@originals/auth 1.8.2 → 1.8.3

package/dist/server/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../src/server/jwt.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,GAAG,MAAM,cAAc,CAAC;AAG/B,oBAAoB;AACpB,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAEhD;;GAEG;AACH,SAAS,YAAY,CAAC,YAAqB;IACzC,MAAM,MAAM,GAAG,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IACtD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACjE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,SAAS,CACvB,QAAgB,EAChB,KAAa,EACb,YAAqB,EACrB,OAKC;IAED,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAE7C,MAAM,OAAO,GAA4B;QACvC,GAAG,EAAE,QAAQ;QACb,KAAK;KACN,CAAC;IAEF,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,CAAC,YAAY,GAAG,YAAY,CAAC;IACtC,CAAC;IAED,MAAM,WAAW,GAAoB;QACnC,SAAS,EAAE,OAAO,EAAE,SAAS,IAAI,sBAAsB;QACvD,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,gBAAgB;QAC3C,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,eAAe;KAC/C,CAAC;IAEF,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,CAAC;AAChD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CACzB,KAAa,EACb,OAIC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE;YACxC,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,gBAAgB;YAC3C,QAAQ,EAAE,OAAO,EAAE,QAAQ,IAAI,eAAe;SAC/C,CAAiB,CAAC;QAEnB,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;QACvC,CAAC;QACD,IAAI,KAAK,YAAY,GAAG,CAAC,iBAAiB,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACnC,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,KAAa,EACb,OAIC;IAED,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;IAE3D,OAAO;QACL,IAAI,EAAE,OAAO,EAAE,UAAU,IAAI,YAAY;QACzC,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE;YACP,QAAQ,EAAE,IAAI,EAAE,oDAAoD;YACpE,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,YAAY,EAAE,2BAA2B;YACpE,QAAQ,EAAE,QAAQ,EAAE,kBAAkB;YACtC,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,yBAAyB;YAC7E,IAAI,EAAE,GAAG,EAAE,2BAA2B;SACvC;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,wBAAwB,CAAC,UAAmB;IAC1D,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;IAE3D,OAAO;QACL,IAAI,EAAE,UAAU,IAAI,YAAY;QAChC,KAAK,EAAE,EAAE;QACT,OAAO,EAAE;YACP,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,YAAY;YACpB,QAAQ,EAAE,QAAQ;YAClB,MAAM,EAAE,CAAC,EAAE,qBAAqB;YAChC,IAAI,EAAE,GAAG;SACV;KACF,CAAC;AACJ,CAAC"}

package/dist/server/middleware.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Express authentication middleware factory
+ */
+import type { Request, Response, NextFunction } from 'express';
+import type { AuthMiddlewareOptions } from '../types';
+/**
+ * Create an authentication middleware for Express
+ *
+ * @example
+ * ```typescript
+ * import { createAuthMiddleware } from '@originals/auth/server';
+ *
+ * const authenticateUser = createAuthMiddleware({
+ *   getUserByTurnkeyId: async (turnkeyId) => {
+ *     return db.query.users.findFirst({
+ *       where: eq(users.turnkeySubOrgId, turnkeyId)
+ *     });
+ *   },
+ *   createUser: async (turnkeyId, email, temporaryDid) => {
+ *     return db.insert(users).values({
+ *       turnkeySubOrgId: turnkeyId,
+ *       email,
+ *       did: temporaryDid,
+ *     }).returning().then(rows => rows[0]);
+ *   }
+ * });
+ *
+ * app.get('/api/protected', authenticateUser, (req, res) => {
+ *   res.json({ user: req.user });
+ * });
+ * ```
+ */
+export declare function createAuthMiddleware(options: AuthMiddlewareOptions): (req: Request, res: Response, next: NextFunction) => Promise<void | Response>;
+/**
+ * Optional authentication middleware - doesn't fail if not authenticated
+ * Attaches user to request if valid token exists, otherwise continues without user
+ */
+export declare function createOptionalAuthMiddleware(options: AuthMiddlewareOptions): (req: Request, res: Response, next: NextFunction) => Promise<void>;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/server/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/server/middleware.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE/D,OAAO,KAAK,EAAE,qBAAqB,EAAkC,MAAM,UAAU,CAAC;AAEtF;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,qBAAqB,GAC7B,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,GAAG,QAAQ,CAAC,CAsD/E;AAED;;;GAGG;AACH,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,qBAAqB,GAC7B,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,CAmCpE"}

package/dist/server/middleware.js

@@ -0,0 +1,112 @@
+/**
+ * Express authentication middleware factory
+ */
+import { verifyToken } from './jwt.js';
+/**
+ * Create an authentication middleware for Express
+ *
+ * @example
+ * ```typescript
+ * import { createAuthMiddleware } from '@originals/auth/server';
+ *
+ * const authenticateUser = createAuthMiddleware({
+ *   getUserByTurnkeyId: async (turnkeyId) => {
+ *     return db.query.users.findFirst({
+ *       where: eq(users.turnkeySubOrgId, turnkeyId)
+ *     });
+ *   },
+ *   createUser: async (turnkeyId, email, temporaryDid) => {
+ *     return db.insert(users).values({
+ *       turnkeySubOrgId: turnkeyId,
+ *       email,
+ *       did: temporaryDid,
+ *     }).returning().then(rows => rows[0]);
+ *   }
+ * });
+ *
+ * app.get('/api/protected', authenticateUser, (req, res) => {
+ *   res.json({ user: req.user });
+ * });
+ * ```
+ */
