feat: Update current-account service layer for dimension-agnostic Amount (#1256)

* feat: Update current-account service layer for dimension-agnostic Amount

Replace NewMoney() calls and .Currency() method references in the service
layer with dimension-agnostic Amount constructors and .InstrumentCode():

- Add protoMoneyToAmount() helper in grpc_mappers.go that converts a
  google.type.Money proto to domain.Amount using the account's instrument
  for precision-aware, dimension-agnostic conversion (supports CURRENCY,
  ENERGY, COMPUTE, CARBON, etc.)
- grpc_deposit_endpoints.go: replace NewMoney() calls with protoMoneyToAmount()
- grpc_withdrawal_execute.go: same replacement
- grpc_withdrawal_manage.go: same replacement with minor-unit variable rename
- lien_service.go:
  - Move account prefetch before amount parsing to provide instrument context
  - Add instrument code validation in legacy lien path before amount conversion
  - Replace NewMoney(account.Balance().InstrumentCode(), ...) with
    NewAmountFromInstrument(..., account.Balance().Dimension(), ...) at
    available-balance calculation sites
  - Remove unused protoToMoney() method and commonpb import

* fix: address CodeRabbit review feedback on Amount conversion helpers

- toMoneyAmount: make precision-aware (was hardcoded for 2-decimal currency)
  - use scale=10^precision and nanosPerMinor=10^(9-precision) for any instrument
- protoMoneyToAmount: fix signed rounding and add post-rounding overflow guard
  - half-up rounding (+ half/nanosPerUnit) incorrectly rounded negative nanos toward zero
  - use half-away-from-zero branching on sign so negative amounts round correctly
  - add post-rounding overflow guard to catch unitsMinor+nanosMinor overflow
- grpc_deposit_endpoints: add nil guard for req.Amount before account fetch
- lien_service: fall back to account.AvailableBalance() if NewAmountFromInstrument fails

* fix: replace NewMoney with NewAmountFromInstrument in valuation lien path

The valuation path was hardcoding `* 100` (2-decimal assumption) and calling
domain.NewMoney which only handles CURRENCY dimension. Replace with
precision-aware decimal.Shift(precision) scaling and NewAmountFromInstrument
so energy and other non-2-decimal instruments work correctly.

* fix: address second-round CodeRabbit findings on Amount conversion

- grpc_deposit_endpoints: use opStatusInvalidAmount instead of
  operationStatusInvalidCurrency when protoMoneyToAmount fails
- grpc_mappers: add explicit precision bounds check [0..9] in
  protoMoneyToAmount; add ErrInvalidPrecision sentinel error

---------

Co-authored-by: Ben Coombs <bjcoombs@users.noreply.github.com>

Author: bjcoombs

services/current-account/service/grpc_deposit_endpoints.go

@@ -3,7 +3,6 @@ package service
 import (
 	"context"
 	"errors"
-	"math"
 	"time"
 
 	pb "github.com/meridianhub/meridian/api/proto/meridian/current_account/v1"
@@ -101,6 +100,12 @@ func (s *Service) ExecuteDeposit(ctx context.Context, req *pb.ExecuteDepositRequ
 		}()
 	}
 
+	// Validate amount is present before account fetch to fail fast on malformed requests.
+	if req.Amount == nil || req.Amount.Amount == nil {
+		operationStatus = opStatusMissingAmount
+		return nil, status.Error(codes.InvalidArgument, "amount is required")
+	}
+
 	// Retrieve account (context carries organization for multi-tenant routing)
 	account, err := s.repo.FindByID(ctx, req.AccountId)
 	if err != nil {
@@ -120,36 +125,13 @@ func (s *Service) ExecuteDeposit(ctx context.Context, req *pb.ExecuteDepositRequ
 			account.Balance().InstrumentCode(), req.Amount.Amount.CurrencyCode)
 	}
 
