@gvnrdao/dh-sdk 0.0.272 → 0.0.274

package/browser/dist/browser.js.LICENSE.txt

@@ -5,7 +5,7 @@
  * @license  MIT
  */
 
-/*! Axios v1.16.1 Copyright (c) 2026 Matt Zabriskie and contributors */
+/*! Axios v1.17.0 Copyright (c) 2026 Matt Zabriskie and contributors */
 
 /*! MIT License. Copyright 2015-2022 Richard Moore <me@ricmoo.com>. See LICENSE.txt. */
 

package/dist/index.js

@@ -31391,17 +31391,17 @@ var require_pkg_src = __commonJS({
         hash: "b7e4abec403555d85e2b0eaabed0fdd95640b5f0d068c67bba63afaa2cd200d0"
       },
       ucdMintValidator: {
-        cid: "QmdfotNWFe9at78piu4zKqN1Hk6GDY97ofC8YWABoRxNTz",
+        cid: "QmUtDgwYFqbLhhBkhRfHRTN51SyHm1CHcCQU2qUvpCzpfc",
         authorizedCidHex: cidToHex(
-          "QmdfotNWFe9at78piu4zKqN1Hk6GDY97ofC8YWABoRxNTz"
+          "QmUtDgwYFqbLhhBkhRfHRTN51SyHm1CHcCQU2qUvpCzpfc"
         ),
         name: "Ucd Mint Validator",
         description: "Production Ucd Mint Validator",
         version: "1.0.0",
         deployed: true,
-        deployedAt: 1780420101129,
-        size: 67513,
-        hash: "6918134d5daa56f01e3077e0716976103bd2d4ff3efddc8c2e388484953eb1fa",
+        deployedAt: 1780485728736,
+        size: 67380,
+        hash: "901f0ec80a04cb9daad84c35c69bcf0dc8892a05ae9431a23c1855e1ab9aed9d",
         validatorWalletAddress: "0x36f3dd61c4c08a56d29ed2fd6d5f111b67b6a7a1",
         pkp: {
           publicKey: "0x041ab17cd91fc5c0b761eea6092d032807561b621b82c488826776e04a9158d61ba64d809a4729f0501289d980732cb06d8dfd06999dd9c8efd2f495dad78b31bb",
@@ -31523,17 +31523,17 @@ var require_pkg_src = __commonJS({
       // Requires BitcoinProviderRegistry.addAllowedCid(chainId, keccak256(utf8(cid)))
       // on each target chain (the action decrypts registry slots). No OAR entry.
       btcAddressBalance: {
-        cid: "QmdF7eMxEc4UxFYPXhzyZ9dLkLeVwQNCfPrmirP1BGdSvT",
+        cid: "QmdBMy7Niz4Vsgbmh1Pm3aXK8PL3uJwS7GDeoCKd8Yuua6",
         authorizedCidHex: cidToHex(
-          "QmdF7eMxEc4UxFYPXhzyZ9dLkLeVwQNCfPrmirP1BGdSvT"
+          "QmdBMy7Niz4Vsgbmh1Pm3aXK8PL3uJwS7GDeoCKd8Yuua6"
         ),
         name: "Btc Address Balance",
         description: "Address-only signed total BTC balance via registry consensus (no positionId, no price)",
         version: "0.1.0",
         deployed: true,
-        deployedAt: 1780425819676,
-        size: 21664,
-        hash: "89936009f1de066e41234de5a28a75ca31ce0b2ae9c7f47f299c995b8e112599",
+        deployedAt: 1780485650442,
+        size: 21864,
+        hash: "8369701c40e742ec54d34fec373f21cfd75f5dfd3ece4bc5358c7566032e7605",
         validatorWalletAddress: "0xf0bf5e3f864b87283a05d1e4a85ee0fa40493fb5",
         pkp: {
           publicKey: "0x0498cbb31facfa26e3ec83ccdabfe4fe341ca0282e0c3cb81da7113723b9726e1e49efa92165cc3faa66ced4454cea56dbab12267852d6525a55d7c4f128b912cd",
@@ -34716,7 +34716,19 @@ function getSepoliaConfig() {
   });
   return {
     mode: "service",
-    serviceEndpoint: readInitBackedEnv("LIT_OPS_ENDPOINT"),
+    // No production default — fail closed if unset. A missing LIT_OPS_ENDPOINT must
