@aithos/sdk 0.1.0-alpha.32 → 0.1.0-alpha.33

package/dist/src/auth.js

@@ -20,7 +20,7 @@
 // JWT-less sessions (recovery / mandate sign-ins) are valid: the
 // keyStore is the source of truth for "is the user signed in", the
 // JWT is auxiliary for compute/wallet.
-import { buildBlobPlaintext, buildSignedEnvelope, createBrowserIdentity, decryptBlob, DEFAULT_KDF, deriveAuthAndEncKeys, encryptBlob, parseBlob, randomNonce, randomSalt, serializeBlob, signedDidDocument, zeroize, } from "@aithos/protocol-client";
+import { browserIdentityFromStored, buildBlobPlaintext, buildSignedEnvelope, createBrowserIdentity, decryptBlob, DEFAULT_KDF, deriveAuthAndEncKeys, encryptBlob, parseBlob, randomNonce, randomSalt, serializeBlob, signedDidDocument, zeroize, } from "@aithos/protocol-client";
 import { custodialResendVerify, custodialResetFinalize, custodialResetRequest, custodialSignIn, custodialSignUp, custodialVerifyEmail, loginChallenge, loginVerify, putBlob, registerAccount, } from "./auth-api.js";
 import { defaultSessionStore, } from "./session-store.js";
 import { defaultKeyStore, } from "./key-store.js";
@@ -883,6 +883,18 @@ export class AithosAuth {
         zeroize(seedCircle);
         zeroize(seedSelf);
         zeroize(resp.encKey);
+        // Bootstrap the Ethos on api.aithos.be (cf. notes in signInCustodial).
+        // The magic-link flow is the FIRST time the user actually has
+        // hydrated keys client-side, so this is typically when the identity
+        // gets published. Idempotent — safe to call again on subsequent
+        // clicks (which won't get here normally, but defensively).
+        const identity = browserIdentityFromStored({
+            handle: stored.handle,
+            displayName: stored.displayName,
+            did: stored.did,
+            seeds: stored.seedsHex,
+        });
+        await this.#publishIdentity(identity);
         if (this.#ownerSigners)
             this.#ownerSigners.destroy();
         this.#ownerSigners = OwnerSigners.fromStoredOwnerKeys(stored);
@@ -989,6 +1001,24 @@ export class AithosAuth {
         // The enc_key is informational here — the custodial blob is empty
         // at first login. We still don't keep it in memory.
         zeroize(resp.encKey);
+        // Bootstrap the Ethos on api.aithos.be — same as signUp(zk). Without
+        // this, the DID returned by signInCustodial isn't resolvable on the
+        // platform (feed / profile lookups return "not found: did …"). The
+        // call is idempotent server-side: a published identity replays as a
+        // no-op. We do it here (rather than only on a "first login" flag)
+        // because the auth Lambda doesn't know whether the api.aithos.be
+        // side has been populated — the SDK is the single source of truth
+        // for "the user's Ethos is bootstrapped".
+        //
+        // Failure aborts the sign-in: the user can retry (same behaviour as
+        // signUp(zk)), and the local keystore is NOT populated half-way.
+        const identity = browserIdentityFromStored({
+            handle: stored.handle,
+            displayName: stored.displayName,
+            did: stored.did,
+            seeds: stored.seedsHex,
+        });
+        await this.#publishIdentity(identity);
         // Hydrate in-memory owner signers from the freshly-stored material.
         if (this.#ownerSigners)
             this.#ownerSigners.destroy();

package/dist/src/index.d.ts

@@ -1,4 +1,4 @@
-export declare const VERSION = "0.1.0-alpha.32";
+export declare const VERSION = "0.1.0-alpha.33";
 export { AithosSDK } from "./sdk.js";
 export type { AithosSDKConfig } from "./types.js";
 export { AithosSDKError } from "./types.js";

package/dist/src/index.js

@@ -17,7 +17,7 @@
 // Public types specific to the SDK (`AithosSDKConfig`, `AithosSDKError`)
 // are exported from here. Endpoint config (`AithosSdkEndpoints`,
 // `DEFAULT_SDK_ENDPOINTS`) likewise.
-export const VERSION = "0.1.0-alpha.32";
+export const VERSION = "0.1.0-alpha.33";
 export { AithosSDK } from "./sdk.js";
 export { AithosSDKError } from "./types.js";
 // Re-export protocol-client's JSON-RPC error type so consumers can

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aithos/sdk",
-  "version": "0.1.0-alpha.32",
-  "description": "Aithos SDK \u2014 high-level TypeScript developer kit for building agentic apps on the Aithos protocol. Wraps @aithos/protocol-client and exposes the Aithos compute proxy and wallet (Stripe top-up) endpoints.",
+  "version": "0.1.0-alpha.33",
+  "description": "Aithos SDK — high-level TypeScript developer kit for building agentic apps on the Aithos protocol. Wraps @aithos/protocol-client and exposes the Aithos compute proxy and wallet (Stripe top-up) endpoints.",
   "keywords": [
     "aithos",
     "sdk",
@@ -39,15 +39,6 @@
     "README.md",
     "LICENSE"
   ],
-  "scripts": {
-    "build": "tsc",
-    "build:test": "tsc -p tsconfig.test.json",
-    "check-types": "tsc --noEmit && tsc -p tsconfig.test.json --noEmit",
-    "test": "npm run clean && npm run build && npm run build:test && cd dist && node --test",
-    "test:watch": "cd dist && node --test --watch",
-    "clean": "rm -rf dist",
-    "prepublishOnly": "npm run clean && npm run build && npm test"
-  },
   "engines": {
     "node": ">=20"
   },
@@ -63,5 +54,13 @@
   "publishConfig": {
     "access": "public",
     "tag": "alpha"
+  },
+  "scripts": {
+    "build": "tsc",
+    "build:test": "tsc -p tsconfig.test.json",
+    "check-types": "tsc --noEmit && tsc -p tsconfig.test.json --noEmit",
+    "test": "npm run clean && npm run build && npm run build:test && cd dist && node --test",
+    "test:watch": "cd dist && node --test --watch",
+    "clean": "rm -rf dist"
   }
-}
+}