Skip to content

feat(probable): implement unified Web3 authentication lifecycle#1614

Closed
AbhilashG12 wants to merge 5 commits into
pmxt-dev:mainfrom
AbhilashG12:feat/probable-auth
Closed

feat(probable): implement unified Web3 authentication lifecycle#1614
AbhilashG12 wants to merge 5 commits into
pmxt-dev:mainfrom
AbhilashG12:feat/probable-auth

Conversation

@AbhilashG12

Copy link
Copy Markdown
Contributor
  • Add AuthNonceResponse, AuthLoginResponse, AuthSession types
  • Add getAuthNonce, loginWithSignature, logout to BaseExchange
  • Implement Probable auth with callApi() pattern
  • Add verifyL1 and verifyL2 for signature verification
  • Add OpenAPI endpoints for all auth operations
  • Add unit tests for auth lifecycle (5 tests passing)
  • Update generator to recognize auth types
  • Regenerate SDKs and docs

Fixes #1606

- Add AuthNonceResponse, AuthLoginResponse, AuthSession types
- Add getAuthNonce, loginWithSignature, logout to BaseExchange
- Implement Probable auth with callApi() pattern
- Add verifyL1 and verifyL2 for signature verification
- Add OpenAPI endpoints for all auth operations
- Add unit tests for auth lifecycle (5 tests passing)
- Update generator to recognize auth types
- Regenerate SDKs and docs

Fixes pmxt-dev#1606
- Add AuthNonceResponse and AuthLoginResponse to TYPE_MAP
- Regenerate Python client with auth methods

Fixes pmxt-dev#1606
@realfishsam

Copy link
Copy Markdown
Contributor

PR Review: FAIL

What This Does

Adds a unified Web3 authentication lifecycle (getAuthNonce, loginWithSignature, logout, session helpers) for Probable and exposes those methods through the sidecar plus both SDKs. This matters to SDK consumers because these are new callable authentication methods.

Blast Radius

Core BaseExchange, Probable exchange auth/index, sidecar method metadata/OpenAPI, docs, and generated Python/TypeScript SDK wrapper methods.

Consumer Verification

Before (base branch):
No consumer-facing auth lifecycle methods exist on the SDK/sidecar for Probable, so this is a new feature rather than a bug reproduction.

After (PR branch):
Build succeeded, but the actual consumer path fails before making any venue request because the implementation calls non-existent implicit API operation IDs. After npm run build --workspace=pmxt-core, I instantiated the built Probable exchange and called:

const { ProbableExchange } = require('./core/dist/exchanges/probable');
const ex = new ProbableExchange();
await ex.getAuthNonce('0x1234567890123456789012345678901234567890');

Result:

Failed to get Probable auth nonce: Implicit API method "getNonce" not found on Probable

The built exchange's generated implicit methods are named getPublicApiV1AuthNonce, postPublicApiV1AuthLogin, postPublicApiV1AuthLogout, postPublicApiV1AuthVerifyL1, and postPublicApiV1AuthVerifyL2, not getNonce / postLogin / postLogout / postVerifyL1 / postVerifyL2.

Test Results

  • Build: PASS (npm run build --workspace=pmxt-core)
  • Unit tests: PASS (Probable auth focused test: 6 passed)
  • Server starts: NOT VERIFIED (blocked by consumer-path failure above)
  • E2E smoke: FAIL (getAuthNonce fails through the built exchange method before reaching the endpoint)

Findings

  1. core/src/exchanges/probable/auth.ts:95 (and lines 117, 140, 157, 177) calls operation IDs that do not exist on ProbableExchange. The implicit OpenAPI adapter generated methods from paths because core/src/exchanges/probable/api.ts has no matching operationIds. Result: every new auth lifecycle method fails for SDK consumers with Implicit API method "getNonce" not found on Probable (or the corresponding login/logout/verify missing-method error).

