{"id":30776111,"url":"https://github.com/polymathuniversata/cryptochap","last_synced_at":"2026-02-10T21:32:24.858Z","repository":{"id":311053025,"uuid":"1042290579","full_name":"polymathuniversata/cryptochap","owner":"polymathuniversata","description":null,"archived":false,"fork":false,"pushed_at":"2025-08-24T01:08:29.000Z","size":131,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-05T04:19:03.189Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/polymathuniversata.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-21T19:25:16.000Z","updated_at":"2025-08-24T01:08:32.000Z","dependencies_parsed_at":"2025-08-21T21:58:57.611Z","dependency_job_id":"b0b931ff-2511-401f-bdcc-1ced7b04f393","html_url":"https://github.com/polymathuniversata/cryptochap","commit_stats":null,"previous_names":["polymathuniversata/cryptochap"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/polymathuniversata/cryptochap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polymathuniversata%2Fcryptochap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polymathuniversata%2Fcryptochap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polymathuniversata%2Fcryptochap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polymathuniversata%2Fcryptochap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/polymathuniversata","download_url":"https://codeload.github.com/polymathuniversata/cryptochap/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polymathuniversata%2Fcryptochap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29317956,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-10T20:44:44.282Z","status":"ssl_error","status_checked_at":"2026-02-10T20:44:43.393Z","response_time":65,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-09-05T04:11:11.491Z","updated_at":"2026-02-10T21:32:24.844Z","avatar_url":"https://github.com/polymathuniversata.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🔗 CryptoChap\n### WhatsApp-native USDC on Base\n\n*Send, receive, and buy USDC on Base network through WhatsApp chat*\n\n[![Base Network](https://img.shields.io/badge/Base-0052FF?style=for-the-badge\u0026logo=ethereum\u0026logoColor=white)](https://base.org)\n[![USDC](https://img.shields.io/badge/USDC-2775CA?style=for-the-badge\u0026logo=centre\u0026logoColor=white)](https://centre.io)\n[![WhatsApp](https://img.shields.io/badge/WhatsApp-25D366?style=for-the-badge\u0026logo=whatsapp\u0026logoColor=white)](https://whatsapp.com)\n[![Security: AAA](https://img.shields.io/badge/Security-AAA-green)](https://cryptochap.dev/security)\n[![TypeScript](https://img.shields.io/badge/TypeScript-007ACC?logo=typescript\u0026logoColor=white)](https://www.typescriptlang.org/)\n\n## 📁 Project Structure\n\n```\ncryptochap/\n├── frontend/                    # Next.js React application\n│   ├── app/                    # Next.js App Router\n│   ├── components/             # Reusable UI components\n│   ├── lib/                    # Utility libraries\n│   └── types/                  # TypeScript type definitions\n├── backend/                    # Express.js API server with TypeScript\n│   ├── src/\n│   │   ├── config/             # Configuration management\n│   │   ├── controllers/        # Route handlers (7 controllers)\n│   │   │   ├── api.ts          # Legacy API routes\n│   │   │   ├── index.ts        # Route index\n│   │   │   ├── system.ts       # Health, metrics, docs\n│   │   │   ├── users.ts        # User management\n│   │   │   ├── wallets.ts      # Wallet operations\n│   │   │   ├── transactions.ts # Transaction handling\n│   │   │   └── whatsapp.ts     # WhatsApp webhooks\n│   │   ├── middleware/         # Security \u0026 validation (4 middlewares)\n│   │   │   ├── validation.ts   # Input validation (Joi)\n│   │   │   ├── security.ts     # Security headers (CSP, HSTS)\n│   │   │   ├── rateLimiter.ts  # Rate limiting\n│   │   │   └── errorHandler.ts # Error handling\n│   │   ├── services/           # Business logic (9 