protocol: add createAuthenticatedClient

[jaipaljadeja]

• moves createAuthenticatedClient from cli to protocol package
• use authenticated client in VCR
• updates all examples to use authenticated client

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes introduce a new createAuthenticatedClient function in the protocol package that wraps createClient to enable automatic authentication using a bearer token. The CLI, indexer, and example clients update imports and usage to rely on this new function. Test cassette data and protocol dependencies are also updated accordingly.

Changes

File(s)	Change Summary
packages/protocol/src/client.ts	Added createAuthenticatedClient function for authenticated client creation with bearer token and auth metadata.
packages/protocol/package.json	Added consola as a runtime dependency for logging warnings.
packages/cli/src/runtime/internal/app.ts	Removed local createAuthenticatedClient implementation and related imports.
packages/cli/src/runtime/dev.ts packages/cli/src/runtime/start.ts	Changed import of createAuthenticatedClient to source from @apibara/protocol instead of local module.
packages/indexer/src/testing/index.ts examples/beaconchain-client/src/main.ts examples/evm-client/src/main.ts examples/starknet-client/src/main.ts	Updated to use createAuthenticatedClient from the protocol package instead of createClient.
examples/cli-drizzle/cassettes/ethereum-usdc-transfers.json examples/cli-drizzle/cassettes/starknet-usdc-transfers.json	Modified blockchain event JSON data: removed uniqueKey, added index fields (logIndexInTransaction, eventIndexInTransaction), added empty traces arrays, and added production field with value "backfill".
change/@apibara-indexer-...json change/@apibara-protocol-...json change/apibara-...json	Added prerelease metadata documenting adoption of createAuthenticatedClient and related protocol changes.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant CLI/Client
    participant Protocol
    participant Stream Service

    User->>CLI/Client: Start client (run command)
    CLI/Client->>Protocol: createAuthenticatedClient(config, streamUrl, options)
    Protocol->>Protocol: Read DNA_TOKEN from env
    Protocol->>Protocol: Merge call options with Authorization header
    Protocol->>Stream Service: createClient with auth metadata
    Stream Service-->>CLI/Client: Authenticated connection established

Loading

Possibly related PRs

• protocol: make client options configurable #108: Refactors createClient to accept consolidated options; related as the new createAuthenticatedClient wraps createClient and builds on its configuration logic.

Poem

A token in my paw, I hop to connect,
With createAuthenticatedClient, what did you expect?
No more manual headers, just a simple call,
Across the codebase, changes touch all.
Now with consola, logs shine bright—
This bunny’s code feels just right! 🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c9bf6c6 and 6d3a58c.

📒 Files selected for processing (1)

• packages/protocol/src/client.ts (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• packages/protocol/src/client.ts

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

examples/beaconchain-client/src/main.ts (1)

26-29: Consider removing unused authToken argument.

The authToken CLI argument appears to be unused since createAuthenticatedClient now handles authentication via the DNA_TOKEN environment variable. Consider removing this argument to avoid confusion.

-    authToken: {
-      type: "string",
-      description: "DNA auth token",
-    },

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dd5a555 and c9bf6c6.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (14)

• change/@apibara-indexer-bbe8bf90-0f6e-40ea-a9c6-5d0546596537.json (1 hunks)
• change/@apibara-protocol-a12052ea-7467-4229-a1c0-ddfa00405c1d.json (1 hunks)
• change/apibara-727331a7-adfb-44e2-930e-200ff53ab011.json (1 hunks)
• examples/beaconchain-client/src/main.ts (2 hunks)
• examples/cli-drizzle/cassettes/ethereum-usdc-transfers.json (5 hunks)
• examples/cli-drizzle/cassettes/starknet-usdc-transfers.json (29 hunks)
• examples/evm-client/src/main.ts (2 hunks)
• examples/starknet-client/src/main.ts (2 hunks)
• packages/cli/src/runtime/dev.ts (1 hunks)
• packages/cli/src/runtime/internal/app.ts (0 hunks)
• packages/cli/src/runtime/start.ts (2 hunks)
• packages/indexer/src/testing/index.ts (2 hunks)
• packages/protocol/package.json (1 hunks)
• packages/protocol/src/client.ts (3 hunks)

💤 Files with no reviewable changes (1)

• packages/cli/src/runtime/internal/app.ts

🧰 Additional context used

🧬 Code Graph Analysis (4)

packages/indexer/src/testing/index.ts (1)

packages/protocol/src/client.ts (1)

• createAuthenticatedClient (88-113)

examples/evm-client/src/main.ts (2)

packages/protocol/src/client.ts (1)

• createAuthenticatedClient (88-113)

packages/evm/src/index.ts (1)

• EvmStream (11-16)

examples/starknet-client/src/main.ts (2)

packages/protocol/src/client.ts (1)

• createAuthenticatedClient (88-113)

packages/starknet/src/index.ts (1)

• StarknetStream (26-31)

packages/protocol/src/client.ts (1)

packages/protocol/src/config.ts (1)

• StreamConfig (5-38)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test

🔇 Additional comments (22)

packages/protocol/package.json (1)

50-50:

✅ Verification successful

Verify the consola version is current and secure.

