@avaprotocol/sdk-js 3.0.0 → 3.2.0

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @avaprotocol/sdk-js
 
+## 3.2.0
+
+### Minor Changes
+
+- 8ea2a5b: Extend the catalog re-export surface and bump `@avaprotocol/protocols` to `^0.6.0`.
+
+## 3.1.0
+
+### Minor Changes
+
+- 3b4e2df: fix: `buildAuthMessage`, `signAuthMessage`, and `AuthResource.exchangeWithKey` now require a `uri` parameter (the origin URL the user is authenticating against). This replaces the previously hardcoded `https://app.avaprotocol.org` value so wallet popups display the correct site. The `uri` value is validated as a non-empty, syntactically valid URL at runtime; whitespace-only strings and non-URL values throw immediately.
+
 ## 3.0.0
 
 ### Major Changes — REST cutover

package/dist/index.js

@@ -34,12 +34,14 @@ __export(index_exports, {
   OperatorsResource: () => OperatorsResource,
   Protocols: () => import_protocols2.Protocols,
   SecretsResource: () => SecretsResource,
+  Tokens: () => import_protocols2.Tokens,
   TokensResource: () => TokensResource,
   Triggers: () => Triggers,
   TriggersResource: () => TriggersResource,
   WalletsResource: () => WalletsResource,
   WorkflowsResource: () => WorkflowsResource,
   buildAuthMessage: () => buildAuthMessage,
+  lookupToken: () => import_protocols2.lookupToken,
   signAuthMessage: () => signAuthMessage
 });
 module.exports = __toCommonJS(index_exports);
@@ -195,13 +197,26 @@ var Transport = class {
 var import_ethers = require("ethers");
 var AUTH_TEMPLATE = `Please sign the below text for ownership verification.
 
-URI: https://app.avaprotocol.org
+URI: {uri}
 Chain ID: {chainId}
 Version: {version}
 Issued At: {issuedAt}
 Expire At: {expireAt}
 Wallet: {wallet}`;
 function buildAuthMessage(input) {
+  const trimmedUri = typeof input.uri === "string" ? input.uri.trim() : "";
+  if (!trimmedUri) {
+    throw new Error(
+      "buildAuthMessage: uri must be a non-empty string (the origin the user is signing into, e.g. window.location.origin)."
+    );
+  }
+  try {
+    new URL(trimmedUri);
+  } catch {
+    throw new Error(
+      "buildAuthMessage: uri must be a valid URL (e.g. window.location.origin)."
+    );
+  }
   if (!Number.isInteger(input.chainId) || input.chainId <= 0) {
     throw new Error(
       "buildAuthMessage: chainId must be a positive integer (the wallet's currently-connected chain)."
@@ -215,18 +230,30 @@ function buildAuthMessage(input) {
   const issuedAt = input.issuedAt ?? /* @__PURE__ */ new Date();
   const expireAt = input.expireAt ?? new Date(issuedAt.getTime() + 24 * 60 * 60 * 1e3);
   const ownerAddress = (0, import_ethers.getAddress)(input.ownerAddress);
