@witnium-tech/witniumchain 0.2.0 → 0.3.0

package/README.md

@@ -10,11 +10,11 @@ management.
 auth modes selectable on a single client. Thread 4 of Phase C will layer
 three higher-level clients on top:
 
-- `WitniumAccountsClient` (end-user) — wraps signup, login, subscriptions,
+- `WitniumchainClient` (end-user) — wraps signup, login, subscriptions,
   delegated-key one-call provisioning, account management.
-- `WitniumAccountsOrgClient` (org admin) — wraps user provisioning, Stripe
+- `WitniumchainOrgClient` (org admin) — wraps user provisioning, Stripe
   Connect onboarding.
-- `WitniumAccountsAdminClient` (sysadmin) — wraps org lifecycle, key
+- `WitniumchainAdminClient` (sysadmin) — wraps org lifecycle, key
   rotation, credit adjustment.
 
 For now, this shell client is what's published. Every type comes from the
@@ -50,9 +50,9 @@ Public routes need no credential (`/v1/auth/{signup,verify,login,…}`,
 ### End-user signup + login
 
 ```ts
-import { WitniumAccountsClient } from '@witnium-tech/witniumchain';
+import { WitniumchainClient } from '@witnium-tech/witniumchain';
 
-const client = new WitniumAccountsClient({
+const client = new WitniumchainClient({
   baseUrl: 'https://auth.witniumchain.com',
 });
 
@@ -68,7 +68,7 @@ await client.login({ email: 'alice@example.com', password: '…' });
 ### Org admin — create a user
 
 ```ts
-const org = new WitniumAccountsClient({
+const org = new WitniumchainClient({
   baseUrl: 'https://auth.witniumchain.com',
   orgApiKey: 'wcorg_live_…',
 });
@@ -83,7 +83,7 @@ const { userId, provisioningToken } = await org.createOrgUser({
 ### Sysadmin — create an organisation
 
 ```ts
-const sys = new WitniumAccountsClient({
+const sys = new WitniumchainClient({
   baseUrl: 'https://auth.witniumchain.com',
   adminToken: process.env.ACCOUNTS_ADMIN_TOKEN!,
 });
@@ -100,7 +100,7 @@ const { organization, apiKey } = await sys.createOrganization({
 ### OAuth API — delegated-key + sign
 
 ```ts
-const api = new WitniumAccountsClient({
+const api = new WitniumchainClient({
   baseUrl: 'https://auth.witniumchain.com',
   accessToken: bearerJwt,
 });
@@ -120,7 +120,7 @@ const { signature } = await api.sign(
 ### SDK signed-request (witness propose/sign/finalize)
 
 ```ts
-const sdk = new WitniumAccountsClient({
+const sdk = new WitniumchainClient({
   baseUrl: 'https://auth.witniumchain.com',
   signedRequest: {
     publicKeyHex: 'abcd…64-chars…',
@@ -140,15 +140,15 @@ const intent = await sdk.proposeWitness('0x…', {
 
 ## Errors
 
-All non-2xx responses surface as `WitniumAccountsApiError`:
+All non-2xx responses surface as `WitniumchainApiError`:
 
 ```ts
-import { WitniumAccountsApiError } from '@witnium-tech/witniumchain';
+import { WitniumchainApiError } from '@witnium-tech/witniumchain';
 
 try {
   await client.createOrgUser({ email: 'taken@example.com' });
 } catch (err) {
-  if (err instanceof WitniumAccountsApiError) {
+  if (err instanceof WitniumchainApiError) {
     console.error(err.status, err.errorLabel, err.message);
     // err.body holds the raw parsed body for advanced inspection.
   }

