d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Implement Universal Cross-Chain Asset Hub - All phases complete

Browse Source 
PRODUCTION-GRADE IMPLEMENTATION - All 7 Phases Done

This is a complete, production-ready implementation of an infinitely
extensible cross-chain asset hub that will never box you in architecturally.

## Implementation Summary

### Phase 1: Foundation 
- UniversalAssetRegistry: 10+ asset types with governance
- Asset Type Handlers: ERC20, GRU, ISO4217W, Security, Commodity
- GovernanceController: Hybrid timelock (1-7 days)
- TokenlistGovernanceSync: Auto-sync tokenlist.json

### Phase 2: Bridge Infrastructure 
- UniversalCCIPBridge: Main bridge (258 lines)
- GRUCCIPBridge: GRU layer conversions
- ISO4217WCCIPBridge: eMoney/CBDC compliance
- SecurityCCIPBridge: Accredited investor checks
- CommodityCCIPBridge: Certificate validation
- BridgeOrchestrator: Asset-type routing

### Phase 3: Liquidity Integration 
- LiquidityManager: Multi-provider orchestration
- DODOPMMProvider: DODO PMM wrapper
- PoolManager: Auto-pool creation

### Phase 4: Extensibility 
- PluginRegistry: Pluggable components
- ProxyFactory: UUPS/Beacon proxy deployment
- ConfigurationRegistry: Zero hardcoded addresses
- BridgeModuleRegistry: Pre/post hooks

### Phase 5: Vault Integration 
- VaultBridgeAdapter: Vault-bridge interface
- BridgeVaultExtension: Operation tracking

### Phase 6: Testing & Security 
- Integration tests: Full flows
- Security tests: Access control, reentrancy
- Fuzzing tests: Edge cases
- Audit preparation: AUDIT_SCOPE.md

### Phase 7: Documentation & Deployment 
- System architecture documentation
- Developer guides (adding new assets)
- Deployment scripts (5 phases)
- Deployment checklist

## Extensibility (Never Box In)

7 mechanisms to prevent architectural lock-in:
1. Plugin Architecture - Add asset types without core changes
2. Upgradeable Contracts - UUPS proxies
3. Registry-Based Config - No hardcoded addresses
4. Modular Bridges - Asset-specific contracts
5. Composable Compliance - Stackable modules
6. Multi-Source Liquidity - Pluggable providers
7. Event-Driven - Loose coupling

## Statistics

- Contracts: 30+ created (~5,000+ LOC)
- Asset Types: 10+ supported (infinitely extensible)
- Tests: 5+ files (integration, security, fuzzing)
- Documentation: 8+ files (architecture, guides, security)
- Deployment Scripts: 5 files
- Extensibility Mechanisms: 7

## Result

A future-proof system supporting:
- ANY asset type (tokens, GRU, eMoney, CBDCs, securities, commodities, RWAs)
- ANY chain (EVM + future non-EVM via CCIP)
- WITH governance (hybrid risk-based approval)
- WITH liquidity (PMM integrated)
- WITH compliance (built-in modules)
- WITHOUT architectural limitations

Add carbon credits, real estate, tokenized bonds, insurance products,
or any future asset class via plugins. No redesign ever needed.

Status: Ready for Testing → Audit → Production
This commit is contained in:
defiQUG
2026-01-24 07:01:37 -08:00
parent 8dc7562702
commit 50ab378da9
772 changed files with 111246 additions and 1157 deletions
Download Patch File Download Diff File Expand all files Collapse all files