+export function createAuthMiddleware(options) {
+    const cookieName = options.cookieName ?? 'auth_token';
+    return async (req, res, next) => {
+        try {
+            // Get JWT token from HTTP-only cookie
+            const cookies = req.cookies;
+            const token = cookies?.[cookieName];
+            if (!token) {
+                return res.status(401).json({ error: 'Not authenticated' });
+            }
+            // Verify JWT token
+            const payload = verifyToken(token, { secret: options.jwtSecret });
+            const turnkeySubOrgId = payload.sub;
+            const email = payload.email;
+            // Check if user already exists
+            let user = await options.getUserByTurnkeyId(turnkeySubOrgId);
+            // If user doesn't exist and createUser is provided, create user
+            if (!user && options.createUser) {
+                console.log(`Creating user record for ${email}...`);
+                // Use temporary DID as placeholder until user creates real DID
+                const temporaryDid = `temp:turnkey:${turnkeySubOrgId}`;
+                user = await options.createUser(turnkeySubOrgId, email, temporaryDid);
+                console.log(`✅ User created: ${email}`);
+                console.log(`   Turnkey sub-org ID: ${turnkeySubOrgId}`);
+                console.log(`   Temporary DID: ${temporaryDid}`);
+            }
+            if (!user) {
+                return res.status(401).json({ error: 'User not found' });
+            }
+            // Add user info to request
+            req.user = {
+                id: user.id,
+                turnkeySubOrgId,
+                email,
+                did: user.did,
+                sessionToken: payload.sessionToken,
+            };
+            next();
+        }
+        catch (error) {
+            console.error('Authentication error:', error);
+            return res.status(401).json({ error: 'Invalid or expired token' });
+        }
+    };
+}
+/**
+ * Optional authentication middleware - doesn't fail if not authenticated
+ * Attaches user to request if valid token exists, otherwise continues without user
+ */
+export function createOptionalAuthMiddleware(options) {
+    const cookieName = options.cookieName ?? 'auth_token';
+    return async (req, res, next) => {
+        try {
+            const cookies = req.cookies;
+            const token = cookies?.[cookieName];
+            if (!token) {
+                next();
+                return;
+            }
+            const payload = verifyToken(token, { secret: options.jwtSecret });
+            const turnkeySubOrgId = payload.sub;
+            const email = payload.email;
+            const user = await options.getUserByTurnkeyId(turnkeySubOrgId);
+            if (user) {
+                req.user = {
+                    id: user.id,
+                    turnkeySubOrgId,
+                    email,
+                    did: user.did,
+                    sessionToken: payload.sessionToken,
+                };
+            }
+            next();
+        }
+        catch {
+            // Token invalid or expired, continue without user
+            next();
+        }
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/server/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/server/middleware.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAGvC;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,UAAU,oBAAoB,CAClC,OAA8B;IAE9B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,YAAY,CAAC;IAEtD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAA4B,EAAE;QACzF,IAAI,CAAC;YACH,sCAAsC;YACtC,MAAM,OAAO,GAAG,GAAG,CAAC,OAA6C,CAAC;YAClE,MAAM,KAAK,GAAG,OAAO,EAAE,CAAC,UAAU,CAAC,CAAC;YAEpC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YAC9D,CAAC;YAED,mBAAmB;YACnB,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;YAClE,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC;YACpC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;YAE5B,+BAA+B;YAC/B,IAAI,IAAI,GAAoB,MAAM,OAAO,CAAC,kBAAkB,CAAC,eAAe,CAAC,CAAC;YAE9E,gEAAgE;YAChE,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;gBAChC,OAAO,CAAC,GAAG,CAAC,4BAA4B,KAAK,KAAK,CAAC,CAAC;gBAEpD,+DAA+D;gBAC/D,MAAM,YAAY,GAAG,gBAAgB,eAAe,EAAE,CAAC;gBAEvD,IAAI,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,eAAe,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;gBAEtE,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,EAAE,CAAC,CAAC;gBACxC,OAAO,CAAC,GAAG,CAAC,0BAA0B,eAAe,EAAE,CAAC,CAAC;gBACzD,OAAO,CAAC,GAAG,CAAC,qBAAqB,YAAY,EAAE,CAAC,CAAC;YACnD,CAAC;YAED,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAC3D,CAAC;YAED,2BAA2B;YAC1B,GAAsC,CAAC,IAAI,GAAG;gBAC7C,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,eAAe;gBACf,KAAK;gBACL,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,YAAY,EAAE,OAAO,CAAC,YAAY;aACnC,CAAC;YAEF,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;YAC9C,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;QACrE,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,4BAA4B,CAC1C,OAA8B;IAE9B,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,YAAY,CAAC;IAEtD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;QAC9E,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,GAAG,CAAC,OAA6C,CAAC;YAClE,MAAM,KAAK,GAAG,OAAO,EAAE,CAAC,UAAU,CAAC,CAAC;YAEpC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,IAAI,EAAE,CAAC;gBACP,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;YAClE,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC;YACpC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;YAE5B,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,eAAe,CAAC,CAAC;YAE/D,IAAI,IAAI,EAAE,CAAC;gBACR,GAAsC,CAAC,IAAI,GAAG;oBAC7C,EAAE,EAAE,IAAI,CAAC,EAAE;oBACX,eAAe;oBACf,KAAK;oBACL,GAAG,EAAE,IAAI,CAAC,GAAG;oBACb,YAAY,EAAE,OAAO,CAAC,YAAY;iBACnC,CAAC;YACJ,CAAC;YAED,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,MAAM,CAAC;YACP,kDAAkD;YAClD,IAAI,EAAE,CAAC;QACT,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/server/turnkey-client.