+    // NOT silently route signed/authenticated requests to the production service:
+    // that masks misconfiguration in local/dev/test. Returns "" when unset (Node:
+    // env missing; browser: always), so downstream validateServiceModeConfig throws.
+    // Node consumers must set LIT_OPS_ENDPOINT; browser apps pass serviceEndpoint
+    // explicitly from decrypted /v1/init (user config still wins over this).
+    // Lazy getter — resolved at access time, NOT captured at module-init.
+    // Reading the env var once at module load would freeze it empty when
+    // LIT_OPS_ENDPOINT is set after import (late-loaded dotenv, test setup),
+    // leaving Sepolia serviceEndpoint permanently "".
+    get serviceEndpoint() {
+      return readInitBackedEnv("LIT_OPS_ENDPOINT");
+    },
     chainId: 11155111,
     name: "sepolia",
     rpcUrls: [],
@@ -34744,7 +34756,10 @@ function getSepoliaConfig() {
       positionDelegateRegistry: SEPOLIA_CONTRACTS.PositionDelegateRegistry || ""
     },
     subgraphs: {
-      diamondHandsUrl: readInitBackedEnv("SUBGRAPH_URL")
+      // Lazy getter for the same module-init snapshot reason as serviceEndpoint.
+      get diamondHandsUrl() {
+        return readInitBackedEnv("SUBGRAPH_URL");
+      }
     },
     debug: true
   };
@@ -34877,13 +34892,13 @@ function getAllNetworkConfigs() {
 function isNetworkSupported(chainId) {
   return chainId in NETWORK_CONFIGS;
 }
-var isBrowser, isNode2, fs, path, CONTRACTS_PATH, DEPLOYMENTS_PATH, NETWORK_CONFIGS, DEFAULT_NETWORK_CONFIG;
+var isNode2, isBrowser, fs, path, CONTRACTS_PATH, DEPLOYMENTS_PATH, NETWORK_CONFIGS, DEFAULT_NETWORK_CONFIG;
 var init_network_configs = __esm({
   "src/constants/chunks/network-configs.ts"() {
     "use strict";
     init_deployment_addresses();
-    isBrowser = typeof window !== "undefined" || typeof global === "undefined" && typeof process === "undefined" || typeof navigator !== "undefined" && navigator.userAgent;
-    isNode2 = typeof process !== "undefined" && process.versions && process.versions.node && !isBrowser;
+    isNode2 = !!(typeof process !== "undefined" && process.versions && process.versions.node);
+    isBrowser = !isNode2 && (typeof window !== "undefined" || typeof global === "undefined" && typeof process === "undefined" || typeof navigator !== "undefined" && !!navigator.userAgent);
     fs = void 0;
     path = void 0;
     if (isNode2 && !isBrowser) {
@@ -107694,7 +107709,8 @@ function assertSafeServiceEndpoint(endpoint) {
   if (url.protocol === "http:") {
     const host = url.hostname.replace(/^\[|\]$/g, "");
     const isLoopback = host === "localhost" || host === "127.0.0.1" || host === "::1" || // IPv4 loopback range 127.0.0.0/8 (numeric — not resolvable/hijackable).
-    /^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(host);
+    // Each of the trailing three octets must be a valid 0–255 value.
+    /^127\.(?:(?:25[0-5]|2[0-4]\d|1?\d?\d)\.){2}(?:25[0-5]|2[0-4]\d|1?\d?\d)$/.test(host);
     if (isLoopback)
       return;
     throw new Error(
@@ -110748,6 +110764,19 @@ function createLoanCreator(config) {
   }
 }
 
