Fix signing to allow reading balance and placing orders

Author: realfishsam

core/API_REFERENCE.md

@@ -316,7 +316,9 @@ Requires your **Polygon Private Key**. See [Setup Guide](https://github.com/qoer
 import pmxt from 'pmxtjs';
 
 const polymarket = new pmxt.Polymarket({
-  privateKey: process.env.POLYMARKET_PRIVATE_KEY
+  privateKey: process.env.POLYMARKET_PRIVATE_KEY,
+  funderAddress: process.env.POLYMARKET_PROXY_ADDRESS, // Optional: Proxy address
+  signatureType: 'gnosis-safe' // 'eoa' | 'poly-proxy' | 'gnosis-safe'
 });
 ```
 

core/docs/SETUP_POLYMARKET.md

@@ -1,35 +1,59 @@
 # Polymarket Setup Guide
 
-To trade on Polymarket via the API, you need your **Polygon Private Key**.
+To trade on Polymarket via the API, you need your **Polygon Private Key**. If you are using a Polymarket Smart Wallet (Proxy), you will also need your **Proxy Address**.
 
-## How to export your Private Key (MetaMask)
+## 1. Exporting your Private Key (EOA)
 
-1. **Open the Account Menu**  
+This is the private key of your "Signer" wallet (the one you use to log in to Polymarket).
+
+1. **Open the Account Menu** in MetaMask.  
    Click the top-left icon (or account selector) to view your accounts.  
    ![Select Account](images/0.png)
 
-2. **Open Account Options**  
-   Click the three dots ("...") next to the account you want to use.  
+2. **Open Account Options** (...) next to the account you want to use.  
    ![Account Options](images/1.png)
 
-3. **Access Account Details**  
-   Select "Account Details".  
+3. **Select Account Details**.  
    ![Account Details](images/2.png)
 
-4. **Reveal Private Key**  
-   Click "Show Private Key" and unlock your wallet.  
+4. **Reveal Private Key** and unlock your wallet.  
    ![Reveal Key](images/3.png)
 
-5. **Copy the Key**  
-   Copy the private key string.  
+5. **Copy the Key**.  
    ![Copy Key](images/4.png)
 
-## Configuration
+## 2. Finding your Proxy Address (Optional but Recommended)
+
+Most modern Polymarket accounts use a "Smart Wallet" or Proxy to hold funds. While `pmxt` attempts to auto-discover this address, it is more reliable to provide it manually.
+
+1. Go to [Polymarket.com](https://polymarket.com).
+2. Hover over your profile in the top right.
+3. Your **Proxy Address** is the address shown. It is the address starting with `0x`.
+
+## 3. Configuration
 
-Add the key to your `.env` file in the project root:
+Add these to your `.env` file or pass them directly to the constructor. `pmxt` supports both numeric IDs and human-readable names:
 
