feat(checkout): Migrate to v2 sanction API and add token info

packages/checkout/sdk/src/connect/connect.test.ts

@@ -7,6 +7,9 @@ import { checkIsWalletConnected, connectSite, requestPermissions } from './conne
 import { WrappedBrowserProvider, WalletAction, WalletProviderName } from '../types';
 import { CheckoutErrorType } from '../errors';
 import { createProvider } from '../provider';
+import { RemoteConfigFetcher } from '../config/remoteConfigFetcher';
+
+jest.mock('../config/remoteConfigFetcher');
 
 let windowSpy: any;
 
@@ -26,6 +29,13 @@ describe('connect', () => {
       addEventListener: jest.fn(),
       removeEventListener: jest.fn(),
     }));
+
+    // Mock RemoteConfigFetcher to prevent test failures
+    (RemoteConfigFetcher as unknown as jest.Mock).mockReturnValue({
+      getConfig: jest.fn().mockResolvedValue({
+        segmentPublishableKey: 'test-key',
+      }),
+    });
   });
 
   afterEach(() => {

packages/checkout/sdk/src/riskAssessment/riskAssessment.test.ts

@@ -45,6 +45,10 @@ describe('riskAssessment', () => {
       const sanctions = await fetchRiskAssessment(
         [address1, address2],
         mockedConfig,
+        [
+          { address: address1, tokenAddr: '0xtest1', amount: '100' },
+          { address: address2, tokenAddr: '0xtest2', amount: '200' },
+        ],
       );
 
       expect(sanctions[address1.toLowerCase()]).toEqual({ sanctioned: false });
@@ -62,13 +66,14 @@ describe('riskAssessment', () => {
       const sanctions = await fetchRiskAssessment(
         [address1],
         mockedConfig,
+        [{ address: address1, tokenAddr: '0xtest', amount: '100' }],
       );
 
       expect(sanctions[address1.toLowerCase()]).toEqual({ sanctioned: false });
       expect(mockedAxios.post).not.toHaveBeenCalled();
     });
 
-    it('should return default risk assessment not found for address', async () => {
+    it('should return default risk assessment on empty response', async () => {
       mockRemoteConfig.mockResolvedValue({
         enabled: true,
         levels: ['severe'],
@@ -85,6 +90,7 @@ describe('riskAssessment', () => {
       const sanctions = await fetchRiskAssessment(
         [address1],
         mockedConfig,
+        [{ address: address1, tokenAddr: '0xtest', amount: '100' }],
       );
 
       expect(sanctions[address1.toLowerCase()]).toEqual({ sanctioned: false });

packages/checkout/sdk/src/riskAssessment/riskAssessment.ts

@@ -22,9 +22,17 @@ export type AssessmentResult = {
   };
 };
 
+// New type for v2 request items
+type SanctionsCheckV2RequestItem = {
+  address: string;
+  amount: string;
+  token_addr: string;
+};
+
 export const fetchRiskAssessment = async (
   addresses: string[],
   config: CheckoutConfiguration,
+  tokenData: Array<{ address: string; tokenAddr: string; amount: string }>,
 ): Promise<AssessmentResult> => {
   const result = Object.fromEntries(
     addresses.map((address) => [address.toLowerCase(), { sanctioned: false }]),
@@ -41,11 +49,27 @@ export const fetchRiskAssessment = async (
   try {
     const riskLevels = riskConfig?.levels.map((l) => l.toLowerCase()) ?? [];
 
+    // Prepare v2 request payload
+    const requestPayload: SanctionsCheckV2RequestItem[] = addresses.map((address) => {
+      const item: SanctionsCheckV2RequestItem = {
+        address,
+        token_addr: '',
+        amount: '0',
+      };
+
+      // Add token and amount data
+      const tokenInfo = tokenData.find((t) => t.address.toLowerCase() === address.toLowerCase());
+      if (tokenInfo) {
+        item.token_addr = tokenInfo.tokenAddr;
+        item.amount = tokenInfo.amount;
+      }
+
+      return item;
+    });
+
     const response = await axios.post<RiskAssessment[]>(
-      `${IMMUTABLE_API_BASE_URL[config.environment]}/v1/sanctions/check`,
-      {
-        addresses,
-      },
+      `${IMMUTABLE_API_BASE_URL[config.environment]}/v2/sanctions/check`,
+      requestPayload,
     );
 
     for (const assessment of response.data) {

packages/checkout/sdk/src/sdk.ts

@@ -226,12 +226,16 @@ export class Checkout {
   }
 
   /**
-   * Fetches the risk assessment for the given addresses.
+   * Fetches risk assessment for the given addresses.
    * @param {string[]} addresses - The addresses to assess.
+   * @param {Array<{address: string; tokenAddr: string; amount: string}>} tokenData - Required token and amount data for each address.
    * @returns {Promise<AssessmentResult>} - A promise that resolves to the risk assessment result.
    */
-  public async getRiskAssessment(addresses: string[]): Promise<AssessmentResult> {
-    return await fetchRiskAssessment(addresses, this.config);
+  public async getRiskAssessment(
+    addresses: string[],
+    tokenData: Array<{ address: string; tokenAddr: string; amount: string }>,
+  ): Promise<AssessmentResult> {
+    return await fetchRiskAssessment(addresses, this.config, tokenData);
   }
 
