@dainprotocol/service-sdk 1.1.48 → 1.2.0

package/dist/__tests__/oauth2-datasource.test.js

@@ -0,0 +1,251 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+const zod_1 = require("zod");
+const nodeService_1 = require("../service/nodeService");
+const core_1 = require("../service/core");
+const ed25519_1 = require("@noble/curves/ed25519");
+const bs58_1 = tslib_1.__importDefault(require("bs58"));
+const client_auth_1 = require("../client/client-auth");
+const client_1 = require("../client/client");
+const oauth2_token_manager_1 = require("@dainprotocol/oauth2-token-manager");
+describe("OAuth2Client in Datasources", () => {
+    let server;
+    const port = 4593; // Different port to avoid conflicts
+    // Generate keys for the service
+    const privateKey = ed25519_1.ed25519.utils.randomPrivateKey();
+    const publicKey = ed25519_1.ed25519.getPublicKey(privateKey);
+    // Generate keys for the client
+    const clientPrivateKey = ed25519_1.ed25519.utils.randomPrivateKey();
+    const agentAuth = new client_auth_1.DainClientAuth({
+        privateKeyBase58: bs58_1.default.encode(clientPrivateKey),
+        agentId: "oauth2-datasource-test-agent",
+        orgId: "oauth2-datasource-test-org",
+    });
+    let dainConnection;
+    // Track oauth2Client details in datasources
+    const datasourceOAuth2Info = {
+        wasPresent: false,
+        hadGetAccessTokenMethod: false,
+        hadGetValidTokenMethod: false,
+        methodsFound: [],
+        callCount: 0,
+        lastParams: null
+    };
+    // Create a simple dummy tool (required for service)
+    const dummyTool = (0, core_1.createTool)({
+        id: "dummy-tool",
+        name: "Dummy Tool",
+        description: "A dummy tool required for the service",
+        input: zod_1.z.object({
+            message: zod_1.z.string()
+        }),
+        output: zod_1.z.object({
+            result: zod_1.z.string()
+        }),
+        handler: async (input) => {
+            return {
+                text: `Dummy response: ${input.message}`,
+                data: {
+                    result: `Processed: ${input.message}`
+                },
+                ui: undefined
+            };
+        }
+    });
+    // Create a datasource that verifies oauth2Client
+    const oauth2VerifyDatasource = (0, core_1.createDatasource)({
+        id: "oauth2-verify-datasource",
+        name: "OAuth2 Verify Datasource",
+        description: "Datasource that verifies oauth2Client is passed",
+        type: "json",
+        input: zod_1.z.object({
+            testParam: zod_1.z.string().optional()
+        }),
+        getDatasource: async (agentInfo, params, extraData) => {
+            datasourceOAuth2Info.callCount++;
+            datasourceOAuth2Info.lastParams = params;
+            // Check if oauth2Client is present
+            datasourceOAuth2Info.wasPresent = !!extraData?.oauth2Client;
+            if (extraData?.oauth2Client) {
+                // Get all property names including methods from the prototype
+                const allProps = [...Object.keys(extraData.oauth2Client)];
+                const prototypeMethods = Object.getOwnPropertyNames(Object.getPrototypeOf(extraData.oauth2Client));
+                datasourceOAuth2Info.methodsFound = [...new Set([...allProps, ...prototypeMethods])].filter(m => m !== 'constructor');
+                // Check for expected methods
+                datasourceOAuth2Info.hadGetAccessTokenMethod = typeof extraData.oauth2Client.getAccessToken === 'function';
+                datasourceOAuth2Info.hadGetValidTokenMethod = typeof extraData.oauth2Client.getValidToken === 'function';
+                console.log("OAuth2Client detected in datasource with methods:", datasourceOAuth2Info.methodsFound);
+            }
+            else {
+                console.log("No OAuth2Client in datasource extraData");
+            }
+            return {
+                oauth2ClientPresent: datasourceOAuth2Info.wasPresent,
+                oauth2ClientMethods: datasourceOAuth2Info.methodsFound,
+                hasGetAccessToken: datasourceOAuth2Info.hadGetAccessTokenMethod,
+                hasGetValidToken: datasourceOAuth2Info.hadGetValidTokenMethod,
+                callCount: datasourceOAuth2Info.callCount,
+                receivedParams: params
+            };
+        }
+    });
+    // Test without OAuth2 configured
+    describe("Without OAuth2 configuration", () => {
+        beforeAll(async () => {
+            // Reset tracking
+            datasourceOAuth2Info.wasPresent = false;
+            datasourceOAuth2Info.hadGetAccessTokenMethod = false;
+            datasourceOAuth2Info.hadGetValidTokenMethod = false;
+            datasourceOAuth2Info.methodsFound = [];
+            datasourceOAuth2Info.callCount = 0;
+            datasourceOAuth2Info.lastParams = null;
+            const serviceWithoutOAuth2 = (0, nodeService_1.defineDAINService)({
+                metadata: {
+                    title: "Datasource OAuth2 Test (No OAuth2)",
+                    description: "Testing oauth2Client in datasources without OAuth2",
+                    version: "1.0.0",
+                    author: "Test",
+                    tags: ["test", "datasource", "no-oauth2"]
+                },
+                identity: {
+                    publicKey: bs58_1.default.encode(publicKey),
+                    privateKey: bs58_1.default.encode(privateKey),
+                    agentId: "test-datasource-service-agent",
+                    orgId: "test-datasource-service-org"
+                },
+                datasources: [oauth2VerifyDatasource],
+                tools: [dummyTool] // At least one tool is required