 ```bash
 POLYMARKET_PRIVATE_KEY=0x...
+POLYMARKET_PROXY_ADDRESS=0x...
+
+# Choose your account type:
+# - 'gnosis_safe' (Modern accounts, recommended) 
+# - 'polyproxy'   (Older accounts)
+# - 'eoa'         (Standard wallet, no proxy)
+POLYMARKET_SIGNATURE_TYPE='gnosis_safe'
 ```
 
-*Note: Ensure the key starts with `0x`. If it does not, prefix 0x manually.*
+## 4. Initialization (Python)
+
+```python
+import os
+import pmxt
+
+exchange = pmxt.Polymarket(
+    private_key=os.getenv('POLYMARKET_PRIVATE_KEY'),
+    proxy_address=os.getenv('POLYMARKET_PROXY_ADDRESS'),
+    signature_type='gnosis_safe'
+)
+```

core/src/BaseExchange.ts

@@ -25,7 +25,7 @@ export interface ExchangeCredentials {
     privateKey?: string;  // Required for Polymarket L1 auth
 
     // Polymarket-specific L2 fields
-    signatureType?: number;  // 0 = EOA, 1 = Poly Proxy, 2 = Gnosis Safe
+    signatureType?: number | string;  // 0 = EOA, 1 = Poly Proxy, 2 = Gnosis Safe (Can also use 'eoa', 'polyproxy', 'gnosis_safe')
     funderAddress?: string;  // The address funding the trades (defaults to signer address)
 }
 

core/src/exchanges/limitless/auth.ts

@@ -81,6 +81,29 @@ export class LimitlessAuth {
         return creds;
     }
 
+    /**
+     * Maps human-readable signature type names to their numeric values.
+     */
+    private mapSignatureType(type: number | string | undefined | null): number {
+        if (type === undefined || type === null) return 0;
+        if (typeof type === 'number') return type;
+
+        const normalized = type.toLowerCase().replace(/[^a-z0-9]/g, '');
+        switch (normalized) {
+            case 'eoa':
+                return 0;
+            case 'polyproxy':
+            case 'polymarketproxy':
+                return 1;
+            case 'gnosissafe':
+            case 'safe':
+                return 2;
+            default:
+                const parsed = parseInt(normalized);
+                return isNaN(parsed) ? 0 : parsed;
+        }
+    }
+
     /**
      * Get an authenticated CLOB client for L2 operations (trading).
      * This client can place orders, cancel orders, query positions, etc.
@@ -95,7 +118,7 @@ export class LimitlessAuth {
         const apiCreds = await this.getApiCredentials();
 
         // Determine signature type (default to EOA = 0)
-        const signatureType = this.credentials.signatureType ?? 0;
+        const signatureType = this.mapSignatureType(this.credentials.signatureType);
 
         // Determine funder address (defaults to signer's address)
         const funderAddress = this.credentials.funderAddress ?? this.signer!.address;
@@ -106,7 +129,7 @@ export class LimitlessAuth {
             BASE_CHAIN_ID as any,
             this.signer,
             apiCreds,
-            signatureType,
+            signatureType as any,
             funderAddress
         );
 

core/src/exchanges/polymarket/auth.ts

@@ -1,6 +1,7 @@
 import { ClobClient } from '@polymarket/clob-client';
 import type { ApiKeyCreds } from '@polymarket/clob-client';
 import { Wallet } from 'ethers';
+import axios from 'axios';
 import { ExchangeCredentials } from '../../BaseExchange';
 
 const POLYMARKET_HOST = 'https://clob.polymarket.com';
@@ -15,6 +16,8 @@ export class PolymarketAuth {
     private signer?: Wallet;
     private clobClient?: ClobClient;
     private apiCreds?: ApiKeyCreds;
+    private discoveredProxyAddress?: string;
+    private discoveredSignatureType?: number;
 
     constructor(credentials: ExchangeCredentials) {
         this.credentials = credentials;
@@ -63,24 +66,100 @@ export class PolymarketAuth {
         try {
             // console.log('Trying to derive existing API key...');
             creds = await l1Client.deriveApiKey();
+            if (!creds || !creds.key || !creds.secret || !creds.passphrase) {
+                // If derived creds are missing, throw to trigger catch -> create
+                throw new Error("Derived credentials are incomplete/empty");
+            }
         } catch (deriveError: any) {
-            // console.log('Derivation failed, trying to create new API key...');
+            console.log('[PolymarketAuth] Derivation failed:', deriveError.message || deriveError);
+            console.log('[PolymarketAuth] Attempting to create new API key...');
             try {
                 creds = await l1Client.createApiKey();
+                console.log('[PolymarketAuth] createApiKey returned:', JSON.stringify(creds, null, 2));
             } catch (createError: any) {
-                console.error('Failed to both derive and create API key:', createError?.message || createError);
-                throw new Error('Authentication failed: Could not create or derive API key.');
+                const apiError = createError?.response?.data?.error || createError?.message || createError;
+                console.error('[PolymarketAuth] Failed to both derive and create API key. Create error:', apiError);
+                throw new Error(`Authentication failed: Could not create or derive API key. Latest error: ${apiError}`);
             }
         }
 
-        if (!creds) {
-            throw new Error('Authentication failed: Credentials are empty.');
+        if (!creds || !creds.key || !creds.secret || !creds.passphrase) {
+            console.error('[PolymarketAuth] Incomplete credentials:', { hasKey: !!creds?.key, hasSecret: !!creds?.secret, hasPassphrase: !!creds?.passphrase });
+            throw new Error('Authentication failed: Derived credentials are incomplete.');
         }
 
+        console.log(`[PolymarketAuth] Successfully obtained API credentials for key ${creds.key.substring(0, 8)}...`);