+// src/types/loanStatus.ts
+var LoanStatus = /* @__PURE__ */ ((LoanStatus2) => {
+  LoanStatus2[LoanStatus2["PENDING_DEPOSIT"] = 0] = "PENDING_DEPOSIT";
+  LoanStatus2[LoanStatus2["PENDING_MINT"] = 1] = "PENDING_MINT";
+  LoanStatus2[LoanStatus2["ACTIVE"] = 2] = "ACTIVE";
+  LoanStatus2[LoanStatus2["EXPIRED"] = 3] = "EXPIRED";
+  LoanStatus2[LoanStatus2["LIQUIDATABLE"] = 4] = "LIQUIDATABLE";
+  LoanStatus2[LoanStatus2["LIQUIDATED"] = 5] = "LIQUIDATED";
+  LoanStatus2[LoanStatus2["REPAID"] = 6] = "REPAID";
+  LoanStatus2[LoanStatus2["CLOSED"] = 7] = "CLOSED";
+  return LoanStatus2;
+})(LoanStatus || {});
+
 // src/modules/loan/loan-query.module.ts
 var POSITION_CORE_ABI = [
   "function getPositionDetails(bytes32) view returns (tuple(bytes32 positionId, bytes32 pkpId, uint256 ucdDebt, string vaultAddress, address borrower, uint40 createdAt, uint40 lastUpdated, uint16 selectedTerm, uint40 expiryAt, uint8 status, uint40 previousExpiryAt, uint16 totalTerm))"
@@ -111110,44 +111139,22 @@ var LoanQuery = class {
    * Map numeric status to string for subgraph queries
    */
   mapStatusToString(status) {
-    const statusMap = {
-      0: "PENDING_DEPOSIT",
-      1: "ACTIVE",
-      2: "EXPIRED",
-      3: "REPAID",
-      4: "LIQUIDATED",
-      5: "EXTENDED"
-    };
-    return statusMap[status] || "ACTIVE";
+    return LoanStatus[status] ?? "ACTIVE";
   }
   /**
    * Map string status to numeric for filtering
    */
   mapStringToStatus(statusString) {
-    const statusMap = {
-      PENDING_DEPOSIT: 0,
-      ACTIVE: 1,
-      EXPIRED: 2,
-      REPAID: 3,
-      LIQUIDATED: 4,
-      EXTENDED: 5
-    };
-    return statusMap[statusString.toUpperCase()] ?? null;
+    const key = statusString.toUpperCase();
+    const value = LoanStatus[key];
+    return typeof value === "number" ? value : null;
   }
   /**
    * Validate if a string is a valid loan status
    */
   isValidStatus(statusString) {
-    const validStatuses = [
-      "PENDING_DEPOSIT",
-      "ACTIVE",
-      "EXPIRED",
-      "REPAID",
-      "LIQUIDATED",
-      "EXTENDED",
-      "CLOSED"
-    ];
-    return validStatuses.includes(statusString.toUpperCase());
+    const key = statusString.toUpperCase();
+    return typeof LoanStatus[key] === "number";
   }
   /**
    * Get loans for a borrower
@@ -111160,18 +111167,18 @@ var LoanQuery = class {
     return this.getLoans({ borrower, orderBy, orderDirection }, pagination);
   }
   /**
-   * Get active loans (status = 0)
+   * Get active loans (status = ACTIVE)
    *
    * @param pagination - Pagination parameters
    * @returns Paginated active loans
    */
   async getActiveLoans(pagination) {
-    return this.getLoans({ status: 0 }, pagination);
+    return this.getLoans({ status: 2 /* ACTIVE */ }, pagination);
   }
   /**
    * Get loans by state/status
    *
-   * @param state - Loan state (PENDING_DEPOSIT, ACTIVE, EXPIRED, REPAID, LIQUIDATED, EXTENDED, CLOSED)
+   * @param state - Loan state (PENDING_DEPOSIT, PENDING_MINT, ACTIVE, EXPIRED, LIQUIDATABLE, LIQUIDATED, REPAID, CLOSED)
    * @param pagination - Pagination parameters
    * @returns Paginated loans matching the specified state
    */
@@ -111179,7 +111186,7 @@ var LoanQuery = class {
     if (!this.isValidStatus(state)) {
       return failure(
         new SDKError({
-          message: `Invalid loan state: ${state}. Valid states are: PENDING_DEPOSIT, ACTIVE, EXPIRED, REPAID, LIQUIDATED, EXTENDED, CLOSED`,
+          message: `Invalid loan state: ${state}. Valid states are: PENDING_DEPOSIT, PENDING_MINT, ACTIVE, EXPIRED, LIQUIDATABLE, LIQUIDATED, REPAID, CLOSED`,
           category: "VALIDATION" /* VALIDATION */,
           severity: "LOW" /* LOW */,
           context: { state }
@@ -117162,19 +117169,6 @@ async function safeWaitForTransaction(tx, confirmations = 1, timeout = 6e4) {
   throw new Error(`Transaction ${txHash} confirmation timed out after ${timeout}ms`);
 }
 
