prividium 0.0.1-beta → 0.0.3-beta

package/README.md

@@ -1,7 +1,7 @@
 # Prividium SDK
 
-A TypeScript SDK for integrating with Prividium's authorization system, providing seamless authentication and secure RPC
-communication for blockchain applications.
+A TypeScript SDK for integrating with the Prividium authorization system, providing seamless authentication and secure
+RPC communication for blockchain applications.
 
 ## Features
 
@@ -33,6 +33,8 @@ const prividiumChain = defineChain({
 });
 
 // Create SDK instance
+// Note: replace the URLs and clientId with your actual values
+// Make sure clientId is registered in User Panel (OAUTH_CLIENTS)
 const prividium = createPrividiumChain({
   clientId: 'your-client-id',
   chain: prividiumChain,
@@ -70,7 +72,60 @@ const balance = await client.getBalance({
 });
 ```
 
-### 4. Setup OAuth Callback Page
+### 4. Sending Transactions with Injected Wallets (MetaMask)
+
+Before sending transactions through injected wallets, you need to add the Prividium network and enable wallet RPC for
+each transaction.
+
+```typescript
+import { createWalletClient, custom, encodeFunctionData } from 'viem';
+
+// Add Prividium network to MetaMask
+await prividium.addNetworkToWallet();
+
+// Create wallet client for MetaMask
+const walletClient = createWalletClient({
+  chain: prividium.chain,
+  transport: custom(window.ethereum)
+});
+
+const [address] = await walletClient.getAddresses();
+
+// Prepare transaction with viem
+const greeterContract = '0x...';
+const request = await walletClient.prepareTransactionRequest({
+  account: address,
+  to: greeterContract,
+  data: encodeFunctionData({
+    abi: [
+      {
+        name: 'setGreeting',
+        type: 'function',
+        inputs: [{ name: 'greeting', type: 'string' }],
+        outputs: []
+      }
+    ],
+    functionName: 'setGreeting',
+    args: ['Hello, Prividium!']
+  })
+});
+
+// Enable wallet token for this transaction
+await prividium.enableWalletToken({
+  walletAddress: address,
+  contractAddress: greeterContract,
+  nonce: Number(request.nonce),
+  calldata: request.data
+});
+
+// Send transaction through MetaMask
+const hash = await walletClient.sendTransaction(request);
+```
+
+**Note:** Call `enableWalletToken(...)` before each transaction. Permission is transaction-specific and expires after 1
+hour.
+
+### 5. Setup OAuth Callback Page
 
 The SDK requires a callback page to complete the authentication flow securely using `postMessage`. Create a callback
 page at the `redirectUrl` you configured:
@@ -113,6 +168,34 @@ page at the `redirectUrl` you configured:
 
 - The callback page must be hosted on the same origin as your main application that initiates the auth flow.
 
+## OAuth Scopes
+
+The SDK supports requesting specific OAuth scopes during authorization to ensure users meet certain requirements:
+
+```typescript
+import { createPrividiumChain, type OauthScope } from 'prividium';
+
+const prividium = createPrividiumChain({
+  clientId: 'your-client-id',
+  chain: prividiumChain,
+  rpcUrl: 'https://rpc.prividium.io',
+  authBaseUrl: 'https://auth.prividium.io',
+  redirectUrl: window.location.origin + '/auth/callback',
+  scope: ['wallet:required', 'network:required'], // Request specific scopes
+  onAuthExpiry: () => {
+    console.log('Authentication expired');
+  }
+});
+```
+
+### Available Scopes
+
+- **`wallet:required`** - Ensures the user has at least one wallet address associated with their account
+- **`network:required`** - Ensures the user has a wallet connected with the correct chain configuration
+
+When scopes are specified, the authorization flow will validate that the user meets all requirements. If requirements
+are not met, the user panel will guide them through the necessary setup steps before completing authentication.
