npm - @terminal3/t3n-sdk - Versions diffs - 3.6.1 → 3.7.0 - Mend

@terminal3/t3n-sdk 3.6.1 → 3.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -281,7 +281,8 @@ declare enum SessionStatus {
  */
 declare enum AuthMethod {
     Ethereum = "eth",
-    OIDC = "oidc"
+    OIDC = "oidc",
+    EmailOtp = "email_otp"
 }
 /**
  * OIDC credentials interface.
@@ -295,6 +296,20 @@ interface OidcCredentials {
     provider: string;
     getIdToken: (nonce: string) => Promise<string>;
 }
+/**
+ * Email-OTP credentials interface.
+ *
+ * The user submits their email; the node sends a one-time code to it.
+ * The `getOtpCode` callback is invoked between the two round-trips and
+ * must return the code the user received in their inbox (e.g. read from
+ * a UI prompt). The resolved DID is keyed on the email, so a user who
+ * previously signed in with the same email via Google (OIDC) resolves
+ * to the SAME DID — one identity, no double accounts.
+ */
+interface EmailOtpCredentials {
+    email: string;
+    getOtpCode: () => Promise<string>;
+}
 /**
  * Base authentication input with method discriminator
  */
@@ -322,15 +337,23 @@ interface OidcAuthInput extends BaseAuthInput {
     method: AuthMethod.OIDC;
     credentials: OidcCredentials;
 }
+/**
+ * Email-OTP authentication input
+ */
+interface EmailOtpAuthInput extends BaseAuthInput {
+    method: AuthMethod.EmailOtp;
+    credentials: EmailOtpCredentials;
+}
 /**
  * Union type for all supported authentication inputs
  */
-type AuthInput = EthAuthInput | OidcAuthInput;
+type AuthInput = EthAuthInput | OidcAuthInput | EmailOtpAuthInput;
 /**
  * Helper functions to create auth inputs
  */
 declare function createEthAuthInput(address: string, options?: EthAuthOptions): EthAuthInput;
 declare function createOidcAuthInput(credentials: OidcCredentials): OidcAuthInput;
+declare function createEmailOtpAuthInput(credentials: EmailOtpCredentials): EmailOtpAuthInput;
 /**
  * Error classes for T3n SDK
@@ -1577,6 +1600,22 @@ declare class T3nClient {
      *    returns `Finish { did }`.
      */
     private authenticateOidc;
+    /**
+     * Email-OTP two-step authentication.
+     *
+     * Symmetric with {@link authenticateOidc}: bypasses the WASM client
+     * state machine and makes two encrypted RPC calls directly:
+     * 1. `InitEmailOtp { email }` → node sends a one-time code → returns
+     *    an `OtpSent` ack.
+     * 2. App calls `getOtpCode()` to obtain the code the user received.
+     * 3. `SubmitOtpCode { code }` → node verifies the code, resolves the
+     *    DID on the shared `email:<addr>` key → returns `Finish { did }`.
+     *
+     * Because the DID is keyed on the (server-lowercased) email, a user
+     * who previously signed in with the same address via Google (OIDC)
+     * authenticates to the SAME DID — one identity, no double account.
+     */
+    private authenticateEmailOtp;
     /**
      * Execute an action on the T3n node.
      *
@@ -1814,6 +1853,33 @@ declare class T3nClient {
      *   `result.status` for retryable OTP failures.
      */
     otpVerify(input: OtpVerifyInput): Promise<OtpVerifyResult>;
+    /**
+     * Merge the currently-authenticated DID (the *source*) into
+     * `targetDid` (the *survivor*), consolidating two accounts that
+     * belong to the same person. Backed by
+     * `tee:user/contracts::merge-profiles`.
+     *
+     * This is the consolidation path for the wallet ↔ email clash: a user
+     * who claimed with a wallet (one DID) and later proved an email that
+     * already belongs to an OIDC/email DID can fold them into one. The
+     * source's wallets, verified-credential state, and org attribution
+     * are reparented onto the target; the target wins on profile-field
+     * conflicts.