services)\n│   │   │   ├── blockchain.service.ts      # Base network operations\n│   │   │   ├── wallet-derivation.service.ts # HD wallet derivation\n│   │   │   ├── whatsapp-engine.service.ts  # Message processing\n│   │   │   ├── monitoring.service.ts       # Performance tracking\n│   │   │   ├── database-backup.service.ts  # Backup automation\n│   │   │   ├── logging.service.ts          # Structured logging\n│   │   │   ├── wallet.service.ts           # Wallet management\n│   │   │   ├── token-management.service.ts # Token operations\n│   │   │   └── whatsapp.service.ts         # WhatsApp integration\n│   │   ├── utils/              # Utility functions\n│   │   └── docs/               # API documentation\n├── contracts/                  # Smart contracts (Solidity)\n│   ├── contracts/\n│   │   ├── CryptoChapWallet.sol # Main wallet contract\n│   │   └── MockERC20.sol        # Test token\n│   └── test/                   # Contract tests\n├── tests/                      # Integration tests\n├── deployments/                # Deployment configurations\n├── docs/                       # Documentation\n└── scripts/                    # Build and deployment scripts\n```\n\n## 🔧 Technology Stack\n\n### Frontend\n- **Framework**: Next.js 15 with App Router\n- **Language**: TypeScript\n- **Styling**: Tailwind CSS\n- **UI Components**: Radix UI\n- **State Management**: React Context + Custom Hooks\n- **Testing**: Jest + React Testing Library\n\n### Backend\n- **Framework**: Express.js with TypeScript\n- **Database**: PostgreSQL with connection pooling\n- **Caching**: Redis for sessions and rate limiting\n- **Blockchain**: ethers.js v6 for Base network\n- **Validation**: Joi for input validation\n- **Logging**: Winston for structured logging\n- **Testing**: Jest with comprehensive coverage\n\n### Blockchain\n- **Network**: Base (Ethereum Layer 2)\n- **Tokens**: USDC, ETH\n- **Smart Contracts**: Solidity with OpenZeppelin\n- **Wallet**: HD wallet derivation (BIP-44)\n- **RPC**: Configurable provider endpoints\n\n### DevOps \u0026 Deployment\n- **Containerization**: Docker + Docker Compose\n- **Build Tools**: TypeScript, ESLint, Prettier\n- **Testing**: Jest, Playwright\n- **Monitoring**: Custom metrics and alerting\n\n## 📡 API Endpoints\n\n### System Endpoints\n- `GET /api/system/health` - Health check with database status\n- `GET /api/system/metrics` - Performance and system metrics\n- `GET /api/docs` - API documentation overview\n- `GET /api/docs/openapi.json` - OpenAPI 3.0 specification\n- `GET /api/docs/errors` - Comprehensive error code reference\n\n### User Management\n- `GET /api/users/{id}` - Get user by ID\n- `PUT /api/users/{id}` - Update user information\n- `POST /api/users` - Create new user (WhatsApp integration)\n- `DELETE /api/users/{id}` - Soft delete user\n\n### Wallet Management\n- `GET /api/wallets/{id}` - Get wallet information\n- `POST /api/wallets` - Create new wallet\n- `PUT /api/wallets/{id}/balance` - Update wallet balance\n- `DELETE /api/wallets/{id}` - Deactivate wallet (soft delete)\n- `GET /api/users/{userId}/wallets` - Get user wallets\n\n### Transaction Management\n- `GET /api/transactions/{id}` - Get transaction details\n- `POST /api/transactions` - Create new transaction\n- `PUT /api/transactions/{id}/status` - Update transaction status\n- `GET /api/users/{userId}/transactions` - Get user transaction history\n- `GET /api/wallets/{walletId}/transactions` - Get wallet transaction history\n\n### WhatsApp Integration\n- `GET /whatsapp/webhook` - WhatsApp webhook verification\n- `POST /whatsapp/webhook` - WhatsApp message processing\n- `POST /whatsapp/webhook/status` - WhatsApp status updates\n- `POST /api/whatsapp/send` - Send WhatsApp message (testing)\n- `POST /api/whatsapp/templates` - Send WhatsApp templates\n- `GET /api/whatsapp/status` - WhatsApp configuration status\n- `GET /api/whatsapp/health` - WhatsApp health check\n\n## 🤖 WhatsApp Commands\n\nUsers can interact with