+
 ## API Reference
 
 ### `createPrividiumChain(config)`
@@ -128,6 +211,7 @@ interface PrividiumConfig {
   rpcUrl: string; // Private RPC endpoint URL
   authBaseUrl: string; // Authorization service base URL
   redirectUrl: string; // OAuth redirect URL
+  scope?: OauthScope[]; // Optional OAuth scopes to request (optional)
   storage?: Storage; // Custom storage implementation (optional)
   onAuthExpiry?: () => void; // Called when authentication expires (optional)
 }

package/bin/cli.js

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+import '../dist/cli/index.js';

package/dist/cli/base-cli.js

@@ -0,0 +1,9 @@
+import yargs from 'yargs';
+export const BASE_CLI = yargs(process.argv.slice(2))
+    .scriptName('prividium-cli')
+    .option('configPath', {
+    alias: ['c', 'config-path', 'config'],
+    description: 'Path for config file. By default config file is stored under user personal folder',
+    type: 'string',
+    demandOption: false
+});

package/dist/cli/commands/config.js

@@ -0,0 +1,40 @@
+import { ConfigFile } from '../server/config-file.js';
+function clearConfig(path) {
+    const file = new ConfigFile(path);
+    file.remove();
+}
+function configPath(path) {
+    const file = new ConfigFile(path);
+    file.printPath();
+}
+function printConfig(path) {
+    const file = new ConfigFile(path);
+    file.print();
+}
+function updateConfig(urls, path) {
+    const file = new ConfigFile(path);
+    file.write(urls);
+}
+export const addConfig = (cli) => {
+    return cli.command('config', 'Manipulate local configuration file', (yargs) => yargs
+        .command('clear', 'Clears current configuration file', (yargs) => yargs, (args) => clearConfig(args.configPath))
+        .command('path', 'Shows local config file path', (yargs) => yargs, (args) => configPath(args.configPath))
+        .command('print', 'Prints current configuration', (yargs) => yargs, (args) => printConfig(args.configPath))
+        .command('set', 'Updates config', (yargs) => yargs
+        .option('rpcUrl', {
+        alias: ['rpc-url', 'r'],
+        description: 'Specifies target Prividium rpc url. These takes precedence over config file and env variable.',
+        demandOption: true,
+        type: 'string'
+    })
+        .option('userPanelUrl', {
+        alias: ['user-panel-url', 'u'],
+        description: 'Specifies url used to log in into the Prividium network. Takes precedence over config file and env variable',
+        type: 'string',
+        demandOption: true
+    }), (args) => updateConfig({
+        prividiumRpcUrl: args.rpcUrl,
+        userPanelUrl: args.userPanelUrl
+    }, args.configPath))
+        .demandCommand());
+};

package/dist/cli/commands/proxy.js

@@ -0,0 +1,71 @@
+import { buildServer } from '../server/server.js';
+import { CreationWorkflow } from '../server/connection-workflow.js';
+import { ConfigFile } from '../server/config-file.js';
+import { z } from 'zod';
+const envSchema = z.object({
+    PRIVIDIUM_RPC_URL: z.string().optional(),
+    USER_PANEL_URL: z.string().optional()
+});
+async function startServer(opts) {
+    const config = new ConfigFile(opts.configPath);
+    const workflow = new CreationWorkflow(config);
+    workflow.start();
+    const configConfig = config.read();
+    const env = envSchema.parse(process.env);
+    const givenRpcUrl = opts.rpcUrl ?? env.PRIVIDIUM_RPC_URL ?? configConfig.prividiumRpcUrl;
+    const givenUserPanelUrl = opts.userPanelUrl ?? env.USER_PANEL_URL ?? configConfig.userPanelUrl;
+    const { prividiumRpcUrl, userPanelUrl } = await workflow.gatherData(givenRpcUrl, givenUserPanelUrl);
+    const app = buildServer({
+        prividiumRpcUrl,
+        userPanelUrl,
+        async onSubmit() {
+            await workflow.onSubmit();
+        },
+        onCall(methodName) {
+            workflow.onMessage(methodName);
+        }
+    });
+    const serverUrl = await app.listen({
+        port: 24101,
+        host: '127.0.0.1'
+    });
+    await workflow.waitForAuthentication(serverUrl);
+}
+export const addProxy = (cli) => {
+    return cli.command('proxy', 'Starts authenticated rpc proxy server', (yargs) => yargs
+        .option('rpcUrl', {
+        alias: ['rpc-url', 'r'],
+        description: 'Specifies target Prividium rpc url. These takes precedence over config file and env variable.',
+        demandOption: false,
+        type: 'string'
+    })
+        .option('userPanelUrl', {
+        alias: ['user-panel-url', 'u'],
+        description: 'Specifies url used to log in into the Prividium network. Takes precedence over config file and env variable',
+        type: 'string'
+    })
+        .option('configPath', {
+        alias: ['c', 'config-path', 'config'],
