fix: address PR review feedback for create-api-key audience claim

- Use nodeConfig.SmartWallet.ChainID directly instead of dialing the EigenLayer RPC. The verifier's r.chainID is sourced from the smart wallet RPC, so cross-chain configs (e.g. EigenLayer on Ethereum + SmartWallet on Base) would have failed with the previous approach.
- Drops the extra RPC round-trip and the context-timeout concern entirely.
- Use the auth.Issuer constant instead of the hard-coded "AvaProtocol" string.

Author: weilicious

aggregator/key.go

@@ -1,14 +1,13 @@
 package aggregator
 
 import (
-	"context"
 	"fmt"
+	"strconv"
 	"time"
 
 	"github.com/AvaProtocol/EigenLayer-AVS/core/auth"
 	"github.com/AvaProtocol/EigenLayer-AVS/core/config"
 	"github.com/ethereum/go-ethereum/common"
-	"github.com/ethereum/go-ethereum/ethclient"
 	"github.com/golang-jwt/jwt/v5"
 )
 
@@ -47,26 +46,23 @@ func CreateAdminKey(configPath string, opt CreateApiKeyOption) error {
 	}
 
 	// The verifier (aggregator/auth.go::verifyAuth) requires the JWT to have an
-	// `aud` claim containing the chain ID string. NewAggregator does not run
-	// the lifecycle init that populates agg.chainID, so dial the RPC directly
-	// and read it here. Without this claim, every key generated by
-	// `create-api-key` is rejected with "API key is invalid".
-	rpcClient, err := ethclient.Dial(nodeConfig.EthHttpRpcUrl)
-	if err != nil {
-		return fmt.Errorf("failed to dial eth rpc to determine chainId for audience claim: %w", err)
-	}
-	defer rpcClient.Close()
-	chainID, err := rpcClient.ChainID(context.Background())
-	if err != nil {
-		return fmt.Errorf("failed to fetch chainId for audience claim: %w", err)
+	// `aud` claim containing the smart wallet chain ID. r.chainID in the
+	// verifier is sourced from the smart wallet RPC (see rpc_server.go), not
+	// the EigenLayer RPC, so we must use SmartWallet.ChainID here too — using
+	// the EigenLayer chain ID would silently break cross-chain configs (e.g.
+	// EigenLayer on Ethereum + SmartWallet on Base). config.NewConfig already
+	// populated SmartWallet.ChainID at startup, so no extra RPC dial is needed.
+	if nodeConfig.SmartWallet == nil || nodeConfig.SmartWallet.ChainID == 0 {
+		return fmt.Errorf("smart wallet chain ID not populated in config; cannot build audience claim")
 	}
+	audienceChainID := strconv.FormatInt(nodeConfig.SmartWallet.ChainID, 10)
 
 	claims := &auth.APIClaim{
 		RegisteredClaims: &jwt.RegisteredClaims{
 			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 24 * 365 * 10)),
-			Issuer:    "AvaProtocol",
+			Issuer:    auth.Issuer,
 			Subject:   opt.Subject,
-			Audience:  jwt.ClaimStrings{chainID.String()},
+			Audience:  jwt.ClaimStrings{audienceChainID},
 		},
 		Roles: roles,
 	}