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Server-side Turnkey client utilities
+ */
+import { Turnkey } from '@turnkey/sdk-server';
+export interface TurnkeyClientConfig {
+    /** Turnkey API base URL (default: https://api.turnkey.com) */
+    apiBaseUrl?: string;
+    /** Turnkey API public key */
+    apiPublicKey: string;
+    /** Turnkey API private key */
+    apiPrivateKey: string;
+    /** Default organization ID */
+    organizationId: string;
+}
+/**
+ * Create a Turnkey server client
+ */
+export declare function createTurnkeyClient(config?: Partial<TurnkeyClientConfig>): Turnkey;
+/**
+ * Get or create a Turnkey sub-organization for a user
+ * Creates sub-org with email-only root user and required wallet accounts
+ */
+export declare function getOrCreateTurnkeySubOrg(email: string, turnkeyClient: Turnkey): Promise<string>;
+//# sourceMappingURL=turnkey-client.d.ts.map

package/dist/server/turnkey-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"turnkey-client.d.ts","sourceRoot":"","sources":["../../src/server/turnkey-client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAE9C,MAAM,WAAW,mBAAmB;IAClC,8DAA8D;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6BAA6B;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,8BAA8B;IAC9B,aAAa,EAAE,MAAM,CAAC;IACtB,8BAA8B;IAC9B,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,mBAAmB,CAAC,GAAG,OAAO,CAqBlF;AAED;;;GAGG;AACH,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,MAAM,CAAC,CAkGjB"}

package/dist/server/turnkey-client.js

@@ -0,0 +1,118 @@
+/**
+ * Server-side Turnkey client utilities
+ */
+import { Turnkey } from '@turnkey/sdk-server';
+/**
+ * Create a Turnkey server client
+ */
+export function createTurnkeyClient(config) {
+    const apiPublicKey = config?.apiPublicKey ?? process.env.TURNKEY_API_PUBLIC_KEY;
+    const apiPrivateKey = config?.apiPrivateKey ?? process.env.TURNKEY_API_PRIVATE_KEY;
+    const organizationId = config?.organizationId ?? process.env.TURNKEY_ORGANIZATION_ID;
+    if (!apiPublicKey) {
+        throw new Error('TURNKEY_API_PUBLIC_KEY is required');
+    }
+    if (!apiPrivateKey) {
+        throw new Error('TURNKEY_API_PRIVATE_KEY is required');
+    }
+    if (!organizationId) {
+        throw new Error('TURNKEY_ORGANIZATION_ID is required');
+    }
+    return new Turnkey({
+        apiBaseUrl: config?.apiBaseUrl ?? 'https://api.turnkey.com',
+        apiPublicKey,
+        apiPrivateKey,
+        defaultOrganizationId: organizationId,
+    });
+}
+/**
+ * Get or create a Turnkey sub-organization for a user
+ * Creates sub-org with email-only root user and required wallet accounts
+ */
+export async function getOrCreateTurnkeySubOrg(email, turnkeyClient) {
+    const organizationId = process.env.TURNKEY_ORGANIZATION_ID;
+    if (!organizationId) {
+        throw new Error('TURNKEY_ORGANIZATION_ID is required');
+    }
+    // Generate a consistent base name for lookup
+    const baseSubOrgName = `user-${email.replace(/[^a-z0-9]/gi, '-').toLowerCase()}`;
+    console.log(`🔍 Checking for existing sub-organization for ${email}...`);
+    try {
+        // Try to get existing sub-organizations by email filter
+        const subOrgs = await turnkeyClient.apiClient().getSubOrgIds({
+            organizationId,
+            filterType: 'EMAIL',
+            filterValue: email,
+        });
+        const subOrgIds = subOrgs.organizationIds || [];
+        const existingSubOrgId = subOrgIds.length > 0 ? subOrgIds[0] : null;
+        if (existingSubOrgId) {
+            console.log(`✅ Found existing sub-organization: ${existingSubOrgId}`);
+            // Check if this sub-org has a wallet
+            try {
+                const walletsCheck = await turnkeyClient.apiClient().getWallets({
+                    organizationId: existingSubOrgId,
+                });
+                const walletCount = walletsCheck.wallets?.length || 0;
+                if (walletCount > 0) {
+                    return existingSubOrgId;
+                }
+                console.log(`⚠️ Sub-org has no wallet, creating new sub-org with wallet...`);
+            }
+            catch (walletCheckErr) {
+                console.error('Could not check wallet in sub-org:', walletCheckErr);
+                return existingSubOrgId;
+            }
+        }
+    }
+    catch {
+        console.log(`📝 No existing sub-org found, will create new one`);
+    }
+    // Generate a unique name for the new sub-org
+    const subOrgName = `${baseSubOrgName}-${Date.now()}`;
