@varity-labs/sdk 2.0.0-alpha.1

package/dist/core/credentials-proxy.js

@@ -0,0 +1,345 @@
+/**
+ * Varity SDK - Credential Proxy Client
+ *
+ * Client-side integration with Varity Credential Proxy service.
+ * Fetches credentials from server-side proxy instead of bundling them in client code.
+ *
+ * **Security Model**:
+ * - Real credentials stored server-side ONLY
+ * - Client receives session-based tokens
+ * - No credentials in client bundles
+ * - Automatic session management
+ *
+ * @example Usage in SDK
+ * ```typescript
+ * import { ProxyCredentialClient } from '@varity-labs/sdk';
+ *
+ * const client = new ProxyCredentialClient();
+ * const credentials = await client.getCredentials();
+ *
+ * // Use credentials with Privy/thirdweb
+ * const privyAppId = credentials.privy.appId;
+ * const thirdwebClientId = credentials.thirdweb.clientId;
+ * ```
+ */
+/**
+ * Credential Proxy Client
+ *
+ * Fetches Privy and thirdweb credentials from server-side proxy.
+ * Handles session management, caching, and automatic refresh.
+ */
+export class ProxyCredentialClient {
+    constructor(config = {}) {
+        // Session management
+        this.sessionToken = null;
+        this.sessionExpiresAt = null;
+        // Cached credentials
+        this.cachedCredentials = null;
+        // Use production URL by default, fallback to localhost for local testing
+        this.proxyUrl = config.proxyUrl ||
+            process.env.VARITY_CREDENTIAL_PROXY_URL ||
+            'https://api.varity.so/credentials';
+        this.appDomain = config.appDomain || this.detectAppDomain();
+        this.appId = config.appId;
+        this.debug = config.debug || false;
+        this.log('ProxyCredentialClient initialized', {
+            proxyUrl: this.proxyUrl,
+            appDomain: this.appDomain,
+            appId: this.appId,
+        });
+    }
+    /**
+     * Get credentials from proxy
+     *
+     * Automatically handles session creation and refresh.
+     *
+     * @returns Credential configuration
+     */
+    async getCredentials() {
+        // Return cached credentials if still valid
+        if (this.cachedCredentials && this.isSessionValid()) {
+            this.log('Using cached credentials');
+            return this.cachedCredentials;
+        }
+        // Create or refresh session
+        if (!this.isSessionValid()) {
+            await this.createSession();
+        }
+        // Fetch credentials in parallel
+        const [privyConfig, thirdwebConfig] = await Promise.all([
+            this.getPrivyConfig(),
+            this.getThirdwebConfig(),
+        ]);
+        // Cache credentials
+        this.cachedCredentials = {
+            privy: {
+                appId: privyConfig.app_id,
+            },
+            thirdweb: {
+                clientId: thirdwebConfig.client_id,
+            },
+        };
+        this.log('Credentials fetched successfully', this.cachedCredentials);
+        return this.cachedCredentials;
+    }
+    /**
+     * Create a new session with the credential proxy
+     */
+    async createSession() {
+        this.log('Creating new session');
+        try {
+            const response = await fetch(`${this.proxyUrl}/auth/session`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    app_domain: this.appDomain,
+                    app_id: this.appId,
+                }),
+            });
+            if (!response.ok) {
+                const error = await response.text();
+                throw new Error(`Failed to create session: ${response.status} ${error}`);
+            }
+            const data = await response.json();
+            this.sessionToken = data.session_token;
+            this.sessionExpiresAt = new Date(data.expires_at);
+            this.log('Session created', {
+                token: this.sessionToken?.substring(0, 8) + '...',
+                expiresAt: this.sessionExpiresAt,
+            });
+        }
+        catch (error) {
+            throw new Error(`Failed to create session with credential proxy: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Get Privy configuration from proxy
+     */
+    async getPrivyConfig() {
+        if (!this.sessionToken) {
+            throw new Error('No session token available');
+        }
+        this.log('Fetching Privy config');
+        try {
+            const response = await fetch(`${this.proxyUrl}/auth/privy/config?session_token=${this.sessionToken}`);
+            if (!response.ok) {