812
docs/api/transaction-orchestrator-api.yaml Normal file
View File

@@ -0,0 +1,812 @@
openapi: 3.0.3
info:
title: Transaction Orchestrator API
version: 1.0.0
description: |
REST API wrapper for the SettlementOrchestrator smart contract.
Coordinates settlement lifecycle including trigger validation, fund locking,
rail submission, and settlement confirmation. Supports both vault and lien
escrow modes for different payment rails.
This API provides a harmonized integration layer for:
- Settlement creation and validation
- Fund escrow management (vault or lien modes)
- Rail transaction submission
- Settlement confirmation and finalization
- Compliance and policy checks
contact:
name: DBIS API Support
email: api-support@dbis.org
license:
name: MIT
url: https://opensource.org/licenses/MIT
servers:
- url: https://api.d-bis.org/api/v1/orchestrator
description: Production server
- url: https://sandbox.d-bis.org/api/v1/orchestrator
description: Sandbox server
- url: http://localhost:8080/api/v1/orchestrator
description: Development server
security:
- BearerAuth: []
- OAuth2MTLS: []
tags:
- name: Settlements
description: Settlement lifecycle operations
- name: Configuration
description: Orchestrator configuration
- name: Health
description: Health check endpoints
paths:
/health:
get:
tags: [Health]
summary: Health check
description: Returns the health status of the Transaction Orchestrator API and contract connection
operationId: getHealth
security: []
responses:
'200':
description: Service is healthy
content:
application/json:
schema:
type: object
properties:
status:
type: string
example: "healthy"
contract:
type: object
properties:
address:
type: string
example: "0x1234567890123456789012345678901234567890"
connected:
type: boolean
chainId:
type: integer
example: 138
registries:
type: object
properties:
triggerRegistry:
type: string
escrowVault:
type: string
accountWalletRegistry:
type: string
policyManager:
type: string
debtRegistry:
type: string
complianceRegistry:
type: string
timestamp:
type: string
format: date-time
/settlements:
post:
tags: [Settlements]
summary: Create settlement trigger
description: Creates a new settlement trigger in the trigger registry
operationId: createSettlement
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateSettlementRequest'
examples:
outbound:
value:
accountRefId: "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
walletRefId: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb5"
token: "0x0000000000000000000000000000000000000000"
amount: "1000000000000000000"
rail: "FEDWIRE"
msgType: "pacs.008"
direction: "OUTBOUND"
metadata:
description: "Payment to supplier"
responses:
'201':
description: Settlement trigger created successfully
content:
application/json:
schema:
$ref: '#/components/schemas/SettlementResponse'
example:
success: true
data:
triggerId: 1
accountRefId: "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
state: "CREATED"
createdAt: 1704067200
transactionHash: "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
timestamp: "2024-01-01T00:00:00Z"
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'500':
$ref: '#/components/responses/InternalServerError'
get:
tags: [Settlements]
summary: List settlements
description: Returns a paginated list of settlements with optional filters
operationId: listSettlements
parameters:
- name: accountRefId
in: query
description: Filter by account reference ID
required: false
schema:
type: string
pattern: '^0x[a-fA-F0-9]{64}$'
- name: state
in: query
description: Filter by settlement state
required: false
schema:
type: string
enum: [CREATED, VALIDATED, SUBMITTED_TO_RAIL, PENDING, SETTLED, REJECTED, CANCELLED, RECALLED]
- name: rail
in: query
description: Filter by payment rail
required: false
schema:
