solanapolis 1.0.0

package/scripts/setup-webhook.ts

@@ -0,0 +1,73 @@
+/**
+ * Creates the Helius swap webhook and seeds it with all existing wallet addresses.
+ *
+ * Usage:
+ *   source .env.local && npx tsx scripts/setup-webhook.ts https://heliopolis.ngrok.app
+ *
+ * Outputs the env vars to add to .env.local.
+ */
+import { createClient } from "@supabase/supabase-js";
+
+const SUPABASE_URL = process.env.NEXT_PUBLIC_SUPABASE_URL!;
+const SUPABASE_KEY = process.env.SUPABASE_SERVICE_ROLE_KEY!;
+const HELIUS_API_KEY = process.env.HELIUS_API_KEY!;
+
+const appUrl = process.argv[2];
+if (!appUrl) {
+  console.error("Usage: npx tsx scripts/setup-webhook.ts <app-url>");
+  console.error("Example: npx tsx scripts/setup-webhook.ts https://heliopolis.ngrok.app");
+  process.exit(1);
+}
+
+const supabase = createClient(SUPABASE_URL, SUPABASE_KEY);
+
+async function main() {
+  // Get all wallet addresses
+  const { data: wallets, error } = await supabase
+    .from("wallets")
+    .select("address")
+    .limit(100000);
+
+  if (error) { console.error(error); process.exit(1); }
+
+  const addresses = wallets.map((w: { address: string }) => w.address);
+  console.log(`Found ${addresses.length} wallets to track`);
+
+  // Generate secret
+  const secret = crypto.randomUUID();
+  const webhookUrl = `${appUrl.replace(/\/$/, "")}/api/webhooks/helius`;
+
+  console.log(`Creating webhook → ${webhookUrl}`);
+
+  const res = await fetch(
+    `https://api.helius.xyz/v0/webhooks?api-key=${HELIUS_API_KEY}`,
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        webhookURL: webhookUrl,
+        transactionTypes: ["SWAP"],
+        accountAddresses: addresses,
+        webhookType: "enhanced",
+        authHeader: `Bearer ${secret}`,
+      }),
+    },
+  );
+
+  if (!res.ok) {
+    const body = await res.text();
+    console.error(`Failed to create webhook: ${res.status} ${body}`);
+    process.exit(1);
+  }
+
+  const data = await res.json();
+  const webhookId = data.webhookID;
+
+  console.log("\nWebhook created successfully!\n");
+  console.log("Add these to your .env.local:\n");
+  console.log(`HELIUS_WEBHOOK_ID=${webhookId}`);
+  console.log(`HELIUS_WEBHOOK_SECRET=${secret}`);
+  console.log(`NEXT_PUBLIC_MOCK_SWAPS=false`);
+}
+
+main();

package/src/app/api/auth/callback/route.ts

@@ -0,0 +1,6 @@
+import { NextResponse } from "next/server";
+
+// Auth disabled — city is read-only
+export async function GET(request: Request) {
+  return NextResponse.redirect(new URL(request.url).origin);
+}

package/src/app/api/auth/link-wallet/route.ts

@@ -0,0 +1,6 @@
+import { NextResponse } from "next/server";
+
+// Auth disabled — city is read-only
+export async function POST() {
+  return NextResponse.json({ error: "Auth disabled" }, { status: 403 });
+}

package/src/app/api/auth/phantom/route.ts

@@ -0,0 +1,6 @@
+import { NextResponse } from "next/server";
+
+// Auth disabled — city is read-only
+export async function POST() {
+  return NextResponse.json({ error: "Auth disabled" }, { status: 403 });
+}