-	// Convert amount from proto (MoneyAmount wraps google.type.Money)
-	// Validate overflow: Units*100 must not overflow int64
-	if req.Amount.Amount.Units > math.MaxInt64/100 || req.Amount.Amount.Units < math.MinInt64/100 {
-		operationStatus = opStatusAmountOverflow
-		return nil, status.Errorf(codes.InvalidArgument,
-			"amount too large: units %d would overflow", req.Amount.Amount.Units)
-	}
-
-	// Convert to cents preserving precision
-	unitsCents := req.Amount.Amount.Units * 100
-	// Round nanos to nearest cent (0.5 rounds up)
-	nanosCents := (req.Amount.Amount.Nanos + 5000000) / 10000000
-
-	// Use Money.Add to safely handle potential overflow from adding nanosCents
-	centsMoney, err := domain.NewMoney(req.Amount.Amount.CurrencyCode, unitsCents)
-	if err != nil {
-		operationStatus = operationStatusInvalidCurrency
-		return nil, status.Errorf(codes.InvalidArgument, "invalid currency: %v", err)
-	}
-
-	nanosMoney, err := domain.NewMoney(req.Amount.Amount.CurrencyCode, int64(nanosCents))
+	// Convert amount from proto (MoneyAmount wraps google.type.Money) using the account's instrument.
+	// The account's instrument determines dimension and precision; the proto CurrencyCode is already
+	// validated against account.Balance().InstrumentCode() above.
+	amount, err := protoMoneyToAmount(req.Amount, account)
 	if err != nil {
-		operationStatus = operationStatusInvalidCurrency
-		return nil, status.Errorf(codes.InvalidArgument, "invalid currency: %v", err)
-	}
-
-	amount, err := centsMoney.Add(nanosMoney)
-	if err != nil {
-		operationStatus = operationStatusInvalidCurrency
-		return nil, status.Errorf(codes.InvalidArgument, "invalid currency: %v", err)
+		operationStatus = opStatusInvalidAmount
+		return nil, status.Errorf(codes.InvalidArgument, "invalid amount: %v", err)
 	}
 
 	// Validate amount is positive
@@ -162,7 +144,7 @@ func (s *Service) ExecuteDeposit(ctx context.Context, req *pb.ExecuteDepositRequ
 	if amountCents <= 0 {
 		operationStatus = opStatusInvalidAmount
 		return nil, status.Errorf(codes.InvalidArgument,
-			"deposit amount must be positive, got %d cents", amountCents)
+			"deposit amount must be positive, got %d minor units", amountCents)
 	}
 
 	// Generate transaction ID (full UUID required by position-keeping service)

services/current-account/service/grpc_mappers.go

@@ -1,7 +1,9 @@
 package service
 
 import (
+	"fmt"
 	"log/slog"
+	"math"
 
 	commonpb "github.com/meridianhub/meridian/api/proto/meridian/common/v1"
 	pb "github.com/meridianhub/meridian/api/proto/meridian/current_account/v1"
@@ -50,17 +52,21 @@ func safeMinorUnits(m domain.Amount) int64 {
 }
 
 func toMoneyAmount(m domain.Amount) *commonpb.MoneyAmount {
-	amountCents := safeMinorUnits(m)
-	units := amountCents / 100
-	remainder := amountCents % 100
+	amountMinor := safeMinorUnits(m)
+	precision := m.Instrument().Precision
+	// #nosec G115 - precision is bounded by instrument definition (0-9 in practice)
+	scale := int64(math.Pow10(precision))
+	nanosPerMinor := int64(math.Pow10(9 - precision))
 
-	// Convert remainder to nanos (9 digits, but we only use 8 for cents precision)
-	// Per google.type.Money spec: nanos MUST share the sign of units
+	units := amountMinor / scale
+	remainder := amountMinor % scale
+
+	// Per google.type.Money spec: nanos MUST share the sign of units.
 	// - Positive amounts: both units and nanos are positive or zero
 	// - Negative amounts: both units and nanos are negative or zero
-	// Example: -£1.23 = Units=-1, Nanos=-230000000
-	// #nosec G115 - remainder is always -99 to 99, multiplication result fits in int32
-	nanos := int32(remainder * 10000000)
+	// remainder already shares the sign of amountMinor due to Go's truncating division.
+	// #nosec G115 - remainder is always -(scale-1) to (scale-1); product fits in int32
+	nanos := int32(remainder * nanosPerMinor)
 
 	return &commonpb.MoneyAmount{
 		Amount: &money.Money{
@@ -114,6 +120,72 @@ func mapRegistryDimension(registryDimension string) string {
 	return registryDimension
 }
 
