npm - @lit-protocol/vincent-app-sdk - Versions diffs - 2.0.1 → 2.1.0 - Mend

@lit-protocol/vincent-app-sdk 2.0.1 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,18 @@
+## 2.1.0 (2025-09-11)
+### 🚀 Features
+- Refactor the Uniswap Swap Ability to utilize a prepare step which uses a Lit Action to generate and sign a Uniswap route generated by the V3 Alpha Router. The Swap Ability now intakes the signed route, validates it was signed by the expected PKP (which can only be used to sign the generated Uniswap routes within the prepare Lit Action), then uses the provided route to create and sign the Uniswap Swap transaction with the Agent Wallet PKP. The Uniswap Swap Ability was also updated to no longer support the Spending Limit Policy, and currently doesn't support any Policies. ([8bbb1c07](https://github.com/LIT-Protocol/Vincent/commit/8bbb1c07))
+### 🧱 Updated Dependencies
+- Updated ability-sdk to 2.1.0
+- Updated contracts-sdk to 1.2.0
+### ❤️ Thank You
+- Wyatt Barnes @spacesailor24
 ## 2.0.1 (2025-09-03)
 ### 🧱 Updated Dependencies
@@ -13,7 +28,6 @@
 - ### Implement supported Vincent Ability API range ([14f0ece1](https://github.com/LIT-Protocol/Vincent/commit/14f0ece1))
   Added basic Ability API handling to ensure abilities & policies are only used by compatible abilities and policies, and with the correct version of the vincentAbilityClient / app-sdk
   - Added a new jsParam when VincentAbilityClient calls an ability, `vincentAbilityApiVersion`
   - LIT action wrappers for abilities + policies compare `vincentAbilityApiVersion` to match the major semver range the handler was built with from the ability-sdk
   - vincentAbilityHandler() is responsible for passing along the value when it evaluates supported policies
@@ -21,7 +35,6 @@
 ### 🩹 Fixes
 - ### Fix ability failure response cases ([e2be50d9](https://github.com/LIT-Protocol/Vincent/commit/e2be50d9))
   - Ensures that policy denial disables checking the ability result against its fail schema in the abilityClient, because it will always be undefined :)
   - Ensures that `context` is returned in the response from the abilityClient.execute() method in cases where the ability response was a runtime or schemaValidationError
@@ -29,7 +42,6 @@
 - Add support for CBOR2 encoded policy parameters using the new vincent-contracts-sdk ([868c6c2a](https://github.com/LIT-Protocol/Vincent/commit/868c6c2a))
 - ### Add support for explicit `schemaValidationError` ([337a4bde](https://github.com/LIT-Protocol/Vincent/commit/337a4bde))
   - Previously, a failure to validate either input or results of lifecycle method would result in `result: { zodError }` being returned
   - Now, `result` will be `undefined` and there will be an explicit `schemaValidationError` in the result of the ability / policy
@@ -42,7 +54,6 @@
   ```
 - ### `error` is now `runtimeError` and can only be set by `throw ...` ([337a4bde](https://github.com/LIT-Protocol/Vincent/commit/337a4bde))
   - Previously, if you had not defined a `deny` or `fail` schema, you could call `deny()` or `fail()` with a string
   - That string would end up in the ability/policy response as the `error` property instead of `result`
   - This was problematic because there was no consistent way to identify _un-handled_ error vs. _explicitly returned fail/deny results_
@@ -70,11 +81,9 @@
 - #### Renamed `consent page` to `delegation auth page` ([b94ca569](https://github.com/LIT-Protocol/Vincent/commit/b94ca569))
 - #### Move utils exports to `@lit-protocol/vincent-app-sdk/utils` ([b94ca569](https://github.com/LIT-Protocol/Vincent/commit/b94ca569))
 - #### Moved jwt exports to `@lit-protocol/vincent-app-sdk/jwt` ([b94ca569](https://github.com/LIT-Protocol/Vincent/commit/b94ca569))
   - Enhanced typedocs for all methods and removed type aliases for core functions