package/src/app/api/broadcast-position/route.ts

@@ -0,0 +1,59 @@
+/**
+ * POST /api/broadcast-position
+ *
+ * Relays UE5 Pixel Streaming client positions into the Supabase Realtime
+ * channel that CesiumFlight.tsx listens to. This lets UE5 pilots appear
+ * as remote-plane entities alongside web pilots.
+ *
+ * Body: { wallet, lon, lat, alt, heading, pitch, roll, source? }
+ */
+
+import { NextRequest, NextResponse } from "next/server";
+import { createClient } from "@supabase/supabase-js";
+
+const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
+const serviceKey  = process.env.SUPABASE_SERVICE_ROLE_KEY!;
+
+export async function POST(req: NextRequest) {
+  let body: {
+    wallet:  string;
+    lon:     number;
+    lat:     number;
+    alt:     number;
+    heading: number;
+    pitch:   number;
+    roll:    number;
+    source?: string;
+  };
+
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ error: "Invalid JSON" }, { status: 400 });
+  }
+
+  const { wallet, lon, lat, alt, heading, pitch, roll, source = "web" } = body;
+
+  if (!wallet || lon === undefined || lat === undefined) {
+    return NextResponse.json({ error: "Missing required fields" }, { status: 400 });
+  }
+
+  // Use service role so we can broadcast without an authenticated session
+  const supabase = createClient(supabaseUrl, serviceKey, {
+    realtime: { params: { eventsPerSecond: 20 } },
+  });
+
+  const channel = supabase.channel("heliopolis-cesium-planes");
+  await channel.subscribe();
+
+  await channel.send({
+    type:    "broadcast",
+    event:   "cesium-position",
+    payload: { wallet, lon, lat, alt, heading, pitch, roll, source },
+  });
+
+  // Clean up immediately — this is a fire-and-forget relay
+  await supabase.removeChannel(channel);
+
+  return NextResponse.json({ ok: true });
+}

package/src/app/api/leaderboard/route.ts

@@ -0,0 +1,85 @@
+import { NextResponse } from "next/server";
+import { createAdminClient } from "@/lib/supabase-admin";
+
+/**
+ * GET /api/leaderboard — returns top players
+ * POST /api/leaderboard — submits/ends a game session
+ */
+
+export async function GET(request: Request) {
+  const { searchParams } = new URL(request.url);
+  const limit = Math.min(parseInt(searchParams.get("limit") ?? "20", 10), 100);
+
+  const supabase = createAdminClient();
+
+  // Get leaderboard
+  const { data: leaderboard, error: lbErr } = await supabase
+    .rpc("get_leaderboard", { n: limit });
+
+  if (lbErr) {
+    return NextResponse.json({ error: lbErr.message }, { status: 500 });
+  }
+
+  // Get online player count
+  const { count: onlineCount } = await supabase
+    .from("active_players")
+    .select("*", { count: "exact", head: true })
+    .gte("last_heartbeat", new Date(Date.now() - 30_000).toISOString());
+
+  // Cleanup stale players (opportunistic)
+  try { await supabase.rpc("cleanup_stale_players"); } catch { /* ignore */ }
+
+  return NextResponse.json({
+    leaderboard: leaderboard ?? [],
+    onlineCount: onlineCount ?? 0,
+  });
+}
+
+export async function POST(request: Request) {
+  try {
+    const body = await request.json();
+    const { action, wallet, mode, sessionId, score, hitsPlanes, hitsCars, shotsFired } = body;
+
+    const supabase = createAdminClient();
+
+    if (action === "start") {
+      // Create a new game session
+      const { data, error } = await supabase
+        .from("game_sessions")
+        .insert({
+          wallet_address: wallet,
+          mode: mode ?? "car",
+        })
+        .select("id")
+        .single();
+
+      if (error) {
+        return NextResponse.json({ error: error.message }, { status: 500 });
+      }
+
+      return NextResponse.json({ sessionId: data.id });
+    }
+
+    if (action === "end") {
+      // End a game session and update leaderboard
+      const { error } = await supabase.rpc("end_game_session", {
+        p_session_id: sessionId,
+        p_wallet: wallet,
+        p_score: score ?? 0,
+        p_hits_planes: hitsPlanes ?? 0,
+        p_hits_cars: hitsCars ?? 0,
+        p_shots_fired: shotsFired ?? 0,
+      });
+
+      if (error) {
+        return NextResponse.json({ error: error.message }, { status: 500 });
+      }
+
+      return NextResponse.json({ ok: true });
+    }
+
+    return NextResponse.json({ error: "Unknown action" }, { status: 400 });
+  } catch {
+    return NextResponse.json({ error: "Invalid request" }, { status: 400 });
+  }
+}