+            });
+            server = await serviceWithoutOAuth2.startNode({ port });
+            dainConnection = new client_1.DainServiceConnection(`http://localhost:${port}`, agentAuth);
+        });
+        afterAll(async () => {
+            if (server && server.shutdown) {
+                await server.shutdown();
+            }
+        });
+        it("should pass undefined oauth2Client when OAuth2 is not configured", async () => {
+            const datasourceData = await dainConnection.getDatasource("oauth2-verify-datasource", {
+                testParam: "test without oauth2"
+            });
+            expect(datasourceData.id).toBe("oauth2-verify-datasource");
+            expect(datasourceOAuth2Info.wasPresent).toBe(false);
+            expect(datasourceData.data.oauth2ClientPresent).toBe(false);
+            expect(datasourceData.data.receivedParams.testParam).toBe("test without oauth2");
+        });
+    });
+    // Test with OAuth2 configured
+    describe("With OAuth2 configuration", () => {
+        beforeAll(async () => {
+            // Shutdown previous server if running
+            if (server && server.shutdown) {
+                await server.shutdown();
+            }
+            // Reset tracking
+            datasourceOAuth2Info.wasPresent = false;
+            datasourceOAuth2Info.hadGetAccessTokenMethod = false;
+            datasourceOAuth2Info.hadGetValidTokenMethod = false;
+            datasourceOAuth2Info.methodsFound = [];
+            datasourceOAuth2Info.callCount = 0;
+            datasourceOAuth2Info.lastParams = null;
+            const serviceWithOAuth2 = (0, nodeService_1.defineDAINService)({
+                metadata: {
+                    title: "Datasource OAuth2 Test (With OAuth2)",
+                    description: "Testing oauth2Client in datasources with OAuth2",
+                    version: "1.0.0",
+                    author: "Test",
+                    tags: ["test", "datasource", "oauth2"]
+                },
+                identity: {
+                    publicKey: bs58_1.default.encode(publicKey),
+                    privateKey: bs58_1.default.encode(privateKey),
+                    agentId: "test-oauth2-datasource-agent",
+                    orgId: "test-oauth2-datasource-org"
+                },
+                // Configure OAuth2
+                oauth2: {
+                    baseUrl: `http://localhost:${port}`,
+                    providers: {
+                        test: {
+                            clientId: "test-client-id",
+                            clientSecret: "test-client-secret",
+                            authorizationUrl: "https://example.com/oauth/authorize",
+                            tokenUrl: "https://example.com/oauth/token",
+                            scopes: ["read", "write"]
+                        }
+                    },
+                    tokenStore: new oauth2_token_manager_1.InMemoryStorageAdapter()
+                },
+                datasources: [oauth2VerifyDatasource],
+                tools: [dummyTool] // At least one tool is required
+            });
+            server = await serviceWithOAuth2.startNode({ port: port + 1 }); // Use different port
+            dainConnection = new client_1.DainServiceConnection(`http://localhost:${port + 1}`, agentAuth);
+        });
+        afterAll(async () => {
+            if (server && server.shutdown) {
+                await server.shutdown();
+            }
+        });
+        beforeEach(() => {
+            // Reset tracking before each test
+            datasourceOAuth2Info.wasPresent = false;
+            datasourceOAuth2Info.hadGetAccessTokenMethod = false;
+            datasourceOAuth2Info.hadGetValidTokenMethod = false;
+            datasourceOAuth2Info.methodsFound = [];
+            datasourceOAuth2Info.callCount = 0;
+            datasourceOAuth2Info.lastParams = null;
+        });
+        it("should pass oauth2Client to datasource when OAuth2 is configured", async () => {
+            const datasourceData = await dainConnection.getDatasource("oauth2-verify-datasource", {
+                testParam: "test with oauth2"
+            });
+            expect(datasourceData.id).toBe("oauth2-verify-datasource");
+            // Verify oauth2Client was passed
+            expect(datasourceOAuth2Info.wasPresent).toBe(true);
+            expect(datasourceData.data.oauth2ClientPresent).toBe(true);
+            expect(datasourceData.data.receivedParams.testParam).toBe("test with oauth2");
+        });
+        it("should provide oauth2Client with expected methods to datasource", async () => {
+            const datasourceData = await dainConnection.getDatasource("oauth2-verify-datasource", {
+                testParam: "test methods"
+            });
+            // Check that oauth2Client has the expected methods
+            expect(datasourceOAuth2Info.hadGetAccessTokenMethod).toBe(true);
+            expect(datasourceOAuth2Info.hadGetValidTokenMethod).toBe(true);
+            // Verify through the returned data
+            expect(datasourceData.data.hasGetAccessToken).toBe(true);
+            expect(datasourceData.data.hasGetValidToken).toBe(true);
+            // Check that methods array contains expected methods
+            expect(datasourceOAuth2Info.methodsFound).toContain('getAccessToken');
+            expect(datasourceOAuth2Info.methodsFound).toContain('getValidToken');
+        });
+        it("should pass oauth2Client on multiple datasource calls", async () => {
+            // Reset counter
+            datasourceOAuth2Info.callCount = 0;
+            // Make multiple calls