+                const error = await response.text();
+                throw new Error(`Failed to fetch Privy config: ${response.status} ${error}`);
+            }
+            const data = await response.json();
+            this.log('Privy config fetched', { appId: data.app_id.substring(0, 8) + '...' });
+            return data;
+        }
+        catch (error) {
+            throw new Error(`Failed to fetch Privy config: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Get thirdweb configuration from proxy
+     */
+    async getThirdwebConfig() {
+        if (!this.sessionToken) {
+            throw new Error('No session token available');
+        }
+        this.log('Fetching thirdweb config');
+        try {
+            const response = await fetch(`${this.proxyUrl}/auth/thirdweb/config?session_token=${this.sessionToken}`);
+            if (!response.ok) {
+                const error = await response.text();
+                throw new Error(`Failed to fetch thirdweb config: ${response.status} ${error}`);
+            }
+            const data = await response.json();
+            this.log('thirdweb config fetched', { clientId: data.client_id.substring(0, 8) + '...' });
+            return data;
+        }
+        catch (error) {
+            throw new Error(`Failed to fetch thirdweb config: ${error instanceof Error ? error.message : 'Unknown error'}`);
+        }
+    }
+    /**
+     * Check if current session is still valid
+     */
+    isSessionValid() {
+        if (!this.sessionToken || !this.sessionExpiresAt) {
+            return false;
+        }
+        // Add 5 minute buffer before expiry
+        const bufferMs = 5 * 60 * 1000;
+        const now = new Date();
+        const expiryWithBuffer = new Date(this.sessionExpiresAt.getTime() - bufferMs);
+        return now < expiryWithBuffer;
+    }
+    /**
+     * Detect app domain from browser environment
+     */
+    detectAppDomain() {
+        // Check if running in browser
+        if (typeof window !== 'undefined' && window.location) {
+            return window.location.hostname + (window.location.port ? `:${window.location.port}` : '');
+        }
+        // Fallback for SSR/Node.js
+        return 'localhost:3000';
+    }
+    /**
+     * Clear cached credentials and session
+     */
+    clearCache() {
+        this.log('Clearing cache');
+        this.sessionToken = null;
+        this.sessionExpiresAt = null;
+        this.cachedCredentials = null;
+    }
+    /**
+     * Debug logging
+     */
+    log(message, data) {
+        if (this.debug) {
+            console.log(`[ProxyCredentialClient] ${message}`, data || '');
+        }
+    }
+}
+/**
+ * Global singleton instance for convenience
+ */
+let globalProxyClient = null;
+/**
+ * Get or create global ProxyCredentialClient instance
+ *
+ * @param config - Optional configuration (only used on first call)
+ * @returns Global ProxyCredentialClient instance
+ *
+ * @example
+ * ```typescript
+ * import { getProxyCredentials } from '@varity-labs/sdk';
+ *
+ * const credentials = await getProxyCredentials();
+ * // Use credentials.privy.appId and credentials.thirdweb.clientId
+ * ```
+ */
+export async function getProxyCredentials(config) {
+    if (!globalProxyClient) {
+        globalProxyClient = new ProxyCredentialClient(config);
+    }
+    return globalProxyClient.getCredentials();
+}
+/**
+ * Check if credential proxy is available
+ *
+ * Tests connectivity to the credential proxy service.
+ *
+ * @param proxyUrl - Optional proxy URL (defaults to production URL)
+ * @returns true if proxy is available, false otherwise
+ *
+ * @example
+ * ```typescript
+ * import { isProxyAvailable } from '@varity-labs/sdk';
+ *
+ * if (await isProxyAvailable()) {
+ *   // Use proxy credentials
+ * } else {
+ *   // Fallback to manual credentials
+ * }
+ * ```
+ */
+export async function isProxyAvailable(proxyUrl = process.env.VARITY_CREDENTIAL_PROXY_URL || 'https://api.varity.so/credentials') {
+    try {
+        const response = await fetch(`${proxyUrl}/health`, {
+            method: 'GET',
+            signal: AbortSignal.timeout(5000), // 5 second timeout
+        });
+        return response.ok;
+    }
+    catch (error) {
+        // Silently fail - this is expected if proxy not deployed yet
+        return false;
+    }
+}
+/**
+ * Resolve credentials with automatic proxy fallback
+ *
+ * Attempts to use credential proxy first, falls back to manual credentials if proxy unavailable.