package/src/app/api/network-stats/route.ts

@@ -0,0 +1,86 @@
+import { NextResponse } from "next/server";
+
+/**
+ * Network stats endpoint — fetches live Solana network data via Helius RPC.
+ * Uses standard Solana RPC methods through the Helius RPC URL.
+ */
+export async function GET() {
+  const rpcUrl = process.env.HELIUS_RPC_URL;
+  if (!rpcUrl) {
+    return NextResponse.json({ error: "RPC not configured" }, { status: 500 });
+  }
+
+  try {
+    // Fetch slot, epoch, and TPS in parallel
+    const [slotRes, epochRes, perfRes] = await Promise.all([
+      fetch(rpcUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          id: "slot",
+          method: "getSlot",
+          params: [{ commitment: "confirmed" }],
+        }),
+      }),
+      fetch(rpcUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          id: "epoch",
+          method: "getEpochInfo",
+          params: [{ commitment: "confirmed" }],
+        }),
+      }),
+      fetch(rpcUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          id: "perf",
+          method: "getRecentPerformanceSamples",
+          params: [5],
+        }),
+      }),
+    ]);
+
+    const [slotData, epochData, perfData] = await Promise.all([
+      slotRes.json(),
+      epochRes.json(),
+      perfRes.json(),
+    ]);
+
+    // Calculate average TPS from performance samples
+    let avgTps = 0;
+    const samples = perfData.result;
+    if (Array.isArray(samples) && samples.length > 0) {
+      const totalTx = samples.reduce(
+        (sum: number, s: { numTransactions: number }) => sum + s.numTransactions,
+        0
+      );
+      const totalSecs = samples.reduce(
+        (sum: number, s: { samplePeriodSecs: number }) => sum + s.samplePeriodSecs,
+        0
+      );
+      avgTps = totalSecs > 0 ? Math.round(totalTx / totalSecs) : 0;
+    }
+
+    const epoch = epochData.result;
+
+    return NextResponse.json({
+      slot: slotData.result,
+      epoch: epoch?.epoch,
+      epochProgress: epoch
+        ? ((epoch.slotIndex / epoch.slotsInEpoch) * 100).toFixed(1)
+        : null,
+      tps: avgTps,
+    });
+  } catch (err) {
+    console.error("Network stats error:", err);
+    return NextResponse.json(
+      { error: String(err) },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/parcel-reward/route.ts