CryptoChap using these commands:\n\n### Core Commands\n- `balance` - Check wallet balance (ETH \u0026 USDC)\n- `send AMOUNT ADDRESS` - Transfer USDC to address\n- `receive` - Get receiving address\n- `help` - Show available commands\n\n### Advanced Commands\n- `status` - Check network status and gas prices\n- `wallet` - Get detailed wallet information\n- `network` - View Base network information\n- `gas` - Check current gas prices\n\n### Interactive Features\n- Button replies for quick actions\n- Template messages for formatted responses\n- Real-time transaction updates\n- Error handling with helpful messages\n\n## 🛡️ Security Features\n\nCryptoChap implements enterprise-grade security measures:\n\n### Input Validation \u0026 Sanitization\n- **Joi-based validation** with comprehensive schemas for all endpoints\n- **Security-focused input sanitization** to prevent injection attacks\n- **Suspicious pattern detection** for malicious input\n- **Rate limiting** (100 req/15min global, 10 req/min for sensitive endpoints)\n\n### Content Security Policy (CSP)\n- **Production-ready CSP headers** to prevent XSS attacks\n- **API-specific security headers** for enhanced protection\n- **Request ID middleware** for comprehensive request tracing\n- **Strict Transport Security (HSTS)** for HTTPS enforcement\n\n### Comprehensive Monitoring\n- **Performance metrics tracking** with automatic alerting\n- **Memory usage monitoring** with configurable thresholds\n- **Health check endpoints** for system status\n- **Error tracking and categorization**\n- **Database backup automation** with retention policies\n\n### Blockchain Security\n- **HD wallet derivation** with secure key management\n- **Transaction validation** before execution\n- **Gas estimation** with safety buffers\n- **Address format validation** using ethers.js\n- **Smart contract security** with OpenZeppelin standards\n\n### Database Security\n- **Automated backup system** with configurable retention\n- **Parameterized queries** to prevent SQL injection\n- **Connection pooling** for optimal performance\n- **SSL/TLS encryption** for database connections\n- **Data validation** at application and database levels\n\n## 🔐 Authentication \u0026 Authorization\n\n### Security Headers\nAll API responses include comprehensive security headers:\n- **Content-Security-Policy** - Prevents XSS attacks\n- **Strict-Transport-Security** - Enforces HTTPS\n- **X-Frame-Options** - Prevents clickjacking\n- **X-Content-Type-Options** - Prevents MIME sniffing\n- **X-XSS-Protection** - Enables XSS filtering\n\n### Rate Limiting\n- **Global rate limiting:** 100 requests per 15 minutes\n- **Strict rate limiting:** 10 requests per minute for sensitive endpoints\n- **IP-based tracking** with automatic blocking\n\n### Input Validation\n- **Comprehensive validation schemas** for all endpoints\n- **Security-focused sanitization** of all user input\n- **Suspicious pattern detection** for malicious payloadsts\n\n## 🚀 Quick Start\n\n### Prerequisites\n- Node.js 18+\n- PostgreSQL 13+\n- Redis 6+\n- Docker \u0026 Docker Compose\n\n### Installation\n\n1. **Clone the repository**\n   ```bash\n   git clone https://github.com/polymathuniversata/cryptochap.git\n   cd cryptochap\n   ```\n\n2. **Setup environment variables**\n   ```bash\n   cp frontend/.env.local.example frontend/.env.local\n   cp backend/.env.example backend/.env\n   ```\n\n3. **Start development environment**\n   ```bash\n   # Start dependencies (PostgreSQL, Redis)\n   docker-compose up -d\n\n   # Install frontend dependencies\n   cd frontend \u0026\u0026 npm install\n\n   # Install backend dependencies\n   cd ../backend \u0026\u0026 npm install\n\n   # Start development servers\n   cd ../backend \u0026\u0026 npm run dev \u0026\n   cd ../frontend \u0026\u0026 npm run dev\n   ```\n\n4. **Access the application**\n   - Frontend: http://localhost:3000\n   - Backend API: http://localhost:3001\n   - API Documentation: http://localhost:3001/api/docs\n   - Health Check: http://localhost:3001/api/system/health\n   - Metrics: http://localhost:3001/api/system/metrics\n\n## 🛠️ Development\n\n### Available Scripts\n\n#### Frontend (`cd frontend`)\n```bash\nnpm run dev          # Start development server\nnpm run build        # Build for production\nnpm run start        # Start production server\nnpm run lint         # Run ESLint\nnpm run test         # Run tests\n```\n\n#### Backend (`cd backend`)\n```bash\nnpm run dev          # Start development server with hot reload\nnpm run build        # Build TypeScript\nnpm run start        # Start production server\nnpm run test         # Run tests\nnpm run lint         # Run ESLint\n```\n\n### Testing\n```bash\n# Run all tests\nnpm test\n\n# Run with coverage\nnpm run test:coverage\n\n# Run specific test suite\nnpm test -- tests/unit/wallet.test.ts\n```\n\n## 📚 Documentation\n\n- [📖 System Architecture](docs/architecture.md)\n- [👥 User Flows](docs/user-flows.md)\n- [📋 Sprint Planning](docs/sprint-planning.md)\n- [🔧 System Design](docs/system-design.md)\n- [🧪 Testing Strategy](docs/testing-strategy.md)\n- [🚀 Deployment Guide](deployments/deployment-guide.md)\n- [📱 WhatsApp Setup](docs/WHATSAPP_SETUP_GUIDE.md)\n- [🔧 WhatsApp Architecture](docs/WHATSAPP_ARCHITECTURE.md)\n\n## ✨ What you get\n\n🚀 **WhatsApp-first experience** — Native chat interface for crypto operations  \n💰 **Auto wallet generation** — Unique wallet per user (custodial or non-custodial)  \n⚡ **Base network integration** — Fast, low-cost USDC transfers  \n� **Seamless onramp** — Buy crypto with fiat, mobile money, or cards  \n📱 **Mobile money support** — M-Pesa, Airtel Money, Tigo Pesa integration  \n� **Enterprise security** — Webhook architecture with proper validation\n\n\n## 📝 Environment Variables\n\nCreate a `.env` file with the following configuration:\n\n```env\n# Database Configuration\nPOSTGRES_PASSWORD=your_secure_postgres_password_here\n\n# WhatsApp provider: twilio | meta\nWHATSAPP_PROVIDER=twilio\n\n# Twilio (if using Twilio WhatsApp API)\nTWILIO_ACCOUNT_SID=ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\nTWILIO_AUTH_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\nTWILIO_WHATSAPP_NUMBER=whatsapp:+1xxxxxxxxxx\n\n# Meta WhatsApp Cloud API (if using Meta)\nMETA_WHATSAPP_TOKEN=EAAG... \nMETA_VERIFY_TOKEN=your_webhook_verify_token\nMETA_PHONE_NUMBER_ID=1xxxxxxxxxxxxxxx\nMETA_APP_ID=xxxxxxxxxxxxxxx\nMETA_APP_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n\n# Chain config\nBASE_RPC_URL=https://base-mainnet.g.alchemy.com/v2/your-key\nBASE_CHAIN_ID=8453\nUSDC_CONTRACT=0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913\n\n# Signing\nOPERATOR_MNEMONIC=\"seed phrase words ...\"\n# or\nOPERATOR_PRIVATE_KEY=0x...\n\n# Onramp (choose one or more)\nONRAMP_PROVIDER=coinbase\nCOINBASE_ONRAMP_APP_ID=your_app_id\nMOONPAY_API_KEY=pk_test_...\nTRANSAK_API_KEY=pk_test_...\nSTRIPE_SECRET_KEY=sk_test_...\n\n# FX and pricing (for mobile money)\nBASE_USD_ORACLE=coingecko\nSPREAD_BPS=100                  # 1% spread\nMOBILE_MONEY_FEE_FLAT=0.30\nMOBILE_MONEY_FEE_BPS=150        # 1.5%\n\n# M-Pesa (Daraja)\nMPESA_ENV=sandbox               # sandbox | production\nMPESA_CONSUMER_KEY=...\nMPESA_CONSUMER_SECRET=...\nMPESA_SHORTCODE=...\nMPESA_PASSKEY=...\nMPESA_CALLBACK_BASE_URL=https://your.app/webhooks/mpesa\n\n# Airtel Money\nAIRTEL_ENV=sandbox\nAIRTEL_CLIENT_ID=...\nAIRTEL_CLIENT_SECRET=...\nAIRTEL_COUNTRY=KE               # or TZ, UG, etc.\nAIRTEL_CURRENCY=KES\nAIRTEL_CALLBACK_BASE_URL=https://your.app/webhooks/airtel\n\n# Tigo Pesa\nTIGOPESA_ENV=sandbox\nTIGOPESA_CLIENT_ID=...\nTIGOPESA_CLIENT_SECRET=...