prividium 0.1.4 → 0.1.6

package/README.md

@@ -62,16 +62,22 @@ const prividium = createPrividiumChain({
 });
 ```
 
-### 2. Create Viem Client
+### 2. Create Prividium™ Viem Client
 
 ```typescript
+import { createPrividiumClient } from 'prividium';
+
 // The SDK provides a pre-configured transport with automatic auth headers
-const client = createPublicClient({
+const client = createPrividiumClient({
   chain: prividium.chain,
-  transport: prividium.transport // ✨ Auth headers are automatically included!
+  transport: prividium.transport, // ✨ Auth headers are automatically included!
+  account: '0x...' // 🔐 Provide user account to make `eth_call`s from that address
 });
 ```
 
+**Note:** Providing the account is required only for read operations that use `eth_call`. Prividium™ needs to know the
+caller address to enforce permissions correctly.
+
 ### 3. Authenticate and Use
 
 ```typescript
@@ -87,7 +93,35 @@ const balance = await client.getBalance({
 });
 ```
 
-### 4. Sending Transactions with Injected Wallets (MetaMask)
+### 4. Reading contract data
+
+```typescript
+import { createContract } from 'viem';
+// Define contract
+const greeterContract = createContract({
+  address: '0x...',
+  abi: [
+    {
+      name: 'getGreeting',
+      type: 'function',
+      inputs: [],
+      outputs: [{ name: '', type: 'string' }],
+      stateMutability: 'view'
+    }
+  ],
+  client: client
+});
+
+// Read data
+if (!client.account) {
+  console.warn('Client account is not set. Connect wallet.');
+} else {
+  const greeting = await greeterContract.read.getGreeting();
+  console.log('Greeting:', greeting);
+}
+```
+
+### 5. Sending Transactions with Injected Wallets (MetaMask)
 
 Before sending transactions through injected wallets, you need to add the Prividium™ network and enable wallet RPC for
 each transaction.
@@ -121,26 +155,28 @@ const request = await walletClient.prepareTransactionRequest({
       }
     ],
     functionName: 'setGreeting',
-    args: ['Hello, Prividium!']
+    args: ['Hello, Prividium!'],
+    value: 0n // Optional ETH value to send
   })
 });
 
-// Enable wallet token for this transaction
-await prividium.enableWalletToken({
+// Authorize transaction
+await prividium.authorizeTransaction({
   walletAddress: address,
   contractAddress: greeterContract,
   nonce: Number(request.nonce),
-  calldata: request.data
+  calldata: request.data,
+  value: request.value
 });
 
 // Send transaction through MetaMask
 const hash = await walletClient.sendTransaction(request);
 ```
 
-**Note:** Call `enableWalletToken(...)` before each transaction. Permission is transaction-specific and expires after 1
-hour.
+**Note:** Call `authorizeTransaction(...)` before each transaction. Permission is transaction-specific and expires after
+1 hour.
 
-### 5. Setup OAuth Callback Page
+### 6. Setup OAuth Callback Page
 
 The SDK requires a callback page to complete the authentication flow securely using `postMessage`. Create a callback
 page at the `redirectUrl` you configured:
@@ -246,8 +282,8 @@ Opens authentication popup and handles OAuth flow.
 
 ```typescript
 await prividium.authorize({
-  popupSize: { w: 600, h: 700 } // Optional custom popup dimensions
-  scopes: ['wallet:required', 'network:required'], // Optional scope requests
+  popupSize: { w: 600, h: 700 }, // Optional custom popup dimensions
+  scopes: ['wallet:required', 'network:required'] // Optional scope requests
 });
 ```
 
@@ -307,6 +343,23 @@ handleAuthCallback((error) => {
 - Automatically closes popup window on success
 - Calls `onError` if any errors occur
 
+### `createPrividiumClient(config)`
+
+Creates a viem client.
+
+**Parameters:**
+
+```typescript
+interface PrividiumClientConfig {
+  chain: Chain; // Viem chain configuration
+  transport: Transport; // Viem transport with Prividium™ auth headers
+  account?: Address; // Optional user account for eth_call operations
+  // Other viem client config options...
+}
+```
+
+**Returns:** `PublicClient` - Viem client instance.
+
 ## Advanced Usage
 
 ### Custom Storage
@@ -446,6 +499,7 @@ Flags:
 - `--host, -h` (string, default `127.0.0.1`): host binded to server. By default only connections comming from local
   device will be accepted. WARNING: Using 0.0.0.0 implies allowing anyone in the local network to use your credentials.
 - `--config-path, -c` (string): Path to the CLI config file.
+- `--unsecure-allow-outside-access`: Needed to expose the proxy to any network (including local network).
 