+        description: 'Path for config file. By default config file is stored under user personal folder',
+        type: 'string',
+        demandOption: false
+    })
+        .option('port', {
+        alias: ['p'],
+        description: 'Port used for local proxy. This has to match with the port configured in your Prividium network.',
+        default: 24101,
+        type: 'number'
+    })
+        .option('host', {
+        alias: 'h',
+        description: 'Host used for local server. By default traffic from outside localhost is disabled.',
+        default: '127.0.0.1',
+        type: 'string'
+    }), (args) => startServer({
+        rpcUrl: args.rpcUrl,
+        userPanelUrl: args.userPanelUrl,
+        configPath: args.configPath,
+        port: args.port,
+        host: args.host
+    }));
+};

package/dist/cli/index.js

@@ -0,0 +1,12 @@
+import { BASE_CLI } from './base-cli.js';
+import { addProxy } from './commands/proxy.js';
+import { addConfig } from './commands/config.js';
+const actions = [addProxy, addConfig];
+const baseCli = actions.reduce((argv, applyAction) => {
+    return applyAction(argv);
+}, BASE_CLI);
+const cli = baseCli.help().strict().demandCommand();
+cli.parseAsync().catch((e) => {
+    console.error(e);
+    process.exit(1);
+});

package/dist/cli/server/config-file.js

@@ -0,0 +1,58 @@
+import appDirs from 'appdirsjs';
+import path from 'node:path';
+import { existsSync, mkdirSync, readFileSync, rmSync, writeFileSync } from 'node:fs';
+import { z } from 'zod';
+import { log } from '@clack/prompts';
+import color from 'kleur';
+// eslint-disable-next-line @typescript-eslint/no-explicit-any,@typescript-eslint/no-unsafe-member-access
+const appDirsFn = appDirs.default;
+const dirs = appDirsFn({ appName: 'prividium-proxy' });
+const urlConfigSchema = z.object({
+    prividiumRpcUrl: z.string(),
+    userPanelUrl: z.string()
+});
+export class ConfigFile {
+    filePath;
+    constructor(filePath) {
+        if (filePath) {
+            this.filePath = filePath;
+        }
+        else {
+            this.filePath = path.join(dirs.config, 'config.json');
+        }
+    }
+    read() {
+        if (!existsSync(this.filePath)) {
+            return {};
+        }
+        else {
+            const data = readFileSync(this.filePath).toString();
+            try {
+                return urlConfigSchema.parse(JSON.parse(data));
+            }
+            catch {
+                rmSync(this.filePath);
+                log.warn('Corrupted configuration file');
+                return {};
+            }
+        }
+    }
+    write(param) {
+        const dir = path.parse(this.filePath).dir;
+        mkdirSync(dir, { recursive: true });
+        writeFileSync(this.filePath, JSON.stringify(param));
+    }
+    remove() {
+        if (existsSync(this.filePath)) {
+            rmSync(this.filePath);
+        }
+    }
+    print() {
+        const { prividiumRpcUrl, userPanelUrl } = this.read();
+        console.log(`${color.bold('Prividium rpc url')}: ${prividiumRpcUrl}`);
+        console.log(`${color.bold('Log in url')}: ${userPanelUrl}`);
+    }
+    printPath() {
+        console.log(this.filePath);
+    }
+}

package/dist/cli/server/connection-workflow.js

@@ -0,0 +1,93 @@
+import { confirm, intro, log, tasks, text } from '@clack/prompts';
+import color from 'kleur';
+import { z } from 'zod';
+import { setTimeout } from 'timers/promises';
+const HEADER = `             .__      .__    .___.__                               .__  .__ 
+_____________|__|__  _|__| __| _/|__|__ __  _____             ____ |  | |__|
+\\____ \\_  __ \\  \\  \\/ /  |/ __ | |  |  |  \\/     \\   ______ _/ ___\\|  | |  |
+|  |_> >  | \\/  |\\   /|  / /_/ | |  |  |  /  Y Y  \\ /_____/ \\  \\___|  |_|  |
+|   __/|__|  |__| \\_/ |__\\____ | |__|____/|__|_|  /          \\___  >____/__|
+|__|                          \\/                \\/               \\/         `;
+export class CreationWorkflow {
+    config;
+    submitCallback;
+    constructor(config) {
+        this.config = config;
+        this.submitCallback = undefined;
+    }
+    start() {
+        console.log(color.blue(HEADER));
+        console.log('');
+        intro('Starting prividium proxy');
+    }
+    async gatherData(maybePrividiumRpcUrl, maybeUserPanelUrl) {
+        const { url: prividiumRpcUrl, prompted: prompted1 } = await this.askForUrl(maybePrividiumRpcUrl, 'prividium rpc');
+        const { url: userPanelUrl, prompted: prompted2 } = await this.askForUrl(maybeUserPanelUrl, 'user panel');
+        if (prompted1 || prompted2) {
+            const confirmation = await confirm({
+                message: 'Do wou want to store this config for future usages?'
