Gap
Probable's spec defines a wallet-signature-based session/auth flow (nonce → sign → login → session/API-key → logout → verify L1/L2), but ProbableAuth never calls any of these six endpoints — it only wraps @prob/clob's createClobClient using a pre-generated apiKey/apiSecret/passphrase triplet supplied by the caller. There is no code path anywhere in core to derive a nonce, sign an EIP-712 login challenge, or programmatically generate/verify an API key. This is a distinct capability from trading (#1245) and websocket config (#972).
Core
core/src/exchanges/probable/api.ts:99-210 — spec definitions for GET /public/api/v1/auth/nonce, POST /auth/login, POST /auth/logout, POST|GET|DELETE /auth/api-key/{chainId}, POST /auth/verify/l1, POST /auth/verify/l2.
core/src/exchanges/probable/auth.ts:1-83 — the entire file, confirmed to never call any of the 7 spec auth endpoints; it only builds a CLOB client from caller-supplied credentials.
TypeScript SDK
Missing — no corresponding auth/session methods on the Probable class in sdks/typescript/pmxt/client.ts.
Python SDK
Missing — no corresponding auth/session methods on the Probable class in sdks/python/pmxt/_exchanges.py.
Evidence
Full read of core/src/exchanges/probable/auth.ts:1-83 confirms no call sites for any of the 7 auth endpoints defined at api.ts:99-210; grepping for nonce|login|logout|verifyAuth|api-key in auth.ts/index.ts under those exact operation names returns no hits.
Impact
Users cannot programmatically derive a nonce, complete the EIP-712 login challenge, or generate/verify a Probable API key through pmxt — they must obtain apiKey/apiSecret/passphrase out-of-band before using the SDK at all.
Found by automated Core-to-SDK surface coverage audit
Gap
Probable's spec defines a wallet-signature-based session/auth flow (nonce → sign → login → session/API-key → logout → verify L1/L2), but
ProbableAuthnever calls any of these six endpoints — it only wraps@prob/clob'screateClobClientusing a pre-generatedapiKey/apiSecret/passphrasetriplet supplied by the caller. There is no code path anywhere in core to derive a nonce, sign an EIP-712 login challenge, or programmatically generate/verify an API key. This is a distinct capability from trading (#1245) and websocket config (#972).Core
core/src/exchanges/probable/api.ts:99-210— spec definitions forGET /public/api/v1/auth/nonce,POST /auth/login,POST /auth/logout,POST|GET|DELETE /auth/api-key/{chainId},POST /auth/verify/l1,POST /auth/verify/l2.core/src/exchanges/probable/auth.ts:1-83— the entire file, confirmed to never call any of the 7 spec auth endpoints; it only builds a CLOB client from caller-supplied credentials.TypeScript SDK
Missing — no corresponding auth/session methods on the
Probableclass insdks/typescript/pmxt/client.ts.Python SDK
Missing — no corresponding auth/session methods on the
Probableclass insdks/python/pmxt/_exchanges.py.Evidence
Full read of
core/src/exchanges/probable/auth.ts:1-83confirms no call sites for any of the 7 auth endpoints defined atapi.ts:99-210; grepping fornonce|login|logout|verifyAuth|api-keyinauth.ts/index.tsunder those exact operation names returns no hits.Impact
Users cannot programmatically derive a nonce, complete the EIP-712 login challenge, or generate/verify a Probable API key through pmxt — they must obtain
apiKey/apiSecret/passphraseout-of-band before using the SDK at all.Found by automated Core-to-SDK surface coverage audit