\nTIGOPESA_CALLBACK_BASE_URL=https://your.app/webhooks/tigo\n```\n\n## 💳 Onramp Integration\n\nReply to \"buy\" or \"deposit\" with a provider link prefilled with:\n\n- **Asset:** USDC\n- **Network:** Base\n- **Destination:** User's wallet address\n- **Amount:** Optional fiat amount (e.g., USD $50)\n\n### Provider Examples\n\n**Coinbase Onramp (hosted flow)**\n- Prefill address and Base network using provider-supported parameters\n- Docs: https://docs.cloud.coinbase.com\n\n**MoonPay**\n```\nhttps://buy.moonpay.com?apiKey=YOUR_KEY\u0026currencyCode=usdc\u0026walletAddress=0xUSER\u0026baseCurrencyCode=usd\u0026baseCurrencyAmount=50\u0026chain=base\n```\n\n**Transak**\n```\nhttps://global.transak.com/?apiKey=YOUR_KEY\u0026cryptoCurrency=USDC\u0026network=base\u0026walletAddress=0xUSER\u0026disableWalletAddressForm=true\n```\n\n**Stripe Crypto Onramp**\n- Create server-side onramp session, get session URL/client secret\n- Docs: https://stripe.com/docs/crypto/onramp\n\n💡 **Tip:** If a provider requires server-side token/signature, expose an endpoint (e.g., `/onramp/session?address=0xUSER\u0026amount=50`) and return the redirect URL.\n\n## 📱 Mobile Money Integration\n\nMobile money rails power both onramp (fiat → USDC) and offramp (USDC → fiat) flows.\n\n### Supported Providers\n\n**M-Pesa (Daraja API)**\n- STK Push (C2B): prompt user approval on phone\n- B2C/B2B payouts: send funds to mobile wallet\n- Docs: https://developer.safaricom.co.ke/\n\n**Airtel Money Open API**\n- Collections (C2B) and Disbursements (B2C)\n- Docs: https://developers.airtel.africa/\n\n**Tigo Pesa**\n- Collections and Payouts APIs via Tigo Business\n- Docs via operator portal/regional aggregator\n\n### Flow Patterns\n\n**Onramp (mobile money → USDC):**\n1. User: `buy 20 usdc via mpesa`\n2. Bot: Initiates C2B/Checkout (STK Push) for equivalent fiat + fees\n3. Provider: Sends payment callback → server verifies payment\n4. Bot: Credits USDC by transferring from treasury to user's address\n5. Bot: Replies with transaction hash and receipt\n\n**Offramp (USDC → mobile money):**\n1. User: `cashout 15 usdc to mpesa +2547xxxxxxx`\n2. Bot: Confirms quote (FX + fee), asks for YES confirmation\n3. Bot: Swaps USDC→fiat liquidity, calls B2C payout API\n4. Provider: Callback confirms payout success/failure\n\n### Example Commands\n- `buy 20 usdc via mpesa`\n- `buy 50 usdc via airtel`\n- `cashout 15 usdc to mpesa +254712345678`\n\n### API Endpoints\n- `POST /payments/quote` — FX quotes with fees\n- `POST /payments/mpesa/collect` — STK Push trigger\n- `POST /payouts/mpesa` — Mobile money disbursement\n- `POST /webhooks/mpesa` — Payment/payout callbacks\n\n## 💬 Message Commands\n\n| Command | Function |\n|---------|----------|\n| `help` | Returns available commands |\n| `address` | Returns user's deposit address on Base |\n| `deposit` / `buy [amount]` | Returns onramp link + instructions |\n| `balance` | Shows USDC and ETH (gas) balance |\n| `send 5 USDC to 0xabc123…` | Transfers tokens on-chain |\n| `send 2 USDC to +15551234567` | Resolves phone → wallet, then transfers |\n| `history` | Last N transfers (from USDC Transfer events) |\n\n### Send Confirmation Flow\n1. **User:** `send 10 USDC to 0xabc…`\n2. **Bot:** `Confirm sending 10 USDC (fee ~0.000x ETH)? Reply YES within 2 minutes.`\n3. **User:** `YES`\n4. **Bot:** `Submitted tx 0x… (link to basescan.org)`\n\n## 🛠️ Server Implementation\n\n```typescript\nimport express from 'express'\nimport { ethers } from 'ethers'\n\nconst app = express()\napp.use(express.json())\n\nconst provider = new ethers.JsonRpcProvider(process.env.BASE_RPC_URL)\nconst wallet = new ethers.Wallet(process.env.OPERATOR_PRIVATE_KEY!, provider)\nconst USDC = new ethers.Contract(\n\tprocess.env.USDC_CONTRACT!,\n\t[\n\t\t'function balanceOf(address) view returns (uint256)',\n\t\t'function decimals() view returns (uint8)',\n\t\t'function transfer(address to, uint256 amount) returns (bool)'\n\t],\n\twallet\n)\n\nfunction getUserAddressFromPhone(phone: string): string {\n\t// TODO: implement deterministic derivation or DB lookup\n\treturn '0x...'