-  const message = AUTH_TEMPLATE.replace("{chainId}", String(input.chainId)).replace("{version}", input.version).replace("{issuedAt}", toRFC3339Millis(issuedAt)).replace("{expireAt}", toRFC3339Millis(expireAt)).replace("{wallet}", ownerAddress);
+  const replacements = {
+    "{uri}": trimmedUri,
+    "{chainId}": String(input.chainId),
+    "{version}": input.version,
+    "{issuedAt}": toRFC3339Millis(issuedAt),
+    "{expireAt}": toRFC3339Millis(expireAt),
+    "{wallet}": ownerAddress
+  };
+  const message = AUTH_TEMPLATE.replace(
+    /\{uri\}|\{chainId\}|\{version\}|\{issuedAt\}|\{expireAt\}|\{wallet\}/g,
+    (m) => replacements[m]
+  );
   return { message, chainId: input.chainId, ownerAddress, expireAt };
 }
 async function signAuthMessage(privateKey, input) {
   if (input == null || typeof input !== "object") {
     throw new Error(
-      "signAuthMessage: input is required \u2014 pass { chainId, version } (chainId from the wallet's connected chain, version from client.health.check())."
+      "signAuthMessage: input is required \u2014 pass { uri, chainId, version } (uri from the calling origin, chainId from the wallet's connected chain, version from client.health.check())."
     );
   }
   const signer = new import_ethers.Wallet(privateKey);
   const built = buildAuthMessage({
     ownerAddress: input.ownerAddress ?? signer.address,
+    uri: input.uri,
     chainId: input.chainId,
     version: input.version,
     issuedAt: input.issuedAt,
@@ -273,11 +300,13 @@ var AuthResource = class {
    * callers should use `buildAuthMessage` + a wallet's
    * `personal_sign` and then call `exchange()` directly.
    *
-   * `chainId` and `version` are required for the same reasons as
-   * `buildAuthMessage` — silently defaulting either field would
-   * mis-route every wallet RPC the resulting JWT is used for.
-   * `version` is the gateway binary version; the simplest source
-   * is the `version` field returned by `client.health.check()`.
+   * `uri`, `chainId`, and `version` are required for the same reasons
+   * as `buildAuthMessage` — silent defaults would lie about the origin
+   * the user is signing for, mis-route wallet RPCs, or hide which
+   * gateway minted the JWT. `version` is the gateway binary version;
+   * the simplest source is the `version` field returned by
+   * `client.health.check()`. `uri` is the calling origin (the studio
+   * URL the user is on right now).
    */
   async exchangeWithKey(privateKey, opts) {
     const signed = await signAuthMessage(privateKey, opts);
@@ -980,11 +1009,13 @@ var import_protocols2 = require("@avaprotocol/protocols");
   OperatorsResource,
   Protocols,
   SecretsResource,
+  Tokens,
   TokensResource,
   Triggers,
   TriggersResource,
   WalletsResource,
   WorkflowsResource,
   buildAuthMessage,
+  lookupToken,
   signAuthMessage
 });