package/README.md.bak

@@ -0,0 +1,160 @@
+# @witnium-tech/witniumchain
+
+TypeScript SDK for the WitniumChain accounts service — identity, billing,
+organisation administration, OAuth sessions, and delegated-signing-key
+management.
+
+## Status
+
+**v0.1 — low-level "shell" client.** One method per OpenAPI route, five
+auth modes selectable on a single client. Thread 4 of Phase C will layer
+three higher-level clients on top:
+
+- `WitniumAccountsClient` (end-user) — wraps signup, login, subscriptions,
+  delegated-key one-call provisioning, account management.
+- `WitniumAccountsOrgClient` (org admin) — wraps user provisioning, Stripe
+  Connect onboarding.
+- `WitniumAccountsAdminClient` (sysadmin) — wraps org lifecycle, key
+  rotation, credit adjustment.
+
+For now, this shell client is what's published. Every type comes from the
+OpenAPI spec via `openapi-typescript`; a CI drift test in the parent repo
+gates regeneration on every change.
+
+## Install
+
+```bash
+npm install @witnium-tech/witniumchain
+```
+
+## Auth model
+
+The accounts service accepts five distinct credentials. Configure whichever
+you need on the client; methods that require a credential you didn't supply
+throw at call time.
+
+| Credential | Header / Cookie | Used by |
+|---|---|---|
+| `sessionCookie` | `Cookie: wac_session=…` | `/v1/auth/logout`, `/v1/account/*`, `/v1/billing/*`, `/v1/keys/*`, `/v1/contracts/{pause,unpause}`, `/v1/oauth/sessions*` |
+| `accessToken` | `Authorization: Bearer <JWT>` | `/v1/users/me/delegated-keys/*`, `/v1/sign` |
+| `orgApiKey` | `Authorization: Bearer wcorg_live_…` | `/v1/orgs/me/*` |
+| `adminToken` | `Authorization: Bearer <ADMIN_TOKEN>` | `/v1/admin/*` |
+| `signedRequest` | `X-Witnium-Key/Timestamp/Signature` | `/v1/contracts/{addr}/witnesses/{propose,sign,finalize,revoke}` |
+
+Public routes need no credential (`/v1/auth/{signup,verify,login,…}`,
+`/v1/contracts/provision`, `GET /v1/contracts/{addr}/witnesses/{id}`,
+`/health/*`).
+
+## Examples
+
+### End-user signup + login
+
+```ts
+import { WitniumAccountsClient } from '@witnium-tech/witniumchain';
+
+const client = new WitniumAccountsClient({
+  baseUrl: 'https://auth.witniumchain.com',
+});
+
+await client.signup({ email: 'alice@example.com', password: 'correct horse battery staple' });
+// User clicks email link, lands on /verify?token=…
+const { provisioningToken } = await client.verifyEmail('the-token-from-the-link');
+
+// Then login (sets the wac_session cookie in a browser; in Node, capture
+// from response headers and pass back via `sessionCookie`).
+await client.login({ email: 'alice@example.com', password: '…' });
+```
+
+### Org admin — create a user
+
+```ts
+const org = new WitniumAccountsClient({
+  baseUrl: 'https://auth.witniumchain.com',
+  orgApiKey: 'wcorg_live_…',
+});
+
+const { userId, provisioningToken } = await org.createOrgUser({
+  email: 'bob@customer.example.com',
+});
+// Forward `provisioningToken` to Bob — he calls /v1/contracts/provision
+// with locally-generated owner + signing keypairs.
+```
+
+### Sysadmin — create an organisation
+
+```ts
+const sys = new WitniumAccountsClient({
+  baseUrl: 'https://auth.witniumchain.com',
+  adminToken: process.env.ACCOUNTS_ADMIN_TOKEN!,
+});
+
+const { organization, apiKey } = await sys.createOrganization({
+  name: 'Acme Inc.',
+  email: 'ops@acme.example.com',
+  accountType: 'metered',
+  signupGrantAmount: 100,
+});
+// `apiKey` is shown ONCE — store it now.
+```
+
+### OAuth API — delegated-key + sign
+
+```ts
+const api = new WitniumAccountsClient({
+  baseUrl: 'https://auth.witniumchain.com',
+  accessToken: bearerJwt,
+});
+
+const prepared = await api.prepareDelegatedKey({ contractAddress: '0x…' });
+// Sign prepared.messageToSign with your owner key locally:
+const ownerSignature = await myOwnerSigner.sign(prepared.messageToSign);
+
+const submitted = await api.submitDelegatedKey(prepared.id, { ownerSignature });
+// submitted.confirmed === true once the addSigningKey tx mines (~10–15 s).
+
+const { signature } = await api.sign(
+  { delegatedKeyId: prepared.id, payload: 'deadbeef…' },
+);
+```
+
+### SDK signed-request (witness propose/sign/finalize)
+
+```ts
+const sdk = new WitniumAccountsClient({
+  baseUrl: 'https://auth.witniumchain.com',
+  signedRequest: {
+    publicKeyHex: 'abcd…64-chars…',
+    sign: async (canonicalMessage) => {
+      // Sign with your Ed25519 key — e.g. via @noble/ed25519 or a KMS.
+      // Return the 128-char hex signature.
+      return await myEd25519Sign(canonicalMessage);
+    },
+  },
+});
+
+const intent = await sdk.proposeWitness('0x…', {
+  dataId: '…64-hex…',
+  requiredSigners: ['…signer-pubkey…'],
+});
+```
+
+## Errors
+
+All non-2xx responses surface as `WitniumAccountsApiError`:
+
+```ts
+import { WitniumAccountsApiError } from '@witnium-tech/witniumchain';
+
+try {
+  await client.createOrgUser({ email: 'taken@example.com' });
+} catch (err) {
+  if (err instanceof WitniumAccountsApiError) {
+    console.error(err.status, err.errorLabel, err.message);
+    // err.body holds the raw parsed body for advanced inspection.
+  }
+}
+```
+
+## License
+
+MIT.