 Environment variables (optional):
 

package/dist/cli/commands/proxy.js

@@ -1,4 +1,6 @@
 import { buildServer } from '../server/server.js';
+import { log } from '@clack/prompts';
+import color from 'kleur';
 import { CreationWorkflow } from '../server/connection-workflow.js';
 import { ConfigFile } from '../server/config-file.js';
 import { z } from 'zod';
@@ -6,6 +8,24 @@ const envSchema = z.object({
     PRIVIDIUM_RPC_URL: z.string().optional(),
     USER_PANEL_URL: z.string().optional()
 });
+const DEFAULT_PORT = 24101;
+function checkHostAndPortWarnings(host, port, allowExternalAccess) {
+    if (port !== DEFAULT_PORT) {
+        log.warn(`Non standard port detected: ${port}. Redirect from prividium auth might not work.`);
+    }
+    if (host !== '127.0.0.1' && host !== 'localhost') {
+        if (!allowExternalAccess) {
+            log.error(`${color.bold('ERROR')}: In order to use a host different than local host you need to set --unsecureAllowOutsideAccess flag.`);
+            process.exit(1);
+        }
+        if (host === '0.0.0.0') {
+            log.warn(`${color.bold('WARNING')}: Your local proxy will be exposed outside your current device.`);
+        }
+        else {
+            log.warn(`${color.bold('WARNING')}: Non standard host: ${host}. Your proxy might be open for other devices. Redirect from prividium auth might not work.`);
+        }
+    }
+}
 async function startServer(opts) {
     const config = new ConfigFile(opts.configPath);
     const workflow = new CreationWorkflow(config);
@@ -18,6 +38,8 @@ async function startServer(opts) {
     const app = buildServer({
         prividiumRpcUrl,
         userPanelUrl,
+        host: opts.host,
+        port: opts.port,
         async onSubmit() {
             await workflow.onSubmit();
         },
@@ -25,9 +47,10 @@ async function startServer(opts) {
             workflow.onMessage(methodName);
         }
     });
+    checkHostAndPortWarnings(opts.host, opts.port, opts.allowExternalAccess);
     const serverUrl = await app.listen({
-        port: 24101,
-        host: '127.0.0.1'
+        port: opts.port,
+        host: opts.host
     });
     await workflow.waitForAuthentication(serverUrl);
 }
@@ -53,19 +76,26 @@ export const addProxy = (cli) => {
         .option('port', {
         alias: ['p'],
         description: 'Port used for local proxy. This has to match with the port configured in your Prividium™ network.',
-        default: 24101,
+        default: DEFAULT_PORT,
         type: 'number'
     })
         .option('host', {
         alias: 'h',
         description: 'Host used for local server. By default traffic from outside localhost is disabled.',
-        default: '127.0.0.1',
+        default: 'localhost',
         type: 'string'
+    })
+        .option('unsecureAllowOutsideAccess', {
+        alias: ['unsecure-allow-outside-access'],
+        description: 'Allow server to be exposed to the network (accessible by other devices)',
+        default: false,
+        type: 'boolean'
     }), (args) => startServer({
         rpcUrl: args.rpcUrl,
         userPanelUrl: args.userPanelUrl,
         configPath: args.configPath,
         port: args.port,
-        host: args.host
+        host: args.host,
+        allowExternalAccess: args.unsecureAllowOutsideAccess
     }));
 };