PMXT Pipeline Check

  • Field propagation (3-layer): OK for the new response schemas; methods are exposed in OpenAPI/SDK wrappers.
  • OpenAPI sync: OK structurally, but the implementation's operation IDs do not match the exchange API descriptor.
  • Financial precision: N/A
  • Type safety: ISSUE (callApi: Function/error: any in auth helpers, but not the blocking failure)
  • Auth safety: ISSUE because the auth flow is not callable as implemented.

Semver Impact

minor -- adds new SDK/core auth methods.

Risk

The advertised SDK methods are currently unusable until the Probable auth helpers call the actual generated implicit method names or the API spec is given stable operation IDs that match the helpers.

- getNonce → getPublicApiV1AuthNonce
- postLogin → postPublicApiV1AuthLogin
- postLogout → postPublicApiV1AuthLogout
- postVerifyL1 → postPublicApiV1AuthVerifyL1
- postVerifyL2 → postPublicApiV1AuthVerifyL2

Fixes pmxt-dev#1606
@AbhilashG12

Copy link
Copy Markdown
Contributor Author

Fixed

realfishsam added a commit that referenced this pull request Jul 18, 2026
Second wave of reworked community PRs: Router.sql (#1129),
cross-venue Router.fetchOrderBook (#1670), WebSocket config (#1126),
baozi error codes (#1118), limitless pagination (#1119), nullable
model fields (#1578). Excludes #1614 (security) and #1419 (superseded).
Triggers auto-tag v2.53.0f and package publish.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@realfishsam

Copy link
Copy Markdown
Contributor

Not merging as-is due to a credential-disclosure concern: getSession/isSessionActive are exposed as HTTP endpoints and getSession returns the full login response (apiKey/apiSecret/passphrase) keyed by a public wallet address. On a shared/hosted deployment, an unauthenticated caller could pass another user's wallet address and retrieve their trading secrets. Please rework so session secrets are not returned over the server surface (or strip them from the response) and verify the /auth/login response mapping against the real Probable API — then we'll re-review. Leaving open for you.

realfishsam added a commit that referenced this pull request Jul 18, 2026
…er HTTP (#1614)

Land #1614's Probable auth lifecycle (getAuthNonce, loginWithSignature,
logout, isSessionActive, verifyL1/L2) with the credential-disclosure
flaw fixed:

- getSession returns session credentials (apiKey/apiSecret/passphrase)
  keyed by a PUBLIC wallet address. Added it to EXCLUDED_METHODS in
  generate-openapi.js so it is never emitted into method-verbs.json,
  openapi.yaml, or the generated SDK clients — it is now an in-process
  helper only. Verified absent from all three surfaces.
- isSessionActive (boolean) and the signature-gated login flow remain
  exposed. loginWithSignature returns the caller's own freshly minted
  credentials only after they prove wallet ownership.
- Added AuthNonceResponse/AuthLoginResponse to the SDK models so the
  generated TS client compiles (the original PR omitted this).

Core 822, Python SDK 267, TypeScript SDK 93 tests pass.

Co-Authored-By: AbhilashG12 <abhilashggg15@gmail.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
realfishsam added a commit that referenced this pull request Jul 18, 2026
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
realfishsam added a commit that referenced this pull request Jul 18, 2026
Probable Web3 auth lifecycle (#1614), with getSession removed from the
network surface so session secrets are never exposed. Triggers auto-tag
v2.54.0f and package publish.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@realfishsam

Copy link
Copy Markdown
Contributor

Landed on main in commit 807d371 and released in v2.54.0 — with the credential-disclosure issue fixed. getSession (which returns apiKey/apiSecret/passphrase keyed by a public wallet address) is now in EXCLUDED_METHODS, so it is omitted from method-verbs.json, the OpenAPI spec, and both generated SDK clients — verified absent from all three. It remains an in-process helper only. The signature-gated loginWithSignature and boolean isSessionActive stay exposed. I also added AuthNonceResponse/AuthLoginResponse to the SDK models so the generated TS client compiles. Core 822, Python 267, TS 93 tests pass. Thanks! Closing as landed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Probable auth/session-management flow (nonce/login/logout/verify) entirely unimplemented

2 participants