package/dist/index.d.mts

@@ -5306,12 +5306,12 @@ type HealthLiveResponse = Res<'/health/live', 'get'>;
 type HealthReadyResponse = Res<'/health/ready', 'get'>;
 
 /**
- * WitniumAccountsClient — typed HTTP client for the WitniumChain accounts API.
+ * WitniumchainClient — typed HTTP client for the WitniumChain accounts API.
  *
  * This is the v1 "shell" client: one low-level method per OpenAPI route.
  * Thread 4 (per docs/PLAN-PHASE-C-HARDEN-SURFACES.md) will layer three
- * higher-level clients on top — `WitniumAccountsClient` (end-user),
- * `WitniumAccountsOrgClient` (org admin), `WitniumAccountsAdminClient`
+ * higher-level clients on top — `WitniumchainClient` (end-user),
+ * `WitniumchainOrgClient` (org admin), `WitniumchainAdminClient`
  * (sysadmin) — with ergonomic helpers for signup, subscriptions,
  * delegated-key provisioning, Stripe Connect onboarding, etc.
  *
@@ -5347,7 +5347,7 @@ interface SignedRequestSigner {
     sign: (canonicalMessage: string) => Promise<string>;
 }
 /**
- * Owner-Ed25519 signer used by {@link WitniumAccountsClient.delegatedKeys.provision}.
+ * Owner-Ed25519 signer used by {@link WitniumchainClient.delegatedKeys.provision}.
  *
  * Structurally identical to {@link SignedRequestSigner} — both are
  * `{ publicKeyHex, sign(message) }` — but kept as a distinct type so the
@@ -5402,7 +5402,7 @@ interface ProvisionDelegatedKeyResult {
     /** Block number, populated once `confirmed === true`. */
     blockNumber?: number;
 }
-interface WitniumAccountsClientConfig {
+interface WitniumchainClientConfig {
     /** Base URL, e.g. `https://auth.witniumchain.com`. Trailing slash optional. */
     baseUrl: string;
     /** Session cookie value (the `wac_session` cookie's body, not the full header). */
@@ -5420,7 +5420,7 @@ interface WitniumAccountsClientConfig {
     /** Alternate fetch implementation (e.g. for tests). Default `globalThis.fetch`. */
     fetch?: typeof fetch;
 }
-declare class WitniumAccountsClient {
+declare class WitniumchainClient {
     private readonly baseUrl;
     private readonly cfg;
     private readonly timeout;
@@ -5433,7 +5433,7 @@ declare class WitniumAccountsClient {
     readonly keys: SigningKeys;
     /** OAuth session management. Accessed as `client.oauth.sessions.*`. */
     readonly oauth: OauthNamespace;
-    constructor(config: WitniumAccountsClientConfig);
+    constructor(config: WitniumchainClientConfig);
     /**
      * Convenience alias for {@link getAccount} — returns the authenticated
      * user's profile, the org they belong to, and their signing keys.
@@ -5493,7 +5493,7 @@ declare class WitniumAccountsClient {
 /** `client.subscriptions.*` — Stripe Checkout + portal + credit ledger. */
 declare class Subscriptions {
     private readonly client;
-    constructor(client: WitniumAccountsClient);
+    constructor(client: WitniumchainClient);
     /**
      * Start a Stripe Checkout session for the supplied price. Returns the
      * hosted Checkout URL; redirect the user to it. Stripe's
@@ -5512,7 +5512,7 @@ declare class Subscriptions {
 /** `client.delegatedKeys.*` — list, one-call provision, and revoke. */
 declare class DelegatedKeys {
     private readonly client;
-    constructor(client: WitniumAccountsClient);
