# @pyre/api

PYRE backend HTTP API. **Skeleton only** — endpoints exist as TODO stubs/route
placeholders, NOT real implementations. No Solana transaction or scan/build
logic is implemented yet (see [`CLAUDE.md`](../../CLAUDE.md), §14).

Stack: Node.js + Fastify + TypeScript, with PostgreSQL (`@pyre/db`), Redis +
BullMQ for queueing jobs handled by `@pyre/worker`.

## Responsibilities (§13)

Token scan coordination, classification helpers, route evaluation, AI generation
orchestration, metadata preparation, receipt storage, Spawn record storage,
public API, admin API.

## Endpoints to implement (§14) — TODO

- [ ] `POST /api/scan` — scan a wallet's token accounts; return summary + accounts.
- [ ] `POST /api/build/close-empty` — build unsigned close-account tx for empty ATAs.
- [ ] `POST /api/build/burn` — build unsigned burn tx for selected junk tokens.
- [ ] `POST /api/receipt` — record/return a cleanup receipt for a confirmed tx.
- [ ] `POST /api/prometheus/generate` — enqueue a Prometheus Spawn generation job.
- [ ] Admin endpoints — review/approve/reject generated Spawn packages.

Currently only `GET /health` is wired up.

## Backend security rules (§16)

Rate-limit scan endpoints, validate wallet pubkeys, validate token-account
ownership, never trust client-submitted classifications (recompute server-side),
log all transaction-build requests, protect admin endpoints, use env secrets only.

## Scripts

- `dev` — `tsx watch src/index.ts`
- `build` — `tsc -p tsconfig.json`
- `typecheck` — `tsc --noEmit`
- `lint` / `test` — placeholders for now