proof-measure is a separate, public, unauthenticated Dragonchain service. Adds:
- UnauthHttpClient: HMAC-free transport mirroring DragonchainClient (timeout,
agent, redirect refusal).
- ProofMeasureClient: getSecurity / report / health; default base URL
https://proof-measure.dragonchain.com. Standalone (new ProofMeasureClient())
and via DragonchainSDK.proofMeasure.
- Proof-measure types (decimals as strings, timestamps as numbers).
- jest tests.
The HTTP client built its connections with no injectable agent, so a
server-side caller pointing the client at an attacker-influenced baseURL
(a tenant's prime_endpoint) had no way to attach an SSRF policy at connect
time. node's http.request doesn't follow redirects, but a 3xx was treated
as success and its body mis-parsed.
- ClientConfig accepts an optional `agent`; inject one whose connection
factory refuses internal IPs (incl. DNS-rebinding defense) when the
baseURL is untrusted. Default stays unguarded for trusted/CLI use — the
guard belongs in the server.
- A 3xx response is now an explicit error ("refusing to follow"), so a
redirect can't be silently mis-handled or, via a future change, followed
to an internal host.
The block endpoint returns block id / prev / timestamp nested under a
"header" object with camelCase keys (blockId, dcId, prevId, prevProof,
timestamp) and a proof of just {proof}. The previous flat snake_case
Block fields never matched the response and always deserialized empty.
Add a BlockHeader interface, nest it in Block, and make proof.scheme
optional. Verified live against a dev chain.
- Fix prettier formatting for multi-line regex in expandPath
- Add proper types to regex callback params to fix no-unsafe-assignment
- Suppress no-unused-vars for destructured _rawContent in saveConfig
- Add remote field to SmartContractCreateRequest
- Add GrpcConnectionInfo interface and field on SmartContract
- Add addChain, setDefault, deleteChain credential functions
- Add getPublicId, getAuthKeyId, getEndpoint client accessors
- Fix expandPath to handle both $VAR and ${VAR} env var formats
- Improve saveConfig with better yaml.dump options and _rawContent tracking