+    constructor(client: WitniumchainClient);
     /** List the caller's delegated keys, optionally filtered by contract or active flag. */
     list(query?: {
         contractAddress?: string;
@@ -5524,7 +5524,7 @@ declare class DelegatedKeys {
      * budget elapses). The server mints the delegated key in Vault; the caller
      * never sees its private key.
      *
-     * Failure modes that surface as thrown {@link WitniumAccountsApiError}:
+     * Failure modes that surface as thrown {@link WitniumchainApiError}:
      *   - 409 from prepare → an active key already exists for this contract;
      *     caller must revoke the existing one first.
      *   - 400 from submit → ownerSignature didn't verify against the prepared
@@ -5546,7 +5546,7 @@ declare class DelegatedKeys {
 }
 /**
  * `client.keys.*` — owner signing-key management (add / revoke + a list
- * helper derived from {@link WitniumAccountsClient.getAccount}).
+ * helper derived from {@link WitniumchainClient.getAccount}).
  *
  * Distinct from {@link DelegatedKeys} — those are Vault-held keys minted by
  * the server for delegated signing. The methods here manage the owner's own
@@ -5554,11 +5554,11 @@ declare class DelegatedKeys {
  */
 declare class SigningKeys {
     private readonly client;
-    constructor(client: WitniumAccountsClient);
+    constructor(client: WitniumchainClient);
     /**
      * The signing keys attached to the calling user's contract. There is no
      * dedicated list endpoint; this method calls {@link
-     * WitniumAccountsClient.getAccount} and returns the `signingKeys` slice.
+     * WitniumchainClient.getAccount} and returns the `signingKeys` slice.
      */
     list(): Promise<AccountResponse['signingKeys']>;
     add(body: AddSigningKeyRequest): Promise<AddSigningKeyResponse>;
@@ -5567,17 +5567,17 @@ declare class SigningKeys {
 /** `client.oauth.sessions.*` — list and revoke active OAuth sessions. */
 declare class OauthNamespace {
     readonly sessions: OauthSessions;
-    constructor(client: WitniumAccountsClient);
+    constructor(client: WitniumchainClient);
 }
 declare class OauthSessions {
     private readonly client;
-    constructor(client: WitniumAccountsClient);
+    constructor(client: WitniumchainClient);
     list(): Promise<ListOauthSessionsResponse>;
     revoke(jti: string): Promise<void>;
     revokeAll(): Promise<void>;
 }
 
-interface WitniumAccountsAdminClientConfig {
+interface WitniumchainAdminClientConfig {
     /** Base URL, e.g. `https://auth.witniumchain.com`. Trailing slash optional. */
     baseUrl: string;
     /** System-admin token (`Authorization: Bearer <ADMIN_TOKEN>`). */
@@ -5588,9 +5588,9 @@ interface WitniumAccountsAdminClientConfig {
     fetch?: typeof fetch;
 }
 type AccountType = 'metered' | 'unlimited';
-declare class WitniumAccountsAdminClient {
+declare class WitniumchainAdminClient {
     private readonly inner;
-    constructor(config: WitniumAccountsAdminClientConfig);
+    constructor(config: WitniumchainAdminClientConfig);
     /**
      * Mint a new organisation. The returned `apiKey` is shown ONCE — the server
      * only retains its SHA-256 hash. Persist it before the response leaves
@@ -5622,21 +5622,21 @@ declare class WitniumAccountsAdminClient {
 }
 