+     *
+     * **Security**: the contract only permits the merge when *both* DIDs
+     * share a verified email or phone — i.e. the caller has OTP-proven
+     * ownership of the same contact on each side. An unproven email can
+     * never absorb a stranger's profile. Typical flow: authenticate
+     * (wallet) → {@link otpVerify} the email → read the returned
+     * `mergeSuggestion.existingDid` → call `mergeProfiles(existingDid)`.
+     *
+     * @param targetDid the surviving DID (absorbs the current session's
+     *   DID). Usually the `existingDid` from a {@link otpVerify}
+     *   `mergeSuggestion`.
+     * @throws {RpcError} if the contract refuses (e.g. the DIDs share no
+     *   verified contact) or on transport / decode failure.
+     */
+    mergeProfiles(targetDid: string): Promise<Record<string, unknown>>;
     /**
      * Submit Level-1 user-input fields to the slim
      * `tee:user/contracts::user-upsert`. The contract merges the
@@ -3231,5 +3297,5 @@ declare function tenantDidHex(tenantDid: string): string;
 declare function validateTail(tail: string): string;
 declare function canonicalTenantName(tenantDid: string, tail: string): string;
-export { AGENT_PUBKEY_LEN, AuthMethod, AuthenticationError, BASE_UNITS_PER_TOKEN, ContractResponseError, DEFAULT_INDIVIDUAL_THRESHOLD_CENTS, DEFAULT_KYC_POLL_CADENCE, DELEGATION_CREDENTIAL_DOMAIN, DELEGATION_INVOCATION_DOMAIN, DelegationCustodialClient, ETH_SIG_LEN, HandshakeError, HttpTransport, KycStatusTimeoutError, LogLevel, MAX_FUNCTIONS_PER_CREDENTIAL, MockTransport, NODE_URLS, NONCE_LEN, OrgDataClient, PAYROLL_FUNCTIONS_V1, REQUEST_HASH_LEN, RpcError, SessionExpiredError, SessionOrgDataClient, SessionStateError, SessionStatus, T3nClient, T3nError, TERMINAL_KYC_STATUSES, TOKEN_DECIMALS, TenantClient, TenantContractsNamespace, TenantMapsNamespace, TenantNamespace, TenantSdkValidationError, TenantTokenNamespace, UnsupportedTenantSdkOperationError, UserUpsertError, VC_ID_LEN, WasmError, _b64uEncode, assertShape, b64uDecodeStrict, b64uEncodeBytes, buildDelegationCredential, buildInvocationPreimage, buildPayrollDirectInvocation, buildPayrollInvocation, bytesToString, canonicalTenantName, canonicaliseCredential, canonicaliseRequest, clearKeyCache, compactDidFromBytes, createDefaultHandlers, createEthAuthInput, createLogger, createMlKemPublicKeyHandler, createOidcAuthInput, createOrgDataClientFromSession, createRandomHandler, decodeWasmErrorMessage, eip191Digest, ethRecoverEip191, eth_get_address, extractWasmError, fetchDkgAttestation, fetchMlKemPublicKey, formatTokens, generateRandomString, generateUUID, getEnvironment, getEnvironmentName, getGlobalLogLevel, getLogger, getNodeUrl, getScriptVersion, isDataGetResponse, isDataListResponse, isMutationResponse, isObject, isOrgContractGrants, isOrgPolicyMeta, isOrgWriters, loadConfig, loadWasmComponent, metamask_get_address, metamask_sign, parseContractResponse, redactSecrets, redactSecretsFromJson, requestHash, revokeDelegation, setEnvironment, setGlobalLogLevel, setNodeUrl, signAgentInvocation, signCredential, stringToBytes, tenantDidHex, toBaseUnits, validateConfig, validateCredentialBody, validateTail, verifyDkgAttestation, verifyTdxQuote };