The addition of the consola dependency looks appropriate for the new createAuthenticatedClient function. However, let's verify this is a current and secure version.

---

🌐 Web query:

What is the latest version of the consola npm package and are there any known security vulnerabilities in version 3.4.2?

💡 Result:

Latest Version of the consola npm Package

As of May 30, 2025, the latest version of the consola npm package is 3.4.2, which was published in March 2025[1].

Security Vulnerabilities in consola v3.4.2

There are no publicly known or reported security vulnerabilities for consola version 3.4.2 as listed on its npm package page or in major security advisories as of the current date[1].

To check this for yourself, you can run:

npm audit consola@3.4.2

or review the security tab on the package’s npmjs.com page. If you are particularly concerned about vulnerabilities, tools like npm audit or third-party services can provide up-to-date alerts on security issues in dependencies[6].

Summary Table

Package	Latest Version	Published	Known Security Issues (v3.4.2)
consola	3.4.2	Mar 2025	None reported as of May 2025

No issues specific to version 3.4.2 of consola appear in the npm security ecosystem, making it a safe choice for use in your Node.js projects at this time[1][6].

Citations:

• 1: https://www.npmjs.com/package/consola
• 2: https://www.fynd.academy/blog/how-to-install-node-js-and-npm-on-windows
• 3: https://docs.npmjs.com/try-the-latest-stable-version-of-npm/
• 4: https://www.fynd.academy/blog/npm-version-check
• 5: https://hotframeworks.com/hosting/how-to-update-npm-packages-to-their-latest-version/
• 6: https://www.jit.io/resources/app-security/npm-security-vulnerabilities-what-developers-need-to-know
• 7: https://www.ibm.com/support/pages/security-bulletin-ibm-aspera-console-342-pl7-has-addressed-sql-injection-vulnerability-cve-2022-43842
• 8: npm/npm#13433
• 9: plankanban/planka#726
• 10: facebook/docusaurus#10207

---

Approve consola v3.4.2 addition as current and secure

The consola dependency at "^3.4.2" is already the latest published version (Mar 2025) and has no publicly known vulnerabilities as of May 2025. Keeping the caret range is appropriate for receiving minor/patch updates.

• packages/protocol/package.json (line 50): "consola": "^3.4.2"

change/@apibara-indexer-bbe8bf90-0f6e-40ea-a9c6-5d0546596537.json (1)

1-7: LGTM! Changeset properly documents the indexer package changes.

The changeset metadata correctly reflects that the indexer now uses createAuthenticatedClient from the protocol package. The patch-level change type is appropriate for this internal refactoring.

change/apibara-727331a7-adfb-44e2-930e-200ff53ab011.json (1)

1-7: LGTM! Changeset accurately documents the CLI package changes.

The changeset properly reflects that the CLI now imports createAuthenticatedClient from the protocol package instead of maintaining its own implementation.

examples/beaconchain-client/src/main.ts (3)

3-3: LGTM! Import updated to use centralized authentication.

The import change from createClient to createAuthenticatedClient aligns with the PR objective to centralize authentication logic in the protocol package.

---

38-38: LGTM! Client creation updated correctly.

The usage of createAuthenticatedClient is correct and maintains the same function signature as the previous createClient.

---

38-38:

✅ Verification successful

Verify that authentication behavior is preserved.

Ensure that the new createAuthenticatedClient function provides the same authentication capabilities as the previous implementation, particularly regarding token handling and error scenarios.

---

🏁 Script executed:

#!/bin/bash
# Description: Verify createAuthenticatedClient implementation and usage
# Expected: Find the implementation in protocol package and confirm it handles authentication

echo "Searching for createAuthenticatedClient implementation..."
ast-grep --pattern 'export function createAuthenticatedClient($$$) {
  $$$
}'

echo -e "\nSearching for DNA_TOKEN usage..."
rg -A 3 -B 3 "DNA_TOKEN"

echo -e "\nSearching for other usages of createAuthenticatedClient..."
rg -A 2 "createAuthenticatedClient"

Length of output: 5546

---

Authentication Behavior Verified

The new createAuthenticatedClient in packages/protocol/src/client.ts correctly preserves the previous token handling and error scenarios:

• Reads the DNA_TOKEN environment variable:

  const dnaToken = process.env.DNA_TOKEN;
  if (!dnaToken) {
    consola.warn(
      "DNA_TOKEN environment variable is not set. Trying to connect without authentication."
    );
  }

• Injects dnaToken into the underlying client when present.
• Falls back to an unauthenticated connection with a warning if DNA_TOKEN is missing.