 /**
- * WitniumAccountsOrgClient — org-admin facade over the accounts API.
+ * WitniumchainOrgClient — org-admin facade over the accounts API.
  *
  * Wraps the three `/v1/orgs/me/*` routes that org admins use to read their
  * own org profile and manage their users. This is the client B2B2C apps and
  * customer-admin dashboards consume — auth is the `wcorg_live_…` API key
- * minted via `WitniumAccountsAdminClient.createOrganization` or returned by
+ * minted via `WitniumchainAdminClient.createOrganization` or returned by
  * a subsequent `rotateApiKey`.
  *
  * The surface is intentionally minimal — the underlying API only exposes
  * profile read + user create + user list. Anything more powerful (provision
  * credits, change account type, verify email) requires the sysadmin
- * `AdminToken` and therefore lives on `WitniumAccountsAdminClient`.
+ * `AdminToken` and therefore lives on `WitniumchainAdminClient`.
  */
 
-interface WitniumAccountsOrgClientConfig {
+interface WitniumchainOrgClientConfig {
     /** Base URL, e.g. `https://auth.witniumchain.com`. Trailing slash optional. */
     baseUrl: string;
     /** Organisation API key (`wcorg_live_…`). */
@@ -5646,11 +5646,11 @@ interface WitniumAccountsOrgClientConfig {
     /** Alternate fetch implementation (e.g. for tests). Default `globalThis.fetch`. */
     fetch?: typeof fetch;
 }
-declare class WitniumAccountsOrgClient {
+declare class WitniumchainOrgClient {
     private readonly inner;
     /** User-management namespace — `client.users.create/list`. */
     readonly users: OrgUsers;
-    constructor(config: WitniumAccountsOrgClientConfig);
+    constructor(config: WitniumchainOrgClientConfig);
     /**
      * The org's own profile — name, email, account type, cached credit
      * balance (null for `unlimited` accounts), and the `isPersonal` flag.
@@ -5663,7 +5663,7 @@ declare class WitniumAccountsOrgClient {
 /** `client.users.*` — create + list users in the org. */
 declare class OrgUsers {
     private readonly inner;
-    constructor(inner: WitniumAccountsClient);
+    constructor(inner: WitniumchainClient);
     /**
      * Provision a new user inside the org. Requires the org's email to have
      * been verified (sysadmin gate) — otherwise the server returns 403.
@@ -5681,7 +5681,7 @@ declare class OrgUsers {
  * shapes are forwarded as `body`; the more useful fields are surfaced as
  * top-level properties.
  */
-declare class WitniumAccountsApiError extends Error {
+declare class WitniumchainApiError extends Error {
     readonly status: number;
     readonly errorLabel: string | undefined;
     readonly body: unknown;
@@ -5693,4 +5693,4 @@ declare class WitniumAccountsApiError extends Error {
     });
 }
 
-export { type AccountResponse, type AccountType, type AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type CheckoutRequest, type CheckoutResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, OauthNamespace, OauthSessions, OrgUsers, type OwnerSigner, type PauseRequest, type PauseResponse, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumAccountsAdminClient, type WitniumAccountsAdminClientConfig, WitniumAccountsApiError, WitniumAccountsClient, type WitniumAccountsClientConfig, WitniumAccountsOrgClient, type WitniumAccountsOrgClientConfig, type paths };
+export { type AccountResponse, type AccountType, type AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type CheckoutRequest, type CheckoutResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, OauthNamespace, OauthSessions, OrgUsers, type OwnerSigner, type PauseRequest, type PauseResponse, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumchainAdminClient, type WitniumchainAdminClientConfig, WitniumchainApiError, WitniumchainClient, type WitniumchainClientConfig, WitniumchainOrgClient, type WitniumchainOrgClientConfig, type paths };

package/dist/index.d.ts

@@ -5306,12 +5306,12 @@ type HealthLiveResponse = Res<'/health/live', 'get'>;
 type HealthReadyResponse = Res<'/health/ready', 'get'>;
 