         this.apiCreds = creds;
         return creds;
     }
 
+    /**
+     * Discover the proxy address and signature type for the signer.
+     */
+    async discoverProxy(): Promise<{ proxyAddress: string; signatureType: number }> {
+        if (this.discoveredProxyAddress) {
+            return {
+                proxyAddress: this.discoveredProxyAddress,
+                signatureType: this.discoveredSignatureType ?? 0
+            };
+        }
+
+        const address = this.signer!.address;
+        try {
+            // Polymarket Data API / Profiles endpoint
+            // Path-based: https://data-api.polymarket.com/profiles/0x...
+            const response = await axios.get(`https://data-api.polymarket.com/profiles/${address}`);
+            const profile = response.data;
+            console.log(`[PolymarketAuth] Profile for ${address}:`, JSON.stringify(profile));
+
+            if (profile && profile.proxyAddress) {
+                this.discoveredProxyAddress = profile.proxyAddress;
+                // Determine signature type. 
+                // Polymarket usually uses 1 for their own proxy and 2 for Gnosis Safe (which is what their new profiles use).
+                // If it's a proxy address but we don't know the type, 1 is a safe default for Polymarket.
+                this.discoveredSignatureType = profile.isGnosisSafe ? 2 : 1;
+
+                console.log(`[PolymarketAuth] Auto-discovered proxy for ${address}: ${this.discoveredProxyAddress} (Type: ${this.discoveredSignatureType})`);
+                return {
+                    proxyAddress: this.discoveredProxyAddress as string,
+                    signatureType: this.discoveredSignatureType as number
+                };
+            }
+        } catch (error) {
+            console.warn(`[PolymarketAuth] Could not auto-discover proxy for ${address}:`, error instanceof Error ? error.message : error);
+        }
+
+        // Fallback to EOA if discovery fails
+        return {
+            proxyAddress: address,
+            signatureType: 0
+        };
+    }
+
+    /**
+     * Maps human-readable signature type names to their numeric values.
+     */
+    private mapSignatureType(type: number | string | undefined | null): number {
+        if (type === undefined || type === null) return 0;
+        if (typeof type === 'number') return type;
+
+        const normalized = type.toLowerCase().replace(/[^a-z0-9]/g, '');
+        switch (normalized) {
+            case 'eoa':
+                return 0;
+            case 'polyproxy':
+            case 'polymarketproxy':
+                return 1;
+            case 'gnosissafe':
+            case 'safe':
+                return 2;
+            default:
+                // If it's a numeric string, parse it
+                const parsed = parseInt(normalized);
+                return isNaN(parsed) ? 0 : parsed;
+        }
+    }
+
     /**
      * Get an authenticated CLOB client for L2 operations (trading).
      * This client can place orders, cancel orders, query positions, etc.
@@ -91,28 +170,61 @@ export class PolymarketAuth {
             return this.clobClient;
         }
 
+        // 1. Determine proxy and signature type early
+        let proxyAddress = this.credentials.funderAddress || undefined;
+        let signatureType = this.mapSignatureType(this.credentials.signatureType);
+
+        if (!proxyAddress) {
+            const discovered = await this.discoverProxy();
+            proxyAddress = discovered.proxyAddress;
+            if (this.credentials.signatureType === undefined || this.credentials.signatureType === null) {
+                signatureType = discovered.signatureType;
+            }
+        }
+
         // Get API credentials (L1 auth)
+        // Pass signature type if we know it (some accounts need it for derivation?)
         const apiCreds = await this.getApiCredentials();
 
-        // Determine signature type (default to EOA = 0)
-        const signatureType = this.credentials.signatureType ?? 0;
-
-        // Determine funder address (defaults to signer's address)
-        const funderAddress = this.credentials.funderAddress ?? this.signer!.address;
+        // 3. Defaults
+        const signerAddress = this.signer!.address;
+        const finalProxyAddress: string = (proxyAddress || signerAddress) as string;
+        const finalSignatureType: number = signatureType;
 
         // Create L2-authenticated client
+        console.log(`[PolymarketAuth] Initializing ClobClient | Signer: ${signerAddress} | Funder: ${finalProxyAddress} | SigType: ${finalSignatureType}`);
+
         this.clobClient = new ClobClient(
             POLYMARKET_HOST,
             POLYGON_CHAIN_ID,
             this.signer,
             apiCreds,
-            signatureType,
-            funderAddress
+            finalSignatureType,
+            finalProxyAddress
         );
 
         return this.clobClient;
     }
 
+    /**
+     * Get the funder address (Proxy) if available.
+     * Note: This is an async-safe getter if discovery is needed.
+     */
+    async getEffectiveFunderAddress(): Promise<string> {
+        if (this.credentials.funderAddress) {
+            return this.credentials.funderAddress;
+        }
+        const discovered = await this.discoverProxy();
+        return discovered.proxyAddress;
+    }
+
+    /**
+     * Synchronous getter for credentials funder address.
+     */
+    getFunderAddress(): string {
+        return this.credentials.funderAddress || this.signer!.address;
+    }
+
     /**
      * Get the signer's address.
      */