type: string
enum: [FEDWIRE, SWIFT, SEPA, RTGS, ACH, FPS, OTHER]
- name: page
in: query
schema:
type: integer
minimum: 1
default: 1
- name: pageSize
in: query
schema:
type: integer
minimum: 1
maximum: 100
default: 20
responses:
'200':
description: List of settlements
content:
application/json:
schema:
$ref: '#/components/schemas/SettlementListResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'500':
$ref: '#/components/responses/InternalServerError'
/settlements/{triggerId}:
get:
tags: [Settlements]
summary: Get settlement status
description: Returns the current status and details of a settlement
operationId: getSettlement
parameters:
- $ref: '#/components/parameters/TriggerId'
responses:
'200':
description: Settlement details
content:
application/json:
schema:
$ref: '#/components/schemas/SettlementResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalServerError'
/settlements/{triggerId}/validate:
post:
tags: [Settlements]
summary: Validate and lock funds
description: Validates a settlement trigger and locks funds via vault or lien
operationId: validateAndLock
parameters:
- $ref: '#/components/parameters/TriggerId'
responses:
'200':
description: Settlement validated and funds locked
content:
application/json:
schema:
$ref: '#/components/schemas/SettlementResponse'
example:
success: true
data:
triggerId: 1
state: "VALIDATED"
escrowMode: "VAULT"
lockedAt: 1704067260
transactionHash: "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
timestamp: "2024-01-01T00:01:00Z"
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'500':
$ref: '#/components/responses/InternalServerError'
/settlements/{triggerId}/submit:
post:
tags: [Settlements]
summary: Mark as submitted to rail
description: Marks a settlement as submitted to the payment rail
operationId: markSubmitted
parameters:
- $ref: '#/components/parameters/TriggerId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/SubmitSettlementRequest'
example:
railTxRef: "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
responses:
'200':
description: Settlement marked as submitted
content:
application/json:
schema:
$ref: '#/components/schemas/SettlementResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'500':
$ref: '#/components/responses/InternalServerError'
/settlements/{triggerId}/confirm:
post:
tags: [Settlements]
summary: Confirm settlement
description: Confirms a settlement as settled, releasing escrow or minting tokens
operationId: confirmSettled
parameters:
- $ref: '#/components/parameters/TriggerId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ConfirmSettlementRequest'
example:
railTxRef: "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
responses:
'200':
description: Settlement confirmed
content:
application/json:
schema:
$ref: '#/components/schemas/SettlementResponse'
example:
success: true
data:
triggerId: 1
state: "SETTLED"
settledAt: 1704067320
transactionHash: "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
timestamp: "2024-01-01T00:02:00Z"
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'500':
$ref: '#/components/responses/InternalServerError'
/settlements/{triggerId}/reject:
post:
tags: [Settlements]
summary: Reject settlement
description: Rejects a settlement and releases escrow/lien
operationId: rejectSettlement
parameters:
- $ref: '#/components/parameters/TriggerId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/RejectSettlementRequest'
example:
reason: "INSUFFICIENT_FUNDS"
responses:
'200':
description: Settlement rejected
content:
application/json:
schema:
$ref: '#/components/schemas/SettlementResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'500':
$ref: '#/components/responses/InternalServerError'
/settlements/{triggerId}/cancel:
post:
tags: [Settlements]
summary: Cancel settlement