@@ -0,0 +1,181 @@
+import { NextRequest, NextResponse } from "next/server";
+import { createClient } from "@supabase/supabase-js";
+
+/**
+ * Parcel Rewards API — first 16 wallets get 0.069420 SOL hidden in their parcels.
+ *
+ * Budget: ~1.16 SOL → 16 × 0.069420 = 1.11072 SOL + tx fees
+ *
+ * GET  ?wallet=<address>         → check if wallet qualifies, show reward amount
+ * POST { wallet, action: "claim" } → claim the reward (sends SOL from treasury)
+ */
+
+const REWARD_PARCEL_COUNT = 16;    // 16 parcels funded
+const REWARD_SOL = 0.069420;       // Fixed per parcel — the magic number
+
+function supabaseAdmin() {
+  return createClient(
+    process.env.NEXT_PUBLIC_SUPABASE_URL!,
+    process.env.SUPABASE_SERVICE_ROLE_KEY!,
+  );
+}
+
+/** Check if wallet is in the first N placed wallets */
+async function getWalletRank(walletAddress: string): Promise<number | null> {
+  const sb = supabaseAdmin();
+  
+  const { data, error } = await sb
+    .from("wallets")
+    .select("address, created_at")
+    .or("ingestion_status.eq.complete,ingestion_status.is.null")
+    .order("created_at", { ascending: true })
+    .limit(REWARD_PARCEL_COUNT);
+
+  if (error || !data) return null;
+
+  const idx = data.findIndex((w: { address: string }) => w.address === walletAddress);
+  return idx >= 0 ? idx + 1 : null;
+}
+
+/** Check if reward was already claimed */
+async function isRewardClaimed(walletAddress: string): Promise<boolean> {
+  const sb = supabaseAdmin();
+  const { data } = await sb
+    .from("parcel_rewards")
+    .select("id")
+    .eq("wallet_address", walletAddress)
+    .eq("claimed", true)
+    .maybeSingle();
+  return !!data;
+}
+
+/** Record a reward claim */
+async function recordClaim(walletAddress: string, amount: number, txSignature: string) {
+  const sb = supabaseAdmin();
+  await sb
+    .from("parcel_rewards")
+    .upsert({
+      wallet_address: walletAddress,
+      amount_sol: amount,
+      claimed: true,
+      tx_signature: txSignature,
+      claimed_at: new Date().toISOString(),
+    }, { onConflict: "wallet_address" });
+}
+
+// ── GET: Check reward eligibility ──────────────────────────────────────────────
+export async function GET(request: NextRequest) {
+  const wallet = request.nextUrl.searchParams.get("wallet");
+  if (!wallet) {
+    return NextResponse.json({ error: "wallet parameter required" }, { status: 400 });
+  }
+
+  try {
+    const rank = await getWalletRank(wallet);
+    
+    if (rank === null || rank > REWARD_PARCEL_COUNT) {
+      return NextResponse.json({
+        eligible: false,
+        message: `Only the first ${REWARD_PARCEL_COUNT} wallets get parcel rewards`,
+      });
+    }
+
+    const claimed = await isRewardClaimed(wallet);
+
+    return NextResponse.json({
+      eligible: true,
+      rank,
+      totalSlots: REWARD_PARCEL_COUNT,
+      rewardSOL: REWARD_SOL,
+      claimed,
+      message: claimed
+        ? "Reward already claimed!"
+        : `🎁 Your parcel has ${REWARD_SOL} SOL hidden inside!`,
+    });
+  } catch (err) {
+    console.error("Parcel reward check error:", err);
+    return NextResponse.json({ eligible: false, error: "Check failed" }, { status: 500 });
+  }
+}
+
+// ── POST: Claim reward ─────────────────────────────────────────────────────────
+export async function POST(request: NextRequest) {
+  try {
+    const body = await request.json();
+    const { wallet, action } = body;
+
+    if (action !== "claim" || !wallet) {
+      return NextResponse.json({ error: "Invalid request" }, { status: 400 });
+    }
+
+    // Verify eligibility
+    const rank = await getWalletRank(wallet);
+    if (rank === null || rank > REWARD_PARCEL_COUNT) {
+      return NextResponse.json({ error: "Wallet not eligible" }, { status: 403 });
+    }
+
+    // Check not already claimed
+    const alreadyClaimed = await isRewardClaimed(wallet);
+    if (alreadyClaimed) {
+      return NextResponse.json({ error: "Reward already claimed" }, { status: 409 });
+    }
+
+    // Check for treasury private key
+    const treasuryKey = process.env.TREASURY_PRIVATE_KEY;
+    if (!treasuryKey) {
+      await recordClaim(wallet, REWARD_SOL, "pending-manual");
+      return NextResponse.json({
+        success: true,
+        amount: REWARD_SOL,
+        txSignature: "pending-manual",
+        message: `${REWARD_SOL} SOL reward recorded! Treasury payout pending.`,
+      });
+    }
+
+    // Send SOL from treasury wallet
+    const rpcUrl = process.env.HELIUS_RPC_URL || "https://api.mainnet-beta.solana.com";
+    
+    const { Connection, Keypair, SystemProgram, Transaction, PublicKey, LAMPORTS_PER_SOL } = await import("@solana/web3.js");
+    const bs58 = (await import("bs58")).default;
+    
+    const connection = new Connection(rpcUrl, "confirmed");
+    const treasury = Keypair.fromSecretKey(bs58.decode(treasuryKey));
+    const recipient = new PublicKey(wallet);
+    const lamports = Math.round(REWARD_SOL * LAMPORTS_PER_SOL);
+
+    // Check treasury balance
+    const balance = await connection.getBalance(treasury.publicKey);
+    if (balance < lamports + 5000) {
+      return NextResponse.json({ 
+        error: "Treasury depleted — all rewards have been claimed!", 
+        treasuryBalance: balance / LAMPORTS_PER_SOL,
+      }, { status: 503 });
+    }
+
+    const transaction = new Transaction().add(
+      SystemProgram.transfer({
+        fromPubkey: treasury.publicKey,
+        toPubkey: recipient,
+        lamports,
+      }),
+    );
+
+    const txSignature = await connection.sendTransaction(transaction, [treasury]);
+    await connection.confirmTransaction(txSignature, "confirmed");
+
+    await recordClaim(wallet, REWARD_SOL, txSignature);
+
+    return NextResponse.json({
+      success: true,
+      amount: REWARD_SOL,
+      txSignature,
+      message: `🎉 ${REWARD_SOL} SOL sent to your wallet!`,
+    });
+  } catch (err) {
+    console.error("Parcel reward claim error:", err);
+    return NextResponse.json({ 
+      error: "Claim failed — please try again",
+      details: err instanceof Error ? err.message : "Unknown error",
+    }, { status: 500 });
+  }
+}