+            await dainConnection.getDatasource("oauth2-verify-datasource", { testParam: "call 1" });
+            await dainConnection.getDatasource("oauth2-verify-datasource", { testParam: "call 2" });
+            await dainConnection.getDatasource("oauth2-verify-datasource", { testParam: "call 3" });
+            // Should have been called 3 times
+            expect(datasourceOAuth2Info.callCount).toBe(3);
+            // OAuth2Client should have been present in all calls
+            expect(datasourceOAuth2Info.wasPresent).toBe(true);
+            // Last params should be from the last call
+            expect(datasourceOAuth2Info.lastParams.testParam).toBe("call 3");
+        });
+        it("should provide a functional oauth2Client object to datasource", async () => {
+            const datasourceData = await dainConnection.getDatasource("oauth2-verify-datasource", {});
+            // The datasource should report having the oauth2Client
+            expect(datasourceData.data.oauth2ClientPresent).toBe(true);
+            // Verify the methods are actually functions (checked in our datasource)
+            expect(datasourceData.data.hasGetAccessToken).toBe(true);
+            expect(datasourceData.data.hasGetValidToken).toBe(true);
+            // Verify we found multiple methods
+            expect(datasourceOAuth2Info.methodsFound.length).toBeGreaterThan(0);
+            expect(datasourceOAuth2Info.methodsFound).toEqual(expect.arrayContaining(['getAccessToken', 'getValidToken']));
+        });
+    });
+});
+//# sourceMappingURL=oauth2-datasource.test.js.map

package/dist/__tests__/oauth2-datasource.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2-datasource.test.js","sourceRoot":"","sources":["../../src/__tests__/oauth2-datasource.test.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AACxB,wDAA2D;AAC3D,0CAA+D;AAC/D,mDAAgD;AAChD,wDAAwB;AACxB,uDAAuD;AACvD,6CAAyD;AACzD,6EAA4E;AAE5E,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,IAAI,MAAW,CAAC;IAChB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,oCAAoC;IAEvD,gCAAgC;IAChC,MAAM,UAAU,GAAG,iBAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IACpD,MAAM,SAAS,GAAG,iBAAO,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;IAEnD,+BAA+B;IAC/B,MAAM,gBAAgB,GAAG,iBAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IAE1D,MAAM,SAAS,GAAG,IAAI,4BAAc,CAAC;QACnC,gBAAgB,EAAE,cAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;QAC/C,OAAO,EAAE,8BAA8B;QACvC,KAAK,EAAE,4BAA4B;KACpC,CAAC,CAAC;IAEH,IAAI,cAAqC,CAAC;IAE1C,4CAA4C;IAC5C,MAAM,oBAAoB,GAAG;QAC3B,UAAU,EAAE,KAAK;QACjB,uBAAuB,EAAE,KAAK;QAC9B,sBAAsB,EAAE,KAAK;QAC7B,YAAY,EAAE,EAAc;QAC5B,SAAS,EAAE,CAAC;QACZ,UAAU,EAAE,IAAW;KACxB,CAAC;IAEF,oDAAoD;IACpD,MAAM,SAAS,GAAG,IAAA,iBAAU,EAAC;QAC3B,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,OAAC,CAAC,MAAM,CAAC;YACd,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;SACpB,CAAC;QACF,MAAM,EAAE,OAAC,CAAC,MAAM,CAAC;YACf,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;SACnB,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE;YACvB,OAAO;gBACL,IAAI,EAAE,mBAAmB,KAAK,CAAC,OAAO,EAAE;gBACxC,IAAI,EAAE;oBACJ,MAAM,EAAE,cAAc,KAAK,CAAC,OAAO,EAAE;iBACtC;gBACD,EAAE,EAAE,SAAS;aACd,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,iDAAiD;IACjD,MAAM,sBAAsB,GAAG,IAAA,uBAAgB,EAAC;QAC9C,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,iDAAiD;QAC9D,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,OAAC,CAAC,MAAM,CAAC;YACd,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;SACjC,CAAC;QACF,aAAa,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE;YACpD,oBAAoB,CAAC,SAAS,EAAE,CAAC;YACjC,oBAAoB,CAAC,UAAU,GAAG,MAAM,CAAC;YAEzC,mCAAmC;YACnC,oBAAoB,CAAC,UAAU,GAAG,CAAC,CAAC,SAAS,EAAE,YAAY,CAAC;YAE5D,IAAI,SAAS,EAAE,YAAY,EAAE,CAAC;gBAC5B,8DAA8D;gBAC9D,MAAM,QAAQ,GAAG,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC;gBAC1D,MAAM,gBAAgB,GAAG,MAAM,CAAC,mBAAmB,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC;gBACnG,oBAAoB,CAAC,YAAY,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC;gBAEtH,6BAA6B;gBAC7B,oBAAoB,CAAC,uBAAuB,GAAG,OAAO,SAAS,CAAC,YAAY,CAAC,cAAc,KAAK,UAAU,CAAC;gBAC3G,oBAAoB,CAAC,sBAAsB,GAAG,OAAO,SAAS,CAAC,YAAY,CAAC,aAAa,KAAK,UAAU,CAAC;gBAEzG,OAAO,CAAC,GAAG,CAAC,mDAAmD,EAAE,oBAAoB,CAAC,YAAY,CAAC,CAAC;YACtG,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;YACzD,CAAC;YAED,OAAO;gBACL,mBAAmB,EAAE,oBAAoB,CAAC,UAAU;gBACpD,mBAAmB,EAAE,oBAAoB,CAAC,YAAY;gBACtD,iBAAiB,EAAE,oBAAoB,CAAC,uBAAuB;gBAC/D,gBAAgB,EAAE,oBAAoB,CAAC,sBAAsB;gBAC7D,SAAS,EAAE,oBAAoB,CAAC,SAAS;gBACzC,cAAc,EAAE,MAAM;aACvB,CAAC;QACJ,CAAC;KACF,CAAC,CAAC;IAEH,iCAAiC;IACjC,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;QAC5C,SAAS,CAAC,KAAK,IAAI,EAAE;YACnB,iBAAiB;YACjB,oBAAoB,CAAC,UAAU,GAAG,KAAK,CAAC;YACxC,oBAAoB,CAAC,uBAAuB,GAAG,KAAK,CAAC;YACrD,oBAAoB,CAAC,sBAAsB,GAAG,KAAK,CAAC;YACpD,oBAAoB,CAAC,YAAY,GAAG,EAAE,CAAC;YACvC,oBAAoB,CAAC,SAAS,GAAG,CAAC,CAAC;YACnC,oBAAoB,CAAC,UAAU,GAAG,IAAI,CAAC;YAEvC,MAAM,oBAAoB,GAAG,IAAA,+BAAiB,EAAC;gBAC7C,QAAQ,EAAE;oBACR,KAAK,EAAE,oCAAoC;oBAC3C,WAAW,EAAE,oDAAoD;oBACjE,OAAO,EAAE,OAAO;oBAChB,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,WAAW,CAAC;iBAC1C;gBACD,QAAQ,EAAE;oBACR,SAAS,EAAE,cAAI,CAAC,MAAM,CAAC,SAAS,CAAC;oBACjC,UAAU,EAAE,cAAI,CAAC,MAAM,CAAC,UAAU,CAAC;oBACnC,OAAO,EAAE,+BAA+B;oBACxC,KAAK,EAAE,6BAA6B;iBACrC;gBACD,WAAW,EAAE,CAAC,sBAAsB,CAAC;gBACrC,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC,gCAAgC;aACpD,CAAC,CAAC;YAEH,MAAM,GAAG,MAAM,oBAAoB,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;YACxD,cAAc,GAAG,IAAI,8BAAqB,CACxC,oBAAoB,IAAI,EAAE,EAC1B,SAAS,CACV,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,KAAK,IAAI,EAAE;YAClB,IAAI,MAAM,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC9B,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC1B,