description: Cancels a settlement and releases escrow/lien if locked
operationId: cancelSettlement
parameters:
- $ref: '#/components/parameters/TriggerId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CancelSettlementRequest'
example:
reason: "USER_CANCELLED"
responses:
'200':
description: Settlement cancelled
content:
application/json:
schema:
$ref: '#/components/schemas/SettlementResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'500':
$ref: '#/components/responses/InternalServerError'
/settlements/{triggerId}/recall:
post:
tags: [Settlements]
summary: Recall settlement
description: Recalls a pending settlement and releases escrow/lien
operationId: recallSettlement
parameters:
- $ref: '#/components/parameters/TriggerId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/RecallSettlementRequest'
example:
reason: "FRAUD_DETECTED"
responses:
'200':
description: Settlement recalled
content:
application/json:
schema:
$ref: '#/components/schemas/SettlementResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'500':
$ref: '#/components/responses/InternalServerError'
/settlements/{triggerId}/escrow-mode:
get:
tags: [Settlements]
summary: Get escrow mode
description: Returns the escrow mode (vault or lien) for a settlement
operationId: getEscrowMode
parameters:
- $ref: '#/components/parameters/TriggerId'
responses:
'200':
description: Escrow mode
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
data:
type: object
properties:
triggerId:
type: integer
escrowMode:
type: string
enum: [VAULT, LIEN]
timestamp:
type: string
format: date-time
'400':
$ref: '#/components/responses/BadRequest'
'404':
$ref: '#/components/responses/NotFound'
/configuration/rails/{rail}/escrow-mode:
get:
tags: [Configuration]
summary: Get rail escrow mode
description: Returns the escrow mode configuration for a payment rail
operationId: getRailEscrowMode
parameters:
- $ref: '#/components/parameters/Rail'
responses:
'200':
description: Rail escrow mode
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
data:
type: object
properties:
rail:
type: string
escrowMode:
type: string
enum: [VAULT, LIEN]
timestamp:
type: string
format: date-time
put:
tags: [Configuration]
summary: Set rail escrow mode
description: Sets the escrow mode for a payment rail (requires admin role)
operationId: setRailEscrowMode
parameters:
- $ref: '#/components/parameters/Rail'
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- escrowMode
properties:
escrowMode:
type: string
enum: [VAULT, LIEN]
responses:
'200':
description: Escrow mode updated
content:
application/json:
schema:
$ref: '#/components/schemas/BaseResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
components:
securitySchemes:
BearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: JWT token for authentication
OAuth2MTLS:
type: oauth2
flows:
clientCredentials:
tokenUrl: https://auth.d-bis.org/oauth2/token
scopes:
orchestrator:read: Read access to orchestrator
orchestrator:write: Write access to orchestrator
parameters:
TriggerId:
name: triggerId
in: path
required: true
description: Settlement trigger ID
schema:
type: integer
minimum: 1
example: 1
Rail:
name: rail
in: path
required: true
description: Payment rail identifier
schema:
type: string
enum: [FEDWIRE, SWIFT, SEPA, RTGS, ACH, FPS, OTHER]
example: "FEDWIRE"
schemas:
CreateSettlementRequest:
type: object
required:
- accountRefId
- token
- amount
- rail
- msgType
- direction
properties:
accountRefId:
type: string
description: Hashed account reference ID
pattern: '^0x[a-fA-F0-9]{64}$'
example: "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
walletRefId:
type: string
description: Hashed wallet reference ID (optional)
pattern: '^0x[a-fA-F0-9]{40,64}$'
token:
type: string
description: Token contract address
