Merge pull request #410 from EdgeApp/paul/apiReq

Add api requirements and template plugin

Author: paullinator

.cursor/agents/review-api-requirements.md

@@ -0,0 +1,30 @@
+---
+name: review-api-requirements
+description: Reviews exchange plugins for compliance with provider API requirements. Use when reviewing swap or fiat plugin implementations.
+---
+
+Review the branch/pull request for compliance with Edge exchange provider API requirements.
+
+## Context Expected
+
+You will receive:
+- Repository name (edge-exchange-plugins)
+- Branch name
+- List of changed files to review
+
+## How to Review
+
+1. Read the API requirements document: `docs/API_REQUIREMENTS.md`
+2. Read the changed plugin files provided in context
+3. For each requirement in the API doc, verify the plugin implementation meets it (where applicable)
+4. Report findings with specific file:line references
+
+## Key Areas to Check
+
+- Chain and token identification (using identifiers, not just ticker symbols)
+- Order ID extraction and status page URI
+- Error handling (all errors returned at once, processed in priority order)
+- Bi-directional quoting support (from, to, max)
+- Transaction status API integration
+- Account activation handling (XRP, HBAR, etc.)
+- Limit error amounts in correct denomination

.cursor/agents/review-chain-mapping.md

@@ -0,0 +1,29 @@
+---
+name: review-chain-mapping
+description: Reviews exchange plugins for correct chain mapping implementation. Use when reviewing plugins that add or modify chain support.
+---
+
+Review the branch/pull request for correct chain mapping implementation.
+
+## Context Expected
+
+You will receive:
+- Repository name (edge-exchange-plugins)
+- Branch name
+- List of changed files to review
+
+## How to Review
+
+1. Read the chain mapping documentation: `docs/CHAIN_MAPPING_SYNCHRONIZERS.md`
+2. Read the changed plugin and mapping files provided in context
+3. Verify the mapping implementation follows the documented patterns
+4. Report findings with specific file:line references
+
+## Key Areas to Check
+
+- Source mappings in `scripts/mappings/` (provider code → Edge plugin ID)
+- Generated runtime mappings in `src/mappings/` (Edge plugin ID → provider code)
+- Synchronizer implementation if adding a new provider
+- New chains mapped correctly (not left as `null` without reason)
+- EVM chains using `chainId` where applicable
+- Mapping file imported and used correctly in plugin code

.cursor/agents/review-edge-exchange-plugins.md

@@ -0,0 +1,33 @@
+---
+name: review-edge-exchange-plugins
+description: Orchestrator that launches exchange plugin review subagents. Use when reviewing exchange plugin implementations.
+---
+
+Review the branch/pull request for compliance with Edge exchange plugin conventions.
+
+## Context Expected
+
+You will receive:
+- Repository name (edge-exchange-plugins)
+- Branch name
+- List of changed files to review
+
+## Orchestration
+
+Launch ALL FOUR sub-agents in parallel, passing them the full context you received:
+
+1. **review-api-requirements** - Reviews for compliance with `docs/API_REQUIREMENTS.md`
+2. **review-chain-mapping** - Reviews chain mapping with `docs/CHAIN_MAPPING_SYNCHRONIZERS.md`
+3. **review-plugin-creation** - Reviews plugin structure with `docs/CREATING_AN_EXCHANGE_PLUGIN.md`
+4. **review-exchange-bugs** - Reviews for common bugs and poor patterns
+
+## Output
+
+Collect findings from all sub-agents and consolidate into a single report organized by category:
+
+- **API Requirements Issues** - From review-api-requirements
+- **Chain Mapping Issues** - From review-chain-mapping
+- **Plugin Structure Issues** - From review-plugin-creation
+- **Bug Patterns** - From review-exchange-bugs
+
+For each finding, include specific file:line references. Omit categories with no findings.