+            });
+            if (confirmation) {
+                this.config.write({ prividiumRpcUrl, userPanelUrl });
+            }
+        }
+        return {
+            prividiumRpcUrl,
+            userPanelUrl
+        };
+    }
+    async askForUrl(maybeUrl, name) {
+        if (maybeUrl !== undefined) {
+            const res = z.url().safeParse(maybeUrl);
+            if (!res.success) {
+                log.error(`Invalidad ${name} url provided: ${maybeUrl}`);
+                process.exit(1);
+            }
+            log.info(`Using ${name} url: ${color.bold(maybeUrl)}`);
+            return { url: maybeUrl, prompted: false };
+        }
+        else {
+            const url = await text({
+                message: `Please insert your ${name} url`,
+                validate(value) {
+                    const parsed = z.url().safeParse(value);
+                    if (!parsed.success) {
+                        return 'Please provide a valid url';
+                    }
+                }
+            });
+            if (typeof url === 'symbol') {
+                log.warn('Canceled by the user');
+                process.exit(1);
+            }
+            return { url, prompted: true };
+        }
+    }
+    async waitForAuthentication(url) {
+        log.info(`Please log in: ${url}`);
+        await tasks([
+            {
+                task: async () => {
+                    return new Promise((resolve) => {
+                        this.submitCallback = resolve;
+                    });
+                },
+                title: 'Waiting for authentication'
+            }
+        ]);
+    }
+    async onSubmit() {
+        if (this.submitCallback === undefined) {
+            throw new Error('Missing submit callback.');
+        }
+        else {
+            this.submitCallback('Authentication successful!');
+            await setTimeout(100);
+        }
+        log.info(`Your proxy rpc is ready! 🚀: \n\n${color.bold('http://127.0.0.1:24101/rpc')}\n`);
+        log.info('Waiting for logs...');
+    }
+    onMessage(msg) {
+        log.message(msg);
+    }
+}

package/dist/cli/server/server.js

@@ -0,0 +1,80 @@
+import Fastify from 'fastify';
+import { validatorCompiler } from 'fastify-type-provider-zod';
+import fastifyStatic from '@fastify/static';
+import path from 'node:path';
+import { z } from 'zod';
+import { fastifyHttpProxy } from '@fastify/http-proxy';
+import { randomBytes } from 'node:crypto';
+function fastifyApp() {
+    return Fastify().withTypeProvider();
+}
+function randomStateString() {
+    return randomBytes(20).toString('hex');
+}
+export function buildServer(config) {
+    const app = fastifyApp();
+    app.setValidatorCompiler(validatorCompiler);
+    const state = randomStateString();
+    let jwt = '';
+    app.register(fastifyStatic, { root: path.join(import.meta.dirname, '..', 'static') });
+    app.get('/health', async (_req, reply) => {
+        return reply.send('ok');
+    });
+    app.get('/', async (_req, reply) => {
+        reply.header('Cache-Control', 'no-cache');
+        return reply.sendFile(path.join('start.html'));
+    });
+    app.get('/redirect-uri', async (_req, reply) => {
+        const url = new URL('/auth/authorize', config.userPanelUrl);
+        url.searchParams.set('client_id', 'proxy-cli');
+        url.searchParams.set('redirect_uri', `http://localhost:24101/callback`);
+        url.searchParams.set('state', state);
+        url.searchParams.set('response_type', 'token');
+        return reply.send(url.toString());
+    });
+    app.get('/callback', async (_req, reply) => {
+        reply.header('Cache-Control', 'no-cache');
+        return reply.sendFile(path.join('callback.html'));
+    });
+    app.post('/submit', {
+        schema: {
+            body: z.object({
+                token: z.string(),
+                state: z.string()
+            })
+        }
+    }, async (req, reply) => {
+        if (req.body.state !== state) {
+            throw new Error('invalid state received');
+        }
+        jwt = req.body.token;
+        await config.onSubmit();
+        return reply.send('ok');
+    });
+    app.register(fastifyHttpProxy, {
+        upstream: config.prividiumRpcUrl,
+        prefix: '/rpc',
+        rewritePrefix: '/rpc',
+        routes: ['/'],
+        preValidation: (request, _reply, done) => {
+            const parser = z.object({ method: z.string() });
+            const { method } = parser.parse(request.body);
+            config.onCall(method);
+            done();
+        },
+        preHandler: (_req, reply, done) => {
+            if (jwt === '') {
+                reply.status(500).send('please authenticate first.');
+                return;
+            }
+            return done();
+        },
+        replyOptions: {
+            rewriteRequestHeaders: (_originalReq, headers) => ({
+                ...headers,
+                authorization: `Bearer ${jwt}`
+            })
+        }
+    });
+    return app;
+}

package/dist/cli/static/callback.html

@@ -0,0 +1,70 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>Prividium</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+  </head>
+  <body
+    class="min-h-screen bg-gradient-to-br from-slate-50 via-white to-blue-50 text-slate-800 flex items-center justify-center p-4"
+  >
+    <div
+      class="text-center bg-white/80 backdrop-blur-md py-10 px-6 shadow-xl rounded-2xl border border-slate-200 sm:px-12 w-full max-w-md"
+    >
+      <h1
+        id="main-title"
+        class="text-2xl md:text-3xl font-bold bg-gradient-to-r from-blue-700 to-blue-900 bg-clip-text text-transparent"
+      >
+        Finalizing Prividium sign-in...