 - #### Move `VincentWebAppClient` exports to `@lit-protocol/vincent-app-sdk/webAppClient` ([b94ca569](https://github.com/LIT-Protocol/Vincent/commit/b94ca569))
   - Renamed `VincentWebAppClient` to `WebAuthClient`
   - Renamed `VincentAppClientConfig` to `WebAuthClientConfig`
   - Renamed `RedirectToVincentConsentPageParams` to `RedirectToVincentDelegationPageParams`
@@ -82,16 +91,13 @@
   - Renamed `getVincentWebAppClient()` to `getWebAuthClient()`
 - #### Move express-authentication-middleware exports to `@lit-protocol/vincent-app-sdk/expressMiddleware` ([b94ca569](https://github.com/LIT-Protocol/Vincent/commit/b94ca569))
   - Removed `ExpressAuthHelpers` interface - its types are now directly exported from the `expressMiddleware` package sub-path
 - #### Moved abilityClient exports to `@lit-protocol/vincent-app-sdk/abilityClient` ([b94ca569](https://github.com/LIT-Protocol/Vincent/commit/b94ca569))
 - ### Update express middleware to support non-app-specific JWTs ([9dd1cd26](https://github.com/LIT-Protocol/Vincent/commit/9dd1cd26))
   - Replaced individual function exports of `authenticatedRequestHandler()` and `getAuthenticateUserExpressHandler()` with a single `createVincentUserMiddleware()` function
   #### createVincentUserMiddleware({ allowedAudience, userKey, requiredAppId? }) -> { middleware(), handler() }
   - You can now configure the property on `req` where the vincent user JWT data will be placed using `userKey`
   - You can now configure the authentication middleware to throw if `requiredAppId` does not match a specific appId you provide
   - `allowedAudience` behaviour remains unchanged
@@ -106,7 +112,6 @@
   This release adds support for general authentication JWTs that are not tied to a specific app. This is a breaking change that requires updates to code that uses the JWT validation functions.
   #### API Changes
   - `verify` and `decode` functions now accept object parameters instead of separate parameters
     - Their return values are strongly typed based on whether `requiredAppId` is provided.
     - They throw if `requiredAppId` is provided but the jwt is either not app-specific or the app id on the token doesn't match the `requiredAppId`
@@ -114,7 +119,6 @@
   - WebAuthClient now throws an error if the `appId` it was configured with isn't in the JWT it decodes
   #### New Functions
   - `isGeneralJWT`: Type guard to check if a JWT is Vincent JWT that has no app associated
   - `isAppSpecificJWT`: Type guard to check if a JWT is a vincent JWT that is app-specific
   - `assertIsVincentJWT`: Assertion function to validate if a decoded JWT is a valid Vincent JWT
@@ -122,7 +126,6 @@
   - `getPKPInfo`: Convenience method that returns PKP information from any Vincent JWT's payload
   #### New Types
   - `VincentJWT`: Interface for a decoded Vincent JWT without app-specific details (general authentication)
   - `VincentJWTAppSpecific`: Interface for a decoded app-specific Vincent JWT
   - `BaseVincentJWTPayload`: Payload that contains always-present properties on all Vincent JWTs
@@ -131,12 +134,10 @@
 - ## JWT Refactor ([c21bc3c3](https://github.com/LIT-Protocol/Vincent/commit/c21bc3c3))
   #### Refactored our JWT structure, composition, and verification logic.
   - Removed dependency on `did-jwt`; since we are signing using EIP-191 compliant signatures, the presence of `did:ethr` was misleading.
   - Added support for Delegatee JWTs
   #### We now support 3 types of JWT:
   - `VincentJWTAppUser`
     - `role` claim in the JWT payload is `app-user`
     - Contains PKP info
@@ -155,7 +156,6 @@
     - Used to authenticate with services that require proof that they are being used by a specific delegatee who has permissions to act on behalf of a delegator (app user) account.
   ### API Changes
   - Many classes and interfaces were renamed to clearly indicate which type of JWT that they apply to.