 /**
- * WitniumAccountsClient — typed HTTP client for the WitniumChain accounts API.
+ * WitniumchainClient — typed HTTP client for the WitniumChain accounts API.
  *
  * This is the v1 "shell" client: one low-level method per OpenAPI route.
  * Thread 4 (per docs/PLAN-PHASE-C-HARDEN-SURFACES.md) will layer three
- * higher-level clients on top — `WitniumAccountsClient` (end-user),
- * `WitniumAccountsOrgClient` (org admin), `WitniumAccountsAdminClient`
+ * higher-level clients on top — `WitniumchainClient` (end-user),
+ * `WitniumchainOrgClient` (org admin), `WitniumchainAdminClient`
  * (sysadmin) — with ergonomic helpers for signup, subscriptions,
  * delegated-key provisioning, Stripe Connect onboarding, etc.
  *
@@ -5347,7 +5347,7 @@ interface SignedRequestSigner {
     sign: (canonicalMessage: string) => Promise<string>;
 }
 /**
- * Owner-Ed25519 signer used by {@link WitniumAccountsClient.delegatedKeys.provision}.
+ * Owner-Ed25519 signer used by {@link WitniumchainClient.delegatedKeys.provision}.
  *
  * Structurally identical to {@link SignedRequestSigner} — both are
  * `{ publicKeyHex, sign(message) }` — but kept as a distinct type so the
@@ -5402,7 +5402,7 @@ interface ProvisionDelegatedKeyResult {
     /** Block number, populated once `confirmed === true`. */
     blockNumber?: number;
 }
-interface WitniumAccountsClientConfig {
+interface WitniumchainClientConfig {
     /** Base URL, e.g. `https://auth.witniumchain.com`. Trailing slash optional. */
     baseUrl: string;
     /** Session cookie value (the `wac_session` cookie's body, not the full header). */
@@ -5420,7 +5420,7 @@ interface WitniumAccountsClientConfig {
     /** Alternate fetch implementation (e.g. for tests). Default `globalThis.fetch`. */
     fetch?: typeof fetch;
 }
-declare class WitniumAccountsClient {
+declare class WitniumchainClient {
     private readonly baseUrl;
     private readonly cfg;
     private readonly timeout;
@@ -5433,7 +5433,7 @@ declare class WitniumAccountsClient {
     readonly keys: SigningKeys;
     /** OAuth session management. Accessed as `client.oauth.sessions.*`. */
     readonly oauth: OauthNamespace;
-    constructor(config: WitniumAccountsClientConfig);
+    constructor(config: WitniumchainClientConfig);
     /**
      * Convenience alias for {@link getAccount} — returns the authenticated
      * user's profile, the org they belong to, and their signing keys.
@@ -5493,7 +5493,7 @@ declare class WitniumAccountsClient {
 /** `client.subscriptions.*` — Stripe Checkout + portal + credit ledger. */
 declare class Subscriptions {
     private readonly client;
-    constructor(client: WitniumAccountsClient);
+    constructor(client: WitniumchainClient);
     /**
      * Start a Stripe Checkout session for the supplied price. Returns the
      * hosted Checkout URL; redirect the user to it. Stripe's
@@ -5512,7 +5512,7 @@ declare class Subscriptions {
 /** `client.delegatedKeys.*` — list, one-call provision, and revoke. */
 declare class DelegatedKeys {
     private readonly client;
-    constructor(client: WitniumAccountsClient);
+    constructor(client: WitniumchainClient);
     /** List the caller's delegated keys, optionally filtered by contract or active flag. */
     list(query?: {
         contractAddress?: string;
@@ -5524,7 +5524,7 @@ declare class DelegatedKeys {
      * budget elapses). The server mints the delegated key in Vault; the caller
      * never sees its private key.
      *
-     * Failure modes that surface as thrown {@link WitniumAccountsApiError}:
+     * Failure modes that surface as thrown {@link WitniumchainApiError}:
      *   - 409 from prepare → an active key already exists for this contract;
      *     caller must revoke the existing one first.
      *   - 400 from submit → ownerSignature didn't verify against the prepared
@@ -5546,7 +5546,7 @@ declare class DelegatedKeys {
 }
 /**
  * `client.keys.*` — owner signing-key management (add / revoke + a list
- * helper derived from {@link WitniumAccountsClient.getAccount}).
+ * helper derived from {@link WitniumchainClient.getAccount}).
  *
  * Distinct from {@link DelegatedKeys} — those are Vault-held keys minted by
  * the server for delegated signing. The methods here manage the owner's own
@@ -5554,11 +5554,11 @@ declare class DelegatedKeys {
  */
 declare class SigningKeys {
     private readonly client;
-    constructor(client: WitniumAccountsClient);
+    constructor(client: WitniumchainClient);
     /**
      * The signing keys attached to the calling user's contract. There is no
      * dedicated list endpoint; this method calls {@link
-     * WitniumAccountsClient.getAccount} and returns the `signingKeys` slice.
+     * WitniumchainClient.getAccount} and returns the `signingKeys` slice.
      */
     list(): Promise<AccountResponse['signingKeys']>;
     add(body: AddSigningKeyRequest): Promise<AddSigningKeyResponse>;
@@ -5567,17 +5567,17 @@ declare class SigningKeys {
 /** `client.oauth.sessions.*` — list and revoke active OAuth sessions. */
 declare class OauthNamespace {
     readonly sessions: OauthSessions;
-    constructor(client: WitniumAccountsClient);
+    constructor(client: WitniumchainClient);
 }
 declare class OauthSessions {
     private readonly client;
-    constructor(client: WitniumAccountsClient);
+    constructor(client: WitniumchainClient);
     list(): Promise<ListOauthSessionsResponse>;
     revoke(jti: string): Promise<void>;
     revokeAll(): Promise<void>;
 }
 