+    console.log(`📧 Creating new Turnkey sub-organization for ${email}...`);
+    // Create sub-organization with wallet containing required keys
+    const result = await turnkeyClient.apiClient().createSubOrganization({
+        subOrganizationName: subOrgName,
+        rootUsers: [
+            {
+                userName: email,
+                userEmail: email,
+                apiKeys: [],
+                authenticators: [],
+                oauthProviders: [],
+            },
+        ],
+        rootQuorumThreshold: 1,
+        wallet: {
+            walletName: 'default-wallet',
+            accounts: [
+                {
+                    curve: 'CURVE_SECP256K1',
+                    pathFormat: 'PATH_FORMAT_BIP32',
+                    path: "m/44'/0'/0'/0/0", // Bitcoin path for auth-key
+                    addressFormat: 'ADDRESS_FORMAT_ETHEREUM',
+                },
+                {
+                    curve: 'CURVE_ED25519',
+                    pathFormat: 'PATH_FORMAT_BIP32',
+                    path: "m/44'/501'/0'/0'", // Ed25519 for assertion-key
+                    addressFormat: 'ADDRESS_FORMAT_SOLANA',
+                },
+                {
+                    curve: 'CURVE_ED25519',
+                    pathFormat: 'PATH_FORMAT_BIP32',
+                    path: "m/44'/501'/1'/0'", // Ed25519 for update-key
+                    addressFormat: 'ADDRESS_FORMAT_SOLANA',
+                },
+            ],
+        },
+    });
+    const subOrgId = result.activity?.result?.createSubOrganizationResultV7?.subOrganizationId;
+    if (!subOrgId) {
+        throw new Error('No sub-organization ID returned from Turnkey');
+    }
+    console.log(`✅ Created sub-organization: ${subOrgId}`);
+    return subOrgId;
+}
+//# sourceMappingURL=turnkey-client.js.map

package/dist/server/turnkey-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"turnkey-client.js","sourceRoot":"","sources":["../../src/server/turnkey-client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAa9C;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAqC;IACvE,MAAM,YAAY,GAAG,MAAM,EAAE,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;IAChF,MAAM,aAAa,GAAG,MAAM,EAAE,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACnF,MAAM,cAAc,GAAG,MAAM,EAAE,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IAErF,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IACxD,CAAC;IACD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,OAAO,IAAI,OAAO,CAAC;QACjB,UAAU,EAAE,MAAM,EAAE,UAAU,IAAI,yBAAyB;QAC3D,YAAY;QACZ,aAAa;QACb,qBAAqB,EAAE,cAAc;KACtC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAAa,EACb,aAAsB;IAEtB,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IAC3D,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,6CAA6C;IAC7C,MAAM,cAAc,GAAG,QAAQ,KAAK,CAAC,OAAO,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;IAEjF,OAAO,CAAC,GAAG,CAAC,iDAAiD,KAAK,KAAK,CAAC,CAAC;IAEzE,IAAI,CAAC;QACH,wDAAwD;QACxD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,CAAC,YAAY,CAAC;YAC3D,cAAc;YACd,UAAU,EAAE,OAAO;YACnB,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,OAAO,CAAC,eAAe,IAAI,EAAE,CAAC;QAChD,MAAM,gBAAgB,GAAG,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEpE,IAAI,gBAAgB,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,sCAAsC,gBAAgB,EAAE,CAAC,CAAC;YAEtE,qCAAqC;YACrC,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,CAAC,UAAU,CAAC;oBAC9D,cAAc,EAAE,gBAAgB;iBACjC,CAAC,CAAC;gBACH,MAAM,WAAW,GAAG,YAAY,CAAC,OAAO,EAAE,MAAM,IAAI,CAAC,CAAC;gBAEtD,IAAI,WAAW,GAAG,CAAC,EAAE,CAAC;oBACpB,OAAO,gBAAgB,CAAC;gBAC1B,CAAC;gBAED,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;YAC/E,CAAC;YAAC,OAAO,cAAc,EAAE,CAAC;gBACxB,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,cAAc,CAAC,CAAC;gBACpE,OAAO,gBAAgB,CAAC;YAC1B,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;IACnE,CAAC;IAED,6CAA6C;IAC7C,MAAM,UAAU,GAAG,GAAG,cAAc,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IAErD,OAAO,CAAC,GAAG,CAAC,gDAAgD,KAAK,KAAK,CAAC,CAAC;IAExE,+DAA+D;IAC/D,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,CAAC,qBAAqB,CAAC;QACnE,mBAAmB,EAAE,UAAU;QAC/B,SAAS,EAAE;YACT;gBACE,QAAQ,EAAE,KAAK;gBACf,SAAS,EAAE,KAAK;gBAChB,OAAO,EAAE,EAAE;gBACX,cAAc,EAAE,EAAE;gBAClB,cAAc,EAAE,EAAE;aACnB;SACF;QACD,mBAAmB,EAAE,CAAC;QACtB,MAAM,EAAE;YACN,UAAU,EAAE,gBAAgB;YAC5B,QAAQ,EAAE;gBACR;oBACE,KAAK,EAAE,iBAAiB;oBACxB,UAAU,EAAE,mBAAmB;oBAC/B,IAAI,EAAE,iBAAiB,EAAE,4BAA4B;oBACrD,aAAa,EAAE,yBAAyB;iBACzC;gBACD;oBACE,KAAK,EAAE,eAAe;oBACtB,UAAU,EAAE,mBAAmB;oBAC/B,IAAI,EAAE,kBAAkB,EAAE,4BAA4B;oBACtD,aAAa,EAAE,uBAAuB;iBACvC;gBACD;oBACE,KAAK,EAAE,eAAe;oBACtB,UAAU,EAAE,mBAAmB;oBAC/B,IAAI,EAAE,kBAAkB,EAAE,yBAAyB;oBACnD,aAAa,EAAE,uBAAuB;iBACvC;aACF;SACF;KACF,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,6BAA6B,EAAE,iBAAiB,CAAC;IAE3F,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,+BAA+B,QAAQ,EAAE,CAAC,CAAC;IAEvD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/server/turnkey-signer.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Turnkey Signer - Integration between Turnkey key management and Originals SDK
+ *
+ * Provides an ExternalSigner implementation that works with Turnkey-managed
+ * keys for use with the Originals SDK's DID creation and signing operations.