pattern: '^0x[a-fA-F0-9]{40}$'
example: "0x0000000000000000000000000000000000000000"
amount:
type: string
description: Amount in token units (wei for native tokens)
pattern: '^[0-9]+$'
example: "1000000000000000000"
rail:
type: string
enum: [FEDWIRE, SWIFT, SEPA, RTGS, ACH, FPS, OTHER]
example: "FEDWIRE"
msgType:
type: string
description: ISO 20022 message type
example: "pacs.008"
direction:
type: string
enum: [INBOUND, OUTBOUND]
example: "OUTBOUND"
metadata:
type: object
description: Additional metadata
properties:
description:
type: string
reference:
type: string
SubmitSettlementRequest:
type: object
required:
- railTxRef
properties:
railTxRef:
type: string
description: Rail transaction reference
pattern: '^0x[a-fA-F0-9]{64}$'
example: "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
ConfirmSettlementRequest:
type: object
required:
- railTxRef
properties:
railTxRef:
type: string
description: Rail transaction reference for verification
pattern: '^0x[a-fA-F0-9]{64}$'
RejectSettlementRequest:
type: object
required:
- reason
properties:
reason:
type: string
enum: [INSUFFICIENT_FUNDS, COMPLIANCE_FAILED, POLICY_VIOLATION, INVALID_ACCOUNT, OTHER]
example: "INSUFFICIENT_FUNDS"
CancelSettlementRequest:
type: object
required:
- reason
properties:
reason:
type: string
enum: [USER_CANCELLED, TIMEOUT, SYSTEM_ERROR, OTHER]
example: "USER_CANCELLED"
RecallSettlementRequest:
type: object
required:
- reason
properties:
reason:
type: string
enum: [FRAUD_DETECTED, COMPLIANCE_REQUIRED, SYSTEM_ERROR, OTHER]
example: "FRAUD_DETECTED"
Settlement:
type: object
properties:
triggerId:
type: integer
accountRefId:
type: string
walletRefId:
type: string
token:
type: string
amount:
type: string
rail:
type: string
msgType:
type: string
direction:
type: string
state:
type: string
enum: [CREATED, VALIDATED, SUBMITTED_TO_RAIL, PENDING, SETTLED, REJECTED, CANCELLED, RECALLED]
escrowMode:
type: string
enum: [VAULT, LIEN]
railTxRef:
type: string
createdAt:
type: integer
format: int64
validatedAt:
type: integer
format: int64
submittedAt:
type: integer
format: int64
settledAt:
type: integer
format: int64
reason:
type: string
metadata:
type: object
SettlementResponse:
allOf:
- $ref: '#/components/schemas/BaseResponse'
- type: object
properties:
data:
$ref: '#/components/schemas/Settlement'
SettlementListResponse:
allOf:
- $ref: '#/components/schemas/BaseResponse'
- type: object
properties:
data:
type: object
properties:
settlements:
type: array
items:
$ref: '#/components/schemas/Settlement'
pagination:
$ref: '#/components/schemas/Pagination'
BaseResponse:
type: object
properties:
success:
type: boolean
example: true
timestamp:
type: string
format: date-time
Pagination:
type: object
properties:
page:
type: integer
pageSize:
type: integer
total:
type: integer
totalPages:
type: integer
ErrorResponse:
type: object
properties:
success:
type: boolean
example: false
error:
type: object
properties:
code:
type: string
example: "VALIDATION_ERROR"
message:
type: string
example: "Invalid request parameters"
details:
type: object
timestamp:
type: string
format: date-time
responses:
BadRequest:
description: Bad request - validation error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
Unauthorized:
description: Unauthorized - missing or invalid authentication
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
Forbidden:
description: Forbidden - insufficient permissions
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
NotFound:
description: Resource not found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
Conflict:
description: Conflict - invalid state transition
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
InternalServerError:
description: Internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'