+ *
+ * @param manualAppId - Manual Privy app ID (fallback)
+ * @param manualClientId - Manual thirdweb client ID (fallback)
+ * @param config - Proxy client configuration
+ * @returns Resolved credentials
+ *
+ * @example
+ * ```typescript
+ * import { resolveCredentialsWithProxy } from '@varity-labs/sdk';
+ *
+ * const credentials = await resolveCredentialsWithProxy(
+ *   process.env.PRIVY_APP_ID,
+ *   process.env.THIRDWEB_CLIENT_ID
+ * );
+ * ```
+ */
+export async function resolveCredentialsWithProxy(manualAppId, manualClientId, config) {
+    // Try proxy first
+    try {
+        const proxyUrl = config?.proxyUrl ||
+            process.env.VARITY_CREDENTIAL_PROXY_URL ||
+            'https://api.varity.so/credentials';
+        const available = await isProxyAvailable(proxyUrl);
+        if (available) {
+            // Show clean informative message (only in development)
+            if (process.env.NODE_ENV === 'development') {
+                console.log('✓ Using Varity authentication (no setup required)');
+            }
+            return await getProxyCredentials(config);
+        }
+    }
+    catch (error) {
+        // Silently fall back to manual credentials
+        if (config?.debug) {
+            console.warn('Credential proxy unavailable, using fallback credentials:', error);
+        }
+    }
+    // Fallback to manual credentials
+    if (manualAppId && manualClientId) {
+        if (config?.debug) {
+            console.log('✓ Using manual credentials');
+        }
+        return {
+            privy: { appId: manualAppId },
+            thirdweb: { clientId: manualClientId },
+        };
+    }
+    // Check environment variables as fallback
+    const envAppId = process.env.VARITY_PRIVY_APP_ID;
+    const envClientId = process.env.VARITY_THIRDWEB_CLIENT_ID;
+    if (envAppId && envClientId) {
+        if (config?.debug) {
+            console.log('✓ Using credentials from environment variables');
+        }
+        return {
+            privy: { appId: envAppId },
+            thirdweb: { clientId: envClientId },
+        };
+    }
+    // No credentials available - throw helpful error
+    throw new Error(`Varity credentials not available.
+
+The Varity Credential Proxy could not be reached and no manual credentials were provided.
+
+To fix this, either:
+
+1. Deploy your app via Varity (recommended):
+   $ varitykit app deploy --hosting akash
+   → Credentials will be provided automatically
+
+2. Set environment variables:
+   VARITY_PRIVY_APP_ID=your-privy-app-id
+   VARITY_THIRDWEB_CLIENT_ID=your-thirdweb-client-id
+
+3. Pass credentials directly:
+   <PrivyStack appId="..." thirdwebClientId="...">
+
+Get your own credentials at:
+- Privy: https://dashboard.privy.io
+- thirdweb: https://thirdweb.com/dashboard
+
+Documentation: https://docs.varity.so/credentials`);
+}

package/dist/core/credentials.d.ts

@@ -0,0 +1,219 @@
+/**
+ * Varity SDK - Shared Development Credentials
+ *
+ * Provides shared development credentials for seamless developer experience.
+ * Developers can use Varity packages without manually setting up Privy and thirdweb credentials.
+ *
+ * **IMPORTANT**: These credentials are for DEVELOPMENT/TESTING ONLY.
+ * For production deployments, you MUST use your own credentials.
