Adds an Idempotency-Key middleware backed by a new idempotency_keys
table. Covers arch \u00a713 security (replay protection) and \u00a715
non-functional requirement (idempotent event handling, resilience to
duplicate messages).
Middleware (src/middleware/idempotency.ts):
- Mounted on POST /api/plans and POST /api/plans/:planId/execute.
- Key format /^[A-Za-z0-9_\-:.]{8,255}$/; malformed -> 400.
- On hit, replays cached status+body with Idempotent-Replayed: true.
- Reuse with a different body hash -> 422 idempotency_key_reused.
- Scopes by (method, path, key) so the same key is safe across
unrelated endpoints.
- Only 2xx is cached. Non-2xx stays retryable.
- res.json() is shimmed so handlers need no changes.
- Fail-open on dedup-store unavailability (warn log).
Migration 004 (db/migrations/004_idempotency_keys.ts):
- idempotency_keys(method, path, key, request_hash, status_code,
response_body, created_at, expires_at) with UNIQUE(method,path,key)
and an expires_at index. 24h TTL.
Tests: tests/unit/idempotency.test.ts \u2014 6 cases covering no-header
pass-through, malformed-key 400, replay on second call, 422 on body
divergence, retryable non-2xx, (method,path,key) scoping.
tsc clean. 80 tests pass across 7 suites.
Outbound generators:
- swift/mt760.ts: SBLC issuance (FIN Cat-7). 12-tag message built from
InstrumentTerms with deterministic messageHash() for planHash
anchoring. URDG 758 / UCP 600 aware.
- swift/pacs009.ts: FI-to-FI credit transfer (ISO 20022 XML,
pacs.009.001.08). Fixes the pacs.008 mis-routing flagged in the
gap-analysis (pacs.008 is customer-to-bank; pacs.009 is bank-to-bank).
BIC validation on all four agents.
- swift/mt202.ts: FIN equivalent of pacs.009 for non-migrated corridors.
32A amount formatted with SWIFT decimal comma.
Inbound parsers:
- swift/camt.ts: parseCamt025 (receipt / status), parseCamt054
(credit/debit notification), reconcileCamt054 (diffs amount, ccy,
direction, endToEndId so VALIDATING can feed mismatches into
Data.valueMismatch()), parseCamt dispatcher on xmlns marker.
Public surface in swift/index.ts documents channel selection:
pacs.008 stays on the PSP customer leg; pacs.009/MT202 is the
interbank leg; COMMIT requires camt.025 ACSC or camt.054 CRDT
(arch §9.2 accepted !== settled).
Tests: swift.test.ts — 14 cases covering the happy path, validation
errors (bad BIC, malformed date, negative amount, missing pay step),
determinism of messageHash, camt parser + reconciliation.
tsc clean. 74 tests pass across 6 suites.
- Added AccessControl to ComboHandler for role-based access management.
- Implemented gas estimation for plan execution and improved gas limit checks.
- Updated execution and preparation methods to enforce step count limits and role restrictions.
- Enhanced error handling in orchestrator API endpoints with AppError for better validation feedback.
- Integrated request timeout middleware for improved request management.
- Updated Swagger documentation to reflect new API structure and parameters.