-// src/types/loanStatus.ts
-var LoanStatus = /* @__PURE__ */ ((LoanStatus2) => {
-  LoanStatus2[LoanStatus2["PENDING_DEPOSIT"] = 0] = "PENDING_DEPOSIT";
-  LoanStatus2[LoanStatus2["PENDING_MINT"] = 1] = "PENDING_MINT";
-  LoanStatus2[LoanStatus2["ACTIVE"] = 2] = "ACTIVE";
-  LoanStatus2[LoanStatus2["EXPIRED"] = 3] = "EXPIRED";
-  LoanStatus2[LoanStatus2["LIQUIDATABLE"] = 4] = "LIQUIDATABLE";
-  LoanStatus2[LoanStatus2["LIQUIDATED"] = 5] = "LIQUIDATED";
-  LoanStatus2[LoanStatus2["REPAID"] = 6] = "REPAID";
-  LoanStatus2[LoanStatus2["CLOSED"] = 7] = "CLOSED";
-  return LoanStatus2;
-})(LoanStatus || {});
-
 // src/modules/diamond-hands-sdk.ts
 var DiamondHandsSDK = class _DiamondHandsSDK {
   config;
@@ -123004,11 +122998,15 @@ Error data: ${errorData || "none"}`
   async getAddressBalance(vaultAddress) {
     this.ensureInitialized();
     try {
-      if (this.config.mode !== "service") {
+      if (!isServiceModeConfig(this.config)) {
         throw new Error("getAddressBalance requires service mode \u2014 standalone mode is not supported");
       }
+      const trimmedAddress = vaultAddress?.trim();
+      if (!trimmedAddress) {
+        throw new Error("vaultAddress is required");
+      }
       const serviceEndpoint = this.config.serviceEndpoint;
-      const url = `${serviceEndpoint}/api/lit/address-balance?vaultAddress=${encodeURIComponent(vaultAddress)}`;
+      const url = `${serviceEndpoint}/api/lit/address-balance?vaultAddress=${encodeURIComponent(trimmedAddress)}`;
       const response = await fetch(url, {
         headers: await this.getAuthHeader()
       });