package/dist/index.mjs

@@ -149,13 +149,26 @@ var Transport = class {
 import { Wallet, getAddress } from "ethers";
 var AUTH_TEMPLATE = `Please sign the below text for ownership verification.
 
-URI: https://app.avaprotocol.org
+URI: {uri}
 Chain ID: {chainId}
 Version: {version}
 Issued At: {issuedAt}
 Expire At: {expireAt}
 Wallet: {wallet}`;
 function buildAuthMessage(input) {
+  const trimmedUri = typeof input.uri === "string" ? input.uri.trim() : "";
+  if (!trimmedUri) {
+    throw new Error(
+      "buildAuthMessage: uri must be a non-empty string (the origin the user is signing into, e.g. window.location.origin)."
+    );
+  }
+  try {
+    new URL(trimmedUri);
+  } catch {
+    throw new Error(
+      "buildAuthMessage: uri must be a valid URL (e.g. window.location.origin)."
+    );
+  }
   if (!Number.isInteger(input.chainId) || input.chainId <= 0) {
     throw new Error(
       "buildAuthMessage: chainId must be a positive integer (the wallet's currently-connected chain)."
@@ -169,18 +182,30 @@ function buildAuthMessage(input) {
   const issuedAt = input.issuedAt ?? /* @__PURE__ */ new Date();
   const expireAt = input.expireAt ?? new Date(issuedAt.getTime() + 24 * 60 * 60 * 1e3);
   const ownerAddress = getAddress(input.ownerAddress);
-  const message = AUTH_TEMPLATE.replace("{chainId}", String(input.chainId)).replace("{version}", input.version).replace("{issuedAt}", toRFC3339Millis(issuedAt)).replace("{expireAt}", toRFC3339Millis(expireAt)).replace("{wallet}", ownerAddress);
+  const replacements = {
+    "{uri}": trimmedUri,
+    "{chainId}": String(input.chainId),
+    "{version}": input.version,
+    "{issuedAt}": toRFC3339Millis(issuedAt),
+    "{expireAt}": toRFC3339Millis(expireAt),
+    "{wallet}": ownerAddress
+  };
+  const message = AUTH_TEMPLATE.replace(
+    /\{uri\}|\{chainId\}|\{version\}|\{issuedAt\}|\{expireAt\}|\{wallet\}/g,
+    (m) => replacements[m]
+  );
   return { message, chainId: input.chainId, ownerAddress, expireAt };
 }
 async function signAuthMessage(privateKey, input) {
   if (input == null || typeof input !== "object") {
     throw new Error(
-      "signAuthMessage: input is required \u2014 pass { chainId, version } (chainId from the wallet's connected chain, version from client.health.check())."
+      "signAuthMessage: input is required \u2014 pass { uri, chainId, version } (uri from the calling origin, chainId from the wallet's connected chain, version from client.health.check())."
     );
   }
   const signer = new Wallet(privateKey);
   const built = buildAuthMessage({
     ownerAddress: input.ownerAddress ?? signer.address,
+    uri: input.uri,
     chainId: input.chainId,
     version: input.version,
     issuedAt: input.issuedAt,
@@ -227,11 +252,13 @@ var AuthResource = class {
    * callers should use `buildAuthMessage` + a wallet's
    * `personal_sign` and then call `exchange()` directly.
    *
-   * `chainId` and `version` are required for the same reasons as
-   * `buildAuthMessage` — silently defaulting either field would
-   * mis-route every wallet RPC the resulting JWT is used for.
-   * `version` is the gateway binary version; the simplest source
-   * is the `version` field returned by `client.health.check()`.
+   * `uri`, `chainId`, and `version` are required for the same reasons
+   * as `buildAuthMessage` — silent defaults would lie about the origin
+   * the user is signing for, mis-route wallet RPCs, or hide which
+   * gateway minted the JWT. `version` is the gateway binary version;
+   * the simplest source is the `version` field returned by
+   * `client.health.check()`. `uri` is the calling origin (the studio
+   * URL the user is on right now).
    */
   async exchangeWithKey(privateKey, opts) {
     const signed = await signAuthMessage(privateKey, opts);
@@ -917,7 +944,11 @@ var Nodes = Object.freeze({
 });
 
 // src/v4/protocols/index.ts
-import { Protocols } from "@avaprotocol/protocols";
+import {
+  Protocols,
+  Tokens,
+  lookupToken
+} from "@avaprotocol/protocols";
 export {
   APIError,
   AUTH_TEMPLATE,
@@ -933,11 +964,13 @@ export {
   OperatorsResource,
   Protocols,
   SecretsResource,
+  Tokens,
   TokensResource,
   Triggers,
   TriggersResource,
   WalletsResource,
   WorkflowsResource,
   buildAuthMessage,
+  lookupToken,
   signAuthMessage
 };