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;YAChF,MAAM,cAAc,GAAG,MAAM,cAAc,CAAC,aAAa,CAAC,0BAA0B,EAAE;gBACpF,SAAS,EAAE,qBAAqB;aACjC,CAAC,CAAC;YAEH,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;YAC3D,MAAM,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACpD,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC5D,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,8BAA8B;IAC9B,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACzC,SAAS,CAAC,KAAK,IAAI,EAAE;YACnB,sCAAsC;YACtC,IAAI,MAAM,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC9B,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC1B,CAAC;YAED,iBAAiB;YACjB,oBAAoB,CAAC,UAAU,GAAG,KAAK,CAAC;YACxC,oBAAoB,CAAC,uBAAuB,GAAG,KAAK,CAAC;YACrD,oBAAoB,CAAC,sBAAsB,GAAG,KAAK,CAAC;YACpD,oBAAoB,CAAC,YAAY,GAAG,EAAE,CAAC;YACvC,oBAAoB,CAAC,SAAS,GAAG,CAAC,CAAC;YACnC,oBAAoB,CAAC,UAAU,GAAG,IAAI,CAAC;YAEvC,MAAM,iBAAiB,GAAG,IAAA,+BAAiB,EAAC;gBAC1C,QAAQ,EAAE;oBACR,KAAK,EAAE,sCAAsC;oBAC7C,WAAW,EAAE,iDAAiD;oBAC9D,OAAO,EAAE,OAAO;oBAChB,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,QAAQ,CAAC;iBACvC;gBACD,QAAQ,EAAE;oBACR,SAAS,EAAE,cAAI,CAAC,MAAM,CAAC,SAAS,CAAC;oBACjC,UAAU,EAAE,cAAI,CAAC,MAAM,CAAC,UAAU,CAAC;oBACnC,OAAO,EAAE,8BAA8B;oBACvC,KAAK,EAAE,4BAA4B;iBACpC;gBACD,mBAAmB;gBACnB,MAAM,EAAE;oBACN,OAAO,EAAE,oBAAoB,IAAI,EAAE;oBACnC,SAAS,EAAE;wBACT,IAAI,EAAE;4BACJ,QAAQ,EAAE,gBAAgB;4BAC1B,YAAY,EAAE,oBAAoB;4BAClC,gBAAgB,EAAE,qCAAqC;4BACvD,QAAQ,EAAE,iCAAiC;4BAC3C,MAAM,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;yBAC1B;qBACF;oBACD,UAAU,EAAE,IAAI,6CAAsB,EAAE;iBACzC;gBACD,WAAW,EAAE,CAAC,sBAAsB,CAAC;gBACrC,KAAK,EAAE,CAAC,SAAS,CAAC,CAAC,gCAAgC;aACpD,CAAC,CAAC;YAEH,MAAM,GAAG,MAAM,iBAAiB,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,qBAAqB;YACrF,cAAc,GAAG,IAAI,8BAAqB,CACxC,oBAAoB,IAAI,GAAG,CAAC,EAAE,EAC9B,SAAS,CACV,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,KAAK,IAAI,EAAE;YAClB,IAAI,MAAM,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAC9B,MAAM,MAAM,CAAC,QAAQ,EAAE,CAAC;YAC1B,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,UAAU,CAAC,GAAG,EAAE;YACd,kCAAkC;YAClC,oBAAoB,CAAC,UAAU,GAAG,KAAK,CAAC;YACxC,oBAAoB,CAAC,uBAAuB,GAAG,KAAK,CAAC;YACrD,oBAAoB,CAAC,sBAAsB,GAAG,KAAK,CAAC;YACpD,oBAAoB,CAAC,YAAY,GAAG,EAAE,CAAC;YACvC,oBAAoB,CAAC,SAAS,GAAG,CAAC,CAAC;YACnC,oBAAoB,CAAC,UAAU,GAAG,IAAI,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;YAChF,MAAM,cAAc,GAAG,MAAM,cAAc,CAAC,aAAa,CAAC,0BAA0B,EAAE;gBACpF,SAAS,EAAE,kBAAkB;aAC9B,CAAC,CAAC;YAEH,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;YAE3D,iCAAiC;YACjC,MAAM,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACnD,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC3D,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;QAChF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iEAAiE,EAAE,KAAK,IAAI,EAAE;YAC/E,MAAM,cAAc,GAAG,MAAM,cAAc,CAAC,aAAa,CAAC,0BAA0B,EAAE;gBACpF,SAAS,EAAE,cAAc;aAC1B,CAAC,CAAC;YAEH,mDAAmD;YACnD,MAAM,CAAC,oBAAoB,CAAC,uBAAuB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChE,MAAM,CAAC,oBAAoB,CAAC,sBAAsB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAE/D,mCAAmC;YACnC,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzD,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAExD,qDAAqD;YACrD,MAAM,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;YACtE,MAAM,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;QACvE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;YACrE,gBAAgB;YAChB,oBAAoB,CAAC,SAAS,GAAG,CAAC,CAAC;YAEnC,sBAAsB;YACtB,MAAM,cAAc,CAAC,aAAa,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;YACxF,MAAM,cAAc,CAAC,aAAa,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;YACxF,MAAM,cAAc,CAAC,aAAa,CAAC,0BAA0B,EAAE,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;YAExF,kCAAkC;YAClC,MAAM,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAE/C,qDAAqD;YACrD,MAAM,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEnD,2CAA2C;YAC3C,MAAM,CAAC,oBAAoB,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;YAC7E,MAAM,cAAc,GAAG,MAAM,cAAc,CAAC,aAAa,CAAC,0BAA0B,EAAE,EAAE,CAAC,CAAC;YAE1F,uDAAuD;YACvD,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAE3D,wEAAwE;YACxE,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzD,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAExD,mCAAmC;YACnC,MAAM,CAAC,oBAAoB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;YACpE,MAAM,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC,OAAO,CAC/C,MAAM,CAAC,eAAe,CAAC,CAAC,gBAAgB,EAAE,eAAe,CAAC,CAAC,CAC5D,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/client/client-auth.d.ts

@@ -1,4 +1,6 @@
 interface DainClientAuthConfig {
+    jwt?: string;
+    smartAccountId?: string;
     privateKeyBase58?: string;
     agentId?: string;
     orgId?: string;
@@ -7,26 +9,40 @@ interface DainClientAuthConfig {
     webhookUrl?: string;
 }
 export declare class DainClientAuth {
-    private privateKey;
-    private agentId;
-    private orgId;
-    private publicKey;
+    private jwt?;
+    private smartAccountId?;
+    private privateKey?;
+    private agentId?;
+    private orgId?;
+    private publicKey?;
     private smartAccountPDA?;
     private webhookUrl?;
+    private readonly authMethod;
     constructor(config: DainClientAuthConfig);
     private parseApiKey;
+    /**
+     * Sign request for legacy authentication
+     * For JWT auth, returns empty values (not needed)
+     */
     signRequest(method: string, path: string, body: string): Promise<{
         signature: string;
         timestamp: string;
     }>;
+    /**
+     * Get headers for authentication
+     * Returns different headers based on auth method
+     */
     getHeaders(signature: string, timestamp: string): Record<string, string>;
     signMessage(message: string): string;