+      </h1>
+      <div class="mt-4">
+        <svg
+          class="animate-spin h-8 w-8 text-blue-700 mx-auto"
+          xmlns="http://www.w3.org/2000/svg"
+          fill="none"
+          viewBox="0 0 24 24"
+        >
+          <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
+          <path
+            class="opacity-75"
+            fill="currentColor"
+            d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"
+          ></path>
+        </svg>
+      </div>
+      <div id="proxy-url" style="display: none" class="mt-6 text-blue-700 text-center">
+        <img src="https://www.zksync.io/faq/faq-brackets.svg" alt="Success" class="h-12 w-auto mx-auto mb-3" />
+        <span>You can now access your Prividium RPC proxy at: </span>
+        <span class="font-bold">http://127.0.0.1:24101/rpc</span>
+      </div>
+    </div>
+    <script>
+      const titleElem = document.getElementById('main-title');
+      const hashPath = window.location.hash;
+      const params = new URLSearchParams(hashPath.replace(/^#/, ''));
+      const maybeToken = params.get('token');
+      const maybeState = params.get('state');
+
+      if (!maybeToken || !maybeToken) {
+        console.error('Missing stuff');
+      } else {
+        fetch('/submit', {
+          method: 'POST',
+          headers: {
+            'content-type': 'application/json'
+          },
+          body: JSON.stringify({
+            token: maybeToken,
+            state: maybeState
+          })
+        }).then(() => {
+          titleElem.innerHTML = 'Done! This window can be closed now.';
+          document.querySelector('svg').style.display = 'none';
+          const urlElem = document.getElementById('proxy-url');
+          urlElem.style.display = 'block';
+        }, console.error);
+      }
+    </script>
+  </body>
+</html>

package/dist/cli/static/start.html

@@ -0,0 +1,33 @@
+<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Prividium</title>
+    <script src="https://cdn.tailwindcss.com"></script>
+</head>
+<body class="bg-gray-900 text-white flex items-center justify-center h-screen">
+<div class="text-center">
+    <h1 id="main-title" class="text-2xl font-bold">Redirecting...</h1>
+    <div class="mt-4">
+        <svg class="animate-spin h-8 w-8 text-white mx-auto" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24">
+            <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
+            <path class="opacity-75" fill="currentColor" d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"></path>
+        </svg>
+    </div>
+</div>
+<script>
+    const hashPath = window.location.hash;
+    const params = new URLSearchParams(hashPath.replace(/^#/, ''));
+
+    fetch('/redirect-uri').then(
+        (r) => {
+            return r.text();
+        },
+        console.error
+    ).then(url => {
+        window.location.assign(url);
+    });
+</script>
+</body>
+</html>

package/dist/{index.d.ts → sdk/index.d.ts}

@@ -1,6 +1,6 @@
 export { createPrividiumChain } from './prividium-chain.js';
-export type { PrividiumConfig, PrividiumChain, PopupOptions, Storage, TokenData, UserProfile, UserRole } from './types.js';
+export type { PrividiumConfig, PrividiumChain, PopupOptions, Storage, TokenData, UserProfile, UserRole, AddNetworkParams } from './types.js';
 export { AUTH_ERRORS, STORAGE_KEYS } from './types.js';
 export { LocalStorage, TokenManager } from './storage.js';
 export { parseToken, isTokenExpired, generateRandomState } from './token-utils.js';
-export { PopupAuth, handleAuthCallback, type AuthCallbackMessage } from './popup-auth.js';
+export { PopupAuth, handleAuthCallback, type AuthCallbackMessage, type OauthScope } from './popup-auth.js';

package/dist/{popup-auth.d.ts → sdk/popup-auth.d.ts}

@@ -1,13 +1,18 @@
 import { type PopupOptions } from './types.js';
 import { type TokenManager } from './storage.js';
-export type OauthScope = 'wallet:required';
+/**
+ * OAuth scopes that can be requested during authorization
+ *
+ * - `wallet:required`: Requires user to have at least one wallet associated
+ * - `network:required`: Requires user to have wallet connected with correct chain
+ */
+export type OauthScope = 'wallet:required' | 'network:required';
 export interface PopupAuthConfig {
     authBaseUrl: string;
     clientId: string;
     redirectUri: string;
     tokenManager: TokenManager;
     onAuthExpiry?: () => void;
-    scope?: OauthScope[];
 }
 export declare class PopupAuth {
     private config;

package/dist/{popup-auth.js → sdk/popup-auth.js}

@@ -6,10 +6,10 @@ export class PopupAuth {
         this.config = config;
     }
     async authorize(options = {}) {
-        const { popupSize = { w: 500, h: 600 } } = options;
+        const { popupSize = { w: 600, h: 800 }, scopes = [] } = options;
         const state = generateRandomState();
         this.config.tokenManager.setState(state);
-        const authUrl = this.buildAuthUrl(state);
+        const authUrl = this.buildAuthUrl(state, scopes);
         const popup = this.openPopup(authUrl, popupSize);
         return new Promise((resolve, reject) => {
             const TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
@@ -108,14 +108,14 @@ export class PopupAuth {
             }, TIMEOUT_MS);
         });
     }
-    buildAuthUrl(state) {
+    buildAuthUrl(state, scopes) {
         const url = new URL('/auth/authorize', this.config.authBaseUrl);
         url.searchParams.set('client_id', this.config.clientId);
         url.searchParams.set('redirect_uri', this.config.redirectUri);