package/dist/v4/auth.d.ts

@@ -6,10 +6,21 @@
  * (build + sign) so non-SDK callers (web wallets, smart-account
  * signers) can produce a message that exchanges cleanly.
  */
-export declare const AUTH_TEMPLATE = "Please sign the below text for ownership verification.\n\nURI: https://app.avaprotocol.org\nChain ID: {chainId}\nVersion: {version}\nIssued At: {issuedAt}\nExpire At: {expireAt}\nWallet: {wallet}";
+export declare const AUTH_TEMPLATE = "Please sign the below text for ownership verification.\n\nURI: {uri}\nChain ID: {chainId}\nVersion: {version}\nIssued At: {issuedAt}\nExpire At: {expireAt}\nWallet: {wallet}";
 export interface BuildAuthMessageInput {
     /** EOA the JWT will be bound to. Lowercased / checksummed both work. */
     ownerAddress: string;
+    /**
+     * Origin URL the user is authenticating against. Required — callers
+     * MUST pass the actual studio/app origin the user is on right now
+     * (e.g. `https://app.avaprotocol.org` in production, `http://localhost:3000`
+     * in local dev). Shows up in the wallet popup as the "site" the user
+     * is granting access to, so a dishonest value reads as a phishing
+     * attempt or a config bug. The aggregator currently does not validate
+     * this field, but it's a candidate for cross-origin replay protection
+     * if it's ever turned on server-side.
+     */
+    uri: string;
     /**
      * Chain ID to embed in the canonical message. Required — callers
      * MUST pass the user's currently-connected wallet chain (e.g.
@@ -52,7 +63,8 @@ export interface BuiltAuthMessage {
  * @example
  *   const { version } = await client.health.check();
  *   const chainId = await wallet.getChainId();
- *   const { message } = buildAuthMessage({ ownerAddress, chainId, version });
+ *   const uri = window.location.origin; // or the studio's getSiteUrlOrDefault()
+ *   const { message } = buildAuthMessage({ ownerAddress, uri, chainId, version });
  *   const signature = await wallet.signMessage(message);
  *   const { token } = await client.auth.exchange({ ownerAddress, message, signature });
  */
@@ -64,9 +76,10 @@ export declare function buildAuthMessage(input: BuildAuthMessageInput): BuiltAut
  * where the private key is in hand; browser flows use
  * `buildAuthMessage` + a wallet's `personal_sign`.
  *
- * `chainId` and `version` are required for the same reasons as
- * `buildAuthMessage` — silent defaults would lie about the chain
- * the JWT is bound to and the gateway it was signed against.
+ * `uri`, `chainId`, and `version` are required for the same reasons as
+ * `buildAuthMessage` — silent defaults would lie about the origin the
+ * user is signing for, the chain the JWT is bound to, or the gateway
+ * it was signed against.
  */
 export declare function signAuthMessage(privateKey: string, input: Omit<BuildAuthMessageInput, "ownerAddress"> & {
     ownerAddress?: string;

package/dist/v4/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/v4/auth.ts"],"names":[],"mappings":"AAEA;;;;;;;GAOG;AACH,eAAO,MAAM,aAAa,wMAOT,CAAC;AAElB,MAAM,WAAW,qBAAqB;IACpC,wEAAwE;IACxE,YAAY,EAAE,MAAM,CAAC;IACrB;;;;;;;;;;;;;OAaG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;;;;OAMG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,QAAQ,CAAC,EAAE,IAAI,CAAC;IAChB,mDAAmD;IACnD,QAAQ,CAAC,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC;CACzB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,qBAAqB,GAAG,gBAAgB,CAuB/E;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,eAAe,CACnC,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,IAAI,CAAC,qBAAqB,EAAE,cAAc,CAAC,GAAG;IAAE,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7E,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,IAAI,CAAA;CAAE,CAAC,CA2BvF"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/v4/auth.ts"],"names":[],"mappings":"AAEA;;;;;;;GAOG;AACH,eAAO,MAAM,aAAa,kLAOT,CAAC;AAElB,MAAM,WAAW,qBAAqB;IACpC,wEAAwE;IACxE,YAAY,EAAE,MAAM,CAAC;IACrB;;;;;;;;;OASG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;;;;;;;;;;;;OAaG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;;;;OAMG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,QAAQ,CAAC,EAAE,IAAI,CAAC;IAChB,mDAAmD;IACnD,QAAQ,CAAC,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC;CACzB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,qBAAqB,GAAG,gBAAgB,CA0C/E;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,eAAe,CACnC,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,IAAI,CAAC,qBAAqB,EAAE,cAAc,CAAC,GAAG;IAAE,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7E,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,IAAI,CAAA;CAAE,CAAC,CA4BvF"}

package/dist/v4/auth.js

@@ -9,7 +9,7 @@ import { Wallet, getAddress } from "ethers";
  */
 export const AUTH_TEMPLATE = `Please sign the below text for ownership verification.
 