.cursor/agents/review-exchange-bugs.md

@@ -0,0 +1,94 @@
+---
+name: review-exchange-bugs
+description: Reviews exchange plugins for common bugs and poor patterns. Use when reviewing any exchange plugin changes.
+---
+
+Review the branch/pull request for common bugs and poor patterns specific to Edge exchange plugins.
+
+## Context Expected
+
+You will receive:
+- Repository name (edge-exchange-plugins)
+- Branch name
+- List of changed files to review
+
+## How to Review
+
+1. Read the changed plugin files provided in context
+2. Check for each bug pattern listed below
+3. Report findings with specific file:line references
+
+---
+
+## Separate Handlers for Different Asset Types
+
+When adding support for a new asset type (like Zcash), create a separate handler block rather than extending existing UTXO logic:
+
+```typescript
+// Incorrect - mixing ZEC with general UTXO handling
+} else {
+  // UTXO block
+  if (fromWallet.currencyInfo.pluginId === 'zcash') {
+    // ZEC-specific code mixed in
+  }
+  // ... rest of UTXO handling
+}
+
+// Correct - separate block for ZEC
+} else if (fromWallet.currencyInfo.pluginId === 'zcash') {
+  // ZEC-specific handling with all necessary checks
+  if (thorAddress == null) throw new SwapCurrencyError(...)
+  if (fromTokenId != null) throw new SwapCurrencyError(...)
+  // ... ZEC-specific logic
+} else {
+  // General UTXO handling
+}
+```
+
+While Zcash is UTXO-based under the hood, Edge treats it differently. Keeping handlers separate makes code easier to maintain and reduces the chance of missing required checks.
+
+---
+
+## Include All Validation Checks in New Handlers
+
+When creating a new asset handler by copying from an existing one, copy ALL validation checks:
+
+```typescript
+// UTXO block has token rejection check
+} else {
+  if (fromTokenId != null) {
+    throw new SwapCurrencyError(swapInfo, request)
+  }
+  // ... rest of UTXO logic
+}
+
+// New ZEC block - MUST include the same check
+} else if (fromWallet.currencyInfo.pluginId === 'zcash') {
+  if (fromTokenId != null) {
+    throw new SwapCurrencyError(swapInfo, request)  // Don't forget this!
+  }
+  // ... ZEC logic
+}
+```
+
+Missing validation checks can allow unsupported swap types to proceed.
+
+---
+
+## Remove Invalid Destination When Adding Support
+
+If a previous commit blocked swaps to an asset, remove that block when adding destination support:
+
+```typescript
+// Previous state: ZEC swaps blocked
+INVALID_CURRENCY_CODES.to.zcash = ['ZEC']
+
+// Adding ZEC receive support but forgetting to remove the block:
+// New ZEC receive handler (lines 388-392) NEVER RUNS because
+// checkInvalidCodes throws SwapCurrencyError first (lines 129-135)
+
+// Correct: Remove the invalid code entry when adding support
+// Delete: INVALID_CURRENCY_CODES.to.zcash = ['ZEC']
+```
+
+Always trace the swap flow to ensure new handlers are actually reachable.

.cursor/agents/review-plugin-creation.md

@@ -0,0 +1,31 @@
+---
+name: review-plugin-creation
+description: Reviews exchange plugins for correct structure and conventions. Use when reviewing new plugins or significant plugin modifications.
+---
+
+Review the branch/pull request for correct plugin structure and conventions.
+
+## Context Expected
+
+You will receive:
+- Repository name (edge-exchange-plugins)
+- Branch name
+- List of changed files to review
+
+## How to Review
+
+1. Read the plugin creation guide: `docs/CREATING_AN_EXCHANGE_PLUGIN.md`
+2. Read the changed plugin files provided in context
+3. Verify the plugin follows the documented structure and conventions
+4. Report findings with specific file:line references
+
+## Key Areas to Check
+
+- Plugin metadata (`swapInfo` with correct fields)
+- Init options with cleaners
+- Quote fetching (address retrieval, quote directions, error mapping)
+- Amount conversions using `denominationToNative`/`nativeToDenomination`
+- Transaction info (`EdgeSpendInfo` or `MakeTxParams`)
+- API response validation with cleaners
+- Plugin registration in `src/index.ts`
+- Correct plugin location (`src/swap/central/` vs `src/swap/defi/`)