-interface WitniumAccountsAdminClientConfig {
+interface WitniumchainAdminClientConfig {
     /** Base URL, e.g. `https://auth.witniumchain.com`. Trailing slash optional. */
     baseUrl: string;
     /** System-admin token (`Authorization: Bearer <ADMIN_TOKEN>`). */
@@ -5588,9 +5588,9 @@ interface WitniumAccountsAdminClientConfig {
     fetch?: typeof fetch;
 }
 type AccountType = 'metered' | 'unlimited';
-declare class WitniumAccountsAdminClient {
+declare class WitniumchainAdminClient {
     private readonly inner;
-    constructor(config: WitniumAccountsAdminClientConfig);
+    constructor(config: WitniumchainAdminClientConfig);
     /**
      * Mint a new organisation. The returned `apiKey` is shown ONCE — the server
      * only retains its SHA-256 hash. Persist it before the response leaves
@@ -5622,21 +5622,21 @@ declare class WitniumAccountsAdminClient {
 }
 
 /**
- * WitniumAccountsOrgClient — org-admin facade over the accounts API.
+ * WitniumchainOrgClient — org-admin facade over the accounts API.
  *
  * Wraps the three `/v1/orgs/me/*` routes that org admins use to read their
  * own org profile and manage their users. This is the client B2B2C apps and
  * customer-admin dashboards consume — auth is the `wcorg_live_…` API key
- * minted via `WitniumAccountsAdminClient.createOrganization` or returned by
+ * minted via `WitniumchainAdminClient.createOrganization` or returned by
  * a subsequent `rotateApiKey`.
  *
  * The surface is intentionally minimal — the underlying API only exposes
  * profile read + user create + user list. Anything more powerful (provision
  * credits, change account type, verify email) requires the sysadmin
- * `AdminToken` and therefore lives on `WitniumAccountsAdminClient`.
+ * `AdminToken` and therefore lives on `WitniumchainAdminClient`.
  */
 
