@gvnrdao/dh-sdk 0.0.271 → 0.0.272
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/browser/dist/browser.js +1 -1
- package/dist/contracts/typechain-contracts/factories/src/psm/SimplePSMV2__factory.d.ts +70 -11
- package/dist/contracts/typechain-contracts/src/psm/SimplePSMV2.d.ts +68 -9
- package/dist/deployments.js +7 -7
- package/dist/deployments.mjs +7 -7
- package/dist/index.js +262 -91
- package/dist/index.mjs +262 -91
- package/dist/modules/diamond-hands-sdk.d.ts +19 -0
- package/dist/utils/eip712-login.d.ts +8 -1
- package/dist/utils/service-endpoint-policy.d.ts +7 -2
- package/package.json +3 -3
|
@@ -742,6 +742,25 @@ export declare class DiamondHandsSDK {
|
|
|
742
742
|
balanceBtc: string;
|
|
743
743
|
btcPrice: string;
|
|
744
744
|
}, SDKError>>;
|
|
745
|
+
/**
|
|
746
|
+
* Get a PKP-signed TOTAL confirmed Bitcoin balance for a raw vault ADDRESS
|
|
747
|
+
* (no positionId) via the `btc-address-balance` LIT Action.
|
|
748
|
+
*
|
|
749
|
+
* Exercises the balance-query path (BitcoinProviderRegistry decrypt →
|
|
750
|
+
* cross-provider consensus → PKP signature) using only an address. This is
|
|
751
|
+
* NOT a protocol trusted/available balance: authorized spends are not
|
|
752
|
+
* subtracted, and the returned signature is an `AddressBalanceAttestation`
|
|
753
|
+
* (NOT a `BalanceConfirmation` — it is not consumable by
|
|
754
|
+
* `PositionManager.updateBalance`).
|
|
755
|
+
*/
|
|
756
|
+
getAddressBalance(vaultAddress: string): Promise<Result<{
|
|
757
|
+
vaultAddress: string;
|
|
758
|
+
totalBalanceSats: string;
|
|
759
|
+
totalBalanceBtc: string;
|
|
760
|
+
providerCount: number;
|
|
761
|
+
signature: string;
|
|
762
|
+
validatorPkp: string;
|
|
763
|
+
}, SDKError>>;
|
|
745
764
|
/**
|
|
746
765
|
* Mint mock BTC tokens (test networks only)
|
|
747
766
|
*
|
|
@@ -8,6 +8,8 @@ export interface DhServerLoginMessage {
|
|
|
8
8
|
address: string;
|
|
9
9
|
issuedAt: number;
|
|
10
10
|
nonce: string;
|
|
11
|
+
/** Audit M-8: service endpoint URL this login targets (replay-binds to one service). */
|
|
12
|
+
audience?: string;
|
|
11
13
|
}
|
|
12
14
|
export interface DhServerLoginPayload {
|
|
13
15
|
chainId: number;
|
|
@@ -20,8 +22,13 @@ export declare function buildLoginDomain(chainId: number): {
|
|
|
20
22
|
chainId: number;
|
|
21
23
|
};
|
|
22
24
|
export declare const LOGIN_TYPES: Record<string, TypedDataField[]>;
|
|
25
|
+
/** Audit M-8: login types with the audience binding. */
|
|
26
|
+
export declare const LOGIN_TYPES_WITH_AUDIENCE: Record<string, TypedDataField[]>;
|
|
23
27
|
/**
|
|
24
28
|
* Sign a fresh login envelope. Caller POSTs the returned `payload` to the
|
|
25
29
|
* server's `/api/auth/login` route.
|
|
30
|
+
*
|
|
31
|
+
* Audit M-8: pass `audience` (the service endpoint URL being logged into) to bind the login to
|
|
32
|
+
* one service. Omit it for legacy compatibility during the migration window.
|
|
26
33
|
*/
|
|
27
|
-
export declare function buildSignedLoginPayload(signer: Signer, chainId: number): Promise<DhServerLoginPayload>;
|
|
34
|
+
export declare function buildSignedLoginPayload(signer: Signer, chainId: number, audience?: string): Promise<DhServerLoginPayload>;
|
|
@@ -1,7 +1,12 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* Refuses to send session JWTs or signed auth payloads over plaintext HTTP
|
|
3
3
|
* unless the endpoint is loopback. https://* is always allowed; http://localhost,
|
|
4
|
-
* http://127.0.0.1, http://[::1]
|
|
5
|
-
*
|
|
4
|
+
* http://127.0.0.1 (and the 127.0.0.0/8 range), and http://[::1] are allowed for
|
|
5
|
+
* local development; everything else throws.
|
|
6
|
+
*
|
|
7
|
+
* Audit L-10: the previous `*.localhost` wildcard was dropped. `.localhost` is reserved to
|
|
8
|
+
* loopback by RFC 6761, but not every resolver honours it strictly — a hostile or misconfigured
|
|
9
|
+
* DNS could resolve `foo.localhost` to an off-host IP and exfiltrate the cleartext token. Exact
|
|
10
|
+
* loopback literals + the numeric 127.0.0.0/8 range can't be DNS-hijacked.
|
|
6
11
|
*/
|
|
7
12
|
export declare function assertSafeServiceEndpoint(endpoint: string): void;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@gvnrdao/dh-sdk",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.272",
|
|
4
4
|
"description": "TypeScript SDK for Diamond Hands Protocol - Bitcoin-backed lending with LIT Protocol PKPs",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -81,8 +81,8 @@
|
|
|
81
81
|
},
|
|
82
82
|
"sideEffects": false,
|
|
83
83
|
"dependencies": {
|
|
84
|
-
"@gvnrdao/dh-lit-actions": "^0.0.
|
|
85
|
-
"@gvnrdao/dh-lit-ops": "^0.0.
|
|
84
|
+
"@gvnrdao/dh-lit-actions": "^0.0.305",
|
|
85
|
+
"@gvnrdao/dh-lit-ops": "^0.0.292",
|
|
86
86
|
"@noble/hashes": "^1.5.0",
|
|
87
87
|
"axios": "^1.15.2",
|
|
88
88
|
"bech32": "^2.0.0",
|