-URI: https://app.avaprotocol.org
+URI: {uri}
 Chain ID: {chainId}
 Version: {version}
 Issued At: {issuedAt}
@@ -23,11 +23,22 @@ Wallet: {wallet}`;
  * @example
  *   const { version } = await client.health.check();
  *   const chainId = await wallet.getChainId();
- *   const { message } = buildAuthMessage({ ownerAddress, chainId, version });
+ *   const uri = window.location.origin; // or the studio's getSiteUrlOrDefault()
+ *   const { message } = buildAuthMessage({ ownerAddress, uri, chainId, version });
  *   const signature = await wallet.signMessage(message);
  *   const { token } = await client.auth.exchange({ ownerAddress, message, signature });
  */
 export function buildAuthMessage(input) {
+    const trimmedUri = typeof input.uri === "string" ? input.uri.trim() : "";
+    if (!trimmedUri) {
+        throw new Error("buildAuthMessage: uri must be a non-empty string (the origin the user is signing into, e.g. window.location.origin).");
+    }
+    try {
+        new URL(trimmedUri);
+    }
+    catch {
+        throw new Error("buildAuthMessage: uri must be a valid URL (e.g. window.location.origin).");
+    }
     if (!Number.isInteger(input.chainId) || input.chainId <= 0) {
         throw new Error("buildAuthMessage: chainId must be a positive integer (the wallet's currently-connected chain).");
     }
@@ -39,12 +50,15 @@ export function buildAuthMessage(input) {
     // Canonicalize the address so the wire form matches what the
     // aggregator extracts via crypto.PubkeyToAddress.
     const ownerAddress = getAddress(input.ownerAddress);
-    const message = AUTH_TEMPLATE
-        .replace("{chainId}", String(input.chainId))
-        .replace("{version}", input.version)
-        .replace("{issuedAt}", toRFC3339Millis(issuedAt))
-        .replace("{expireAt}", toRFC3339Millis(expireAt))
-        .replace("{wallet}", ownerAddress);
+    const replacements = {
+        "{uri}": trimmedUri,
+        "{chainId}": String(input.chainId),
+        "{version}": input.version,
+        "{issuedAt}": toRFC3339Millis(issuedAt),
+        "{expireAt}": toRFC3339Millis(expireAt),
+        "{wallet}": ownerAddress,
+    };
+    const message = AUTH_TEMPLATE.replace(/\{uri\}|\{chainId\}|\{version\}|\{issuedAt\}|\{expireAt\}|\{wallet\}/g, (m) => replacements[m]);
     return { message, chainId: input.chainId, ownerAddress, expireAt };
 }
 /**
@@ -54,9 +68,10 @@ export function buildAuthMessage(input) {
  * where the private key is in hand; browser flows use
  * `buildAuthMessage` + a wallet's `personal_sign`.
  *
- * `chainId` and `version` are required for the same reasons as
- * `buildAuthMessage` — silent defaults would lie about the chain
- * the JWT is bound to and the gateway it was signed against.
+ * `uri`, `chainId`, and `version` are required for the same reasons as
+ * `buildAuthMessage` — silent defaults would lie about the origin the
+ * user is signing for, the chain the JWT is bound to, or the gateway
+ * it was signed against.
  */
 export async function signAuthMessage(privateKey, input) {
     // Defensive runtime guard for JS callers / TS callers casting through
@@ -64,11 +79,12 @@ export async function signAuthMessage(privateKey, input) {
     // undefined" inside buildAuthMessage. The type-level requirement
     // stands; this just makes the breaking-change error legible.
     if (input == null || typeof input !== "object") {
-        throw new Error("signAuthMessage: input is required — pass { chainId, version } (chainId from the wallet's connected chain, version from client.health.check()).");
+        throw new Error("signAuthMessage: input is required — pass { uri, chainId, version } (uri from the calling origin, chainId from the wallet's connected chain, version from client.health.check()).");
     }
     const signer = new Wallet(privateKey);
     const built = buildAuthMessage({
         ownerAddress: input.ownerAddress ?? signer.address,
+        uri: input.uri,
         chainId: input.chainId,
         version: input.version,
         issuedAt: input.issuedAt,