\n}\n\napp.post('/webhook', async (req, res) =\u003e {\n\tconst { from, body } = parseIncomingMessage(req)\n\n\tif (/^address$/i.test(body)) {\n\t\tconst addr = getUserAddressFromPhone(from)\n\t\treturn res.json(replyText(`Your Base USDC address:\\n${addr}`))\n\t}\n\n\tif (/^balance$/i.test(body)) {\n\t\tconst addr = getUserAddressFromPhone(from)\n\t\tconst [usdc, dec] = await Promise.all([\n\t\t\tUSDC.balanceOf(addr),\n\t\t\tUSDC.decimals()\n\t\t])\n\t\tconst eth = await provider.getBalance(addr)\n\t\treturn res.json(\n\t\t\treplyText(\n\t\t\t\t`USDC: ${ethers.formatUnits(usdc, dec)}\\nBase ETH: ${ethers.formatEther(eth)}`\n\t\t\t)\n\t\t)\n\t}\n\n\t// Additional command handlers...\n\treturn res.json(replyText('Try: address | balance | deposit | send 5 USDC to 0x...'))\n})\n\napp.listen(3000, () =\u003e console.log('Bot listening on :3000'))\n```\n\n## 🚀 Deployment \u0026 Security\n\n### Webhook Setup\n- **HTTPS Required:** Use trusted certificate (ngrok for local dev)\n- **Idempotency:** Dedupe messages, handle provider retries\n- **Logging:** Transaction hashes and message IDs for auditing\n\n### Security Best Practices\n- **Key Management:** Use HSM/KMS (AWS KMS, Azure Key Vault)\n- **Compliance:** KYC/AML via onramp providers\n- **Rate Limiting:** Per-user velocity limits, geo/IP screening\n- **Privacy:** Encrypt phone numbers (PII) at rest\n\n### Operational Notes\n- Treasury wallet needs USDC and fiat float for settlement\n- Daily reconciliation of provider statements vs on-chain activity\n- Implement idempotency keys for collect/payout requests\n- Apply per-user/daily limits and KYC thresholds\n- Store quotes with expiry (2-5 minutes) for FX volatility\n\n## 🔧 Troubleshooting\n\n| Issue | Solution |\n|-------|----------|\n| **Gas Errors** | Fund signing wallet with Base ETH |\n| **USDC Transfer Failed** | Verify contract address, decimals, user balance |\n| **Webhook Not Firing** | Check provider console logs, HTTPS URL |\n| **Onramp Link Issues** | Verify provider parameters, allowlists, app IDs |\n| **Mobile Money Fails** | Check phone format, wallet balance, shortcode |\n| **Payout Rejected** | Verify KYC limits, daily caps, country/currency |\n\n## 📚 Documentation\n\nCryptoChap includes comprehensive documentation covering all aspects of the platform:\n\n### 📖 Core Documentation\n- **[Architecture Guide](docs/architecture.md)** - System architecture and design patterns\n- **[Implementation Guide](docs/implementation-guide.md)** - Complete feature overview and setup instructions\n- **[Service Breakdown](docs/service-breakdown.md)** - Detailed analysis of all 9 backend services\n- **[API Documentation](docs/api-documentation.md)** - Complete REST API reference with examples\n\n### 🛠️ Technical Documentation\n- **[System Design](docs/system-design.md)** - Technical specifications and design decisions\n- **[Testing Strategy](docs/testing-strategy.md)** - Testing approach and coverage requirements\n- **[User Flows](docs/user-flows.md)** - User interaction patterns and workflows\n\n### 📱 WhatsApp Integration\n- **[WhatsApp Setup Guide](docs/WHATSAPP_SETUP_GUIDE.md)** - Complete WhatsApp Business API setup\n- **[WhatsApp Instructions](docs/WHATSAPP_INSTRUCTIONS.md)** - Integration and configuration steps\n- **[WhatsApp Architecture](docs/WHATSAPP_ARCHITECTURE.md)** - WhatsApp system design\n- **[WhatsApp Checklist](docs/WHATSAPP_CHECKLIST.md)** - Setup verification checklist\n\n### 🚀 Deployment \u0026 Operations\n- **[Deployment Guide](DEPLOYMENT.md)** - Production deployment instructions\n- **[Sprint Planning](docs/sprint-planning.md)** - Development roadmap and milestones\n- **[Sprint 1 Report](docs/sprint1-completion-report.md)** - Completed features and achievements\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**Built for the future of accessible crypto** 🌍\n\n*Made with ❤️ for global financial inclusion*\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpolymathuniversata%2Fcryptochap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpolymathuniversata%2Fcryptochap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpolymathuniversata%2Fcryptochap/lists"}