@terminal3/t3n-sdk 3.1.0 → 3.3.0

package/dist/src/client/actions.d.ts

@@ -20,3 +20,12 @@ export declare function createAuthAction(authInput: AuthInput): Uint8Array;
  * @param idToken - The id_token JWT obtained from the OIDC provider with the nonce
  */
 export declare function createOidcSubmitTokenAction(idToken: string): Uint8Array;
+/**
+ * Create the initial action for the ADD-authenticator flow: link a new
+ * Ethereum wallet to the session's already-authenticated DID. Drives
+ * the same client state machine as {@link createAuthAction} (eth), but
+ * the `AddAuthenticator` tag routes the server to the link path instead
+ * of resolve-or-mint. Only Ethereum is supported — OIDC/email identities
+ * are established at login, not added afterwards.
+ */
+export declare function createAddEthAuthAction(address: string): Uint8Array;

package/dist/src/client/org-data.d.ts

@@ -106,6 +106,13 @@ export interface OrgDataClientOptions extends ExecuteOrgDataActionOptions {
      * auth challenge flow automatically.
      */
     handlers?: GuestToHostHandlers;
+    /**
+     * Extra headers added to every `/api/rpc` request the internal
+     * `T3nClient` makes. Mirrors `T3nClientConfig.headers` — needed when
+     * the node sits behind an edge policy that gates `/api/rpc` on a
+     * header (e.g. the staging Cloud Armor bypass token).
+     */
+    headers?: Record<string, string>;
 }
 /**
  * Client for session-authenticated org-data contract execution.

package/dist/src/client/t3n-client.d.ts

@@ -6,7 +6,7 @@
  */
 import { T3nClientConfig } from "./config";
 import { type ContractResponseSchema } from "./contract-response";
-import { SessionId, Did, SessionStatus, AuthInput, HandshakeResult } from "../types";
+import { SessionId, Did, SessionStatus, AuthInput, EthAuthInput, HandshakeResult } from "../types";
 import { KycPollOptions, KycStatus } from "../types/kyc";
 import { OtpChannel, OtpRequestInput, OtpRequestResult, OtpVerifyInput, OtpVerifyResult, SubmitUserInputArgs, SubmitUserInputResult } from "../types/user";
 import { GetUsageOptions, UsagePage } from "../types/token";
@@ -82,6 +82,27 @@ export declare class T3nClient {
      * 3. Sends `SubmitIdToken` with the nonce-bearing token → receives DID.
      */
     authenticate(authInput: AuthInput): Promise<Did>;
+    /**
+     * Add an Ethereum wallet as an additional authenticator on the
+     * already-authenticated account.
+     *
+     * Proves control of the wallet via SIWE and links it to the session's
+     * EXISTING DID (resolved server-side from the session) — it does NOT
+     * mint a new DID and does NOT change the session: `this.did` and
+     * `this.status` are left untouched, and no new cookie is issued.
+     *
+     * Requires a completed {@link authenticate} first (e.g. an OIDC
+     * login). Only Ethereum is supported — OIDC/email identities are
+     * established at login, not added afterwards.
+     *
+     * Reuses the same client-side eth state machine as login, but posts
+     * to the authenticated `auth.add-authenticator` route. If the wallet
+     * is already linked to a different account, the server rejects with a
+     * typed `eth_auth_map_conflict` error (resolve via account merge).
+     *
+     * @returns the existing DID the wallet was linked to.
+     */
+    addAuthMethod(authInput: EthAuthInput): Promise<Did>;
     /**
      * OIDC two-step authentication with session-binding nonce.
      *