-interface WitniumAccountsOrgClientConfig {
+interface WitniumchainOrgClientConfig {
     /** Base URL, e.g. `https://auth.witniumchain.com`. Trailing slash optional. */
     baseUrl: string;
     /** Organisation API key (`wcorg_live_…`). */
@@ -5646,11 +5646,11 @@ interface WitniumAccountsOrgClientConfig {
     /** Alternate fetch implementation (e.g. for tests). Default `globalThis.fetch`. */
     fetch?: typeof fetch;
 }
-declare class WitniumAccountsOrgClient {
+declare class WitniumchainOrgClient {
     private readonly inner;
     /** User-management namespace — `client.users.create/list`. */
     readonly users: OrgUsers;
-    constructor(config: WitniumAccountsOrgClientConfig);
+    constructor(config: WitniumchainOrgClientConfig);
     /**
      * The org's own profile — name, email, account type, cached credit
      * balance (null for `unlimited` accounts), and the `isPersonal` flag.
@@ -5663,7 +5663,7 @@ declare class WitniumAccountsOrgClient {
 /** `client.users.*` — create + list users in the org. */
 declare class OrgUsers {
     private readonly inner;
-    constructor(inner: WitniumAccountsClient);
+    constructor(inner: WitniumchainClient);
     /**
      * Provision a new user inside the org. Requires the org's email to have
      * been verified (sysadmin gate) — otherwise the server returns 403.
@@ -5681,7 +5681,7 @@ declare class OrgUsers {
  * shapes are forwarded as `body`; the more useful fields are surfaced as
  * top-level properties.
  */
-declare class WitniumAccountsApiError extends Error {
+declare class WitniumchainApiError extends Error {
     readonly status: number;
     readonly errorLabel: string | undefined;
     readonly body: unknown;
@@ -5693,4 +5693,4 @@ declare class WitniumAccountsApiError extends Error {
     });
 }
 
-export { type AccountResponse, type AccountType, type AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type CheckoutRequest, type CheckoutResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, OauthNamespace, OauthSessions, OrgUsers, type OwnerSigner, type PauseRequest, type PauseResponse, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumAccountsAdminClient, type WitniumAccountsAdminClientConfig, WitniumAccountsApiError, WitniumAccountsClient, type WitniumAccountsClientConfig, WitniumAccountsOrgClient, type WitniumAccountsOrgClientConfig, type paths };
+export { type AccountResponse, type AccountType, type AddSigningKeyRequest, type AddSigningKeyResponse, type AdjustCreditsRequest, type AdjustCreditsResponse, type CheckoutRequest, type CheckoutResponse, type CreateOrganizationRequest, type CreateOrganizationResponse, type CreateUserRequest, type CreateUserResponse, DelegatedKeys, type FinalizeWitnessResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GetWitnessResponse, type HealthLiveResponse, type HealthReadyResponse, type LedgerResponse, type ListDelegatedKeysResponse, type ListOauthSessionsResponse, type ListUsersResponse, type LoginRequest, type LoginResponse, type LogoutResponse, OauthNamespace, OauthSessions, OrgUsers, type OwnerSigner, type PauseRequest, type PauseResponse, type PortalResponse, type PrepareDelegatedKeyRequest, type PreparedDelegatedKeyResponse, type ProposeWitnessRequest, type ProposeWitnessResponse, type ProvisionContractRequest, type ProvisionContractResponse, type ProvisionDelegatedKeyArgs, type ProvisionDelegatedKeyResult, type PublicOrgResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDelegatedKeyResponse, type RevokeSigningKeyRequest, type RevokeSigningKeyResponse, type RevokeWitnessRequest, type RevokeWitnessResponse, type RotateApiKeyResponse, type SetAccountTypeRequest, type SetAccountTypeResponse, type SignRequest, type SignResponse, type SignWitnessRequest, type SignWitnessResponse, type SignedRequestSigner, SigningKeys, type SignupRequest, type SignupResponse, type SubmitDelegatedKeyRequest, type SubmitDelegatedKeyResponse, Subscriptions, type UnpauseRequest, type UnpauseResponse, type VerifyEmailResponse, type VerifyOrganizationResponse, WitniumchainAdminClient, type WitniumchainAdminClientConfig, WitniumchainApiError, WitniumchainClient, type WitniumchainClientConfig, WitniumchainOrgClient, type WitniumchainOrgClientConfig, type paths };