         url.searchParams.set('state', state);
         url.searchParams.set('response_type', 'token');
-        if (this.config.scope?.length) {
-            for (const scope of this.config.scope) {
+        if (scopes?.length) {
+            for (const scope of scopes) {
                 url.searchParams.append('scope', scope);
             }
         }

package/dist/sdk/prividium-chain.d.ts

@@ -0,0 +1,12 @@
+import { type PrividiumConfig, type PrividiumChain } from './types.js';
+declare global {
+    interface Window {
+        ethereum?: {
+            request: (args: {
+                method: string;
+                params?: unknown[];
+            }) => Promise<unknown>;
+        };
+    }
+}
+export declare function createPrividiumChain(config: PrividiumConfig): PrividiumChain;

package/dist/sdk/prividium-chain.js

@@ -0,0 +1,199 @@
+import { http } from 'viem';
+import { chainConfig } from 'viem/zksync';
+import { LocalStorage, TokenManager } from './storage.js';
+import { PopupAuth } from './popup-auth.js';
+export function createPrividiumChain(config) {
+    const storage = config.storage || new LocalStorage();
+    const tokenManager = new TokenManager(storage, config.chain.id);
+    const popupAuth = new PopupAuth({
+        clientId: config.clientId,
+        authBaseUrl: config.authBaseUrl,
+        redirectUri: config.redirectUrl,
+        tokenManager,
+        onAuthExpiry: config.onAuthExpiry
+    });
+    const getAuthHeaders = () => {
+        const token = tokenManager.getToken();
+        if (token) {
+            return {
+                Authorization: `Bearer ${token.rawToken}`
+            };
+        }
+        return null;
+    };
+    // Create transport with auth integration using viem callbacks
+    const transport = http(config.rpcUrl, {
+        batch: false,
+        fetchOptions: {
+            headers: getAuthHeaders() || {}
+        },
+        onFetchRequest(_request, init) {
+            init.headers = {
+                ...init.headers,
+                ...getAuthHeaders()
+            };
+        },
+        onFetchResponse: (response) => {
+            // Handle 403 responses (expired token or no access)
+            if (response.status === 403) {
+                tokenManager.clearToken();
+                config.onAuthExpiry?.();
+            }
+        }
+    });
+    return {
+        chain: {
+            ...chainConfig,
+            ...config.chain,
+            contracts: {
+                ...chainConfig.contracts,
+                ...config.chain.contracts,
+                multicall3: undefined // Prividium doesn't support multicall yet
+            },
+            rpcUrls: { default: { http: [config.rpcUrl] } }
+        },
+        transport,
+        async authorize(options) {
+            return popupAuth.authorize(options);
+        },
+        unauthorize() {
+            popupAuth.unauthorize();
+        },
+        isAuthorized() {
+            return popupAuth.isAuthorized();
+        },
+        getAuthHeaders,
+        async fetchUser() {
+            const headers = getAuthHeaders();
+            if (!headers) {
+                throw new Error('Authentication required. Please call authorize() first.');
+            }
+            const response = await fetch(`${config.permissionsApiBaseUrl}/api/profiles/me`, {
+                method: 'GET',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...headers
+                }
+            });
+            if (response.status === 403) {
+                tokenManager.clearToken();
+                config.onAuthExpiry?.();
+                throw new Error('Authentication required. Please call authorize() first.');
+            }
+            if (!response.ok) {
+                throw new Error(`Failed to fetch user profile: ${response.status} ${response.statusText}`);
+            }
+            const userData = (await response.json());
+            return {
+                userId: userData.userId,
+                createdAt: new Date(userData.createdAt),
+                displayName: userData.displayName,
+                updatedAt: new Date(userData.updatedAt),
+                roles: userData.roles,
+                walletAddresses: userData.walletAddresses
+            };
+        },
+        async getWalletToken() {
+            const headers = getAuthHeaders();
+            if (!headers) {
+                throw new Error('Authentication required. Please call authorize() first.');
+            }
+            const response = await fetch(`${config.permissionsApiBaseUrl}/api/wallet/personal-rpc-token`, {
+                method: 'GET',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...headers
+                }
+            });
+            if (response.status === 403) {
+                tokenManager.clearToken();
+                config.onAuthExpiry?.();
+                throw new Error('Authentication required. Please call authorize() first.');
+            }
+            if (!response.ok) {
+                throw new Error(`Failed to fetch wallet token: ${response.status} ${response.statusText}`);
+            }
+            const data = (await response.json());
+            return data.token;
+        },
+        async getWalletRpcUrl() {
+            const walletToken = await this.getWalletToken();
+            // Extract base URL without /api path
+            const baseUrl = config.rpcUrl.replace(/\/rpc.*$/, '');
+            return `${baseUrl}/wallet/${walletToken}`;
+        },
+        async invalidateWalletToken() {