package/dist/v4/index.d.ts

@@ -2,7 +2,7 @@ export { Client, type ClientOptions } from "./client";
 export { Chains, type ChainId } from "./chains";
 export { Triggers } from "./builders/triggers";
 export { Nodes } from "./builders/nodes";
-export { Protocols, type AbiFragment, type AddressByChain } from "./protocols";
+export { Protocols, Tokens, lookupToken, type AbiFragment, type AddressByChain, type TokenByChain, type TokenChainEntry, type TokenLinks, } from "./protocols";
 export { buildAuthMessage, signAuthMessage, AUTH_TEMPLATE, type BuildAuthMessageInput, type BuiltAuthMessage, } from "./auth";
 export { APIError, NetworkError, AuthRequiredError } from "./internal/errors";
 export { AuthResource } from "./resources/auth";

package/dist/v4/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/v4/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,MAAM,EAAE,KAAK,aAAa,EAAE,MAAM,UAAU,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,KAAK,WAAW,EAAE,KAAK,cAAc,EAAE,MAAM,aAAa,CAAC;AAC/E,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,GACtB,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAK9E,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAI1D,YAAY,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/v4/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,MAAM,EAAE,KAAK,aAAa,EAAE,MAAM,UAAU,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,KAAK,OAAO,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AAC/C,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACzC,OAAO,EACL,SAAS,EACT,MAAM,EACN,WAAW,EACX,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,UAAU,GAChB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,aAAa,EACb,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,GACtB,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAK9E,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAI1D,YAAY,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC"}

package/dist/v4/index.js

@@ -6,7 +6,7 @@ export { Client } from "./client";
 export { Chains } from "./chains";
 export { Triggers } from "./builders/triggers";
 export { Nodes } from "./builders/nodes";
-export { Protocols } from "./protocols";
+export { Protocols, Tokens, lookupToken, } from "./protocols";
 export { buildAuthMessage, signAuthMessage, AUTH_TEMPLATE, } from "./auth";
 export { APIError, NetworkError, AuthRequiredError } from "./internal/errors";
 // Resource classes are exported in case advanced consumers want to

package/dist/v4/protocols/index.d.ts

@@ -1,2 +1,2 @@
-export { Protocols, type AbiFragment, type AddressByChain } from "@avaprotocol/protocols";
+export { Protocols, Tokens, lookupToken, type AbiFragment, type AddressByChain, type TokenByChain, type TokenChainEntry, type TokenLinks, } from "@avaprotocol/protocols";
 //# sourceMappingURL=index.d.ts.map

package/dist/v4/protocols/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/v4/protocols/index.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,SAAS,EAAE,KAAK,WAAW,EAAE,KAAK,cAAc,EAAE,MAAM,wBAAwB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/v4/protocols/index.ts"],"names":[],"mappings":"AAaA,OAAO,EACL,SAAS,EACT,MAAM,EACN,WAAW,EACX,KAAK,WAAW,EAChB,KAAK,cAAc,EACnB,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,UAAU,GAChB,MAAM,wBAAwB,CAAC"}

package/dist/v4/protocols/index.js

@@ -10,4 +10,4 @@
 // when a new protocol address lands or a new chain comes online;
 // bumping `@avaprotocol/protocols` minor version + republishing this
 // SDK package picks it up automatically.
-export { Protocols } from "@avaprotocol/protocols";
+export { Protocols, Tokens, lookupToken, } from "@avaprotocol/protocols";

