TypeScript SDK `ExchangeOptions` missing `apiSecret` and `passphrase` — Limitless HMAC auth mode unavailable

[realfishsam]

Gap

LimitlessExchange in core supports an HMAC auth mode that reads credentials.apiSecret (and credentials.passphrase). The TypeScript SDK's ExchangeOptions has no apiSecret or passphrase fields, so these credentials can never be forwarded to the sidecar.

Current state

Core (core/src/exchanges/limitless/index.ts:97): reads credentials?.apiSecret to select HMAC auth mode.

TypeScript SDK (sdks/typescript/pmxt/client.ts:194–239): ExchangeOptions exposes only apiKey, privateKey, pmxtApiKey, baseUrl, autoStartServer, proxyAddress, signatureType. No apiSecret or passphrase.

TypeScript SDK (sdks/typescript/pmxt/client.ts:359–369): getCredentials() returns { apiKey, privateKey, funderAddress, signatureType }. Neither apiSecret nor passphrase is included.

Python SDK (sdks/python/pmxt/_exchanges.py): the Limitless class correctly accepts api_secret and passphrase constructor parameters and forwards them via _get_credentials_dict.

Expected behaviour

ExchangeOptions should include optional apiSecret and passphrase fields. getCredentials() should forward them when set, so that TypeScript Limitless users can enable HMAC auth mode.

Impact

TypeScript SDK users cannot authenticate to Limitless using the HMAC auth mode; only private-key auth is possible, and only if the sidecar has the key.

[realfishsam]

Closing as duplicate of #463. Same underlying finding: TypeScript ExchangeOptions is missing apiSecret and passphrase fields, which prevents these credentials from reaching the sidecar. #463 already covers the Limitless case (along with Polymarket and Probable). Relevant context from this issue (HMAC auth mode details) has been copied to #463.

---

Generated by Claude Code