-export type { AgeBand, AuthInput, BalanceRow, BuildDelegationCredentialOpts, BuildPayrollDirectInvocationOpts, BuildPayrollInvocationOpts, ChargeReason, ClientAuth, ClientHandshake, ConfigValidationResult, ContractExecuteInput, ContractPublishInput, ContractResponseSchema, CreatePolicyInput, DataGetInput, DataGetResponse, DataListInput, DataListResponse, DelegationCredential, DelegationCustodialClientOpts, DelegationEnvelope, DeleteDataInput, DeleteGrantsInput, DeleteScopeInput, Did, Direction, DkgAttestation, DkgVerifyResult, EmployeeRecord, EmploymentStatus, Environment, EthAuthInput, ExecuteBusinessContractOptions, ExecuteOrgDataActionOptions, ExpenseClaim, GetUsageOptions, GrantsGetInput, GuestToHostHandler, GuestToHostHandlers, HandshakeResult, JsonRpcRequest, JsonRpcResponse, KycPollCadence, KycPollOptions, KycStatus, KycStatusKind, Logger, MapCreateInput, MapResponse, MapUpdateInput, MapVisibility, MutationResponse, OidcAuthInput, OidcCredentials, OrgContractGrants, OrgDataActionWire, OrgDataClientOptions, OrgPolicyMeta, OrgWriters, OtpChannel, OtpMergeSuggestion, OtpRequestInput, OtpRequestResult, OtpVerifyInput, OtpVerifyResult, PayrollInvocation, PayrollInvocationDelegated, PayrollInvocationDirect, PayrollRunRequest, PeerQuoteResult, PolicyGetInput, QuoteVerifyResult, ReaderSet, ResidencyCategory, RevokeDelegationOpts, RevokeDelegationResult, SdkConfig, SessionCrypto, SessionId, SetGrantsInput, SetWritersInput, SignCustodialResult, SignDelegationResponse, SubmitUserInputArgs, SubmitUserInputResult, T3nClientConfig, TenantAdmitProjection, TenantAdmitStatus, TenantBaseClient, TenantClientConfig, TenantContractExecuteInput, TenantContractPublishInput, TenantExecutionSession, TenantMapCreateInput, TenantMapUpdatePatch, TenantMeResponse, TenantSdkEnvironment, TenantSelfAdmitResult, TenantStatus, TokenTxKind, Transport, UpdateMetaInput, UsageEntry, UsagePage, UserGrant, UserInputProfile, UserUpsertErrorKind, WasmComponent, WasmNextResult, WriteDataInput, WriterSet, WritersGetInput };
+export { AGENT_PUBKEY_LEN, AuthMethod, AuthenticationError, BASE_UNITS_PER_TOKEN, ContractResponseError, DEFAULT_INDIVIDUAL_THRESHOLD_CENTS, DEFAULT_KYC_POLL_CADENCE, DELEGATION_CREDENTIAL_DOMAIN, DELEGATION_INVOCATION_DOMAIN, DelegationCustodialClient, ETH_SIG_LEN, HandshakeError, HttpTransport, KycStatusTimeoutError, LogLevel, MAX_FUNCTIONS_PER_CREDENTIAL, MockTransport, NODE_URLS, NONCE_LEN, OrgDataClient, PAYROLL_FUNCTIONS_V1, REQUEST_HASH_LEN, RpcError, SessionExpiredError, SessionOrgDataClient, SessionStateError, SessionStatus, T3nClient, T3nError, TERMINAL_KYC_STATUSES, TOKEN_DECIMALS, TenantClient, TenantContractsNamespace, TenantMapsNamespace, TenantNamespace, TenantSdkValidationError, TenantTokenNamespace, UnsupportedTenantSdkOperationError, UserUpsertError, VC_ID_LEN, WasmError, _b64uEncode, assertShape, b64uDecodeStrict, b64uEncodeBytes, buildDelegationCredential, buildInvocationPreimage, buildPayrollDirectInvocation, buildPayrollInvocation, bytesToString, canonicalTenantName, canonicaliseCredential, canonicaliseRequest, clearKeyCache, compactDidFromBytes, createDefaultHandlers, createEmailOtpAuthInput, createEthAuthInput, createLogger, createMlKemPublicKeyHandler, createOidcAuthInput, createOrgDataClientFromSession, createRandomHandler, decodeWasmErrorMessage, eip191Digest, ethRecoverEip191, eth_get_address, extractWasmError, fetchDkgAttestation, fetchMlKemPublicKey, formatTokens, generateRandomString, generateUUID, getEnvironment, getEnvironmentName, getGlobalLogLevel, getLogger, getNodeUrl, getScriptVersion, isDataGetResponse, isDataListResponse, isMutationResponse, isObject, isOrgContractGrants, isOrgPolicyMeta, isOrgWriters, loadConfig, loadWasmComponent, metamask_get_address, metamask_sign, parseContractResponse, redactSecrets, redactSecretsFromJson, requestHash, revokeDelegation, setEnvironment, setGlobalLogLevel, setNodeUrl, signAgentInvocation, signCredential, stringToBytes, tenantDidHex, toBaseUnits, validateConfig, validateCredentialBody, validateTail, verifyDkgAttestation, verifyTdxQuote };
+export type { AgeBand, AuthInput, BalanceRow, BuildDelegationCredentialOpts, BuildPayrollDirectInvocationOpts, BuildPayrollInvocationOpts, ChargeReason, ClientAuth, ClientHandshake, ConfigValidationResult, ContractExecuteInput, ContractPublishInput, ContractResponseSchema, CreatePolicyInput, DataGetInput, DataGetResponse, DataListInput, DataListResponse, DelegationCredential, DelegationCustodialClientOpts, DelegationEnvelope, DeleteDataInput, DeleteGrantsInput, DeleteScopeInput, Did, Direction, DkgAttestation, DkgVerifyResult, EmailOtpAuthInput, EmailOtpCredentials, EmployeeRecord, EmploymentStatus, Environment, EthAuthInput, ExecuteBusinessContractOptions, ExecuteOrgDataActionOptions, ExpenseClaim, GetUsageOptions, GrantsGetInput, GuestToHostHandler, GuestToHostHandlers, HandshakeResult, JsonRpcRequest, JsonRpcResponse, KycPollCadence, KycPollOptions, KycStatus, KycStatusKind, Logger, MapCreateInput, MapResponse, MapUpdateInput, MapVisibility, MutationResponse, OidcAuthInput, OidcCredentials, OrgContractGrants, OrgDataActionWire, OrgDataClientOptions, OrgPolicyMeta, OrgWriters, OtpChannel, OtpMergeSuggestion, OtpRequestInput, OtpRequestResult, OtpVerifyInput, OtpVerifyResult, PayrollInvocation, PayrollInvocationDelegated, PayrollInvocationDirect, PayrollRunRequest, PeerQuoteResult, PolicyGetInput, QuoteVerifyResult, ReaderSet, ResidencyCategory, RevokeDelegationOpts, RevokeDelegationResult, SdkConfig, SessionCrypto, SessionId, SetGrantsInput, SetWritersInput, SignCustodialResult, SignDelegationResponse, SubmitUserInputArgs, SubmitUserInputResult, T3nClientConfig, TenantAdmitProjection, TenantAdmitStatus, TenantBaseClient, TenantClientConfig, TenantContractExecuteInput, TenantContractPublishInput, TenantExecutionSession, TenantMapCreateInput, TenantMapUpdatePatch, TenantMeResponse, TenantSdkEnvironment, TenantSelfAdmitResult, TenantStatus, TokenTxKind, Transport, UpdateMetaInput, UsageEntry, UsagePage, UserGrant, UserInputProfile, UserUpsertErrorKind, WasmComponent, WasmNextResult, WriteDataInput, WriterSet, WritersGetInput };