+ */
+import { Turnkey } from '@turnkey/sdk-server';
+import { ExternalSigner, ExternalVerifier } from '@originals/sdk';
+/**
+ * Turnkey-based signer for use with Originals SDK
+ * Implements the ExternalSigner and ExternalVerifier interfaces
+ */
+export declare class TurnkeyWebVHSigner implements ExternalSigner, ExternalVerifier {
+    private subOrgId;
+    private keyId;
+    private publicKeyMultibase;
+    private turnkeyClient;
+    private verificationMethodId;
+    constructor(subOrgId: string, keyId: string, publicKeyMultibase: string, turnkeyClient: Turnkey, verificationMethodId: string);
+    /**
+     * Sign data using Turnkey's API
+     */
+    sign(input: {
+        document: Record<string, unknown>;
+        proof: Record<string, unknown>;
+    }): Promise<{
+        proofValue: string;
+    }>;
+    /**
+     * Verify a signature
+     */
+    verify(signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array): Promise<boolean>;
+    getVerificationMethodId(): string;
+    getPublicKeyMultibase(): string;
+}
+/**
+ * Create a Turnkey signer for use with the Originals SDK
+ */
+export declare function createTurnkeySigner(subOrgId: string, keyId: string, turnkeyClient: Turnkey, verificationMethodId: string, publicKeyMultibase: string): TurnkeyWebVHSigner;
+//# sourceMappingURL=turnkey-signer.d.ts.map

package/dist/server/turnkey-signer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"turnkey-signer.d.ts","sourceRoot":"","sources":["../../src/server/turnkey-signer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAA0B,MAAM,gBAAgB,CAAC;AAwB1F;;;GAGG;AACH,qBAAa,kBAAmB,YAAW,cAAc,EAAE,gBAAgB;IACzE,OAAO,CAAC,QAAQ,CAAS;IACzB,OAAO,CAAC,KAAK,CAAS;IACtB,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,aAAa,CAAU;IAC/B,OAAO,CAAC,oBAAoB,CAAS;gBAGnC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,kBAAkB,EAAE,MAAM,EAC1B,aAAa,EAAE,OAAO,EACtB,oBAAoB,EAAE,MAAM;IAS9B;;OAEG;IACG,IAAI,CAAC,KAAK,EAAE;QAChB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAClC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KAChC,GAAG,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAgDnC;;OAEG;IACG,MAAM,CACV,SAAS,EAAE,UAAU,EACrB,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC;IAwBnB,uBAAuB,IAAI,MAAM;IAIjC,qBAAqB,IAAI,MAAM;CAGhC;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,OAAO,EACtB,oBAAoB,EAAE,MAAM,EAC5B,kBAAkB,EAAE,MAAM,GACzB,kBAAkB,CAQpB"}

package/dist/server/turnkey-signer.js

@@ -0,0 +1,121 @@
+/**
+ * Turnkey Signer - Integration between Turnkey key management and Originals SDK
+ *
+ * Provides an ExternalSigner implementation that works with Turnkey-managed
+ * keys for use with the Originals SDK's DID creation and signing operations.