package/dist/index.mjs

@@ -31397,17 +31397,17 @@ var require_pkg_src = __commonJS({
         hash: "b7e4abec403555d85e2b0eaabed0fdd95640b5f0d068c67bba63afaa2cd200d0"
       },
       ucdMintValidator: {
-        cid: "QmdfotNWFe9at78piu4zKqN1Hk6GDY97ofC8YWABoRxNTz",
+        cid: "QmUtDgwYFqbLhhBkhRfHRTN51SyHm1CHcCQU2qUvpCzpfc",
         authorizedCidHex: cidToHex(
-          "QmdfotNWFe9at78piu4zKqN1Hk6GDY97ofC8YWABoRxNTz"
+          "QmUtDgwYFqbLhhBkhRfHRTN51SyHm1CHcCQU2qUvpCzpfc"
         ),
         name: "Ucd Mint Validator",
         description: "Production Ucd Mint Validator",
         version: "1.0.0",
         deployed: true,
-        deployedAt: 1780420101129,
-        size: 67513,
-        hash: "6918134d5daa56f01e3077e0716976103bd2d4ff3efddc8c2e388484953eb1fa",
+        deployedAt: 1780485728736,
+        size: 67380,
+        hash: "901f0ec80a04cb9daad84c35c69bcf0dc8892a05ae9431a23c1855e1ab9aed9d",
         validatorWalletAddress: "0x36f3dd61c4c08a56d29ed2fd6d5f111b67b6a7a1",
         pkp: {
           publicKey: "0x041ab17cd91fc5c0b761eea6092d032807561b621b82c488826776e04a9158d61ba64d809a4729f0501289d980732cb06d8dfd06999dd9c8efd2f495dad78b31bb",
@@ -31529,17 +31529,17 @@ var require_pkg_src = __commonJS({
       // Requires BitcoinProviderRegistry.addAllowedCid(chainId, keccak256(utf8(cid)))
       // on each target chain (the action decrypts registry slots). No OAR entry.
       btcAddressBalance: {
-        cid: "QmdF7eMxEc4UxFYPXhzyZ9dLkLeVwQNCfPrmirP1BGdSvT",
+        cid: "QmdBMy7Niz4Vsgbmh1Pm3aXK8PL3uJwS7GDeoCKd8Yuua6",
         authorizedCidHex: cidToHex(
-          "QmdF7eMxEc4UxFYPXhzyZ9dLkLeVwQNCfPrmirP1BGdSvT"
+          "QmdBMy7Niz4Vsgbmh1Pm3aXK8PL3uJwS7GDeoCKd8Yuua6"
         ),
         name: "Btc Address Balance",
         description: "Address-only signed total BTC balance via registry consensus (no positionId, no price)",
         version: "0.1.0",
         deployed: true,
-        deployedAt: 1780425819676,
-        size: 21664,
-        hash: "89936009f1de066e41234de5a28a75ca31ce0b2ae9c7f47f299c995b8e112599",
+        deployedAt: 1780485650442,
+        size: 21864,
+        hash: "8369701c40e742ec54d34fec373f21cfd75f5dfd3ece4bc5358c7566032e7605",
         validatorWalletAddress: "0xf0bf5e3f864b87283a05d1e4a85ee0fa40493fb5",
         pkp: {
           publicKey: "0x0498cbb31facfa26e3ec83ccdabfe4fe341ca0282e0c3cb81da7113723b9726e1e49efa92165cc3faa66ced4454cea56dbab12267852d6525a55d7c4f128b912cd",
@@ -34722,7 +34722,19 @@ function getSepoliaConfig() {
   });
   return {
     mode: "service",
-    serviceEndpoint: readInitBackedEnv("LIT_OPS_ENDPOINT"),
+    // No production default — fail closed if unset. A missing LIT_OPS_ENDPOINT must
+    // NOT silently route signed/authenticated requests to the production service:
+    // that masks misconfiguration in local/dev/test. Returns "" when unset (Node:
+    // env missing; browser: always), so downstream validateServiceModeConfig throws.
+    // Node consumers must set LIT_OPS_ENDPOINT; browser apps pass serviceEndpoint
+    // explicitly from decrypted /v1/init (user config still wins over this).
+    // Lazy getter — resolved at access time, NOT captured at module-init.
+    // Reading the env var once at module load would freeze it empty when
+    // LIT_OPS_ENDPOINT is set after import (late-loaded dotenv, test setup),
+    // leaving Sepolia serviceEndpoint permanently "".
+    get serviceEndpoint() {
+      return readInitBackedEnv("LIT_OPS_ENDPOINT");
+    },
     chainId: 11155111,
     name: "sepolia",
     rpcUrls: [],
@@ -34750,7 +34762,10 @@ function getSepoliaConfig() {
       positionDelegateRegistry: SEPOLIA_CONTRACTS.PositionDelegateRegistry || ""
     },
     subgraphs: {
-      diamondHandsUrl: readInitBackedEnv("SUBGRAPH_URL")
+      // Lazy getter for the same module-init snapshot reason as serviceEndpoint.
+      get diamondHandsUrl() {
+        return readInitBackedEnv("SUBGRAPH_URL");
+      }
     },
     debug: true
   };
@@ -34883,13 +34898,13 @@ function getAllNetworkConfigs() {
 function isNetworkSupported(chainId) {
   return chainId in NETWORK_CONFIGS;
 }
-var isBrowser, isNode2, fs, path, CONTRACTS_PATH, DEPLOYMENTS_PATH, NETWORK_CONFIGS, DEFAULT_NETWORK_CONFIG;
+var isNode2, isBrowser, fs, path, CONTRACTS_PATH, DEPLOYMENTS_PATH, NETWORK_CONFIGS, DEFAULT_NETWORK_CONFIG;
 var init_network_configs = __esm({
   "src/constants/chunks/network-configs.ts"() {
     "use strict";
     init_deployment_addresses();
-    isBrowser = typeof window !== "undefined" || typeof global === "undefined" && typeof process === "undefined" || typeof navigator !== "undefined" && navigator.userAgent;
-    isNode2 = typeof process !== "undefined" && process.versions && process.versions.node && !isBrowser;
+    isNode2 = !!(typeof process !== "undefined" && process.versions && process.versions.node);
+    isBrowser = !isNode2 && (typeof window !== "undefined" || typeof global === "undefined" && typeof process === "undefined" || typeof navigator !== "undefined" && !!navigator.userAgent);
     fs = void 0;
     path = void 0;
     if (isNode2 && !isBrowser) {
@@ -107618,7 +107633,8 @@ function assertSafeServiceEndpoint(endpoint) {
   if (url.protocol === "http:") {
     const host = url.hostname.replace(/^\[|\]$/g, "");
     const isLoopback = host === "localhost" || host === "127.0.0.1" || host === "::1" || // IPv4 loopback range 127.0.0.0/8 (numeric — not resolvable/hijackable).
-    /^127\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(host);
+    // Each of the trailing three octets must be a valid 0–255 value.
+    /^127\.(?:(?:25[0-5]|2[0-4]\d|1?\d?\d)\.){2}(?:25[0-5]|2[0-4]\d|1?\d?\d)$/.test(host);
     if (isLoopback)
       return;
     throw new Error(
@@ -110672,6 +110688,19 @@ function createLoanCreator(config) {
   }
 }
 