+            const headers = getAuthHeaders();
+            if (!headers) {
+                throw new Error('Authentication required. Please call authorize() first.');
+            }
+            const response = await fetch(`${config.permissionsApiBaseUrl}/api/wallet/invalidate`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...headers
+                }
+            });
+            if (!response.ok) {
+                throw new Error(`Failed to invalidate wallet token: ${response.status} ${response.statusText}`);
+            }
+            const result = (await response.json());
+            return result.newWalletToken;
+        },
+        async enableWalletToken(params) {
+            const headers = getAuthHeaders();
+            if (!headers) {
+                throw new Error('Authentication required. Please call authorize() first.');
+            }
+            const response = await fetch(`${config.permissionsApiBaseUrl}/api/wallet/enable`, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...headers
+                },
+                body: JSON.stringify(params)
+            });
+            if (response.status === 403) {
+                tokenManager.clearToken();
+                config.onAuthExpiry?.();
+                throw new Error('Authentication required. Please call authorize() first.');
+            }
+            if (!response.ok) {
+                throw new Error(`Failed to enable wallet token: ${response.status} ${response.statusText}`);
+            }
+            const result = (await response.json());
+            return result;
+        },
+        async addNetworkToWallet(params) {
+            if (typeof window === 'undefined' || !window.ethereum) {
+                throw new Error('Wallet not detected. Please install a wallet extension to add network.');
+            }
+            const walletRpcUrl = await this.getWalletRpcUrl();
+            const chainIdHex = `0x${config.chain.id.toString(16)}`;
+            const networkParams = {
+                chainId: params?.chainId || chainIdHex,
+                chainName: params?.chainName || config.chain.name,
+                nativeCurrency: params?.nativeCurrency || {
+                    name: config.chain.nativeCurrency?.name || 'Ether',
+                    symbol: config.chain.nativeCurrency?.symbol || 'ETH',
+                    decimals: config.chain.nativeCurrency?.decimals || 18
+                },
+                rpcUrls: [walletRpcUrl],
+                blockExplorerUrls: params?.blockExplorerUrls ||
+                    (config.chain.blockExplorers?.default?.url ? [config.chain.blockExplorers.default.url] : undefined)
+            };
+            try {
+                if (!window.ethereum) {
+                    throw new Error('Wallet not detected');
+                }
+                await window.ethereum.request({
+                    method: 'wallet_addEthereumChain',
+                    params: [networkParams]
+                });
+            }
+            catch (error) {
+                throw new Error(`Failed to add network to wallet: ${error instanceof Error ? error.message : 'Unknown error'}`);
+            }
+        }
+    };
+}

package/dist/{types.d.ts → sdk/types.d.ts}

@@ -1,4 +1,4 @@
-import { type Chain, type Transport } from 'viem';
+import { type Chain, type Transport, type Address, type Hex } from 'viem';
 import { type OauthScope } from './popup-auth.js';
 export interface Storage {
     getItem(key: string): string | null;
@@ -12,7 +12,6 @@ export interface PrividiumConfig {
     authBaseUrl: string;
     redirectUrl: string;
     permissionsApiBaseUrl: string;
-    scope?: OauthScope[];
     storage?: Storage;
     onAuthExpiry?: () => void;
 }
@@ -27,19 +26,39 @@ export interface UserProfile {
     roles: UserRole[];
     walletAddresses: string[];
 }
+export interface AddNetworkParams {
+    chainName?: string;
+    chainId: string;
+    nativeCurrency?: {
+        name: string;
+        symbol: string;
+        decimals: number;
+    };
+    blockExplorerUrls?: string[];
+}
+export interface EnableWalletTokenParams {
+    walletAddress: Address;
+    contractAddress: Address;
+    nonce: number;
+    calldata: Hex;
+}
+export interface EnableWalletTokenResponse {
+    message: string;
+    activeUntil: string;
+}
 export interface PrividiumChain {
     chain: Chain;
     transport: Transport;
-    authorize(opts?: {
-        popupSize?: {
-            w: number;
-            h: number;
-        };
-    }): Promise<string>;
+    authorize(opts?: PopupOptions): Promise<string>;
     unauthorize(): void;
     isAuthorized(): boolean;
     getAuthHeaders(): Record<string, string> | null;
     fetchUser(): Promise<UserProfile>;
+    getWalletToken(): Promise<string>;
+    getWalletRpcUrl(): Promise<string>;
+    invalidateWalletToken(): Promise<string>;
+    enableWalletToken(params: EnableWalletTokenParams): Promise<EnableWalletTokenResponse>;
+    addNetworkToWallet(params?: AddNetworkParams): Promise<void>;
 }
 export interface TokenData {
     rawToken: string;
@@ -52,6 +71,7 @@ export interface PopupOptions {
         w: number;
         h: number;
     };
+    scopes?: OauthScope[];
 }
 export declare const AUTH_ERRORS: {
     readonly INVALID_STATE: "Invalid state parameter";

package/dist/tsconfig.cli.tsbuildinfo

@@ -0,0 +1 @@
+{"root":["../cli/base-cli.ts","../cli/index.ts","../cli/commands/config.ts","../cli/commands/proxy.ts","../cli/server/config-file.ts","../cli/server/connection-workflow.ts","../cli/server/server.ts"],"version":"5.8.3"}

