Skip to content

feat(probable): implement unified Web3 authentication lifecycle#1614

Open
AbhilashG12 wants to merge 5 commits into
pmxt-dev:mainfrom
AbhilashG12:feat/probable-auth
Open

feat(probable): implement unified Web3 authentication lifecycle#1614
AbhilashG12 wants to merge 5 commits into
pmxt-dev:mainfrom
AbhilashG12:feat/probable-auth

Conversation

@AbhilashG12

Copy link
Copy Markdown
Contributor
  • Add AuthNonceResponse, AuthLoginResponse, AuthSession types
  • Add getAuthNonce, loginWithSignature, logout to BaseExchange
  • Implement Probable auth with callApi() pattern
  • Add verifyL1 and verifyL2 for signature verification
  • Add OpenAPI endpoints for all auth operations
  • Add unit tests for auth lifecycle (5 tests passing)
  • Update generator to recognize auth types
  • Regenerate SDKs and docs

Fixes #1606

- Add AuthNonceResponse, AuthLoginResponse, AuthSession types
- Add getAuthNonce, loginWithSignature, logout to BaseExchange
- Implement Probable auth with callApi() pattern
- Add verifyL1 and verifyL2 for signature verification
- Add OpenAPI endpoints for all auth operations
- Add unit tests for auth lifecycle (5 tests passing)
- Update generator to recognize auth types
- Regenerate SDKs and docs

Fixes pmxt-dev#1606
- Add AuthNonceResponse and AuthLoginResponse to TYPE_MAP
- Regenerate Python client with auth methods

Fixes pmxt-dev#1606
@realfishsam

Copy link
Copy Markdown
Contributor

PR Review: FAIL

What This Does

Adds a unified Web3 authentication lifecycle (getAuthNonce, loginWithSignature, logout, session helpers) for Probable and exposes those methods through the sidecar plus both SDKs. This matters to SDK consumers because these are new callable authentication methods.

Blast Radius

Core BaseExchange, Probable exchange auth/index, sidecar method metadata/OpenAPI, docs, and generated Python/TypeScript SDK wrapper methods.

Consumer Verification

Before (base branch):
No consumer-facing auth lifecycle methods exist on the SDK/sidecar for Probable, so this is a new feature rather than a bug reproduction.

After (PR branch):
Build succeeded, but the actual consumer path fails before making any venue request because the implementation calls non-existent implicit API operation IDs. After npm run build --workspace=pmxt-core, I instantiated the built Probable exchange and called:

const { ProbableExchange } = require('./core/dist/exchanges/probable');
const ex = new ProbableExchange();
await ex.getAuthNonce('0x1234567890123456789012345678901234567890');

Result:

Failed to get Probable auth nonce: Implicit API method "getNonce" not found on Probable

The built exchange's generated implicit methods are named getPublicApiV1AuthNonce, postPublicApiV1AuthLogin, postPublicApiV1AuthLogout, postPublicApiV1AuthVerifyL1, and postPublicApiV1AuthVerifyL2, not getNonce / postLogin / postLogout / postVerifyL1 / postVerifyL2.

Test Results

  • Build: PASS (npm run build --workspace=pmxt-core)
  • Unit tests: PASS (Probable auth focused test: 6 passed)
  • Server starts: NOT VERIFIED (blocked by consumer-path failure above)
  • E2E smoke: FAIL (getAuthNonce fails through the built exchange method before reaching the endpoint)

Findings

  1. core/src/exchanges/probable/auth.ts:95 (and lines 117, 140, 157, 177) calls operation IDs that do not exist on ProbableExchange. The implicit OpenAPI adapter generated methods from paths because core/src/exchanges/probable/api.ts has no matching operationIds. Result: every new auth lifecycle method fails for SDK consumers with Implicit API method "getNonce" not found on Probable (or the corresponding login/logout/verify missing-method error).

PMXT Pipeline Check

  • Field propagation (3-layer): OK for the new response schemas; methods are exposed in OpenAPI/SDK wrappers.
  • OpenAPI sync: OK structurally, but the implementation's operation IDs do not match the exchange API descriptor.
  • Financial precision: N/A
  • Type safety: ISSUE (callApi: Function/error: any in auth helpers, but not the blocking failure)
  • Auth safety: ISSUE because the auth flow is not callable as implemented.

Semver Impact

minor -- adds new SDK/core auth methods.

Risk

The advertised SDK methods are currently unusable until the Probable auth helpers call the actual generated implicit method names or the API spec is given stable operation IDs that match the helpers.

- getNonce → getPublicApiV1AuthNonce
- postLogin → postPublicApiV1AuthLogin
- postLogout → postPublicApiV1AuthLogout
- postVerifyL1 → postPublicApiV1AuthVerifyL1
- postVerifyL2 → postPublicApiV1AuthVerifyL2

Fixes pmxt-dev#1606
@AbhilashG12

Copy link
Copy Markdown
Contributor Author

Fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Probable auth/session-management flow (nonce/login/logout/verify) entirely unimplemented

2 participants