   - Added `publicKey` to the `payload` of all JWTs for signature verification convenience
   - `iss` and `sub` are now raw hex-formatted ethers addresses, without `did:ethr` prefixes
@@ -196,7 +196,6 @@
 ### 🩹 Fixes
 - #### VincentAbilityClient Precheck fixes ([8da32df2](https://github.com/LIT-Protocol/Vincent/commit/8da32df2))
   - Fix a case where deny results from `precheck()` were not correctly bubbled to the caller
   - Fixed incorrect return type shape - `error` is a sibling of `result` in the policiesContext- Ensured `error` is bubbled up to the caller when provided

package/dist/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,18 @@
+## 2.1.0 (2025-09-11)
+### 🚀 Features
+- Refactor the Uniswap Swap Ability to utilize a prepare step which uses a Lit Action to generate and sign a Uniswap route generated by the V3 Alpha Router. The Swap Ability now intakes the signed route, validates it was signed by the expected PKP (which can only be used to sign the generated Uniswap routes within the prepare Lit Action), then uses the provided route to create and sign the Uniswap Swap transaction with the Agent Wallet PKP. The Uniswap Swap Ability was also updated to no longer support the Spending Limit Policy, and currently doesn't support any Policies. ([8bbb1c07](https://github.com/LIT-Protocol/Vincent/commit/8bbb1c07))
+### 🧱 Updated Dependencies
+- Updated ability-sdk to 2.1.0
+- Updated contracts-sdk to 1.2.0
+### ❤️ Thank You
+- Wyatt Barnes @spacesailor24
 ## 2.0.1 (2025-09-03)
 ### 🧱 Updated Dependencies
@@ -13,7 +28,6 @@
 - ### Implement supported Vincent Ability API range ([14f0ece1](https://github.com/LIT-Protocol/Vincent/commit/14f0ece1))
   Added basic Ability API handling to ensure abilities & policies are only used by compatible abilities and policies, and with the correct version of the vincentAbilityClient / app-sdk
   - Added a new jsParam when VincentAbilityClient calls an ability, `vincentAbilityApiVersion`
   - LIT action wrappers for abilities + policies compare `vincentAbilityApiVersion` to match the major semver range the handler was built with from the ability-sdk
   - vincentAbilityHandler() is responsible for passing along the value when it evaluates supported policies
@@ -21,7 +35,6 @@
 ### 🩹 Fixes
 - ### Fix ability failure response cases ([e2be50d9](https://github.com/LIT-Protocol/Vincent/commit/e2be50d9))
   - Ensures that policy denial disables checking the ability result against its fail schema in the abilityClient, because it will always be undefined :)
   - Ensures that `context` is returned in the response from the abilityClient.execute() method in cases where the ability response was a runtime or schemaValidationError
@@ -29,7 +42,6 @@
 - Add support for CBOR2 encoded policy parameters using the new vincent-contracts-sdk ([868c6c2a](https://github.com/LIT-Protocol/Vincent/commit/868c6c2a))
 - ### Add support for explicit `schemaValidationError` ([337a4bde](https://github.com/LIT-Protocol/Vincent/commit/337a4bde))
   - Previously, a failure to validate either input or results of lifecycle method would result in `result: { zodError }` being returned
   - Now, `result` will be `undefined` and there will be an explicit `schemaValidationError` in the result of the ability / policy
@@ -42,7 +54,6 @@
   ```
 - ### `error` is now `runtimeError` and can only be set by `throw ...` ([337a4bde](https://github.com/LIT-Protocol/Vincent/commit/337a4bde))
   - Previously, if you had not defined a `deny` or `fail` schema, you could call `deny()` or `fail()` with a string
   - That string would end up in the ability/policy response as the `error` property instead of `result`
   - This was problematic because there was no consistent way to identify _un-handled_ error vs. _explicitly returned fail/deny results_
@@ -70,11 +81,9 @@
 - #### Renamed `consent page` to `delegation auth page` ([b94ca569](https://github.com/LIT-Protocol/Vincent/commit/b94ca569))
 - #### Move utils exports to `@lit-protocol/vincent-app-sdk/utils` ([b94ca569](https://github.com/LIT-Protocol/Vincent/commit/b94ca569))
 - #### Moved jwt exports to `@lit-protocol/vincent-app-sdk/jwt` ([b94ca569](https://github.com/LIT-Protocol/Vincent/commit/b94ca569))
   - Enhanced typedocs for all methods and removed type aliases for core functions
 - #### Move `VincentWebAppClient` exports to `@lit-protocol/vincent-app-sdk/webAppClient` ([b94ca569](https://github.com/LIT-Protocol/Vincent/commit/b94ca569))
   - Renamed `VincentWebAppClient` to `WebAuthClient`
   - Renamed `VincentAppClientConfig` to `WebAuthClientConfig`
   - Renamed `RedirectToVincentConsentPageParams` to `RedirectToVincentDelegationPageParams`
@@ -82,16 +91,13 @@
   - Renamed `getVincentWebAppClient()` to `getWebAuthClient()`
 - #### Move express-authentication-middleware exports to `@lit-protocol/vincent-app-sdk/expressMiddleware` ([b94ca569](https://github.com/LIT-Protocol/Vincent/commit/b94ca569))
   - Removed `ExpressAuthHelpers` interface - its types are now directly exported from the `expressMiddleware` package sub-path
 - #### Moved abilityClient exports to `@lit-protocol/vincent-app-sdk/abilityClient` ([b94ca569](https://github.com/LIT-Protocol/Vincent/commit/b94ca569))
 - ### Update express middleware to support non-app-specific JWTs ([9dd1cd26](https://github.com/LIT-Protocol/Vincent/commit/9dd1cd26))
   - Replaced individual function exports of `authenticatedRequestHandler()` and `getAuthenticateUserExpressHandler()` with a single `createVincentUserMiddleware()` function
   #### createVincentUserMiddleware({ allowedAudience, userKey, requiredAppId? }) -> { middleware(), handler() }
   - You can now configure the property on `req` where the vincent user JWT data will be placed using `userKey`
   - You can now configure the authentication middleware to throw if `requiredAppId` does not match a specific appId you provide
   - `allowedAudience` behaviour remains unchanged
@@ -106,7 +112,6 @@
   This release adds support for general authentication JWTs that are not tied to a specific app. This is a breaking change that requires updates to code that uses the JWT validation functions.