+// src/types/loanStatus.ts
+var LoanStatus = /* @__PURE__ */ ((LoanStatus2) => {
+  LoanStatus2[LoanStatus2["PENDING_DEPOSIT"] = 0] = "PENDING_DEPOSIT";
+  LoanStatus2[LoanStatus2["PENDING_MINT"] = 1] = "PENDING_MINT";
+  LoanStatus2[LoanStatus2["ACTIVE"] = 2] = "ACTIVE";
+  LoanStatus2[LoanStatus2["EXPIRED"] = 3] = "EXPIRED";
+  LoanStatus2[LoanStatus2["LIQUIDATABLE"] = 4] = "LIQUIDATABLE";
+  LoanStatus2[LoanStatus2["LIQUIDATED"] = 5] = "LIQUIDATED";
+  LoanStatus2[LoanStatus2["REPAID"] = 6] = "REPAID";
+  LoanStatus2[LoanStatus2["CLOSED"] = 7] = "CLOSED";
+  return LoanStatus2;
+})(LoanStatus || {});
+
 // src/modules/loan/loan-query.module.ts
 var POSITION_CORE_ABI = [
   "function getPositionDetails(bytes32) view returns (tuple(bytes32 positionId, bytes32 pkpId, uint256 ucdDebt, string vaultAddress, address borrower, uint40 createdAt, uint40 lastUpdated, uint16 selectedTerm, uint40 expiryAt, uint8 status, uint40 previousExpiryAt, uint16 totalTerm))"
@@ -111034,44 +111063,22 @@ var LoanQuery = class {
    * Map numeric status to string for subgraph queries
    */
   mapStatusToString(status) {
-    const statusMap = {
-      0: "PENDING_DEPOSIT",
-      1: "ACTIVE",
-      2: "EXPIRED",
-      3: "REPAID",
-      4: "LIQUIDATED",
-      5: "EXTENDED"
-    };
-    return statusMap[status] || "ACTIVE";
+    return LoanStatus[status] ?? "ACTIVE";
   }
   /**
    * Map string status to numeric for filtering
    */
   mapStringToStatus(statusString) {
-    const statusMap = {
-      PENDING_DEPOSIT: 0,
-      ACTIVE: 1,
-      EXPIRED: 2,
-      REPAID: 3,
-      LIQUIDATED: 4,
-      EXTENDED: 5
-    };
-    return statusMap[statusString.toUpperCase()] ?? null;
+    const key = statusString.toUpperCase();
+    const value = LoanStatus[key];
+    return typeof value === "number" ? value : null;
   }
   /**
    * Validate if a string is a valid loan status
    */
   isValidStatus(statusString) {
-    const validStatuses = [
-      "PENDING_DEPOSIT",
-      "ACTIVE",
-      "EXPIRED",
-      "REPAID",
-      "LIQUIDATED",
-      "EXTENDED",
-      "CLOSED"
-    ];
-    return validStatuses.includes(statusString.toUpperCase());
+    const key = statusString.toUpperCase();
+    return typeof LoanStatus[key] === "number";
   }
   /**
    * Get loans for a borrower
@@ -111084,18 +111091,18 @@ var LoanQuery = class {
     return this.getLoans({ borrower, orderBy, orderDirection }, pagination);
   }
   /**
-   * Get active loans (status = 0)
+   * Get active loans (status = ACTIVE)
    *
    * @param pagination - Pagination parameters
    * @returns Paginated active loans
    */
   async getActiveLoans(pagination) {
-    return this.getLoans({ status: 0 }, pagination);
+    return this.getLoans({ status: 2 /* ACTIVE */ }, pagination);
   }
   /**
    * Get loans by state/status
    *
-   * @param state - Loan state (PENDING_DEPOSIT, ACTIVE, EXPIRED, REPAID, LIQUIDATED, EXTENDED, CLOSED)
+   * @param state - Loan state (PENDING_DEPOSIT, PENDING_MINT, ACTIVE, EXPIRED, LIQUIDATABLE, LIQUIDATED, REPAID, CLOSED)
    * @param pagination - Pagination parameters
    * @returns Paginated loans matching the specified state
    */
@@ -111103,7 +111110,7 @@ var LoanQuery = class {
     if (!this.isValidStatus(state)) {
       return failure(
         new SDKError({
-          message: `Invalid loan state: ${state}. Valid states are: PENDING_DEPOSIT, ACTIVE, EXPIRED, REPAID, LIQUIDATED, EXTENDED, CLOSED`,
+          message: `Invalid loan state: ${state}. Valid states are: PENDING_DEPOSIT, PENDING_MINT, ACTIVE, EXPIRED, LIQUIDATABLE, LIQUIDATED, REPAID, CLOSED`,
           category: "VALIDATION" /* VALIDATION */,
           severity: "LOW" /* LOW */,
           context: { state }
@@ -117086,19 +117093,6 @@ async function safeWaitForTransaction(tx, confirmations = 1, timeout = 6e4) {
   throw new Error(`Transaction ${txHash} confirmation timed out after ${timeout}ms`);
 }
 