No further changes are needed.

packages/cli/src/runtime/dev.ts (3)

2-2: LGTM! Import correctly updated to use centralized function.

The import change from the local CLI module to the protocol package aligns with the PR objective to centralize authenticated client creation.

---

6-6: LGTM! Import list correctly updated.

The removal of createAuthenticatedClient from the local import is correct since it's now imported from the protocol package.

---

49-53: LGTM! Function usage remains consistent.

The createAuthenticatedClient call maintains the same signature and parameters, ensuring seamless transition from the CLI implementation to the protocol package implementation.

change/@apibara-protocol-a12052ea-7467-4229-a1c0-ddfa00405c1d.json (1)

1-7: LGTM! Changeset correctly documents the new feature.

The changeset file properly documents the addition of createAuthenticatedClient to the protocol package with appropriate prerelease versioning.

packages/cli/src/runtime/start.ts (3)

2-2: LGTM! Import correctly updated to use centralized function.

Consistent with the changes in dev.ts, the import has been properly updated to use the protocol package's centralized implementation.

---

19-19: LGTM! Import list correctly updated.

The removal of createAuthenticatedClient from the local import is correct and consistent with the other CLI runtime files.

---

78-82: LGTM! Function usage remains consistent.

The createAuthenticatedClient call maintains backward compatibility with the same function signature and parameters.

packages/indexer/src/testing/index.ts (1)

1-1: LGTM! Updated to use authenticated client for consistency.

The change from createClient to createAuthenticatedClient ensures VCR recording uses the same authentication as production environments.

examples/starknet-client/src/main.ts (2)

2-2: LGTM: Clean import update

The import statement correctly references the new createAuthenticatedClient function from the @apibara/protocol package.

---

59-59: LGTM: Function usage updated correctly

The client instantiation properly uses createAuthenticatedClient with the same parameters as the previous createClient call. The function signature is compatible and will now provide automatic authentication via the DNA_TOKEN environment variable.

examples/evm-client/src/main.ts (2)

3-3: LGTM: Consistent import migration

The import statement correctly updated to use createAuthenticatedClient from @apibara/protocol, maintaining consistency with other example clients.

---

34-34: LGTM: Proper function usage update

The client instantiation correctly uses createAuthenticatedClient with the EvmStream configuration and stream URL, maintaining the same interface while adding authentication capabilities.

examples/cli-drizzle/cassettes/ethereum-usdc-transfers.json (1)

20-21: LGTM: Test data updated to reflect protocol changes

The cassette file has been systematically updated with structural changes that appear to align with the new authenticated client and protocol updates:

• Removed uniqueKey fields from cursor objects
• Added logIndexInTransaction field to log entries
• Added empty traces arrays to block data
• Added production: "backfill" metadata to data objects
• Removed totalDifficulty from block headers

These changes are consistent across all data entries and reflect the expected format for the updated protocol.

Also applies to: 23-24, 44-44, 52-64, 80-85

examples/cli-drizzle/cassettes/starknet-usdc-transfers.json (1)

17-18: LGTM: Starknet cassette data consistently updated

The Starknet cassette file has been updated with the same systematic structural changes as the Ethereum cassette:

• Removed uniqueKey fields from cursor objects
• Added eventIndexInTransaction field to event entries
• Added empty traces arrays to block data
• Added production: "backfill" metadata to data objects

The updates are consistent across all data entries and maintain the same format changes seen in the Ethereum cassette, properly adapted for Starknet's event-based structure.

Also applies to: 20-21, 62-63, 69-73

packages/protocol/src/client.ts (2)

5-5: LGTM: Import additions are appropriate.

The Metadata import from nice-grpc and consola import are correctly added to support the new authenticated client functionality.

Also applies to: 21-21

---

88-113:

✅ Verification successful

Verify the function is used correctly across the codebase.

The function implementation looks architecturally sound for centralizing authenticated client creation. Ensure all migration from CLI package usage is complete and consistent.

---

🏁 Script executed:

#!/bin/bash
# Description: Verify createAuthenticatedClient usage across the codebase
# Expected: All imports should be from @apibara/protocol, no leftover CLI usage

echo "=== Checking for createAuthenticatedClient imports ==="
rg "createAuthenticatedClient" -A 2 -B 2

echo -e "\n=== Checking for any remaining CLI client creation patterns ==="
rg "createClient.*DNA_TOKEN|DNA_TOKEN.*createClient" -A 3 -B 3

echo -e "\n=== Verifying protocol package exports ==="
fd "index.ts" packages/protocol/src --exec cat {}

Length of output: 7460

---

All createAuthenticatedClient references are consistently updated
Verified that:

• Every import of createAuthenticatedClient points to @apibara/protocol (indexer tests, CLI runtimes, all example clients)
• No direct createClient calls with DNA_TOKEN remain
• The helper is correctly re-exported in packages/protocol/src/index.ts

Everything looks in order.

[fracek]

Looks good. I just pushed a tiny change to sort imports.