     static verifyMessage(message: string, signature: string, publicKey: Uint8Array): boolean;
     verifyEventSignature(data: string, signature: string, timestamp: string, publicKeyBase58: string): boolean;
-    getAgentId(): string;
-    getOrgId(): string;
-    getPublicKey(): Uint8Array;
-    getPublicKeyBase58(): string;
+    getAuthMethod(): 'jwt' | 'legacy';
+    getJWT(): string | undefined;
+    getSmartAccountId(): string | undefined;
+    getAgentId(): string | undefined;
+    getOrgId(): string | undefined;
+    getPublicKey(): Uint8Array | undefined;
+    getPublicKeyBase58(): string | undefined;
     getSmartAccountPDA(): string | undefined;
     getWebhookUrl(): string | undefined;
     serialize(): string;

package/dist/client/client-auth.js

@@ -8,13 +8,43 @@ const sha256_1 = require("@noble/hashes/sha256");
 const utils_1 = require("@noble/hashes/utils");
 const bs58_1 = tslib_1.__importDefault(require("bs58"));
 class DainClientAuth {
+    // JWT fields (user auth)
+    jwt;
+    smartAccountId;
+    // Legacy fields (service auth)
     privateKey;
     agentId;
     orgId;
     publicKey;
     smartAccountPDA;
+    // Common
     webhookUrl;
+    authMethod;
     constructor(config) {
+        // Priority 1: JWT Authentication (Users from DAIN ID)
+        if (config.jwt) {
+            this.jwt = config.jwt;
+            this.authMethod = 'jwt';
+            this.webhookUrl = config.webhookUrl;
+            // Extract smartAccountId from JWT if not provided
+            if (config.smartAccountId) {
+                this.smartAccountId = config.smartAccountId;
+            }
+            else {
+                try {
+                    const payload = JSON.parse(Buffer.from(config.jwt.split('.')[1], 'base64').toString());
+                    this.smartAccountId = payload.smart_account_id || payload.sub;
+                    if (!this.smartAccountId) {
+                        throw new Error('JWT missing smart_account_id/sub claim');
+                    }
+                }
+                catch (error) {
+                    throw new Error(`Invalid JWT: ${error instanceof Error ? error.message : String(error)}`);
+                }
+            }
+            return;
+        }
+        // Priority 2: Legacy API Key (Services)
         if (config.apiKey) {
             const { privateKey, agentId, orgId, publicKey } = this.parseApiKey(config.apiKey);
             this.privateKey = privateKey;
@@ -22,18 +52,24 @@ class DainClientAuth {
             this.orgId = orgId;
             this.publicKey = publicKey;
             this.webhookUrl = config.webhookUrl;
+            this.smartAccountPDA = config.smartAccountPDA;
+            this.authMethod = 'legacy';
+            return;
         }
-        else if (config.privateKeyBase58 && config.agentId && config.orgId) {
+        // Priority 3: Legacy Keypair (Services)
+        if (config.privateKeyBase58 && config.agentId && config.orgId) {
             this.privateKey = bs58_1.default.decode(config.privateKeyBase58);
             this.agentId = config.agentId.replace('agent_', '');
             this.orgId = config.orgId.replace('org_', '');
             this.publicKey = ed25519_1.ed25519.getPublicKey(this.privateKey);
             this.webhookUrl = config.webhookUrl;
+            this.smartAccountPDA = config.smartAccountPDA;
+            this.authMethod = 'legacy';
+            return;
         }
-        else {
-            throw new Error('Invalid configuration. Provide either an apiKey or privateKeyBase58, agentId, and orgId.');
-        }
-        this.smartAccountPDA = config.smartAccountPDA;
+        throw new Error('Invalid auth config. Provide either:\n' +
+            '  - jwt (for users)\n' +
+            '  - apiKey OR (privateKeyBase58 + agentId + orgId) (for services)');
     }
     parseApiKey(apiKey) {
         const parts = apiKey.split('_');
@@ -47,26 +83,53 @@ class DainClientAuth {
         const publicKey = bs58_1.default.decode(privateKeyBase58).slice(32);
         return { privateKey, agentId, orgId, publicKey };
     }
+    /**
+     * Sign request for legacy authentication
+     * For JWT auth, returns empty values (not needed)
+     */
     async signRequest(method, path, body) {
+        if (this.authMethod === 'jwt') {
+            // JWT doesn't need request signing
+            return { signature: '', timestamp: '' };
+        }
+        // Legacy: Sign request
         const timestamp = Date.now().toString();
         const message = `${method}:${path}:${timestamp}:${body}`;
-        //   console.log("signRequest:", { message, timestamp });
         const messageHash = (0, sha256_1.sha256)(message);
         const signature = ed25519_1.ed25519.sign(messageHash, this.privateKey);
         return { signature: (0, utils_1.bytesToHex)(signature), timestamp };
     }
+    /**
+     * Get headers for authentication
+     * Returns different headers based on auth method
+     */
     getHeaders(signature, timestamp) {
+        if (this.authMethod === 'jwt') {
+            // JWT Authentication
+            const headers = {
+                "Authorization": `Bearer ${this.jwt}`,
+                "X-DAIN-SMART-ACCOUNT-ID": this.smartAccountId,
+            };
+            if (this.webhookUrl) {
+                headers["X-DAIN-WEBHOOK-URL"] = this.webhookUrl;
+            }
+            return headers;
+        }
+        // Legacy Authentication
         return {
             "X-DAIN-SIGNATURE": signature,
             "X-DAIN-TIMESTAMP": timestamp,
             "X-DAIN-AGENT-ID": this.agentId,
             "X-DAIN-ORG-ID": this.orgId,
             "X-DAIN-ADDRESS": bs58_1.default.encode(this.publicKey),