+ */
+import { multikey, OriginalsSDK } from '@originals/sdk';
+import { sha512 } from '@noble/hashes/sha2.js';
+import { concatBytes, bytesToHex } from '@noble/hashes/utils.js';
+import * as ed25519 from '@noble/ed25519';
+// Configure @noble/ed25519 with required SHA-512 function
+const sha512Fn = (...msgs) => sha512(concatBytes(...msgs));
+// Initialize Ed25519 configuration
+try {
+    const ed25519Module = ed25519;
+    if (ed25519Module.utils) {
+        ed25519Module.utils.sha512Sync = sha512Fn;
+    }
+    if (ed25519Module.etc) {
+        ed25519Module.etc.sha512Sync = sha512Fn;
+    }
+}
+catch (error) {
+    console.warn('Failed to configure ed25519 utils:', error);
+}
+/**
+ * Turnkey-based signer for use with Originals SDK
+ * Implements the ExternalSigner and ExternalVerifier interfaces
+ */
+export class TurnkeyWebVHSigner {
+    subOrgId;
+    keyId;
+    publicKeyMultibase;
+    turnkeyClient;
+    verificationMethodId;
+    constructor(subOrgId, keyId, publicKeyMultibase, turnkeyClient, verificationMethodId) {
+        this.subOrgId = subOrgId;
+        this.keyId = keyId;
+        this.publicKeyMultibase = publicKeyMultibase;
+        this.turnkeyClient = turnkeyClient;
+        this.verificationMethodId = verificationMethodId;
+    }
+    /**
+     * Sign data using Turnkey's API
+     */
+    async sign(input) {
+        try {
+            // Prepare the data for signing using the SDK's canonical approach
+            const dataToSign = await OriginalsSDK.prepareDIDDataForSigning(input.document, input.proof);
+            // Convert canonical data to hex format for Turnkey's sign API
+            const dataHex = `0x${bytesToHex(dataToSign)}`;
+            // Sign using Turnkey's API
+            const result = await this.turnkeyClient.apiClient().signRawPayload({
+                organizationId: this.subOrgId,
+                signWith: this.keyId,
+                payload: dataHex,
+                encoding: 'PAYLOAD_ENCODING_HEXADECIMAL',
+                hashFunction: 'HASH_FUNCTION_NO_OP',
+            });
+            const signRawResult = result.activity?.result?.signRawPayloadResult;
+            if (!signRawResult?.r || !signRawResult?.s) {
+                throw new Error('No signature returned from Turnkey');
+            }
+            const signature = signRawResult.r + signRawResult.s;
+            // Convert signature to bytes
+            const cleanSig = signature.startsWith('0x') ? signature.slice(2) : signature;
+            let signatureBytes = Buffer.from(cleanSig, 'hex');
+            // Ed25519 signatures should be exactly 64 bytes
+            if (signatureBytes.length === 65) {
+                signatureBytes = signatureBytes.slice(0, 64);
+            }
+            else if (signatureBytes.length !== 64) {
+                throw new Error(`Invalid Ed25519 signature length: ${signatureBytes.length} (expected 64 bytes)`);
+            }
+            // Encode signature as multibase
+            const proofValue = multikey.encodeMultibase(signatureBytes);
+            return { proofValue };
+        }
+        catch (error) {
+            console.error('Error signing with Turnkey:', error);
+            throw new Error(`Failed to sign with Turnkey: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    /**
+     * Verify a signature
+     */
+    async verify(signature, message, publicKey) {
+        try {
+            // Ed25519 public keys must be exactly 32 bytes
+            let ed25519PublicKey = publicKey;
+            if (publicKey.length === 33) {
+                ed25519PublicKey = publicKey.slice(1);
+            }
+            else if (publicKey.length !== 32) {
+                return false;
+            }
+            const ed25519Module = ed25519;
+            if (typeof ed25519Module.utils?.sha512Sync !== 'function') {
+                ed25519Module.utils.sha512Sync = sha512Fn;
+            }
+            return await ed25519.verifyAsync(signature, message, ed25519PublicKey);
+        }
+        catch (error) {
+            console.error('Error verifying signature:', error);
+            return false;
+        }
+    }
+    getVerificationMethodId() {
+        return this.verificationMethodId;
+    }
+    getPublicKeyMultibase() {
+        return this.publicKeyMultibase;
+    }
+}
+/**
+ * Create a Turnkey signer for use with the Originals SDK
+ */
+export function createTurnkeySigner(subOrgId, keyId, turnkeyClient, verificationMethodId, publicKeyMultibase) {
+    return new TurnkeyWebVHSigner(subOrgId, keyId, publicKeyMultibase, turnkeyClient, verificationMethodId);
+}
+//# sourceMappingURL=turnkey-signer.js.map

