@castler/pbm-core

Tamper-proof, programmable vouchers (purpose-bound money) with on-chain enforcement and off-chain payouts.

• Solidity PBMRegistry enforces per-txn cap, total cap, expiry, MCC allow-list (Merkle).
• TypeScript SDK issues, redeems, builds proofs, and listens for on-chain events.

Install

npm i @castler/pbm-core

Quickstart

import { PBMClient } from "@castler/pbm-core";

const client = new PBMClient({ rpcUrl: process.env.RPC!, privateKey: process.env.KEY! });
const addr = await client.deploy();
console.log("PBMRegistry:", addr);

See src/index.ts exports for helpers like policyHash, mccMerkleRoot, and canonicalPolicy.

Events → Off-chain Payouts

Subscribe to Redeemed and trigger settlement in your banking rail.

service.onRedeemed(async (e) => {
  // idempotency via (voucherId, nonce)
  await payoutMerchant({
    voucherId: e.voucherId,
    merchantIdHash: e.merchantIdHash,
    amountPaise: Number(e.amount),
    mcc: e.mcc,
    txHash: e.txHash
  });
});

Security Notes

• Store only hashes/IDs on-chain; keep PII off-chain.
• Rebuild and verify MCC proofs server-side before submitting redemptions.
• Enforce idempotency in your payout processor using (voucherId, nonce).