d-bis/CurrenciCombo
4
0
Fork 0
Code Issues Pull Requests 9 Actions Packages Projects Releases Wiki Activity

PR R: FIN-link sandbox service #22

Merged
nsatoshi merged 1 commits from devin/1776883027-pr-r-fin-sandbox into main 2026-04-22 20:30:47 +00:00
Conversation 0 Commits 1 Files Changed 5 +561
nsatoshi commented 2026-04-22 18:40:00 +00:00
Owner
Copy Link

Closes gap-analysis v2 §7.1 (no FIN-link adapter — SWIFT generators produce strings but have no transport) and §10.6 (stand up sandbox transport).

What

  • services/finLink/sandbox.ts — in-process FIN-link sandbox.
    • POST /dispatch — accepts a SWIFT/ISO payload, assigns a FIN-XXXXXXXXXXXX reference, returns a 202.
    • POST /advance/:ref — deterministic lifecycle: received → acknowledged → accepted → settled.
    • POST /reject/:ref — terminal fork with a rejection reason.
    • GET /messages/:ref and GET /messages?planId=… for polling.
    • Optional per-message webhook; x-fin-sandbox-signature header is HMAC-SHA256 over the body, keyed by FIN_SANDBOX_SECRET.
    • startAutoProgress(intervalMs) opt-in timer ticks messages forward; unref()ed so Node exits cleanly.
  • services/finLink/client.ts — two adapters:
    • createHttpFinLinkClient(baseUrl) for the live router.
    • createInProcessFinLinkClient() short-circuits to the sandbox module, so unit tests don't need an HTTP hop.
    • getFinLinkClient() picks HTTP when FIN_SANDBOX_URL is set, else in-process.
  • services/finLink/index.ts — public surface.
  • src/index.ts — mounts /fin-sandbox only when FIN_SANDBOX_ENABLED=true. Off by default so production builds don't expose the fake.

Why not wire it into the ExecutionCoordinator in this PR

The coordinator rework is its own thread of changes — wiring the SWIFT generators (services/swift/*) through a configurable transport needs to touch bankInstructionPhase, the pay phase, and camt.025/054 ingestion together. This PR ships the transport + client surface so that rework can land as a focused follow-up.

Verification

  • npx tsc --noEmit clean.
  • npx jest 92/92 passing (8 suites).
  • 12 new tests covering:
    • in-memory lifecycle (received → acknowledged → accepted → settled)
    • rejection as a terminal state
    • listMessages filtering by planId
    • deterministic HMAC signature
    • HTTP endpoints (dispatch 202, dispatch 400, advance walk, filter, 404)
    • both client adapters (in-process + live ephemeral-port HTTP round-trip)
Closes gap-analysis v2 §7.1 (no FIN-link adapter — SWIFT generators produce strings but have no transport) and §10.6 (stand up sandbox transport). ## What - `services/finLink/sandbox.ts` — in-process FIN-link sandbox. - `POST /dispatch` — accepts a SWIFT/ISO payload, assigns a `FIN-XXXXXXXXXXXX` reference, returns a 202. - `POST /advance/:ref` — deterministic lifecycle: `received → acknowledged → accepted → settled`. - `POST /reject/:ref` — terminal fork with a rejection reason. - `GET /messages/:ref` and `GET /messages?planId=…` for polling. - Optional per-message webhook; `x-fin-sandbox-signature` header is HMAC-SHA256 over the body, keyed by `FIN_SANDBOX_SECRET`. - `startAutoProgress(intervalMs)` opt-in timer ticks messages forward; `unref()`ed so Node exits cleanly. - `services/finLink/client.ts` — two adapters: - `createHttpFinLinkClient(baseUrl)` for the live router. - `createInProcessFinLinkClient()` short-circuits to the sandbox module, so unit tests don't need an HTTP hop. - `getFinLinkClient()` picks HTTP when `FIN_SANDBOX_URL` is set, else in-process. - `services/finLink/index.ts` — public surface. - `src/index.ts` — mounts `/fin-sandbox` only when `FIN_SANDBOX_ENABLED=true`. Off by default so production builds don't expose the fake. ## Why not wire it into the ExecutionCoordinator in this PR The coordinator rework is its own thread of changes — wiring the SWIFT generators (`services/swift/*`) through a configurable transport needs to touch bankInstructionPhase, the pay phase, and camt.025/054 ingestion together. This PR ships the transport + client surface so that rework can land as a focused follow-up. ## Verification - `npx tsc --noEmit` clean. - `npx jest` 92/92 passing (8 suites). - 12 new tests covering: - in-memory lifecycle (received → acknowledged → accepted → settled) - rejection as a terminal state - `listMessages` filtering by `planId` - deterministic HMAC signature - HTTP endpoints (dispatch 202, dispatch 400, advance walk, filter, 404) - both client adapters (in-process + live ephemeral-port HTTP round-trip)
nsatoshi added 1 commit 2026-04-22 18:40:00 +00:00
FIN-link sandbox service
Some checks failed
CI / Frontend Lint (pull_request) Failing after 6s
Details
CI / Frontend Type Check (pull_request) Failing after 5s
Details
CI / Frontend Build (pull_request) Failing after 7s
Details
CI / Frontend E2E Tests (pull_request) Failing after 8s
Details
CI / Orchestrator Build (pull_request) Failing after 7s
Details
CI / Contracts Compile (pull_request) Failing after 5s
Details
CI / Contracts Test (pull_request) Failing after 6s
Details
Code Quality / SonarQube Analysis (pull_request) Failing after 18s
Details
Code Quality / Code Quality Checks (pull_request) Failing after 4s
Details
Security Scan / Dependency Vulnerability Scan (pull_request) Failing after 4s
Details
Security Scan / OWASP ZAP Scan (pull_request) Failing after 4s
Details
7c5dd145d6 
Closes gap-analysis v2 §7.1 (no FIN-link adapter; SWIFT generators
produce strings but no transport) + §10.6 (stand up sandbox transport).

- services/finLink/sandbox.ts — in-process FIN-link sandbox.
  Accepts POST /dispatch with a SWIFT/ISO payload, assigns a FIN
  reference, and advances messages deterministically through
  received -> acknowledged -> accepted -> settled (with reject as a
  terminal fork). Optional webhook per-message (x-fin-sandbox-signature
  header, HMAC-SHA256). Timer-driven auto-progress opt-in via
  startAutoProgress().
- services/finLink/client.ts — two client adapters:
    createHttpFinLinkClient(baseUrl) - for the live router
    createInProcessFinLinkClient()   - for unit tests that skip
                                       the HTTP hop
  getFinLinkClient() picks HTTP when FIN_SANDBOX_URL is set, else
  falls back to in-process.
- services/finLink/index.ts — public surface.
- src/index.ts — mounts /fin-sandbox only when
  FIN_SANDBOX_ENABLED=true; off by default to keep prod surface clean.
- tests/unit/finLinkSandbox.test.ts — 12 tests covering lifecycle,
  rejection, listing, signature determinism, HTTP endpoints
  (dispatch/advance/messages/filtering), and both client adapters
  (including a live ephemeral-port HTTP round-trip).
- Verification: tsc --noEmit clean; full jest 92/92 passing
  (8 suites).
nsatoshi merged commit 2c72a51a06 into main 2026-04-22 20:30:47 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
70rn4710n A.r.yavari SEG nsatoshi
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: d-bis/CurrenciCombo#22
Delete Branch "devin/1776883027-pr-r-fin-sandbox"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?