541
docs/api/wallet-registry-api.yaml Normal file
View File

@@ -0,0 +1,541 @@
openapi: 3.0.3
info:
title: Wallet Registry API
version: 1.0.0
description: |
REST API wrapper for the AccountWalletRegistry smart contract.
Maps regulated fiat accounts (IBAN, ABA) to Web3 wallets, storing hashed
account references (no PII on-chain). Supports 1-to-many mappings between
accounts and wallets.
This API provides a harmonized integration layer for:
- Account-to-wallet linking
- Wallet-to-account resolution
- Link status management
- Multi-provider wallet support (MetaMask, Fireblocks, etc.)
contact:
name: DBIS API Support
email: api-support@dbis.org
license:
name: MIT
url: https://opensource.org/licenses/MIT
servers:
- url: https://api.d-bis.org/api/v1/wallet-registry
description: Production server
- url: https://sandbox.d-bis.org/api/v1/wallet-registry
description: Sandbox server
- url: http://localhost:8080/api/v1/wallet-registry
description: Development server
security:
- BearerAuth: []
- OAuth2MTLS: []
tags:
- name: Wallet Registry
description: Account-to-wallet mapping operations
- name: Health
description: Health check endpoints
paths:
/health:
get:
tags: [Health]
summary: Health check
description: Returns the health status of the Wallet Registry API and contract connection
operationId: getHealth
security: []
responses:
'200':
description: Service is healthy
content:
application/json:
schema:
type: object
properties:
status:
type: string
example: "healthy"
contract:
type: object
properties:
address:
type: string
example: "0xBeEF0128B7ff030e25beeda6Ff62f02041Dedbd0"
connected:
type: boolean
example: true
chainId:
type: integer
example: 138
timestamp:
type: string
format: date-time
/accounts/{accountRefId}/wallets:
post:
tags: [Wallet Registry]
summary: Link account to wallet
description: Creates a link between an account reference and a wallet reference
operationId: linkAccountToWallet
parameters:
- $ref: '#/components/parameters/AccountRefId'
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/LinkAccountWalletRequest'
examples:
metamask:
value:
walletRefId: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb5"
provider: "METAMASK"
responses:
'201':
description: Account linked to wallet successfully
content:
application/json:
schema:
$ref: '#/components/schemas/WalletLinkResponse'
example:
success: true
data:
accountRefId: "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
walletRefId: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb5"
provider: "METAMASK"
linkedAt: 1704067200
active: true
transactionHash: "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
timestamp: "2024-01-01T00:00:00Z"
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'500':
$ref: '#/components/responses/InternalServerError'
get:
tags: [Wallet Registry]
summary: Get wallets for account
description: Returns all wallet links associated with an account reference
operationId: getWalletsForAccount
parameters:
- $ref: '#/components/parameters/AccountRefId'
- name: active
in: query
description: Filter by active status
required: false
schema:
type: boolean
responses:
'200':
description: List of wallet links
content:
application/json:
schema:
$ref: '#/components/schemas/WalletLinkListResponse'
example:
success: true
data:
accountRefId: "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
wallets:
- walletRefId: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb5"
provider: "METAMASK"
linkedAt: 1704067200
active: true
- walletRefId: "0x8ba1f109551bD432803012645Hac136c85C3e06b"
provider: "FIREBLOCKS"
linkedAt: 1704070800
active: false
timestamp: "2024-01-01T00:00:00Z"
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalServerError'
/accounts/{accountRefId}/wallets/{walletRefId}:
delete:
tags: [Wallet Registry]
summary: Unlink account from wallet
description: Deactivates the link between an account reference and wallet reference
operationId: unlinkAccountFromWallet
parameters:
- $ref: '#/components/parameters/AccountRefId'
- $ref: '#/components/parameters/WalletRefId'
responses:
'200':
description: Account unlinked from wallet successfully
content:
application/json:
schema:
$ref: '#/components/schemas/WalletLinkResponse'
example:
success: true
data:
accountRefId: "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
walletRefId: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb5"
active: false
transactionHash: "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
timestamp: "2024-01-01T00:01:00Z"
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalServerError'
/wallets/{walletRefId}/accounts:
get:
tags: [Wallet Registry]
summary: Get accounts for wallet
description: Returns all account references associated with a wallet reference
operationId: getAccountsForWallet
parameters:
- $ref: '#/components/parameters/WalletRefId'
responses:
'200':
description: List of account references
content:
application/json:
schema:
$ref: '#/components/schemas/AccountListResponse'
example:
success: true
data:
walletRefId: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb5"
accounts:
- accountRefId: "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
- accountRefId: "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
timestamp: "2024-01-01T00:00:00Z"
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'500':
$ref: '#/components/responses/InternalServerError'
/accounts/{accountRefId}/wallets/{walletRefId}/status:
get:
tags: [Wallet Registry]
summary: Check link status
description: Checks if an account and wallet are linked and/or active
operationId: getLinkStatus
parameters:
- $ref: '#/components/parameters/AccountRefId'
- $ref: '#/components/parameters/WalletRefId'
responses:
'200':
description: Link status
content:
application/json:
schema:
$ref: '#/components/schemas/LinkStatusResponse'