package/dist/cli/server/server.js

@@ -5,6 +5,7 @@ import path from 'node:path';
 import { z } from 'zod';
 import { fastifyHttpProxy } from '@fastify/http-proxy';
 import { randomBytes } from 'node:crypto';
+import { log } from '@clack/prompts';
 function fastifyApp() {
     return Fastify().withTypeProvider();
 }
@@ -17,7 +18,7 @@ export function buildServer(config) {
     const app = fastifyApp();
     app.setValidatorCompiler(validatorCompiler);
     const state = randomStateString();
-    let jwt = '';
+    let accessToken = '';
     app.register(fastifyStatic, { root: path.join(import.meta.dirname, '..', 'static') });
     app.get('/health', async (_req, reply) => {
         return reply.send('ok');
@@ -49,7 +50,7 @@ export function buildServer(config) {
         if (req.body.state !== state) {
             throw new Error('invalid state received');
         }
-        jwt = req.body.token;
+        accessToken = req.body.token;
         await config.onSubmit();
         return reply.send('ok');
     });
@@ -57,6 +58,7 @@ export function buildServer(config) {
         upstream: config.prividiumRpcUrl,
         prefix: '/rpc',
         rewritePrefix: '/rpc',
+        httpMethods: ['POST'],
         routes: ['/'],
         preValidation: (request, _reply, done) => {
             const method = rpcReqSchema.safeParse(request.body);
@@ -71,17 +73,24 @@ export function buildServer(config) {
             }
             done();
         },
-        preHandler: (_req, reply, done) => {
-            if (jwt === '') {
+        preHandler: (req, reply, done) => {
+            if (accessToken === '') {
                 reply.status(500).send('please authenticate first.');
                 return;
             }
+            const portStr = config.port !== 80 ? `:${config.port}` : '';
+            const fullHost = `${config.host}${portStr}`;
+            if (req.headers.host && req.headers.host !== fullHost) {
+                log.error(`Expected host ${fullHost} but got ${req.headers.host}`);
+                reply.status(403).send("host doesn't match");
+                return;
+            }
             return done();
         },
         replyOptions: {
             rewriteRequestHeaders: (_originalReq, headers) => ({
                 ...headers,
-                authorization: `Bearer ${jwt}`
+                authorization: `Bearer ${accessToken}`
             })
         }
     });

package/dist/sdk/create-prividium-client.d.ts

@@ -0,0 +1,8 @@
+import { type Account, type Chain, type ClientConfig, type PublicClient, type PublicClientConfig, type RpcSchema, type Transport } from 'viem';
+type PrividiumClientConfig<transport extends Transport = Transport, chain extends Chain | undefined = Chain | undefined, accountOrAddress extends Account | undefined = undefined, rpcSchema extends RpcSchema | undefined = undefined> = PublicClientConfig<transport, chain, accountOrAddress, rpcSchema> & Pick<ClientConfig<transport, chain, accountOrAddress, rpcSchema>, 'account'>;
+/**
+ * Creates a Prividium specific Public Client. This client extends the standard Viem Public Client
+ * with additional checks required for Prividium operations.
+ */
+export declare function createPrividiumClient<transport extends Transport = Transport, chain extends Chain | undefined = Chain | undefined, accountOrAddress extends Account | undefined = undefined, rpcSchema extends RpcSchema | undefined = undefined>(config: PrividiumClientConfig<transport, chain, accountOrAddress, rpcSchema>): PublicClient<transport, chain, accountOrAddress, rpcSchema>;
+export {};

package/dist/sdk/create-prividium-client.js

@@ -0,0 +1,25 @@
+import { createClient, publicActions } from 'viem';
+function prividiumActions(client) {
+    return {
+        call: (args) => {
+            if (!client.account || !client.account.address) {
+                throw new Error('RPC method eth_call requires an account to be provided for the client');
+            }
+            return client.call(args);
+        }
+    };
+}
+/**
+ * Creates a Prividium specific Public Client. This client extends the standard Viem Public Client
+ * with additional checks required for Prividium operations.
+ */
+export function createPrividiumClient(config) {
+    const { key = 'prividium', name = 'Prividium™ Public Client' } = config;
+    const client = createClient({
+        ...config,
+        key,
+        name,
+        type: 'publicClient'
+    });
+    return client.extend(publicActions).extend(prividiumActions);
+}

package/dist/sdk/index.d.ts

@@ -5,3 +5,4 @@ export { LocalStorage, TokenManager } from './storage.js';
 export { generateRandomState } from './token-utils.js';
 export { PopupAuth, handleAuthCallback, type AuthCallbackMessage, type OauthScope } from './popup-auth.js';
 export { UNAUTHORIZED_ERROR_CODE, FORBIDDEN_ERROR_CODE } from './rpc-error-codes.js';
+export { createPrividiumClient } from './create-prividium-client.js';

package/dist/sdk/index.js

@@ -4,3 +4,4 @@ export { LocalStorage, TokenManager } from './storage.js';
 export { generateRandomState } from './token-utils.js';
 export { PopupAuth, handleAuthCallback } from './popup-auth.js';
 export { UNAUTHORIZED_ERROR_CODE, FORBIDDEN_ERROR_CODE } from './rpc-error-codes.js';
+export { createPrividiumClient } from './create-prividium-client.js';

