee] Chain ID mismatch: configured ${this.chainId}, network reports ${network.chainId}. Cross-chain replay risk!`);
-        }
-    }
-    getFeeContract() {
-        if (this.feeContract)
-            return this.feeContract;
-        const abi = [
-            "function collectFee(address token, uint256 amount, bytes calldata signature, uint256 nonce, uint256 deadline) external"
-        ];
-        // ProtocolFeeCollector uses verifyingContract as the ProtocolFee.sol address
-        this.feeContract = new ethers_1.ethers.Contract(this.verifyingContract, abi, this.evmConnector.getSigner());
-        return this.feeContract;
-    }
-    /**
-     * Collect minting fee (Stablecoin).
-     * @param feeCalc - Fee calculation result from DynamicFeeEngine.
-     * @param signature - EIP-712 signature (required, for x402 verification).
-     * @param user - Signer address.
-     * @param nonce - Anti-replay nonce.
-     * @param deadline - Signature expiration timestamp.
-     */
-    async collectMintFee(feeCalc, signature, user, nonce, deadline) {
-        try {
-            await this.verifySignature(feeCalc, signature, user, nonce, deadline);
-            // Actual on-chain collection
-            const contract = this.getFeeContract();
-            const tx = await contract.collectFee(ethers_1.ethers.getAddress(feeCalc.feeTokenAddress), feeCalc.protocolFeeUsd, signature, nonce, deadline);
-            await tx.wait();
-            this.totalCollected += feeCalc.protocolFeeUsd;
-            logger_1.logger.info(`[ProtocolFee] Mint fee collected on-chain: ${feeCalc.protocolFeeUsd} ${feeCalc.feeToken}. TX: ${tx.hash}`);
-        }
-        catch (error) {
-            throw new Error(`[ProtocolFee] Mint fee collection failed: ${(error instanceof Error ? error.message : String(error))}`);
-        }
-    }
-    /**
-     * Collect burn fee.
-     * @param feeCalc - Fee calculation result from DynamicFeeEngine.
-     * @param signature - EIP-712 signature (required).
-     * @param user - Signer address.
-     * @param nonce - Anti-replay nonce.
-     * @param deadline - Signature expiration timestamp.
-     */
-    async collectBurnFee(feeCalc, signature, user, nonce, deadline) {
-        try {
-            await this.verifySignature(feeCalc, signature, user, nonce, deadline);
-            // Actual on-chain collection
-            const contract = this.getFeeContract();
-            const tx = await contract.collectFee(ethers_1.ethers.getAddress(feeCalc.feeTokenAddress), feeCalc.protocolFeeUsd, signature, nonce, deadline);
-            await tx.wait();
-            this.totalCollected += feeCalc.protocolFeeUsd;
-            logger_1.logger.info(`[ProtocolFee] Burn fee collected on-chain: ${feeCalc.protocolFeeUsd} ${feeCalc.feeToken}. TX: ${tx.hash}`);
-        }
-        catch (error) {
-            throw new Error(`[ProtocolFee] Burn fee collection failed: ${(error instanceof Error ? error.message : String(error))}`);
-        }
-    }
-    /**
-     * Return total fees collected so far.
-     */
-    async getCollectedFees() {
-        return this.totalCollected;
-    }
-    /**
-     * EIP-712 signature verification (x402 compliance).
-     */
-    async verifySignature(feeCalc, signature, user, nonce, deadline) {
-        // B1-2 + P1-2: Replay protection via pluggable cache
-        if (await this.replayCache.has(signature)) {
-            throw new Error("Signature already used (replay protection)");
-        }
-        // B1-2: Deadline check
-        const now = Math.floor(Date.now() / 1000);
-        if (deadline < now) {
-            throw new Error("Signature deadline expired");
-        }
-        const normalizedUser = ethers_1.ethers.getAddress(user);
-        const domain = {
-            name: "OpenTTT_ProtocolFee",
-            version: "1",
-            chainId: this.chainId,
-            verifyingContract: this.verifyingContract
-        };
-        const types = {
-            CollectFee: [
-                { name: "token", type: "address" },
-                { name: "amount", type: "uint256" },
-                { name: "nonce", type: "uint256" },
-                { name: "deadline", type: "uint256" }
-            ]
-        };
-        const value = {
-            token: ethers_1.ethers.getAddress(feeCalc.feeTokenAddress),
-            amount: feeCalc.protocolFeeUsd,
-            nonce: nonce,
-            deadline: deadline
-        };
-        try {
-            const recoveredAddress = ethers_1.ethers.verifyTypedData(domain, types, value, signature);
-            if (ethers_1.ethers.getAddress(recoveredAddress) !== normalizedUser) {
-                throw new Error("Invalid EIP-712 signature: signer mismatch");
-            }
-            await this.replayCache.set(signature, 3600000); // Mark as used with 1h TTL
-        }
-        catch (error) {
-            throw new Error(`[ProtocolFee] Signature verification failed: ${(error instanceof Error ? error.message : String(error))}`);
-        }
-    }
-}
-exports.ProtocolFeeCollector = ProtocolFeeCollector;

package/dist/revenue_tiers.d.ts

@@ -1,36 +0,0 @@
-/**
- * Revenue Tier Configuration
- * Reflects the TTT Labs pricing strategy: Free/Sponsor-backed T0 up to Institutional T3.
- */
-export declare enum RevenueTier {
-    T0_EPOCH = "T0_EPOCH",
-    T1_BLOCK = "T1_BLOCK",
-    T2_SLOT = "T2_SLOT",
-    T3_MICRO = "T3_MICRO"
-}
-export interface TierConfig {
-    tier: RevenueTier;
-    name: string;
-    interval: string;
-    pricePerTick: number;
-    currency: string;
-    model: string;
-    target: string;
-    sponsorEligible: boolean;
-}
-export interface SponsorConfig {
-    sponsor: string;
-    tier: RevenueTier;
-    monthlyBudgetUsd: number;
-    startDate: string;
-    endDate: string;
-}
-export declare const REVENUE_TIERS: Record<RevenueTier, TierConfig>;
-/**
- * Calculate projected monthly cost based on tier and throughput.
- */
-export declare function calculateMonthlyCost(tier: RevenueTier, ticksPerDay: number): number;
-/**
- * Determine the appropriate tier based on a usage description.
- */
-export declare function getTierForUseCase(useCase: string): RevenueTier;