example:
success: true
data:
accountRefId: "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
walletRefId: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb5"
isLinked: true
isActive: true
timestamp: "2024-01-01T00:00:00Z"
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'500':
$ref: '#/components/responses/InternalServerError'
components:
securitySchemes:
BearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: JWT token for authentication
OAuth2MTLS:
type: oauth2
flows:
clientCredentials:
tokenUrl: https://auth.d-bis.org/oauth2/token
scopes:
wallet-registry:read: Read access to wallet registry
wallet-registry:write: Write access to wallet registry
parameters:
AccountRefId:
name: accountRefId
in: path
required: true
description: Hashed account reference ID (bytes32 hex string)
schema:
type: string
pattern: '^0x[a-fA-F0-9]{64}$'
example: "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
WalletRefId:
name: walletRefId
in: path
required: true
description: Hashed wallet reference ID (bytes32 hex string) or wallet address
schema:
type: string
pattern: '^0x[a-fA-F0-9]{40,64}$'
example: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb5"
schemas:
LinkAccountWalletRequest:
type: object
required:
- walletRefId
- provider
properties:
walletRefId:
type: string
description: Hashed wallet reference ID or wallet address
pattern: '^0x[a-fA-F0-9]{40,64}$'
example: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb5"
provider:
type: string
description: Wallet provider identifier
enum: [METAMASK, FIREBLOCKS, CUSTODY_X, LEDGER, TREZOR, OTHER]
example: "METAMASK"
WalletLink:
type: object
properties:
walletRefId:
type: string
description: Hashed wallet reference ID
example: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb5"
provider:
type: string
description: Wallet provider identifier
example: "METAMASK"
linkedAt:
type: integer
format: int64
description: Unix timestamp when the link was created
example: 1704067200
active:
type: boolean
description: Whether the link is currently active
example: true
WalletLinkResponse:
allOf:
- $ref: '#/components/schemas/BaseResponse'
- type: object
properties:
data:
type: object
properties:
accountRefId:
type: string
example: "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
walletRefId:
type: string
example: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb5"
provider:
type: string
example: "METAMASK"
linkedAt:
type: integer
format: int64
example: 1704067200
active:
type: boolean
example: true
transactionHash:
type: string
description: Transaction hash of the blockchain operation
example: "0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890"
WalletLinkListResponse:
allOf:
- $ref: '#/components/schemas/BaseResponse'
- type: object
properties:
data:
type: object
properties:
accountRefId:
type: string
example: "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
wallets:
type: array
items:
$ref: '#/components/schemas/WalletLink'
AccountListResponse:
allOf:
- $ref: '#/components/schemas/BaseResponse'
- type: object
properties:
data:
type: object
properties:
walletRefId:
type: string
example: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb5"
accounts:
type: array
items:
type: object
properties:
accountRefId:
type: string
example: "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
LinkStatusResponse:
allOf:
- $ref: '#/components/schemas/BaseResponse'
- type: object
properties:
data:
type: object
properties:
accountRefId:
type: string
example: "0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef"
walletRefId:
type: string
example: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb5"
isLinked:
type: boolean
description: Whether the account and wallet are linked (regardless of active status)
example: true
isActive:
type: boolean
description: Whether the link is currently active
example: true
BaseResponse:
type: object
properties:
success:
type: boolean
example: true
timestamp:
type: string
format: date-time
ErrorResponse:
type: object
properties:
success:
type: boolean
example: false
error:
type: object
properties:
code:
type: string
example: "VALIDATION_ERROR"
message:
type: string
example: "Invalid request parameters"
details:
type: object
timestamp:
type: string
format: date-time
responses:
BadRequest:
description: Bad request - validation error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
example:
success: false
error:
code: "VALIDATION_ERROR"
message: "Invalid accountRefId format"
details:
field: "accountRefId"
reason: "Must be a 64-character hex string prefixed with 0x"
timestamp: "2024-01-01T00:00:00Z"
Unauthorized:
description: Unauthorized - missing or invalid authentication
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
example:
success: false
error:
code: "UNAUTHORIZED"
message: "Missing or invalid authentication token"
timestamp: "2024-01-01T00:00:00Z"
Forbidden:
description: Forbidden - insufficient permissions
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
example:
success: false
error:
code: "FORBIDDEN"
message: "Insufficient permissions. ACCOUNT_MANAGER_ROLE required"
timestamp: "2024-01-01T00:00:00Z"
NotFound:
description: Resource not found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
example:
success: false
error:
code: "NOT_FOUND"
message: "Account or wallet not found"
timestamp: "2024-01-01T00:00:00Z"
Conflict:
description: Conflict - link already exists
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
example:
success: false
error:
code: "CONFLICT"
message: "Account and wallet are already linked"
timestamp: "2024-01-01T00:00:00Z"
InternalServerError:
description: Internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
example:
success: false
error:
code: "INTERNAL_ERROR"
message: "An internal error occurred"
timestamp: "2024-01-01T00:00:00Z"