-            "X-DAIN-SMART-ACCOUNT-PDA": this.smartAccountPDA,
-            "X-DAIN-WEBHOOK-URL": this.webhookUrl,
+            "X-DAIN-SMART-ACCOUNT-PDA": this.smartAccountPDA || '',
+            "X-DAIN-WEBHOOK-URL": this.webhookUrl || '',
         };
     }
     signMessage(message) {
+        if (this.authMethod === 'jwt') {
+            throw new Error('JWT auth does not support message signing');
+        }
         const messageHash = (0, sha256_1.sha256)(message);
         const signature = ed25519_1.ed25519.sign(messageHash, this.privateKey);
         return (0, utils_1.bytesToHex)(signature);
@@ -75,14 +138,11 @@ class DainClientAuth {
         const messageHash = (0, sha256_1.sha256)(message);
         return ed25519_1.ed25519.verify(signature, messageHash, publicKey);
     }
-    // Add a method to verify SSE event signatures
     verifyEventSignature(data, signature, timestamp, publicKeyBase58) {
         try {
-            // Combine data and timestamp to create the message that was signed
             const message = `${data}:${timestamp}`;
             const messageHash = (0, sha256_1.sha256)(message);
             const publicKey = bs58_1.default.decode(publicKeyBase58);
-            // Verify the signature
             return ed25519_1.ed25519.verify(signature, messageHash, publicKey);
         }
         catch (error) {
@@ -90,7 +150,16 @@ class DainClientAuth {
             return false;
         }
     }
-    // Helper methods to get agentId, orgId, publicKey, etc.
+    // Getters
+    getAuthMethod() {
+        return this.authMethod;
+    }
+    getJWT() {
+        return this.jwt;
+    }
+    getSmartAccountId() {
+        return this.smartAccountId;
+    }
     getAgentId() {
         return this.agentId;
     }
@@ -101,7 +170,7 @@ class DainClientAuth {
         return this.publicKey;
     }
     getPublicKeyBase58() {
-        return bs58_1.default.encode(this.publicKey);
+        return this.publicKey ? bs58_1.default.encode(this.publicKey) : undefined;
     }
     getSmartAccountPDA() {
         return this.smartAccountPDA;
@@ -110,29 +179,47 @@ class DainClientAuth {
         return this.webhookUrl;
     }
     serialize() {
+        if (this.authMethod === 'jwt') {
+            const data = {
+                authMethod: 'jwt',
+                jwt: this.jwt,
+                smartAccountId: this.smartAccountId,
+                webhookUrl: this.webhookUrl,
+            };
+            return bs58_1.default.encode(Buffer.from(JSON.stringify(data)));
+        }
         const data = {
+            authMethod: 'legacy',
             privateKey: Array.from(this.privateKey),
             agentId: this.agentId,
             orgId: this.orgId,
             publicKey: Array.from(this.publicKey),
             smartAccountPDA: this.smartAccountPDA,
-            webhookUrl: this.webhookUrl
+            webhookUrl: this.webhookUrl,
         };
         return bs58_1.default.encode(Buffer.from(JSON.stringify(data)));
     }
     static deserialize(serialized) {
         try {
             const data = JSON.parse(Buffer.from(bs58_1.default.decode(serialized)).toString());
+            if (data.authMethod === 'jwt') {
+                return new DainClientAuth({
+                    jwt: data.jwt,
+                    smartAccountId: data.smartAccountId,
+                    webhookUrl: data.webhookUrl,
+                });
+            }
+            // Legacy or missing authMethod (backward compatibility)
             return new DainClientAuth({
                 privateKeyBase58: bs58_1.default.encode(new Uint8Array(data.privateKey)),
                 agentId: data.agentId,
                 orgId: data.orgId,
                 smartAccountPDA: data.smartAccountPDA,
-                webhookUrl: data.webhookUrl
+                webhookUrl: data.webhookUrl,
             });
         }
         catch (error) {
-            throw new Error('Failed to deserialize DainClientAuth: ' + error.message);
+            throw new Error(`Failed to deserialize DainClientAuth: ${error.message}`);
         }
     }
 }

package/dist/client/client-auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"client-auth.js","sourceRoot":"","sources":["../../src/client/client-auth.ts"],"names":[],"mappings":";;;;AAAA,iCAAiC;AACjC,mDAAgD;AAChD,iDAA8C;AAC9C,+CAAiD;AACjD,wDAAwB;AAWxB,MAAa,cAAc;IACjB,UAAU,CAAa;IACvB,OAAO,CAAS;IAChB,KAAK,CAAS;IACd,SAAS,CAAa;IACtB,eAAe,CAAU;IACzB,UAAU,CAAU;IAC5B,YAAY,MAA4B;QACtC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAClF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;YAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;YACvB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;YACnB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;YAC3B,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;QACtC,CAAC;aAAM,IAAI,MAAM,CAAC,gBAAgB,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACrE,IAAI,CAAC,UAAU,GAAG,cAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YACvD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACpD,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC9C,IAAI,CAAC,SAAS,GAAG,iBAAO,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACvD,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,0FAA0F,CAAC,CAAC;QAC9G,CAAC;QACD,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;IAChD,CAAC;IAEO,WAAW,CAAC,MAAc;QAChC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,gBAAgB,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAElC,MAAM,UAAU,GAAG,cAAI,CAAC,MAAM,CAC5B,gBAAgB,CACjB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACf,MAAM,SAAS,GAAG,cAAI,CAAC,MAAM,CAC3B,gBAAgB,CACjB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAEZ,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,WAAW,CACf,MAAc,EACd,IAAY,EACZ,IAAY;QAEZ,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG,GAAG,MAAM,IAAI,IAAI,IAAI,SAAS,IAAI,IAAI,EAAE,CAAC;QAC5D,yDAAyD;QACtD,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,iBAAO,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7D,OAAO,EAAE,SAAS,EAAE,IAAA,kBAAU,EAAC,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC;IACzD,CAAC;IAED,UAAU,CAAC,SAAiB,EAAE,SAAiB;QAC7C,OAAO;YACL,kBAAkB,EAAE,SAAS;YAC7B,kBAAkB,EAAE,SAAS;YAC7B,iBAAiB,EAAE,IAAI,CAAC,OAAO;YAC/B,eAAe,EAAE,IAAI,CAAC,KAAK;YAC3B,gBAAgB,EAAE,cAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC;YAC7C,0BAA0B,EAAE,IAAI,CAAC,eAAe;YAChD,oBAAoB,EAAE,IAAI,CAAC,UAAU;SACtC,CAAC;IACJ,CAAC;IAED,WAAW,CAAC,OAAe;QACzB,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,iBAAO,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAC7D,OAAO,IAAA,kBAAU,EAAC,SAAS,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,CAAC,aAAa,CAAC,OAAe,EAAE,SAAiB,EAAE,SAAqB;QAC5E,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC;QACpC,OAAO,iBAAO,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;IAC3D,CAAC;IAED,8CAA8C;IAC9C,oBAAoB,CAAC,IAAY,EAAE,SAAiB,EAAE,SAAiB,EAAE,eAAuB;QAC9F,IAAI,CAAC;YACH,mEAAmE;YACnE,MAAM,OAAO,GAAG,GAAG,IAAI,IAAI,SAAS,EAAE,CAAC;YACvC,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC;YACpC,MAAM,SAAS,GAAG,cAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;YAE/C,uBAAuB;YACvB,OAAO,iBAAO,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;YACzD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,UAAU;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,kBAAkB;QAChB,OAAO,cAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAED,kBAAkB;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,SAAS;QACP,MAAM,IAAI,GAAG;YACX,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC;YACvC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC;YACrC,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC;QACF,OAAO,cAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,CAAC,WAAW,CAAC,UAAkB;QACnC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YACzE,OAAO,IAAI,cAAc,CAAC;gBACxB,gBAAgB,EAAE,cAAI,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBAC9D,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,eAAe,EAAE,IAAI,CAAC,eAAe;gBACrC,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,wCAAwC,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;CACF;AAtJD,wCAsJC"}
+{"version":3,"file":"client-auth.js","sourceRoot":"","sources":["../../src/client/client-auth.ts"],"names":[],"mappings":";;;;AAAA,iCAAiC;AACjC,mDAAgD;AAChD,iDAA8C;AAC9C,+CAAiD;AACjD,wDAAwB;AAkBxB,MAAa,cAAc;IACzB,yBAAyB;IACjB,GAAG,CAAU;IACb,cAAc,CAAU;IAEhC,+BAA+B;IACvB,UAAU,CAAc;IACxB,OAAO,CAAU;IACjB,KAAK,CAAU;IACf,SAAS,CAAc;IACvB,eAAe,CAAU;IAEjC,SAAS;IACD,UAAU,CAAU;IACX,UAAU,CAAmB;IAE9C,YAAY,MAA4B;QACtC,sDAAsD;QACtD,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACf,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;YACtB,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;YACxB,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;YAEpC,kDAAkD;YAClD,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;gBAC1B,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAC3D,CAAC;oBACF,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC;oBAC9D,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;wBACzB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;oBAC5D,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CACb,gBAAgB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACzE,CAAC;gBACJ,CAAC;YACH,CAAC;YACD,OAAO;QACT,CAAC;QAED,wCAAwC;QACxC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAClF,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;YAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;YACvB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;YACnB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;YAC3B,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;YACpC,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;YAC9C,IAAI,CAAC,UAAU,GAAG,QAAQ,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,wCAAwC;QACxC,IAAI,MAAM,CAAC,gBAAgB,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YAC9D,IAAI,CAAC,UAAU,GAAG,cAAI,CAAC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;YACvD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACpD,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC9C,IAAI,CAAC,SAAS,GAAG,iBAAO,CAAC,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YACvD,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;YACpC,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;YAC9C,IAAI,CAAC,UAAU,GAAG,QAAQ,CAAC;YAC3B,OAAO;QACT,CAAC;QAED,MAAM,IAAI,KAAK,CACb,wCAAwC;YACxC,uBAAuB;YACvB,mEAAmE,CACpE,CAAC;IACJ,CAAC;IAEO,WAAW,CAAC,MAAc;QAMhC,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAChC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,OAAO,EAAE,CAAC;YACpE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC/C,MAAM,gBAAgB,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAElC,MAAM,UAAU,GAAG,cAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC9D,MAAM,SAAS,GAAG,cAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAE1D,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;IACnD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CACf,MAAc,EACd,IAAY,EACZ,IAAY;QAEZ,IAAI,IAAI,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;YAC9B,mCAAmC;YACnC,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;QAC1C,CAAC;QAED,uBAAuB;QACvB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG,GAAG,MAAM,IAAI,IAAI,IAAI,SAAS,IAAI,IAAI,EAAE,CAAC;QACzD,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,iBAAO,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