package/src/app/api/queue-status/route.ts

@@ -0,0 +1,30 @@
+import { NextResponse } from "next/server";
+import { createAdminClient } from "@/lib/supabase-admin";
+
+export async function GET() {
+  try {
+    const supabase = createAdminClient();
+
+    const { data, error } = await supabase
+      .from("wallets")
+      .select("ingestion_status");
+
+    if (error) throw new Error(error.message);
+
+    const counts = { queued: 0, processing: 0, complete: 0, failed: 0 };
+    for (const row of data ?? []) {
+      const s = row.ingestion_status as keyof typeof counts;
+      if (s in counts) counts[s]++;
+    }
+
+    return NextResponse.json(counts, {
+      headers: { "Cache-Control": "public, max-age=10" },
+    });
+  } catch (err) {
+    console.error("Queue status error:", err);
+    return NextResponse.json(
+      { error: err instanceof Error ? err.message : "Unknown error" },
+      { status: 500 },
+    );
+  }
+}

package/src/app/api/snapshots/route.ts

@@ -0,0 +1,37 @@
+import { NextRequest, NextResponse } from "next/server";
+import { createAdminClient } from "@/lib/supabase-admin";
+
+export async function GET(request: NextRequest) {
+  try {
+    const { searchParams } = request.nextUrl;
+    const rawLimit = parseInt(searchParams.get("limit") ?? "30", 10);
+    const limit = Math.max(1, Math.min(500, isNaN(rawLimit) ? 30 : rawLimit));
+
+    const supabase = createAdminClient();
+
+    const { data, error } = await supabase
+      .from("city_snapshots")
+      .select("*")
+      .order("created_at", { ascending: false })
+      .limit(limit);
+
+    if (error) {
+      throw new Error(`DB error: ${error.message}`);
+    }
+
+    return NextResponse.json(
+      { snapshots: data ?? [], count: (data ?? []).length },
+      {
+        headers: {
+          "Cache-Control": "public, max-age=900",
+        },
+      }
+    );
+  } catch (err) {
+    console.error("Snapshots fetch error:", err);
+    return NextResponse.json(
+      { error: err instanceof Error ? err.message : "Unknown error" },
+      { status: 500 }
+    );
+  }
+}

package/src/app/api/transactions/enhanced/route.ts

@@ -0,0 +1,57 @@
+import { NextRequest, NextResponse } from "next/server";
+
+/**
+ * Get enhanced transaction data from Helius for display in the activity feed.
+ * Uses the Enhanced Transactions API: POST /v0/transactions
+ */
+export async function POST(req: NextRequest) {
+  try {
+    const { signatures } = await req.json();
+
+    if (!Array.isArray(signatures) || signatures.length === 0) {
+      return NextResponse.json({ error: "signatures array required" }, { status: 400 });
+    }
+
+    // Limit to 20 per request
+    const limited = signatures.slice(0, 20);
+    const apiKey = process.env.HELIUS_API_KEY;
+
+    const res = await fetch(
+      `https://api-mainnet.helius-rpc.com/v0/transactions?api-key=${apiKey}`,
+      {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ transactions: limited }),
+      }
+    );
+
+    if (!res.ok) {
+      const error = await res.text();
+      return NextResponse.json({ error }, { status: res.status });
+    }
+
+    const data = await res.json();
+
+    // Return a simplified structure for the frontend
+    const enhanced = data.map((tx: Record<string, unknown>) => ({
+      signature: tx.signature,
+      type: tx.type,
+      source: tx.source,
+      description: tx.description,
+      fee: tx.fee,
+      feePayer: tx.feePayer,
+      timestamp: tx.timestamp,
+      nativeTransfers: tx.nativeTransfers,
+      tokenTransfers: tx.tokenTransfers,
+      swap: (tx.events as Record<string, unknown>)?.swap ?? null,
+    }));
+
+    return NextResponse.json({ transactions: enhanced });
+  } catch (err) {
+    console.error("Enhanced transactions error:", err);
+    return NextResponse.json(
+      { error: String(err) },
+      { status: 500 }
+    );
+  }
+}