-// src/types/loanStatus.ts
-var LoanStatus = /* @__PURE__ */ ((LoanStatus2) => {
-  LoanStatus2[LoanStatus2["PENDING_DEPOSIT"] = 0] = "PENDING_DEPOSIT";
-  LoanStatus2[LoanStatus2["PENDING_MINT"] = 1] = "PENDING_MINT";
-  LoanStatus2[LoanStatus2["ACTIVE"] = 2] = "ACTIVE";
-  LoanStatus2[LoanStatus2["EXPIRED"] = 3] = "EXPIRED";
-  LoanStatus2[LoanStatus2["LIQUIDATABLE"] = 4] = "LIQUIDATABLE";
-  LoanStatus2[LoanStatus2["LIQUIDATED"] = 5] = "LIQUIDATED";
-  LoanStatus2[LoanStatus2["REPAID"] = 6] = "REPAID";
-  LoanStatus2[LoanStatus2["CLOSED"] = 7] = "CLOSED";
-  return LoanStatus2;
-})(LoanStatus || {});
-
 // src/modules/diamond-hands-sdk.ts
 var DiamondHandsSDK = class _DiamondHandsSDK {
   config;
@@ -122928,11 +122922,15 @@ Error data: ${errorData || "none"}`
   async getAddressBalance(vaultAddress) {
     this.ensureInitialized();
     try {
-      if (this.config.mode !== "service") {
+      if (!isServiceModeConfig(this.config)) {
         throw new Error("getAddressBalance requires service mode \u2014 standalone mode is not supported");
       }
+      const trimmedAddress = vaultAddress?.trim();
+      if (!trimmedAddress) {
+        throw new Error("vaultAddress is required");
+      }
       const serviceEndpoint = this.config.serviceEndpoint;
-      const url = `${serviceEndpoint}/api/lit/address-balance?vaultAddress=${encodeURIComponent(vaultAddress)}`;
+      const url = `${serviceEndpoint}/api/lit/address-balance?vaultAddress=${encodeURIComponent(trimmedAddress)}`;
       const response = await fetch(url, {
         headers: await this.getAuthHeader()
       });