+ *
+ * @example Zero-config development
+ * ```tsx
+ * import { PrivyStack } from '@varity-labs/ui-kit';
+ *
+ * // Works immediately - uses shared dev credentials
+ * <PrivyStack>
+ *   <YourApp />
+ * </PrivyStack>
+ * ```
+ *
+ * @example Production with custom credentials
+ * ```tsx
+ * import { PrivyStack } from '@varity-labs/ui-kit';
+ *
+ * <PrivyStack
+ *   appId={process.env.PRIVY_APP_ID}
+ *   thirdwebClientId={process.env.THIRDWEB_CLIENT_ID}
+ * >
+ *   <YourApp />
+ * </PrivyStack>
+ * ```
+ */
+/**
+ * Shared development credentials configuration
+ *
+ * These credentials are managed by Varity and shared across all development environments.
+ * They enable developers to start building immediately without manual credential setup.
+ *
+ * **Security Notes**:
+ * - Rate limiting is applied to prevent abuse
+ * - Only works with Varity L3 Testnet (Chain ID 33529)
+ * - Not suitable for production use
+ * - May be rotated periodically
+ *
+ * **When to Upgrade**:
+ * - Moving to production
+ * - Need custom branding in auth flows
+ * - Require higher rate limits
+ * - Building on non-Varity chains
+ */
+/**
+ * VARITY_DEV_CREDENTIALS - Loaded from Credential Proxy or Environment Variables
+ *
+ * SECURITY: Credentials are NO LONGER hardcoded in this file.
+ * They are fetched from:
+ * 1. Varity Credential Proxy (api.varity.so/credentials) - Recommended
+ * 2. Environment variables (VARITY_PRIVY_APP_ID, VARITY_THIRDWEB_CLIENT_ID)
+ *
+ * The credential proxy ensures credentials are never exposed in client bundles.
+ */
+export declare const VARITY_DEV_CREDENTIALS: {
+    /**
+     * Privy configuration
+     *
+     * Privy provides authentication (email, social, wallet).
+     * Get your own credentials at: https://dashboard.privy.io
+     */
+    readonly privy: {
+        /**
+         * Privy App ID - loaded from environment variable
+         *
+         * Set VARITY_PRIVY_APP_ID in your environment
+         * Or use the Varity Credential Proxy for automatic credentials
+         */
+        readonly appId: string;
+    };
+    /**
+     * thirdweb configuration
+     *
+     * thirdweb provides blockchain infrastructure (chain abstraction, contracts, storage).
+     * Get your own credentials at: https://thirdweb.com/dashboard
+     */
+    readonly thirdweb: {
+        /**
+         * thirdweb Client ID - loaded from environment variable
+         *
+         * Set VARITY_THIRDWEB_CLIENT_ID in your environment
+         * Or use the Varity Credential Proxy for automatic credentials
+         */
+        readonly clientId: string;
+    };
+    /**
+     * Rate limiting information (informational only)
+     */
+    readonly rateLimits: {
+        readonly privy: {
+            readonly monthlyActiveUsers: 1000;
+            readonly note: "Shared via Varity Credential Proxy";
+        };
+        readonly thirdweb: {
+            readonly requestsPerSecond: 100;
+            readonly note: "Shared via Varity Credential Proxy";
+        };
+    };
+};
+/**
+ * Type definition for credential configuration
+ */
+export interface CredentialConfig {
+    privy: {
+        appId: string;
+    };
+    thirdweb: {
+        clientId: string;
+    };
+}
+/**
+ * Check if using shared development credentials
+ *
+ * @param appId - Privy app ID to check
+ * @param clientId - thirdweb client ID to check
+ * @returns true if using shared development credentials
+ *
+ * @example
+ * ```typescript
+ * if (isUsingDevCredentials(appId, clientId)) {
+ *   console.warn('Using shared dev credentials - upgrade for production');
+ * }
+ * ```
+ */
+export declare function isUsingDevCredentials(appId?: string, clientId?: string): boolean;
+/**
+ * Check if credentials are suitable for production use
+ *
+ * @param appId - Privy app ID to check
+ * @param clientId - thirdweb client ID to check
+ * @returns true if credentials are production-ready
+ *
+ * @example
+ * ```typescript
+ * if (!isProductionCredentials(appId, clientId)) {
+ *   throw new Error('Production requires custom credentials');
+ * }
+ * ```
+ */
+export declare function isProductionCredentials(appId?: string, clientId?: string): boolean;
+/**
+ * Get warning message for development credential usage
+ *
+ * @param environment - Current environment (development, staging, production)
+ * @returns Warning message or null (deprecated - always returns null)
+ *
+ * @deprecated This function is deprecated. Varity now uses credential proxy
+ * and provides a seamless experience without warnings.