docs/API_REQUIREMENTS.md

@@ -0,0 +1,167 @@
+# Edge Exchange Provider API Requirements
+
+This document defines the **technical API requirements** for third-party exchange providers seeking to integrate with the Edge wallet platform. It establishes standards for both **crypto-to-crypto swap providers** and **fiat on/off ramp providers**.
+
+Key requirements include:
+1. [**Asset identification**](#1-chain-and-token-identification) using chain network identifiers and token contract addresses (not just ticker symbols)
+2. [**Order tracking**](#2-order-identification-and-status-page) via unique order IDs with unauthenticated status pages
+3. [**Structured error handling**](#3-error-handling) that returns all applicable errors (region restrictions, limits, unsupported assets) in a single response
+4. [**Bi-directional quoting**](#4-quoting-requirements) allowing users to specify either source or destination amounts
+5. [**Transaction status API**](#5-transaction-status-api) for querying order status
+6. [**Reporting APIs**](#6-reporting-api) for affiliate revenue tracking
+7. [**Account activation**](#7-account-activation) for assets like XRP and HBAR
+8. [**Affiliate revenue withdrawal**](#8-affiliate-revenue-withdrawal) with automated monthly payouts
+
+For fiat on/off ramp providers specifically, the document adds requirements around:
+
+9. [**User authentication**](#9-user-authentication) using cryptographic auth keys
+10. [**Regional and fiat currency support**](#10-regional-and-fiat-currency-support) with proper error handling
+11. [**KYC information**](#11-kyc-information) submission via API (not widget)
+12. [**Bank information**](#12-bank-information) submission for wire/SEPA transfers
+13. [**Verification**](#13-verification) code handling for phone and email
+14. [**Widget return URIs**](#14-widgets) for seamless app integration
+15. [**Off-ramp flow**](#15-off-ramp-flow) supporting no-widget transactions
+
+## Requirements for both Swap and On/Off Ramp providers
+
+### 1. Chain and Token Identification
+
+API must allow requesting quotes and orders using a unique chain identifier and token identifier such as the contract address. This is to prevent confusion on which token is being referenced as well as to prevent the need to map provider tickers to tokens supported by Edge. Note that it is NOT sufficient to provide a separate endpoint to list all assets as this would require too many API calls to get a quote. This example shows how assets should be specified for a quote. The Edge exchange plugins will map the provider's chain network identifiers to edge specific chain network identifiers so they need not match exactly.
+
+```json
+{
+  "chainNetwork": "solana",
+  "tokenId": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v" // USDC
+}
+```
+
+For EVM chains, API must allow requesting quotes using the universally accepted EVM `chainId` to specify the chain in addition to the token identifier. This allows automatic support of new EVMs with no need to add a mapping of provider chain identifiers to Edge chain identifiers. I.e.
+
+```json
+{
+  "chainNetwork": "evmGeneric",
+  "chainId": 56 // BNB Smart Chain
+}
+```
+
+### 2. Order Identification and Status Page
+
+- Order requests must provide a unique `orderId` identifier that can be used to query status of the order via an unauthenticated API as well as connect the order with completed swaps reported via a reporting API.
+- Provider must provide an un-authenticated status page that uses the `orderId` to provide status on the swap. I.e. [`https://status.provider.com/orderStatus/{orderId}`](https://status.provider.com/orderStatus/{orderId)
+
+### 3. Error Handling
+
+Quote request errors must return all the following possible errors at once with all the mentioned details. This is to ensure that Edge can surface the most relevant error to the user. This prevents irrelevant errors like below limit errors from being surfaced to the user when the user would also be region restricted.
+
+- Region restricted error
+- Asset unsupported error
+- Above or below limit errors with min/max amounts specified in both the source and destination asset
+
+Limit errors need to be specified with a hardened error code and not using an arbitrary string. I.e. for swap from BTC to USDT
+
+```json
+{
+  "errors": [
+    {
+      "error": "OverLimitError",
+      "sourceAmountLimit": 9.789, // BTC
+      "destinationAmountLimit": 1000000 // USDT
+    },
+    {
+      "error": "RegionRestricted"
+    }
+  ]
+}
+```
+
+### 4. Quoting Requirements
+
+- Provider must allow bi-directional quoting such that the user can specify either the source asset amount or destination asset amount.
+
+### 5. Transaction Status API
+