package/dist/sdk/prividium-chain.d.ts

@@ -1,4 +1,4 @@
-import { type PrividiumConfig, type PrividiumChain } from './types.js';
+import { type PrividiumChain, type PrividiumConfig } from './types.js';
 declare global {
     interface Window {
         ethereum?: {

package/dist/sdk/prividium-chain.js

@@ -142,18 +142,23 @@ export function createPrividiumChain(config) {
             const result = (await response.json());
             return result.newWalletToken;
         },
-        async enableWalletToken(params) {
+        async authorizeTransaction(params) {
             const headers = getAuthHeaders();
             if (!headers) {
                 throw new Error('Authentication required. Please call authorize() first.');
             }
-            const response = await fetch(`${config.permissionsApiBaseUrl}/api/wallet/enable`, {
+            const response = await fetch(`${config.permissionsApiBaseUrl}/api/wallet/transaction-authorization`, {
                 method: 'POST',
                 headers: {
                     'Content-Type': 'application/json',
                     ...headers
                 },
-                body: JSON.stringify(params)
+                body: JSON.stringify({
+                    ...params,
+                    // Always pass calldata and value, even if undefined
+                    calldata: params?.calldata ?? '0x',
+                    value: params.value?.toString() ?? '0'
+                })
             });
             if (response.status === 403) {
                 tokenManager.clearToken();
@@ -161,7 +166,7 @@ export function createPrividiumChain(config) {
                 throw new Error('Authentication required. Please call authorize() first.');
             }
             if (!response.ok) {
-                throw new Error(`Failed to enable wallet token: ${response.status} ${response.statusText}`);
+                throw new Error(`Failed to authorize transaction: ${response.status} ${response.statusText}`);
             }
             const result = (await response.json());
             return result;

package/dist/sdk/types.d.ts

@@ -1,4 +1,4 @@
-import { type Chain, type Transport, type Address, type Hex } from 'viem';
+import { type Address, type Chain, type Hex, type Transport } from 'viem';
 import { type OauthScope } from './popup-auth.js';
 export interface Storage {
     getItem(key: string): string | null;
@@ -36,13 +36,26 @@ export interface AddNetworkParams {
     };
     blockExplorerUrls?: string[];
 }
-export interface EnableWalletTokenParams {
+export type AuthorizeTransactionParams = {
     walletAddress: Address;
-    contractAddress: Address;
+    toAddress: Address;
     nonce: number;
     calldata: Hex;
-}
-export interface EnableWalletTokenResponse {
+    value: bigint;
+} | {
+    walletAddress: Address;
+    toAddress: Address;
+    nonce: number;
+    calldata: Hex;
+    value?: never;
+} | {
+    walletAddress: Address;
+    toAddress: Address;
+    nonce: number;
+    calldata?: never;
+    value: bigint;
+};
+export interface AuthorizeTransactionResponse {
     message: string;
     activeUntil: string;
 }
@@ -57,7 +70,7 @@ export interface PrividiumChain {
     getWalletToken(): Promise<string>;
     getWalletRpcUrl(): Promise<string>;
     invalidateWalletToken(): Promise<string>;
-    enableWalletToken(params: EnableWalletTokenParams): Promise<EnableWalletTokenResponse>;
+    authorizeTransaction(params: AuthorizeTransactionParams): Promise<AuthorizeTransactionResponse>;
     addNetworkToWallet(params?: AddNetworkParams): Promise<void>;
 }
 export interface TokenData {

package/dist/tsconfig.sdk.tsbuildinfo

@@ -1 +1 @@
-{"root":["../src/error-utils.ts","../src/index.ts","../src/popup-auth.ts","../src/prividium-chain.ts","../src/rpc-error-codes.ts","../src/storage.ts","../src/token-utils.ts","../src/types.ts"],"version":"5.8.3"}
+{"root":["../src/create-prividium-client.ts","../src/error-utils.ts","../src/index.ts","../src/popup-auth.ts","../src/prividium-chain.ts","../src/rpc-error-codes.ts","../src/storage.ts","../src/token-utils.ts","../src/types.ts"],"version":"5.8.3"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "prividium",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "bin": {
     "prividium": "./bin/cli.js"
   },