+// protoMoneyToAmount converts a proto MoneyAmount to a domain Amount using the account's
+// instrument for dimension-agnostic precision support. The proto CurrencyCode field carries
+// the instrument code (e.g. "GBP" or "KWH"); the account's dimension and precision are used
+// to construct the correct minor-unit Amount regardless of instrument type.
+//
+// The conversion formula is precision-aware:
+//
+//	scale        = 10^precision
+//	nanosPerUnit = 10^(9-precision)
+//	totalMinor   = Units * scale + round(Nanos / nanosPerUnit)
+//
+// For 2-decimal CURRENCY (e.g. GBP): scale=100, nanosPerUnit=10_000_000
+// For 3-decimal ENERGY (e.g. KWH):   scale=1000, nanosPerUnit=1_000_000
+func protoMoneyToAmount(amount *commonpb.MoneyAmount, account domain.CurrentAccount) (domain.Amount, error) {
+	if amount == nil || amount.Amount == nil {
+		return domain.Amount{}, ErrAmountRequired
+	}
+
+	precision := account.Balance().Instrument().Precision
+	// google.type.Money uses nanos (10^9), so precision must be in [0..9].
+	// Values outside this range cannot be represented in nanos without losing precision.
+	if precision < 0 || precision > 9 {
+		return domain.Amount{}, fmt.Errorf("%w: got %d", ErrInvalidPrecision, precision)
+	}
+	// #nosec G115 - precision is bounded by instrument definition (0-9 in practice)
+	scale := int64(math.Pow10(precision))
+	nanosPerUnit := int64(math.Pow10(9 - precision))
+
+	// Overflow guard: reject units that would cause Units*scale to overflow int64.
+	// Using the same boundary as math.MaxInt64/scale (integer division) which equals
+	// the largest units value where units*scale does not overflow.
+	if amount.Amount.Units > math.MaxInt64/scale || amount.Amount.Units < math.MinInt64/scale {
+		return domain.Amount{}, fmt.Errorf("%w: units %d would overflow for precision %d",
+			ErrAmountOverflow, amount.Amount.Units, precision)
+	}
+
+	unitsMinor := amount.Amount.Units * scale
+
+	// Round nanos to nearest minor unit using half-away-from-zero (banker's-round alternative).
+	// Simple half-up (+ half) rounds negative nanos toward zero, which is incorrect.
+	// We must branch on sign so that -5_000_001 rounds to -1, not 0.
+	nanos := int64(amount.Amount.Nanos)
+	half := nanosPerUnit / 2
+	var nanosMinor int64
+	if nanos >= 0 {
+		nanosMinor = (nanos + half) / nanosPerUnit
+	} else {
+		nanosMinor = (nanos - half) / nanosPerUnit
+	}
+
+	// Post-rounding overflow guard: unitsMinor + nanosMinor must not overflow int64.
+	if (nanosMinor > 0 && unitsMinor > math.MaxInt64-nanosMinor) ||
+		(nanosMinor < 0 && unitsMinor < math.MinInt64-nanosMinor) {
+		return domain.Amount{}, fmt.Errorf("%w: total minor units would overflow after nanos rounding",
+			ErrAmountOverflow)
+	}
+	totalMinor := unitsMinor + nanosMinor
+
+	return domain.NewAmountFromInstrument(
+		account.Balance().InstrumentCode(),
+		account.Balance().Dimension(),
+		precision,
+		totalMinor,
+	)
+}
+
 func mapStatusToProto(status domain.AccountStatus) pb.AccountStatus {
 	switch status {
 	case domain.AccountStatusActive:

services/current-account/service/grpc_withdrawal_execute.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"math"
 	"time"
 
 	"github.com/google/uuid"
@@ -208,36 +207,13 @@ func (s *Service) ExecuteWithdrawal(ctx context.Context, req *pb.ExecuteWithdraw
 			account.Balance().InstrumentCode(), reqAmount.Amount.CurrencyCode)
 	}
 
-	// Convert amount from proto (MoneyAmount wraps google.type.Money)
-	// Validate overflow: Units*100 must not overflow int64
-	if reqAmount.Amount.Units > math.MaxInt64/100 || reqAmount.Amount.Units < math.MinInt64/100 {
-		operationStatus = opStatusAmountOverflow
-		return nil, status.Errorf(codes.InvalidArgument,
-			"amount too large: units %d would overflow", reqAmount.Amount.Units)
-	}
-
-	// Convert to cents preserving precision
-	unitsCents := reqAmount.Amount.Units * 100
-	// Round nanos to nearest cent (0.5 rounds up)
-	nanosCents := (reqAmount.Amount.Nanos + 5000000) / 10000000
-
-	// Use Money.Add to safely handle potential overflow from adding nanosCents
-	centsMoney, err := domain.NewMoney(reqAmount.Amount.CurrencyCode, unitsCents)
-	if err != nil {
-		operationStatus = operationStatusInvalidCurrency
-		return nil, status.Errorf(codes.InvalidArgument, "invalid currency: %v", err)
-	}
-
-	nanosMoney, err := domain.NewMoney(reqAmount.Amount.CurrencyCode, int64(nanosCents))
-	if err != nil {
-		operationStatus = operationStatusInvalidCurrency
-		return nil, status.Errorf(codes.InvalidArgument, "invalid currency: %v", err)
-	}
-
-	amount, err := centsMoney.Add(nanosMoney)
+	// Convert amount from proto (MoneyAmount wraps google.type.Money) using the account's instrument.
+	// The account's instrument determines dimension and precision; the proto CurrencyCode is already
+	// validated against account.Balance().InstrumentCode() above.
+	amount, err := protoMoneyToAmount(reqAmount, account)
 	if err != nil {
 		operationStatus = operationStatusInvalidCurrency
-		return nil, status.Errorf(codes.InvalidArgument, "invalid currency: %v", err)
+		return nil, status.Errorf(codes.InvalidArgument, "invalid amount: %v", err)
 	}
 