package/dist/tsconfig.sdk.tsbuildinfo

@@ -0,0 +1 @@
+{"root":["../src/index.ts","../src/popup-auth.ts","../src/prividium-chain.ts","../src/storage.ts","../src/token-utils.ts","../src/types.ts"],"version":"5.8.3"}

package/package.json

@@ -1,26 +1,40 @@
 {
   "name": "prividium",
-  "version": "0.0.1-beta",
+  "version": "0.0.3-beta",
+  "bin": {
+    "prividium": "./bin/cli.js"
+  },
   "exports": {
     ".": {
-      "import": "./dist/index.js",
-      "types": "./dist/index.d.ts"
+      "import": "./dist/sdk/index.js",
+      "types": "./dist/sdk/index.d.ts"
     }
   },
   "files": [
     "dist"
   ],
   "scripts": {
-    "build": "tsc",
+    "build": "tsc -b && yarn copy-static-files",
+    "copy-static-files": "cp -r cli/static dist/cli",
+    "dev": "tsc -b --watch",
     "lint": "eslint . --ignore-path ../../.gitignore --max-warnings 0",
     "lint:fix": "eslint . --fix --ignore-path ../../.gitignore",
     "test": "vitest run",
     "test:watch": "vitest",
-    "typecheck": "tsc --noEmit",
+    "typecheck": "tsc -b --noEmit",
+    "cli": "tsx cli/index.ts",
     "typecheck:test": "tsc --project tsconfig.test.json --noEmit"
   },
   "dependencies": {
-    "zod": "^3.23.8"
+    "@clack/prompts": "^0.11.0",
+    "@fastify/http-proxy": "^11.3.0",
+    "@fastify/static": "^8.3.0",
+    "appdirsjs": "^1.2.7",
+    "fastify": "^5.0.0",
+    "fastify-type-provider-zod": "^6.1.0",
+    "kleur": "^4.1.5",
+    "yargs": "^18.0.0",
+    "zod": "^4.1.12"
   },
   "peerDependencies": {
     "viem": ">=2.0.0"
@@ -28,8 +42,10 @@
   "devDependencies": {
     "@repo/eslint-config": "workspace:*",
     "@types/node": "^22.8.6",
+    "@types/yargs": "^17.0.34",
     "eslint": "^8",
     "jsdom": "^25.0.0",
+    "tsx": "^4.20.6",
     "typescript": "^5.8.3",
     "vitest": "^3.2.4"
   }

package/dist/prividium-chain.d.ts

@@ -1,2 +0,0 @@
-import { type PrividiumConfig, type PrividiumChain } from './types.js';
-export declare function createPrividiumChain(config: PrividiumConfig): PrividiumChain;

package/dist/prividium-chain.js

@@ -1,98 +0,0 @@
-import { http } from 'viem';
-import { chainConfig } from 'viem/zksync';
-import { LocalStorage, TokenManager } from './storage.js';
-import { PopupAuth } from './popup-auth.js';
-export function createPrividiumChain(config) {
-    const storage = config.storage || new LocalStorage();
-    const tokenManager = new TokenManager(storage, config.chain.id);
-    const popupAuth = new PopupAuth({
-        clientId: config.clientId,
-        authBaseUrl: config.authBaseUrl,
-        redirectUri: config.redirectUrl,
-        scope: config.scope,
-        tokenManager,
-        onAuthExpiry: config.onAuthExpiry
-    });
-    const getAuthHeaders = () => {
-        const token = tokenManager.getToken();
-        if (token) {
-            return {
-                Authorization: `Bearer ${token.rawToken}`
-            };
-        }
-        return null;
-    };
-    // Create transport with auth integration using viem callbacks
-    const transport = http(config.rpcUrl, {
-        batch: false,
-        fetchOptions: {
-            headers: getAuthHeaders() || {}
-        },
-        onFetchRequest(_request, init) {
-            init.headers = {
-                ...init.headers,
-                ...getAuthHeaders()
-            };
-        },
-        onFetchResponse: (response) => {
-            // Handle 403 responses (expired token or no access)
-            if (response.status === 403) {
-                tokenManager.clearToken();
-                config.onAuthExpiry?.();
-            }
-        }
-    });
-    return {
-        chain: {
-            ...chainConfig,
-            ...config.chain,
-            contracts: {
-                ...chainConfig.contracts,
-                ...config.chain.contracts,
-                multicall3: undefined // Prividium doesn't support multicall yet
-            },
-            rpcUrls: { default: { http: [config.rpcUrl] } }
-        },
-        transport,
-        async authorize(options) {
-            return popupAuth.authorize(options);
-        },
-        unauthorize() {
-            popupAuth.unauthorize();
-        },
-        isAuthorized() {
-            return popupAuth.isAuthorized();
-        },
-        getAuthHeaders,
-        async fetchUser() {
-            const headers = getAuthHeaders();
-            if (!headers) {
-                throw new Error('Authentication required. Please call authorize() first.');
-            }
-            const response = await fetch(`${config.permissionsApiBaseUrl}/api/profiles/me`, {
-                method: 'GET',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...headers
-                }
-            });
-            if (response.status === 403) {
-                tokenManager.clearToken();
-                config.onAuthExpiry?.();
-                throw new Error('Authentication required. Please call authorize() first.');
-            }
-            if (!response.ok) {
-                throw new Error(`Failed to fetch user profile: ${response.status} ${response.statusText}`);
-            }
-            const userData = (await response.json());
-            return {
-                userId: userData.userId,
-                createdAt: new Date(userData.createdAt),
-                displayName: userData.displayName,
-                updatedAt: new Date(userData.updatedAt),
-                roles: userData.roles,
-                walletAddresses: userData.walletAddresses
-            };
-        }
-    };
-}