Skip to content

feat(confidentialhttp): align AuthConfig SDK with new proto shape#248

Draft
wentzeld wants to merge 2 commits intomainfrom
rtinianov_signingExpansion
Draft

feat(confidentialhttp): align AuthConfig SDK with new proto shape#248
wentzeld wants to merge 2 commits intomainfrom
rtinianov_signingExpansion

Conversation

@wentzeld
Copy link
Copy Markdown
Contributor

@wentzeld wentzeld commented Apr 29, 2026

Summary

  • Bumps submodules/chainlink-protos to rtinianov_signedExpansion (afc1fef0) and regenerates src/generated/... and src/generated-sdk/...
    against the new schema.
  • Rewrites src/sdk/cre/confidentialhttp.ts for the new AuthConfig field shape: secret-name strings replaced by SecretIdentifier (or
    StringOrSecret where the field can carry a plain value). buildAuthConfig() now returns AuthConfigJson so callers can drop it straight into a
    ConfidentialHTTPRequestJson.auth literal.
  • Updates tests/confidentialhttp.test.ts accordingly. 10/10 unit tests pass.

Why

The chainlink-protos@rtinianov_signedExpansion proto refactor (secret_name string -> secret SecretIdentifier, plus StringOrSecret for fields
that can be public or secret) is wire-incompatible with the older shape. cre-sdk-typescript@signingExpansion was still on the old shape, so
any TS workflow targeting chainlink-common@rtinianov_signingExpansion failed simulator-side with 'proto: cannot parse invalid wire-format
data'. This brings TS into line.

Test plan

  • bun test src/sdk/cre/tests/confidentialhttp.test.ts — 10/10 pass.
  • bun run build — dist rebuilds clean.
  • cre workflow simulate against a TS workflow exercising all 9 signing variants — passes 9/9.

Follow-ups

  • scripts/src/fix-imports.ts regex @cre/([^'"]*) greedy-matches across newlines; a @cre/... reference inside a JSDoc can corrupt dist JS.
    Tighten it.
  • Submodule pointer at rtinianov_signedExpansion; bump to chainlink-protos HEAD once that branch lands.

wentzeld added 2 commits April 17, 2026 23:04
@wentzeld
feat(confidentialhttp): TS SDK helpers for AuthConfig
077c8f9 
  Adds AuthConfigInput discriminated union + buildAuthConfig factory for the
  confidentialHTTP capability. Covers all signing methods landed in
  chainlink-protos: ApiKey, Basic, Bearer, HMAC-SHA256, AWS SigV4, custom HMAC,
  OAuth2 client_credentials, OAuth2 refresh_token.

  // remove before merge: submodule dirty — will be bumped to chainlink-protos HEAD
@wentzeld
feat(confidentialhttp): align AuthConfig SDK with new proto shape. Bu…
303671e 
…mps submodules/chainlink-protos to rtinianov_signedExpansion (afc1fef0), regenerates protos and SDK against the new schema, and rewrites buildAuthConfig for the new field shape (secret_name string -> secret SecretIdentifier, plus StringOrSecret for fields that can be public or secret). buildAuthConfig() now returns AuthConfigJson so callers can drop it straight into ConfidentialHTTPRequestJson.auth literals. Updates src/sdk/cre/__tests__/confidentialhttp.test.ts to match. 10/10 pass. Verified end-to-end via cre workflow simulate against chainlink-common@rtinianov_signingExpansion: a workflow exercising apiKey, apiKey-with-prefix, basic, bearer, bearer-with-custom-prefix, hmacSha256, hmacCustom-SHA512, oauth2 client_credentials, oauth2 refresh_token round-trips with the expected signed headers.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wentzeld