 	// Validate amount is positive
@@ -250,7 +226,7 @@ func (s *Service) ExecuteWithdrawal(ctx context.Context, req *pb.ExecuteWithdraw
 	if amountCents <= 0 {
 		operationStatus = opStatusInvalidAmount
 		return nil, status.Errorf(codes.InvalidArgument,
-			"withdrawal amount must be positive, got %d cents", amountCents)
+			"withdrawal amount must be positive, got %d minor units", amountCents)
 	}
 
 	// Generate transaction ID (full UUID required by position-keeping service)

services/current-account/service/grpc_withdrawal_manage.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"math"
 	"time"
 
 	"github.com/google/uuid"
@@ -78,28 +77,29 @@ func (s *Service) InitiateWithdrawal(ctx context.Context, req *pb.InitiateWithdr
 			account.Balance().InstrumentCode(), req.Amount.Amount.CurrencyCode)
 	}
 
-	// Validate overflow: Units*100 must not overflow int64
-	if req.Amount.Amount.Units > math.MaxInt64/100 || req.Amount.Amount.Units < math.MinInt64/100 {
-		operationStatus = opStatusAmountOverflow
-		return nil, status.Errorf(codes.InvalidArgument,
-			"amount too large: units %d would overflow", req.Amount.Amount.Units)
+	// Convert amount from proto using the account's instrument (supports any dimension/precision).
+	// The proto CurrencyCode is already validated against the account's instrument code above.
+	amount, err := protoMoneyToAmount(req.Amount, account)
+	if err != nil {
+		operationStatus = operationStatusInvalidCurrency
+		return nil, status.Errorf(codes.InvalidArgument, "invalid amount: %v", err)
 	}
 
-	// Convert and validate amount
-	unitsCents := req.Amount.Amount.Units * 100
-	nanosCents := (req.Amount.Amount.Nanos + 5000000) / 10000000
-	amountCents := unitsCents + int64(nanosCents)
-
-	if amountCents <= 0 {
+	amountMinor, err := amount.ToMinorUnits()
+	if err != nil {
+		operationStatus = opStatusAmountOverflow
+		return nil, status.Errorf(codes.InvalidArgument, "amount too large: %v", err)
+	}
+	if amountMinor <= 0 {
 		operationStatus = opStatusInvalidAmount
 		return nil, status.Errorf(codes.InvalidArgument, "withdrawal amount must be positive")
 	}
 
 	// Check available balance (warning only - balance could change before execution)
-	availCents, _ := account.AvailableBalance().ToMinorUnits()
-	if amountCents > availCents {
+	availMinor, _ := account.AvailableBalance().ToMinorUnits()
+	if amountMinor > availMinor {
 		validationMessages = append(validationMessages,
-			fmt.Sprintf("Warning: requested amount (%d cents) exceeds current available balance (%d cents)", amountCents, availCents))
+			fmt.Sprintf("Warning: requested amount (%d minor units) exceeds current available balance (%d minor units)", amountMinor, availMinor))
 	}
 
 	// Use provided reference if available, otherwise generate one
@@ -108,13 +108,6 @@ func (s *Service) InitiateWithdrawal(ctx context.Context, req *pb.InitiateWithdr
 		reference = fmt.Sprintf("WTH-%s", uuid.New().String()[:8])
 	}
 
-	// Create domain Money from amount cents
-	amount, err := domain.NewMoney(req.Amount.Amount.CurrencyCode, amountCents)
-	if err != nil {
-		operationStatus = operationStatusInvalidCurrency
-		return nil, status.Errorf(codes.InvalidArgument, "invalid currency: %v", err)
-	}
-
 	// Create domain withdrawal
 	domainWithdrawal, err := domain.NewWithdrawal(account.ID(), amount, reference)
 	if err != nil {
@@ -138,7 +131,7 @@ func (s *Service) InitiateWithdrawal(ctx context.Context, req *pb.InitiateWithdr
 		"withdrawal_id", domainWithdrawal.ID,
 		"withdrawal_reference", reference,
 		"account_id", req.AccountId,
-		"amount_cents", amountCents)
+		"amount_minor_units", amountMinor)
 
 	// Convert domain withdrawal to proto
 	withdrawal := toProtoWithdrawal(domainWithdrawal, req.AccountId)