package/dist/v4/resources/auth.d.ts

@@ -25,14 +25,17 @@ export declare class AuthResource {
      * callers should use `buildAuthMessage` + a wallet's
      * `personal_sign` and then call `exchange()` directly.
      *
-     * `chainId` and `version` are required for the same reasons as
-     * `buildAuthMessage` — silently defaulting either field would
-     * mis-route every wallet RPC the resulting JWT is used for.
-     * `version` is the gateway binary version; the simplest source
-     * is the `version` field returned by `client.health.check()`.
+     * `uri`, `chainId`, and `version` are required for the same reasons
+     * as `buildAuthMessage` — silent defaults would lie about the origin
+     * the user is signing for, mis-route wallet RPCs, or hide which
+     * gateway minted the JWT. `version` is the gateway binary version;
+     * the simplest source is the `version` field returned by
+     * `client.health.check()`. `uri` is the calling origin (the studio
+     * URL the user is on right now).
      */
     exchangeWithKey(privateKey: string, opts: {
         ownerAddress?: string;
+        uri: string;
         chainId: number;
         version: string;
     }): Promise<v4.AuthExchangeResponse>;

package/dist/v4/resources/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/v4/resources/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AAG7C,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD;;;;;;;GAOG;AACH,qBAAa,YAAY;IACX,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAAT,SAAS,EAAE,SAAS;IAEjD;;;;;OAKG;IACG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,GAAG,OAAO,CAAC,EAAE,CAAC,oBAAoB,CAAC;IAY7E;;;;;;;;;;;;OAYG;IACG,eAAe,CACnB,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE;QAAE,YAAY,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GAChE,OAAO,CAAC,EAAE,CAAC,oBAAoB,CAAC;IASnC;;;OAGG;IACH,KAAK,IAAI,IAAI;CAGd"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/v4/resources/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AAG7C,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD;;;;;;;GAOG;AACH,qBAAa,YAAY;IACX,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAAT,SAAS,EAAE,SAAS;IAEjD;;;;;OAKG;IACG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,GAAG,OAAO,CAAC,EAAE,CAAC,oBAAoB,CAAC;IAY7E;;;;;;;;;;;;;;OAcG;IACG,eAAe,CACnB,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE;QAAE,YAAY,CAAC,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GAC7E,OAAO,CAAC,EAAE,CAAC,oBAAoB,CAAC;IASnC;;;OAGG;IACH,KAAK,IAAI,IAAI;CAGd"}

package/dist/v4/resources/auth.js

@@ -35,11 +35,13 @@ export class AuthResource {
      * callers should use `buildAuthMessage` + a wallet's
      * `personal_sign` and then call `exchange()` directly.
      *
-     * `chainId` and `version` are required for the same reasons as
-     * `buildAuthMessage` — silently defaulting either field would
-     * mis-route every wallet RPC the resulting JWT is used for.
-     * `version` is the gateway binary version; the simplest source
-     * is the `version` field returned by `client.health.check()`.
+     * `uri`, `chainId`, and `version` are required for the same reasons
+     * as `buildAuthMessage` — silent defaults would lie about the origin
+     * the user is signing for, mis-route wallet RPCs, or hide which
+     * gateway minted the JWT. `version` is the gateway binary version;
+     * the simplest source is the `version` field returned by
+     * `client.health.check()`. `uri` is the calling origin (the studio
+     * URL the user is on right now).
      */
     async exchangeWithKey(privateKey, opts) {
         const signed = await signAuthMessage(privateKey, opts);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@avaprotocol/sdk-js",
-  "version": "3.0.0",
+  "version": "3.2.0",
   "description": "TypeScript SDK for Ava Protocol's AVS REST API. Resource-grouped sub-clients, fetch transport, EIP-191 auth.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -32,7 +32,7 @@
     "prepare": "node ../../scripts/prepare-package.js"
   },
   "dependencies": {
-    "@avaprotocol/protocols": "^0.2.0",
+    "@avaprotocol/protocols": "^0.6.0",
     "@avaprotocol/types": "^3.0.0",
     "dotenv": "^16.4.5",
     "ethers": "^6.13.2"