   #### API Changes
   - `verify` and `decode` functions now accept object parameters instead of separate parameters
     - Their return values are strongly typed based on whether `requiredAppId` is provided.
     - They throw if `requiredAppId` is provided but the jwt is either not app-specific or the app id on the token doesn't match the `requiredAppId`
@@ -114,7 +119,6 @@
   - WebAuthClient now throws an error if the `appId` it was configured with isn't in the JWT it decodes
   #### New Functions
   - `isGeneralJWT`: Type guard to check if a JWT is Vincent JWT that has no app associated
   - `isAppSpecificJWT`: Type guard to check if a JWT is a vincent JWT that is app-specific
   - `assertIsVincentJWT`: Assertion function to validate if a decoded JWT is a valid Vincent JWT
@@ -122,7 +126,6 @@
   - `getPKPInfo`: Convenience method that returns PKP information from any Vincent JWT's payload
   #### New Types
   - `VincentJWT`: Interface for a decoded Vincent JWT without app-specific details (general authentication)
   - `VincentJWTAppSpecific`: Interface for a decoded app-specific Vincent JWT
   - `BaseVincentJWTPayload`: Payload that contains always-present properties on all Vincent JWTs
@@ -131,12 +134,10 @@
 - ## JWT Refactor ([c21bc3c3](https://github.com/LIT-Protocol/Vincent/commit/c21bc3c3))
   #### Refactored our JWT structure, composition, and verification logic.
   - Removed dependency on `did-jwt`; since we are signing using EIP-191 compliant signatures, the presence of `did:ethr` was misleading.
   - Added support for Delegatee JWTs
   #### We now support 3 types of JWT:
   - `VincentJWTAppUser`
     - `role` claim in the JWT payload is `app-user`
     - Contains PKP info
@@ -155,7 +156,6 @@
     - Used to authenticate with services that require proof that they are being used by a specific delegatee who has permissions to act on behalf of a delegator (app user) account.
   ### API Changes
   - Many classes and interfaces were renamed to clearly indicate which type of JWT that they apply to.
   - Added `publicKey` to the `payload` of all JWTs for signature verification convenience
   - `iss` and `sub` are now raw hex-formatted ethers addresses, without `did:ethr` prefixes
@@ -196,7 +196,6 @@
 ### 🩹 Fixes
 - #### VincentAbilityClient Precheck fixes ([8da32df2](https://github.com/LIT-Protocol/Vincent/commit/8da32df2))
   - Fix a case where deny results from `precheck()` were not correctly bubbled to the caller
   - Fixed incorrect return type shape - `error` is a sibling of `result` in the policiesContext- Ensured `error` is bubbled up to the caller when provided

package/dist/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lit-protocol/vincent-app-sdk",
-  "version": "2.0.1",
+  "version": "2.1.0",
   "description": "Vincent SDK for browser and backend",
   "author": "Lit Protocol",
   "license": "ISC",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lit-protocol/vincent-app-sdk",
-  "version": "2.0.1",
+  "version": "2.1.0",
   "description": "Vincent SDK for browser and backend",
   "author": "Lit Protocol",
   "license": "ISC",
@@ -53,8 +53,8 @@
     "ethers": "5.8.0",
     "tslib": "^2.8.1",
     "zod": "3.25.64",
-    "@lit-protocol/vincent-ability-sdk": "2.0.1",
-    "@lit-protocol/vincent-contracts-sdk": "1.1.0"
+    "@lit-protocol/vincent-ability-sdk": "2.1.0",
+    "@lit-protocol/vincent-contracts-sdk": "1.2.0"
   },
   "sideEffects": false,
   "files": [