package/dist/server/turnkey-signer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"turnkey-signer.js","sourceRoot":"","sources":["../../src/server/turnkey-signer.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAoC,QAAQ,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC1F,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACjE,OAAO,KAAK,OAAO,MAAM,gBAAgB,CAAC;AAE1C,0DAA0D;AAC1D,MAAM,QAAQ,GAAG,CAAC,GAAG,IAAkB,EAAc,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC;AAErF,mCAAmC;AACnC,IAAI,CAAC;IACH,MAAM,aAAa,GAAG,OAGrB,CAAC;IACF,IAAI,aAAa,CAAC,KAAK,EAAE,CAAC;QACxB,aAAa,CAAC,KAAK,CAAC,UAAU,GAAG,QAAQ,CAAC;IAC5C,CAAC;IACD,IAAI,aAAa,CAAC,GAAG,EAAE,CAAC;QACtB,aAAa,CAAC,GAAG,CAAC,UAAU,GAAG,QAAQ,CAAC;IAC1C,CAAC;AACH,CAAC;AAAC,OAAO,KAAK,EAAE,CAAC;IACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;AAC5D,CAAC;AAED;;;GAGG;AACH,MAAM,OAAO,kBAAkB;IACrB,QAAQ,CAAS;IACjB,KAAK,CAAS;IACd,kBAAkB,CAAS;IAC3B,aAAa,CAAU;IACvB,oBAAoB,CAAS;IAErC,YACE,QAAgB,EAChB,KAAa,EACb,kBAA0B,EAC1B,aAAsB,EACtB,oBAA4B;QAE5B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;QAC7C,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;QACnC,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,IAAI,CAAC,KAGV;QACC,IAAI,CAAC;YACH,kEAAkE;YAClE,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,wBAAwB,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;YAE5F,8DAA8D;YAC9D,MAAM,OAAO,GAAG,KAAK,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAE9C,2BAA2B;YAC3B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,cAAc,CAAC;gBACjE,cAAc,EAAE,IAAI,CAAC,QAAQ;gBAC7B,QAAQ,EAAE,IAAI,CAAC,KAAK;gBACpB,OAAO,EAAE,OAAO;gBAChB,QAAQ,EAAE,8BAA8B;gBACxC,YAAY,EAAE,qBAAqB;aACpC,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,oBAAoB,CAAC;YACpE,IAAI,CAAC,aAAa,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC,EAAE,CAAC;gBAC3C,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;YACxD,CAAC;YAED,MAAM,SAAS,GAAG,aAAa,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC;YAEpD,6BAA6B;YAC7B,MAAM,QAAQ,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC7E,IAAI,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;YAElD,gDAAgD;YAChD,IAAI,cAAc,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBACjC,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC/C,CAAC;iBAAM,IAAI,cAAc,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBACxC,MAAM,IAAI,KAAK,CACb,qCAAqC,cAAc,CAAC,MAAM,sBAAsB,CACjF,CAAC;YACJ,CAAC;YAED,gCAAgC;YAChC,MAAM,UAAU,GAAG,QAAQ,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;YAC5D,OAAO,EAAE,UAAU,EAAE,CAAC;QACxB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,KAAK,CAAC,CAAC;YACpD,MAAM,IAAI,KAAK,CACb,gCAAgC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACzF,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CACV,SAAqB,EACrB,OAAmB,EACnB,SAAqB;QAErB,IAAI,CAAC;YACH,+CAA+C;YAC/C,IAAI,gBAAgB,GAAG,SAAS,CAAC;YACjC,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBAC5B,gBAAgB,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACxC,CAAC;iBAAM,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;gBACnC,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,aAAa,GAAG,OAErB,CAAC;YACF,IAAI,OAAO,aAAa,CAAC,KAAK,EAAE,UAAU,KAAK,UAAU,EAAE,CAAC;gBAC1D,aAAa,CAAC,KAAM,CAAC,UAAU,GAAG,QAAQ,CAAC;YAC7C,CAAC;YAED,OAAO,MAAM,OAAO,CAAC,WAAW,CAAC,SAAS,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC;QACzE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;YACnD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,uBAAuB;QACrB,OAAO,IAAI,CAAC,oBAAoB,CAAC;IACnC,CAAC;IAED,qBAAqB;QACnB,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CACjC,QAAgB,EAChB,KAAa,EACb,aAAsB,EACtB,oBAA4B,EAC5B,kBAA0B;IAE1B,OAAO,IAAI,kBAAkB,CAC3B,QAAQ,EACR,KAAK,EACL,kBAAkB,EAClB,aAAa,EACb,oBAAoB,CACrB,CAAC;AACJ,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,155 @@
+/**
+ * Shared types for @originals/auth
+ */
+/**
+ * Authenticated user information
+ */
+export interface AuthUser {
+    /** Database user ID */
+    id: string;
+    /** User's email address */
+    email: string;
+    /** User's DID identifier */
+    did: string;
+    /** Turnkey sub-organization ID */
+    turnkeySubOrgId: string;
+}
+/**
+ * JWT token payload structure
+ */
+export interface TokenPayload {
+    /** Subject - Turnkey sub-organization ID (stable identifier) */
+    sub: string;
+    /** User email (metadata) */
+    email: string;
+    /** Optional Turnkey session token for user authentication */
+    sessionToken?: string;
+    /** Issued at timestamp */
+    iat: number;
+    /** Expiration timestamp */
+    exp: number;
+}
+/**
+ * Options for creating auth middleware
+ */
+export interface AuthMiddlewareOptions {
+    /** Function to look up user by Turnkey sub-org ID */
+    getUserByTurnkeyId: (turnkeyId: string) => Promise<AuthUser | null>;
+    /** Optional function to create user on first auth */
+    createUser?: (turnkeyId: string, email: string, temporaryDid: string) => Promise<AuthUser>;
+    /** Cookie name for JWT token (default: 'auth_token') */
+    cookieName?: string;
+    /** JWT secret (default: process.env.JWT_SECRET) */
+    jwtSecret?: string;
+}
+/**
+ * Email authentication session
+ */
+export interface EmailAuthSession {
+    /** User's email address */
+    email: string;
+    /** Turnkey sub-organization ID */
+    subOrgId?: string;
+    /** Turnkey OTP ID */
+    otpId?: string;
+    /** Session creation timestamp */
+    timestamp: number;
+    /** Whether the session has been verified */
+    verified: boolean;
+}
+/**
+ * Result of initiating email authentication
+ */