,UAAW,CAAC,CAAC;QAC9D,OAAO,EAAE,SAAS,EAAE,IAAA,kBAAU,EAAC,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC;IACzD,CAAC;IAED;;;OAGG;IACH,UAAU,CAAC,SAAiB,EAAE,SAAiB;QAC7C,IAAI,IAAI,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;YAC9B,qBAAqB;YACrB,MAAM,OAAO,GAA2B;gBACtC,eAAe,EAAE,UAAU,IAAI,CAAC,GAAG,EAAE;gBACrC,yBAAyB,EAAE,IAAI,CAAC,cAAe;aAChD,CAAC;YACF,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACpB,OAAO,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC;YAClD,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,wBAAwB;QACxB,OAAO;YACL,kBAAkB,EAAE,SAAS;YAC7B,kBAAkB,EAAE,SAAS;YAC7B,iBAAiB,EAAE,IAAI,CAAC,OAAQ;YAChC,eAAe,EAAE,IAAI,CAAC,KAAM;YAC5B,gBAAgB,EAAE,cAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAU,CAAC;YAC9C,0BAA0B,EAAE,IAAI,CAAC,eAAe,IAAI,EAAE;YACtD,oBAAoB,EAAE,IAAI,CAAC,UAAU,IAAI,EAAE;SAC5C,CAAC;IACJ,CAAC;IAED,WAAW,CAAC,OAAe;QACzB,IAAI,IAAI,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;QAC/D,CAAC;QACD,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC;QACpC,MAAM,SAAS,GAAG,iBAAO,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,UAAW,CAAC,CAAC;QAC9D,OAAO,IAAA,kBAAU,EAAC,SAAS,CAAC,CAAC;IAC/B,CAAC;IAED,MAAM,CAAC,aAAa,CAAC,OAAe,EAAE,SAAiB,EAAE,SAAqB;QAC5E,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC;QACpC,OAAO,iBAAO,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;IAC3D,CAAC;IAED,oBAAoB,CAClB,IAAY,EACZ,SAAiB,EACjB,SAAiB,EACjB,eAAuB;QAEvB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,GAAG,IAAI,IAAI,SAAS,EAAE,CAAC;YACvC,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC;YACpC,MAAM,SAAS,GAAG,cAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;YAC/C,OAAO,iBAAO,CAAC,MAAM,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;QAC3D,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;YACzD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,UAAU;IACV,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAED,iBAAiB;QACf,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED,UAAU;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,QAAQ;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,kBAAkB;QAChB,OAAO,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,cAAI,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAClE,CAAC;IAED,kBAAkB;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,SAAS;QACP,IAAI,IAAI,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;YAC9B,MAAM,IAAI,GAAG;gBACX,UAAU,EAAE,KAAK;gBACjB,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,cAAc,EAAE,IAAI,CAAC,cAAc;gBACnC,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,CAAC;YACF,OAAO,cAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxD,CAAC;QAED,MAAM,IAAI,GAAG;YACX,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,UAAW,CAAC;YACxC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAU,CAAC;YACtC,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC;QACF,OAAO,cAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,MAAM,CAAC,WAAW,CAAC,UAAkB;QACnC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,cAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YAEzE,IAAI,IAAI,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;gBAC9B,OAAO,IAAI,cAAc,CAAC;oBACxB,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,cAAc,EAAE,IAAI,CAAC,cAAc;oBACnC,UAAU,EAAE,IAAI,CAAC,UAAU;iBAC5B,CAAC,CAAC;YACL,CAAC;YAED,wDAAwD;YACxD,OAAO,IAAI,cAAc,CAAC;gBACxB,gBAAgB,EAAE,cAAI,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBAC9D,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,eAAe,EAAE,IAAI,CAAC,eAAe;gBACrC,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,yCAAyC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;CACF;AAvQD,wCAuQC"}

package/dist/service/auth.d.ts

@@ -1,3 +1,40 @@
+/**
+ * JWT AUTHENTICATION (for users from DAIN ID)
+ */
+export interface JWTPayload {
+    sub: string;
+    iss: string;
+    aud: string;
+    iat: number;
+    exp: number;
+    scope: string[];
+    smart_account_id: string;
+}
+export interface AuthResult {
+    success: boolean;
+    smartAccountId?: string;
+    scope?: string[];
+    agentId?: string;
+    orgId?: string;
+    address?: string;
+    error?: string;
+}
+/**
+ * Verify JWT token from DAIN ID
+ * This should be used with a public key fetched from DAIN ID's JWKS endpoint
+ */
+export declare function verifyJWT(token: string, publicKeyOrJWKS: string | any): Promise<AuthResult>;
+/**
+ * Extract Bearer token from Authorization header
+ */
+export declare function extractBearerToken(authHeader: string | undefined): string | null;
+/**
+ * Check if token has required scope
+ */
+export declare function hasRequiredScope(tokenScopes: string[], requiredScope: string): boolean;
+/**
+ * LEGACY AUTHENTICATION (for service-to-service)
+ */
 export declare function addressToPublicKeyBytes(address: string): Uint8Array;
 export declare function signatureToBytes(signature: string): Uint8Array;
 export declare function verifySignature(signature: string, message: string, address: string): boolean;
@@ -7,5 +44,5 @@ export declare function signResponse(privateKey: Uint8Array, responseBody: strin
     timestamp: string;
 };
 export declare function verifyResponse(publicKey: Uint8Array, responseBody: string, signature: string, timestamp: string): boolean;
-export declare function verifyRequestSignature(signature: string, method: string, path: string, headers: Record<string, string>, body: string, address: string, smartAccountPDA: string): boolean;
+export declare function verifyRequestSignature(signature: string, method: string, path: string, headers: Record<string, string>, body: string, address: string, smartAccountPDA?: string): boolean;
 export declare function isValidSolanaAddress(address: string): boolean;