   /**

packages/checkout/widgets-lib/src/functions/checkSanctionedAddresses.ts

@@ -7,7 +7,8 @@ import {
 export const checkSanctionedAddresses = async (
   addresses: string[],
   config: CheckoutConfiguration,
+  tokenData: Array<{ address: string; tokenAddr: string; amount: string }>,
 ): Promise<boolean> => {
-  const result = await fetchRiskAssessment(addresses, config);
+  const result = await fetchRiskAssessment(addresses, config, tokenData);
   return isAddressSanctioned(result, undefined);
 };

packages/checkout/widgets-lib/src/widgets/add-tokens/views/AddTokens.tsx

@@ -425,7 +425,15 @@ export function AddTokens({
   const sendRequestOnRampEvent = async () => {
     if (
       toAddress
-      && (await checkSanctionedAddresses([toAddress], checkout.config))
+      && (await checkSanctionedAddresses(
+        [toAddress],
+        checkout.config,
+        [{
+          address: toAddress,
+          tokenAddr: selectedToken?.address || '',
+          amount: selectedAmount || '0',
+        }],
+      ))
     ) {
       viewDispatch({
         payload: {
@@ -502,6 +510,18 @@ export function AddTokens({
       && (await checkSanctionedAddresses(
         [fromAddress, toAddress],
         checkout.config,
+        [
+          {
+            address: fromAddress,
+            tokenAddr: selectedToken?.address || '',
+            amount: selectedAmount || '0',
+          },
+          {
+            address: toAddress,
+            tokenAddr: selectedToken?.address || '',
+            amount: selectedAmount || '0',
+          },
+        ],
       ))
     ) {
       viewDispatch({

packages/checkout/widgets-lib/src/widgets/bridge/components/BridgeForm.tsx

@@ -188,15 +188,29 @@ export function BridgeForm(props: BridgeFormProps) {
         addresses.push(to.walletAddress);
       }
 
-      const assessment = await fetchRiskAssessment(addresses, checkout.config);
+      // Prepare token data for v2 API - now required
+      const tokenData = [
+        {
+          address: from.walletAddress,
+          tokenAddr: formToken?.token.address || '',
+          amount: formAmount || '0',
+        },
+        ...(to.walletAddress.toLowerCase() !== from.walletAddress.toLowerCase() ? [{
+          address: to.walletAddress,
+          tokenAddr: formToken?.token.address || '',
+          amount: formAmount || '0',
+        }] : []),
+      ];
+
+      const assessment = await fetchRiskAssessment(addresses, checkout.config, tokenData);
       bridgeDispatch({
         payload: {
           type: BridgeActions.SET_RISK_ASSESSMENT,
           riskAssessment: assessment,
         },
       });
     })();
-  }, [checkout, from, to]);
+  }, [checkout, from, to, formToken, formAmount]);
 
   const canFetchEstimates = (silently: boolean): boolean => {
     if (Number.isNaN(parseFloat(formAmount))) return false;

packages/checkout/widgets-lib/src/widgets/on-ramp/views/OnRampMain.tsx

@@ -231,7 +231,14 @@ export function OnRampMain({
     (async () => {
       const walletAddress = await (await provider.getSigner()).getAddress();
 
-      const assessment = await fetchRiskAssessment([walletAddress], checkout.config);
+      // Prepare token data for v2 API - now required
+      const tokenData = [{
+        address: walletAddress,
+        tokenAddr: tokenAddress || '',
+        amount: tokenAmount || '0',
+      }];
+
+      const assessment = await fetchRiskAssessment([walletAddress], checkout.config, tokenData);
 
       if (isAddressSanctioned(assessment)) {
         viewDispatch({

packages/checkout/widgets-lib/src/widgets/sale/context/SaleContextProvider.tsx

@@ -257,10 +257,20 @@ export function SaleContextProvider(props: {
         return;
       }
 
-      const assessment = await fetchRiskAssessment([address], checkout.config);
+      // Prepare token data for v2 API - now required
+      // Use selectedCurrency and orderQuote to get token address and amount when they exist
+      const tokenData = [{
+        address,
+        tokenAddr: selectedCurrency?.address || '',
+        amount: (selectedCurrency?.address && orderQuote.totalAmount[selectedCurrency.name])
+          ? orderQuote.totalAmount[selectedCurrency.name].amount.toString()
+          : '0',
+      }];
+
+      const assessment = await fetchRiskAssessment([address], checkout.config, tokenData);
       setRiskAssessment(assessment);
     })();
-  }, [checkout, provider]);
+  }, [checkout, provider, selectedCurrency, orderQuote]);
 
   const {
     sign: signOrder,

packages/checkout/widgets-lib/src/widgets/swap/SwapWidget.tsx

@@ -205,7 +205,14 @@ export default function SwapWidget({
         return;
       }
 
-      const assessment = await fetchRiskAssessment([address], checkout.config);
+      // Prepare token data for v2 API - now required
+      const tokenData = [{
+        address,
+        tokenAddr: fromTokenAddress || '',
+        amount: amount || '0',
+      }];
+
+      const assessment = await fetchRiskAssessment([address], checkout.config, tokenData);
       swapDispatch({
         payload: {
           type: SwapActions.SET_RISK_ASSESSMENT,