+Provider must provide a transaction status API that allows querying of transaction status by `orderId`. This allows the Edge UI to show an updated transaction status to the user when they view the outgoing transaction.
+
+```
+GET /api/status/{orderId}
+```
+
+**Response:**
+
+```json
+{
+  "orderId": "{orderId}",
+  "status": "pending" | "processing" | "infoNeeded" | "expired" | "refunded" | "completed"
+}
+```
+
+### 6. Reporting API
+
+Provider must provide an authenticated reporting API that allows querying of all transactions created using Edge. The reporting API must provide at minimum the following information for each transaction. Actual values are only examples. Similar values that can be mapped to the below are sufficient. API must allow paginated queries with start date, end date, and number of transactions.
+
+```json
+{
+  "orderId": "pr39dhg2409ryhgei39r", // Must match the orderId from quoting API
+  "status": "pending" | "processing" | "infoNeeded" | "expired" | "refunded" | "completed",
+  "createdDate": "2025-07-10T17:24:25.997Z",
+  "completedDate": "2025-07-10T17:28:00.997Z",
+  "sourceNetwork": "solana",
+  "sourceTokenId": "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
+  "sourceCurrencyCode": "USDC",
+  "sourceAmount": 118123,
+  "sourceEvmChainId": null, // source not an EVM chain
+  "destinationNetwork": "bitcoin",
+  "destinationTokenId": null, // signified no token but primary gas token asset BTC
+  "destinationCurrencyCode": "BTC",
+  "destinationAmount": 1.01,
+  "destinationEvmChainId": null, // destination not an EVM chain
+  "payinAddress": "B8kGR7GpPh7GUsTgDgzjQYoJEFbpPr6q2V4iLEDeF6AD",
+  "payoutAddress": "bc1q05wqn9nffg874fc6mp23lagfutawtwljx8udwy",
+  "payinTxid": "wtpqAqCJj2iNte6iA6UUPtc5xgaRNGdjFuPk9B9VYFxkqxtSkSiC99gPU8MnGCEstbRTX3gQY5ErQn1475iuhFD",
+  "payoutTxid": "2f6fbb24058e578d0a51842dfd8e79935df1702130c0a7ba3e8ef442bfc0f41c"
+}
+```
+
+### 7. Account Activation
+
+When a user requests an exchange into assets like XRP and HBAR, the provider should detect that the withdrawal address is not activated and send an activation transaction as part of the withdrawal.
+
+### 8. Affiliate Revenue Withdrawal
+
+Providers must automatically withdraw affiliate revenue funds in a single asset no later than 24 hours after the month close GMT time. Funds withdrawal should be allowed in at least BTC, ETH, and USDC to a fixed address verified by Edge. Edge should not be required to initiate withdrawal via an API or dashboard. Any changes to the withdrawal address should be verified with additional authentication such as 2FA codes and/or email verification.
+
+## Additional requirements for fiat on/off ramp providers
+
+### 9. User Authentication
+
+Provider API should allow the Edge application to authenticate a user via cryptographically random authKey. The authKey should be created by Edge and passed into any quoting or order execution endpoint. If the authKey does not exist on the Provider system, the Provider's API should allow for account creation by receiving KYC info (if necessary) via API.
+
+### 10. Regional and Fiat Currency Support
+
+Provider quoting API should allow specifying not just the crypto asset but also the region (country/province) and fiat currency to receive a quote. Proper errors should be returned for unsupported regions and unsupported fiat currencies.
+
+### 11. KYC Information
+
+Provider API should allow the Edge application to provide basic KYC information and verification via API (not widget). Basic KYC information includes
+
+- Name
+- Address
+- Phone number
+- Email address
+
+### 12. Bank Information
+
+For basic bank transfers (i.e. wire, SEPA) and any payment methods that do not have opposing regulatory requirements, Provider must have an API that allows Edge to submit bank information. I.e. account number, IBAN, and routing number.
+
+### 13. Verification
+
+- API should allow the Edge application to send KYC verification codes for phone and email verification. Verification codes are still generated by the provider servers, not Edge. Users enter verification codes into the Edge UI and are sent to provider via API.
+- An API should let Edge know when a specific piece of KYC information is missing or out of date to allow the Edge application to collect such info to send to the Provider's API.
+
+### 14. Widgets
+
+Any required widgets (ie for submitting credit card info or facial scan) must allow Edge to specify return URIs once the widget is complete. This allows Edge to close any webviews and continue with the application flow.
+
+### 15. Off-Ramp Flow
+
+For off-ramp transactions that have already had a payment method linked to the user's account, the provider must allow for a full "no-widget" flow by simply providing a crypto address that must receive funds and an expiration time (if necessary).