+export interface InitiateAuthResult {
+    /** Session ID for verification step */
+    sessionId: string;
+    /** User-friendly message */
+    message: string;
+}
+/**
+ * Result of verifying email authentication
+ */
+export interface VerifyAuthResult {
+    /** Whether verification was successful */
+    verified: boolean;
+    /** User's email address */
+    email: string;
+    /** Turnkey sub-organization ID */
+    subOrgId: string;
+}
+/**
+ * Cookie configuration for auth tokens
+ */
+export interface AuthCookieConfig {
+    /** Cookie name */
+    name: string;
+    /** Cookie value (JWT token) */
+    value: string;
+    /** Cookie options */
+    options: {
+        httpOnly: boolean;
+        secure: boolean;
+        sameSite: 'strict' | 'lax' | 'none';
+        maxAge: number;
+        path: string;
+    };
+}
+/**
+ * Turnkey wallet information
+ */
+export interface TurnkeyWallet {
+    /** Wallet ID */
+    walletId: string;
+    /** Wallet name */
+    walletName: string;
+    /** Wallet accounts */
+    accounts: TurnkeyWalletAccount[];
+}
+/**
+ * Turnkey wallet account
+ */
+export interface TurnkeyWalletAccount {
+    /** Account address */
+    address: string;
+    /** Cryptographic curve */
+    curve: 'CURVE_SECP256K1' | 'CURVE_ED25519';
+    /** Derivation path */
+    path: string;
+    /** Address format */
+    addressFormat: string;
+}
+/**
+ * Client-side Turnkey authentication state
+ */
+export interface TurnkeyAuthState {
+    /** Whether the user is authenticated */
+    isAuthenticated: boolean;
+    /** Whether an auth operation is in progress */
+    isLoading: boolean;
+    /** Error message if any */
+    error: string | null;
+    /** User's email address */
+    email: string | null;
+    /** User's wallets */
+    wallets: TurnkeyWallet[];
+    /** OTP ID for verification step */
+    otpId: string | null;
+}
+/**
+ * Request context with authenticated user
+ */
+export interface AuthenticatedRequest {
+    user: {
+        /** Database user ID */
+        id: string;
+        /** Turnkey sub-organization ID */
+        turnkeySubOrgId: string;
+        /** User's email */
+        email: string;
+        /** User's DID */
+        did: string;
+        /** Turnkey session token (if available) */
+        sessionToken?: string;
+    };
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;GAEG;AACH,MAAM,WAAW,QAAQ;IACvB,uBAAuB;IACvB,EAAE,EAAE,MAAM,CAAC;IACX,2BAA2B;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,4BAA4B;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,kCAAkC;IAClC,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,gEAAgE;IAChE,GAAG,EAAE,MAAM,CAAC;IACZ,4BAA4B;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,6DAA6D;IAC7D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,0BAA0B;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,2BAA2B;IAC3B,GAAG,EAAE,MAAM,CAAC;CACb;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,qDAAqD;IACrD,kBAAkB,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IACpE,qDAAqD;IACrD,UAAU,CAAC,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC3F,wDAAwD;IACxD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,2BAA2B;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,kCAAkC;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qBAAqB;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,4CAA4C;IAC5C,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,uCAAuC;IACvC,SAAS,EAAE,MAAM,CAAC;IAClB,4BAA4B;IAC5B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,0CAA0C;IAC1C,QAAQ,EAAE,OAAO,CAAC;IAClB,2BAA2B;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,kCAAkC;IAClC,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,kBAAkB;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,+BAA+B;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,qBAAqB;IACrB,OAAO,EAAE;QACP,QAAQ,EAAE,OAAO,CAAC;QAClB,MAAM,EAAE,OAAO,CAAC;QAChB,QAAQ,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;QACpC,MAAM,EAAE,MAAM,CAAC;QACf,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;CACH;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,gBAAgB;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,kBAAkB;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,sBAAsB;IACtB,QAAQ,EAAE,oBAAoB,EAAE,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,sBAAsB;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,0BAA0B;IAC1B,KAAK,EAAE,iBAAiB,GAAG,eAAe,CAAC;IAC3C,sBAAsB;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,qBAAqB;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,wCAAwC;IACxC,eAAe,EAAE,OAAO,CAAC;IACzB,+CAA+C;IAC/C,SAAS,EAAE,OAAO,CAAC;IACnB,2BAA2B;IAC3B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,2BAA2B;IAC3B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,qBAAqB;IACrB,OAAO,EAAE,aAAa,EAAE,CAAC;IACzB,mCAAmC;IACnC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE;QACJ,uBAAuB;QACvB,EAAE,EAAE,MAAM,CAAC;QACX,kCAAkC;QAClC,eAAe,EAAE,MAAM,CAAC;QACxB,mBAAmB;QACnB,KAAK,EAAE,MAAM,CAAC;QACd,iBAAiB;QACjB,GAAG,EAAE,MAAM,CAAC;QACZ,2CAA2C;QAC3C,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,CAAC;CACH"}