package/dist/modules/loan/loan-query.module.d.ts

@@ -134,7 +134,7 @@ export declare class LoanQuery {
      */
     getLoansByBorrower(borrower: string, pagination?: PaginationParams, orderBy?: "createdAt" | "lastUpdatedAt" | "ucdDebt", orderDirection?: "asc" | "desc"): Promise<Result<PaginatedLoansResponse, SDKError>>;
     /**
-     * Get active loans (status = 0)
+     * Get active loans (status = ACTIVE)
      *
      * @param pagination - Pagination parameters
      * @returns Paginated active loans
@@ -143,7 +143,7 @@ export declare class LoanQuery {
     /**
      * Get loans by state/status
      *
-     * @param state - Loan state (PENDING_DEPOSIT, ACTIVE, EXPIRED, REPAID, LIQUIDATED, EXTENDED, CLOSED)
+     * @param state - Loan state (PENDING_DEPOSIT, PENDING_MINT, ACTIVE, EXPIRED, LIQUIDATABLE, LIQUIDATED, REPAID, CLOSED)
      * @param pagination - Pagination parameters
      * @returns Paginated loans matching the specified state
      */

package/dist/utils/service-endpoint-policy.d.ts

@@ -8,5 +8,9 @@
  * loopback by RFC 6761, but not every resolver honours it strictly — a hostile or misconfigured
  * DNS could resolve `foo.localhost` to an off-host IP and exfiltrate the cleartext token. Exact
  * loopback literals + the numeric 127.0.0.0/8 range can't be DNS-hijacked.
+ *
+ * IPv4-mapped IPv6 loopback (e.g. `http://[::ffff:127.0.0.1]`) is intentionally NOT accepted: the
+ * URL parser normalises it to a hex form (`[::ffff:7f00:1]`) that is fragile to match safely. Use
+ * `127.0.0.1`, `::1`, or `localhost` for local development.
  */
 export declare function assertSafeServiceEndpoint(endpoint: string): void;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gvnrdao/dh-sdk",
-  "version": "0.0.272",
+  "version": "0.0.274",
   "description": "TypeScript SDK for Diamond Hands Protocol - Bitcoin-backed lending with LIT Protocol PKPs",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -81,8 +81,8 @@
   },
   "sideEffects": false,
   "dependencies": {
-    "@gvnrdao/dh-lit-actions": "^0.0.305",
-    "@gvnrdao/dh-lit-ops": "^0.0.292",
+    "@gvnrdao/dh-lit-actions": "^0.0.306",
+    "@gvnrdao/dh-lit-ops": "^0.0.293",
     "@noble/hashes": "^1.5.0",
     "axios": "^1.15.2",
     "bech32": "^2.0.0",