+ *
+ * @example
+ * ```typescript
+ * const warning = getCredentialWarning('production');
+ * // Always returns null now
+ * ```
+ */
+export declare function getCredentialWarning(environment: 'development' | 'staging' | 'production'): string | null;
+/**
+ * Log development credential usage warning
+ *
+ * @param appId - Privy app ID being used
+ * @param clientId - thirdweb client ID being used
+ * @param usingProxy - Whether credentials are from proxy (suppresses warnings)
+ *
+ * @example
+ * ```typescript
+ * logCredentialUsage(appId, clientId);
+ * // Logs friendly message if using shared dev credentials
+ * ```
+ */
+export declare function logCredentialUsage(appId?: string, clientId?: string, usingProxy?: boolean): void;
+/**
+ * Resolve credentials with fallback to dev credentials
+ *
+ * @param appId - Custom Privy app ID (optional)
+ * @param clientId - Custom thirdweb client ID (optional)
+ * @param usingProxy - Whether credentials are from proxy (suppresses warnings)
+ * @returns Resolved credential configuration
+ *
+ * @example
+ * ```typescript
+ * const creds = resolveCredentials(customAppId, customClientId);
+ * // Falls back to VARITY_DEV_CREDENTIALS if custom credentials not provided
+ * ```
+ */
+export declare function resolveCredentials(appId?: string, clientId?: string, usingProxy?: boolean): CredentialConfig;
+/**
+ * Validate credentials are configured correctly
+ *
+ * @param appId - Privy app ID to validate
+ * @param clientId - thirdweb client ID to validate
+ * @throws Error if credentials are invalid
+ *
+ * @example
+ * ```typescript
+ * try {
+ *   validateCredentials(appId, clientId);
+ * } catch (error) {
+ *   console.error('Invalid credentials:', error.message);
+ * }
+ * ```
+ */
+export declare function validateCredentials(appId: string, clientId: string): void;
+/**
+ * Get upgrade instructions for production
+ *
+ * @returns Markdown-formatted upgrade instructions
+ *
+ * @example
+ * ```typescript
+ * console.log(getUpgradeInstructions());
+ * ```
+ */
+export declare function getUpgradeInstructions(): string;
+//# sourceMappingURL=credentials.d.ts.map

package/dist/core/credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../../src/core/credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH;;;;;;;;;;;;;;;;;GAiBG;AACH;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB;IACjC;;;;;OAKG;;QAED;;;;;WAKG;;;IAIL;;;;;OAKG;;QAED;;;;;WAKG;;;IAIL;;OAEG;;;;;;;;;;;CAWK,CAAC;AAEX;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE;QACL,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;IACF,QAAQ,EAAE;QACR,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;CACH;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,qBAAqB,CACnC,KAAK,CAAC,EAAE,MAAM,EACd,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAKT;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,uBAAuB,CACrC,KAAK,CAAC,EAAE,MAAM,EACd,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAET;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,oBAAoB,CAClC,WAAW,EAAE,aAAa,GAAG,SAAS,GAAG,YAAY,GACpD,MAAM,GAAG,IAAI,CAIf;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,CAAC,EAAE,MAAM,EACd,QAAQ,CAAC,EAAE,MAAM,EACjB,UAAU,GAAE,OAAe,GAC1B,IAAI,CAiBN;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,CAAC,EAAE,MAAM,EACd,QAAQ,CAAC,EAAE,MAAM,EACjB,UAAU,GAAE,OAAe,GAC1B,gBAAgB,CAuClB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,GACf,IAAI,CAmBN;AAED;;;;;;;;;GASG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,CAuE/C"}